Alpine 3.23 (#2507 )

* Run earlier Signed-off-by: J0WI <J0WI@users.noreply.github.com> * Run update.sh Signed-off-by: J0WI <J0WI@users.noreply.github.com> * Alpine 3.23 Signed-off-by: J0WI <J0WI@users.noreply.github.com> --------- Signed-off-by: J0WI <J0WI@users.noreply.github.com>
Runs update.sh
2025-12-11 21:50:11 +00:00 · 2025-12-08 00:40:35 +00:00 · 2025-11-27 00:38:14 +00:00 · 2025-11-25 23:33:59 +00:00 · 2025-11-25 21:53:20 +00:00 · 2025-11-25 21:53:06 +00:00
127 changed files with 1970 additions and 1450 deletions
--- a/.config/redis.config.php
+++ b/.config/redis.config.php
@ -14,4 +14,8 @@ if (getenv('REDIS_HOST')) {
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
  if (getenv('REDIS_HOST_USER') !== false) {
    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
  }
 }
--- a/.config/reverse-proxy.config.php
+++ b/.config/reverse-proxy.config.php
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
 $forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
 if ($forwardedForHeaders) {
  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
 }
--- a/.config/s3.config.php
+++ b/.config/s3.config.php
@ -14,8 +14,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
+        'autocreate' => strtolower($autocreate) !== 'false',
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
+        'use_ssl' => strtolower($use_ssl) !== 'false',
        // required for some non Amazon S3 implementations
        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
        // required for older protocol versions
--- a/.examples/README.md
+++ b/.examples/README.md
@ -66,9 +66,9 @@ The following Dockerfile commands are also necessary for a sucessfull cron insta
 ## docker-compose
 In `docker-compose` additional services are bundled to create a complete nextcloud installation. The examples are designed to run out-of-the-box.
-Before running the examples you have to modify the `db.env` and `docker-compose.yml` file and fill in your custom information.
+Before running the examples you have to modify the `db.env` and `compose.yaml` file and fill in your custom information.
-The docker-compose examples make heavily use of derived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker-compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `docker-compose.yml` file.
+The docker compose examples make heavily use of derived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `compose.yaml` file.
 ### insecure
@ -78,10 +78,10 @@ For this use one of the [with-nginx-proxy](#with-nginx-proxy) examples.
 To use this example complete the following steps:
-1. if you use mariadb or mysql choose a root password for the database in `docker-compose.yml` behind `MYSQL_ROOT_PASSWORD=`
+1. if you use mariadb or mysql choose a root password for the database in `compose.yaml` behind `MYSQL_ROOT_PASSWORD=`
 2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
-3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
+3. run `docker compose build --pull` to pull the most recent base images and build the custom dockerfiles
-4. start nextcloud with `docker-compose up -d`
+4. start nextcloud with `docker compose up -d`
 If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.
@ -97,13 +97,13 @@ This combination of the [nginxproxy/nginx-proxy](https://github.com/nginx-proxy/
 To use this example complete the following steps:
-1. open `docker-compose.yml`
+1. open `compose.yaml`
   1. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=`
   2. enter a valid email behind `LETSENCRYPT_EMAIL=`
   3. if you use mariadb or mysql choose a root password for the database behind `MYSQL_ROOT_PASSWORD=`
 2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
-3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
+3. run `docker compose build --pull` to pull the most recent base images and build the custom dockerfiles
-4. start nextcloud with `docker-compose up -d`
+4. start nextcloud with `docker compose up -d`
 If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.
--- a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml
+++ b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml
@ -1,9 +1,10 @@
 version: '3'
 services:
  # Note: MariaDB is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/mariadb
  db:
-    image: mariadb:10.6
+    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
-    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    image: mariadb:lts
    command: --transaction-isolation=READ-COMMITTED
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
@ -14,6 +15,8 @@ services:
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
@ -25,6 +28,7 @@ services:
      - 127.0.0.1:8080:80
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
@ -39,6 +43,7 @@ services:
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
--- a/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml
+++ b/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml
@ -0,0 +1,67 @@
 services:
  # Note: MariaDB is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/mariadb
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: mariadb:lts
    command: --transaction-isolation=READ-COMMITTED
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
    environment:
      - MYSQL_ROOT_PASSWORD=
      - MARIADB_AUTO_UPGRADE=1
      - MARIADB_DISABLE_UPGRADE_BACKUP=1
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
  app:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
      - db
      - redis
  # Note: Nginx is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/nginx/
  web:
    image: nginx:alpine-slim
    restart: always
    ports:
      - 127.0.0.1:8080:80
    volumes:
      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
      - nextcloud:/var/www/html:z,ro
    depends_on:
      - app
  cron:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml
+++ b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml
@ -1,57 +0,0 @@
 version: '3'
 services:
  db:
    image: mariadb:10.6
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
    environment:
      - MYSQL_ROOT_PASSWORD=
      - MARIADB_AUTO_UPGRADE=1
      - MARIADB_DISABLE_UPGRADE_BACKUP=1
    env_file:
      - db.env
  redis:
    image: redis:alpine
    restart: always
  app:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
      - db
      - redis
  web:
    build: ./web
    restart: always
    ports:
      - 127.0.0.1:8080:80
    volumes:
      - nextcloud:/var/www/html:z,ro
    depends_on:
      - app
  cron:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile
+++ b/.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile
@ -1,3 +0,0 @@
 FROM nginx:alpine
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
+++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
@ -12,6 +12,9 @@ events {
 http {
    include mime.types;
    default_type  application/octet-stream;
    types {
        text/javascript mjs;
    }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
@ -30,13 +33,15 @@ http {
    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
-    default "immutable";
+    default ", immutable";
    }
    #gzip  on;
    resolver 127.0.0.11 valid=2s;
    upstream php-handler {
-        server app:9000;
+        zone backends 64k;
        server app:9000 resolve;
    }
    server {
@ -140,7 +145,7 @@ http {
        # to the URI, resulting in a HTTP 500 error response.
        location ~ \.php(?:$|/) {
            # Required for legacy support
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            set $path_info $fastcgi_path_info;
@ -162,24 +167,16 @@ http {
            fastcgi_max_temp_file_size 0;
        }
        # Javascript mimetype fixes for nginx
        # Note: The block below should be removed, and the js|mjs section should be
        # added to the block below this one. This is a temporary fix until Nginx 
        # upstream fixes the js mime-type
        location ~* \.(?:js|mjs)$ {
            types { 
                text/javascript js mjs;
            } 
            default_type "text/javascript";
            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
            access_log off;
        }
        # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
            add_header Referrer-Policy                   "no-referrer"       always;
            add_header X-Content-Type-Options            "nosniff"           always;
            add_header X-Frame-Options                   "SAMEORIGIN"        always;
            add_header X-Permitted-Cross-Domain-Policies "none"              always;
            add_header X-Robots-Tag                      "noindex, nofollow" always;
            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets
            location ~ \.wasm$ {
@ -187,7 +184,7 @@ http {
            }
        }
-        location ~ \.woff2?$ {
+        location ~ \.(otf|woff2?)$ {
            try_files $uri /index.php$request_uri;
            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets
--- a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml
+++ b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml
@ -1,7 +1,8 @@
 version: '3'
 services:
  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/postgres
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: postgres:alpine
    restart: always
    volumes:
@ -9,6 +10,8 @@ services:
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
@ -20,6 +23,7 @@ services:
      - 127.0.0.1:8080:80
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - POSTGRES_HOST=db
      - REDIS_HOST=redis
@ -34,6 +38,7 @@ services:
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
--- a/.examples/docker-compose/insecure/postgres/fpm/compose.yaml
+++ b/.examples/docker-compose/insecure/postgres/fpm/compose.yaml
@ -0,0 +1,62 @@
 services:
  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/postgres
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: postgres:alpine
    restart: always
    volumes:
      - db:/var/lib/postgresql/data:Z
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
  app:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - POSTGRES_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
      - db
      - redis
  # Note: Nginx is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/nginx/
  web:
    image: nginx:alpine-slim
    restart: always
    ports:
      - 127.0.0.1:8080:80
    volumes:
      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
      - nextcloud:/var/www/html:z,ro
    depends_on:
      - app
  cron:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml
+++ b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml
@ -1,52 +0,0 @@
 version: '3'
 services:
  db:
    image: postgres:alpine
    restart: always
    volumes:
      - db:/var/lib/postgresql/data:z
    env_file:
      - db.env
  redis:
    image: redis:alpine
    restart: always
  app:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
    environment:
      - POSTGRES_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
      - db
      - redis
  web:
    build: ./web
    restart: always
    ports:
      - 127.0.0.1:8080:80
    volumes:
      - nextcloud:/var/www/html:z,ro
    depends_on:
      - app
  cron:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile
+++ b/.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile
@ -1,3 +0,0 @@
 FROM nginx:alpine
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
+++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
@ -12,6 +12,9 @@ events {
 http {
    include mime.types;
    default_type  application/octet-stream;
    types {
        text/javascript mjs;
    }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
@ -30,13 +33,15 @@ http {
    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
-    default "immutable";
+    default ", immutable";
    }
    #gzip  on;
    resolver 127.0.0.11 valid=2s;
    upstream php-handler {
-        server app:9000;
+        zone backends 64k;
        server app:9000 resolve;
    }
    server {
@ -140,7 +145,7 @@ http {
        # to the URI, resulting in a HTTP 500 error response.
        location ~ \.php(?:$|/) {
            # Required for legacy support
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            set $path_info $fastcgi_path_info;
@ -162,23 +167,16 @@ http {
            fastcgi_max_temp_file_size 0;
        }
        # Javascript mimetype fixes for nginx
        # Note: The block below should be removed, and the js|mjs section should be
        # added to the block below this one. This is a temporary fix until Nginx 
        # upstream fixes the js mime-type
        location ~* \.(?:js|mjs)$ {
            types { 
                text/javascript js mjs;
            } 
            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
            access_log off;
        }
        # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
            add_header Referrer-Policy                   "no-referrer"       always;
            add_header X-Content-Type-Options            "nosniff"           always;
            add_header X-Frame-Options                   "SAMEORIGIN"        always;
            add_header X-Permitted-Cross-Domain-Policies "none"              always;
            add_header X-Robots-Tag                      "noindex, nofollow" always;
            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets
            location ~ \.wasm$ {
@ -186,7 +184,7 @@ http {
            }
        }
-        location ~ \.woff2?$ {
+        location ~ \.(otf|woff2?)$ {
            try_files $uri /index.php$request_uri;
            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml
@ -1,9 +1,10 @@
 version: '3'
 services:
  # Note: MariaDB is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/mariadb
  db:
-    image: mariadb:10.6
+    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
-    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    image: mariadb:lts
    command: --transaction-isolation=READ-COMMITTED
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
@ -14,6 +15,8 @@ services:
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
@ -23,6 +26,7 @@ services:
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - VIRTUAL_HOST=
      - LETSENCRYPT_HOST=
@ -34,6 +38,7 @@ services:
    depends_on:
      - db
      - redis
      - proxy
    networks:
      - proxy-tier
      - default
@ -43,11 +48,15 @@ services:
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
  # https://hub.docker.com/r/nginxproxy/nginx-proxy
  proxy:
    build: ./proxy
    restart: always
@ -55,18 +64,23 @@ services:
      - 80:80
      - 443:443
    labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
-      - certs:/etc/nginx/certs:z,ro
+      - certs:/etc/nginx/certs:ro,z
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - dhparam:/etc/nginx/dhparam:z
      - /var/run/docker.sock:/tmp/docker.sock:z,ro
    networks:
      - proxy-tier
  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/r/nginxproxy/acme-companion
  letsencrypt-companion:
    image: nginxproxy/acme-companion
    restart: always
    environment:
      - DEFAULT_EMAIL=
    volumes:
      - certs:/etc/nginx/certs:z
      - acme:/etc/acme.sh:z
@ -78,7 +92,7 @@ services:
    depends_on:
      - proxy
-# self signed
+# self signed,outdated
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"
@ -100,6 +114,7 @@ volumes:
  acme:
  vhost.d:
  html:
  dhparam:
 networks:
  proxy-tier:
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile
@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:alpine
+FROM nginxproxy/nginx-proxy:1.7-alpine
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
@ -1,9 +1,10 @@
 version: '3'
 services:
  # Note: MariaDB is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/mariadb
  db:
-    image: mariadb:10.6
+    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
-    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    image: mariadb:lts
    command: --transaction-isolation=READ-COMMITTED
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
@ -14,6 +15,8 @@ services:
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
@ -23,6 +26,7 @@ services:
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
@ -31,11 +35,17 @@ services:
    depends_on:
      - db
      - redis
      - proxy
  # Note: Nginx is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/nginx/
  web:
-    build: ./web
+    image: nginx:alpine-slim
    restart: always
    volumes:
      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
      - nextcloud:/var/www/html:z,ro
    environment:
      - VIRTUAL_HOST=
@ -52,11 +62,15 @@ services:
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
  # https://hub.docker.com/r/nginxproxy/nginx-proxy
  proxy:
    build: ./proxy
    restart: always
@ -64,7 +78,7 @@ services:
      - 80:80
      - 443:443
    labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
      - certs:/etc/nginx/certs:z,ro
      - vhost.d:/etc/nginx/vhost.d:z
@ -73,9 +87,13 @@ services:
    networks:
      - proxy-tier
  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/r/nginxproxy/acme-companion
  letsencrypt-companion:
    image: nginxproxy/acme-companion
    restart: always
    environment:
      - DEFAULT_EMAIL=
    volumes:
      - certs:/etc/nginx/certs:z
      - acme:/etc/acme.sh:z
@ -87,7 +105,7 @@ services:
    depends_on:
      - proxy
-# self signed
+# self signed, outdated. 
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile
@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:alpine
+FROM nginxproxy/nginx-proxy:1.7-alpine
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile
@ -1,3 +0,0 @@
 FROM nginx:alpine
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
@ -12,6 +12,9 @@ events {
 http {
    include mime.types;
    default_type  application/octet-stream;
    types {
        text/javascript mjs;
    }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
@ -30,13 +33,15 @@ http {
    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
-    default "immutable";
+    default ", immutable";
    }
    #gzip  on;
    resolver 127.0.0.11 valid=2s;
    upstream php-handler {
-        server app:9000;
+        zone backends 64k;
        server app:9000 resolve;
    }
    server {
@ -140,7 +145,7 @@ http {
        # to the URI, resulting in a HTTP 500 error response.
        location ~ \.php(?:$|/) {
            # Required for legacy support
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            set $path_info $fastcgi_path_info;
@ -162,23 +167,16 @@ http {
            fastcgi_max_temp_file_size 0;
        }
        # Javascript mimetype fixes for nginx
        # Note: The block below should be removed, and the js|mjs section should be
        # added to the block below this one. This is a temporary fix until Nginx 
        # upstream fixes the js mime-type
        location ~* \.(?:js|mjs)$ {
            types { 
                text/javascript js mjs;
            } 
            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
            access_log off;
        }
        # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
            add_header Referrer-Policy                   "no-referrer"       always;
            add_header X-Content-Type-Options            "nosniff"           always;
            add_header X-Frame-Options                   "SAMEORIGIN"        always;
            add_header X-Permitted-Cross-Domain-Policies "none"              always;
            add_header X-Robots-Tag                      "noindex, nofollow" always;
            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets
            location ~ \.wasm$ {
@ -186,7 +184,7 @@ http {
            }
        }
-        location ~ \.woff2?$ {
+        location ~ \.(otf|woff2?)$ {
            try_files $uri /index.php$request_uri;
            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets
--- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml
@ -1,7 +1,8 @@
 version: '3'
 services:
  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/postgres
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: postgres:alpine
    restart: always
    volumes:
@ -9,6 +10,8 @@ services:
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
@ -18,6 +21,7 @@ services:
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - VIRTUAL_HOST=
      - LETSENCRYPT_HOST=
@ -29,6 +33,7 @@ services:
    depends_on:
      - db
      - redis
      - proxy
    networks:
      - proxy-tier
      - default
@ -38,11 +43,15 @@ services:
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
  # https://hub.docker.com/r/nginxproxy/nginx-proxy
  proxy:
    build: ./proxy
    restart: always
@ -50,15 +59,17 @@ services:
      - 80:80
      - 443:443
    labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
-      - certs:/etc/nginx/certs:z,ro
+      - certs:/etc/nginx/certs:ro,z
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/tmp/docker.sock:z,ro
    networks:
      - proxy-tier
  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/r/nginxproxy/acme-companion
  letsencrypt-companion:
    image: nginxproxy/acme-companion
    restart: always
@ -73,7 +84,7 @@ services:
    depends_on:
      - proxy
-# self signed
+# self signed, outdated
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"
--- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile
@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:alpine
+FROM nginxproxy/nginx-proxy:1.7-alpine
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml
@ -1,7 +1,8 @@
 version: '3'
 services:
  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/postgres
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: postgres:alpine
    restart: always
    volumes:
@ -9,6 +10,8 @@ services:
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
@ -18,6 +21,7 @@ services:
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - POSTGRES_HOST=db
      - REDIS_HOST=redis
@ -26,11 +30,17 @@ services:
    depends_on:
      - db
      - redis
      - proxy
  # Note: Nginx is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/nginx/
  web:
-    build: ./web
+    image: nginx:alpine-slim
    restart: always
    volumes:
      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro
      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
      - nextcloud:/var/www/html:z,ro
    environment:
      - VIRTUAL_HOST=
@ -47,11 +57,15 @@ services:
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
  # https://hub.docker.com/r/nginxproxy/nginx-proxy
  proxy:
    build: ./proxy
    restart: always
@ -59,7 +73,7 @@ services:
      - 80:80
      - 443:443
    labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
      - certs:/etc/nginx/certs:z,ro
      - vhost.d:/etc/nginx/vhost.d:z
@ -68,6 +82,8 @@ services:
    networks:
      - proxy-tier
  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/r/nginxproxy/acme-companion
  letsencrypt-companion:
    image: nginxproxy/acme-companion
    restart: always
@ -77,12 +93,14 @@ services:
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/var/run/docker.sock:z,ro
    environment:
      - DEFAULT_EMAIL=
    networks:
      - proxy-tier
    depends_on:
      - proxy
-# self signed
+# self signed, outdated
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile
@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:alpine
+FROM nginxproxy/nginx-proxy:1.7-alpine
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile
@ -1,3 +0,0 @@
 FROM nginx:alpine
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
@ -12,6 +12,9 @@ events {
 http {
    include mime.types;
    default_type  application/octet-stream;
    types {
        text/javascript mjs;
    }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
@ -30,13 +33,15 @@ http {
    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
-    default "immutable";
+    default ", immutable";
    }
    #gzip  on;
    resolver 127.0.0.11 valid=2s;
    upstream php-handler {
-        server app:9000;
+        zone backends 64k;
        server app:9000 resolve;
    }
    server {
@ -140,7 +145,7 @@ http {
        # to the URI, resulting in a HTTP 500 error response.
        location ~ \.php(?:$|/) {
            # Required for legacy support
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            set $path_info $fastcgi_path_info;
@ -162,23 +167,16 @@ http {
            fastcgi_max_temp_file_size 0;
        }
        # Javascript mimetype fixes for nginx
        # Note: The block below should be removed, and the js|mjs section should be
        # added to the block below this one. This is a temporary fix until Nginx 
        # upstream fixes the js mime-type
        location ~* \.(?:js|mjs)$ {
            types { 
                text/javascript js mjs;
            } 
            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
            access_log off;
        }
        # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
            add_header Referrer-Policy                   "no-referrer"       always;
            add_header X-Content-Type-Options            "nosniff"           always;
            add_header X-Frame-Options                   "SAMEORIGIN"        always;
            add_header X-Permitted-Cross-Domain-Policies "none"              always;
            add_header X-Robots-Tag                      "noindex, nofollow" always;
            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets
            location ~ \.wasm$ {
@ -186,7 +184,7 @@ http {
            }
        }
-        location ~ \.woff2?$ {
+        location ~ \.(otf|woff2?)$ {
            try_files $uri /index.php$request_uri;
            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets
--- a/.github/ISSUE_TEMPLATE/01-Image_issue.md
+++ b/.github/ISSUE_TEMPLATE/01-Image_issue.md
@ -1,6 +1,7 @@
 ---
-name: 🐛 Image issue
+name: 🐛 Report a bug in the image
-about: Issues related to the Nextcloud Docker image
+about: Create a report to help us improve the image
 labels: "bug, 0. Needs triage"
 ---
 <!--
--- a/.github/ISSUE_TEMPLATE/02-Image_enhancement
+++ b/.github/ISSUE_TEMPLATE/02-Image_enhancement
@ -0,0 +1,15 @@
 ---
 name: 🚀 Suggest an enhancement
 about: Suggest an idea for improving the image
 labels: "enhancement, 0. Needs triage"
 ---
 <!--
 Thanks for suggesting an idea to improve the Nextcloud Docker image!
 This image is maintained by volunteers so if you're able to assist with implementing your idea, please mention that (and consider submitting a PR as well).
 Note: This is the issue tracker of the official Nextcloud **Docker image**, please do NOT use this to suggestion enhancements in Nextcloud Server itself. 
 To learn more about official images, see https://github.com/docker-library/faq
 -->
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -1,10 +1,22 @@
 contact_links:
-    - name: 🐛 Nextcloud issue
+    - name: ❓ Ask a question
      url: https://github.com/nextcloud/server/issues/new/choose
      about: Bug reports and feature requests for Nextcloud
    - name: 🐳 Docker Support and Help
      url: https://forums.docker.com/
      about: Configuration, installation, networking and other questions
    - name: ❓ Nextcloud Support and Help
      url: https://help.nextcloud.com/
-      about: Configuration, webserver/proxy or performance issues and other questions
+      about: Ask a question, get assistance or start a discussion regarding Nextcloud and/or this image
    - name: Documentation - Nextcloud Server
      url: https://docs.nextcloud.com/
      about: Official documentation for Nextcloud Server
    - name: Documentation - Nextcloud Docker Image
      url: https://github.com/nextcloud/docker/blob/master/README.md
      about: Official documentation for this image
    - name: 🐳 Documentation - Docker
      url: https://docs.docker.com/
      about: Official documentation for Docker (installing, configuring, troubleshooting)  
    - name: 🐳 Docker Forum
      url: https://forums.docker.com/
      about: Ask a question, get assistance or start a discussion regarding Docker
    - name: 🐛 Bug Report - Nextcloud Server
      url: https://github.com/nextcloud/server/issues/new/choose
      about: Report a bug in Nextcloud Server
    - name: Enhancement Idea - Nextcloud Server
      url: https://github.com/nextcloud/server/issues/new/choose
      about: Suggest an enhancement idea for Nextcloud Server
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@ -1,51 +0,0 @@
 # This workflow is provided via the organization template repository
 #
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
 name: Rebase command
 on:
  issue_comment:
    types: created
 permissions:
  contents: read
 jobs:
  rebase:
    runs-on: ubuntu-latest
    permissions:
      contents: none
    # On pull requests and if the comment starts with `/rebase`
    if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/rebase')
    steps:
      - name: Add reaction on start
        uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          repository: ${{ github.event.repository.full_name }}
          comment-id: ${{ github.event.comment.id }}
          reaction-type: "+1"
      - name: Checkout the latest code
        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
        with:
          fetch-depth: 0
          token: ${{ secrets.COMMAND_BOT_PAT }}
      - name: Automatic Rebase
        uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8
        env:
          GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
      - name: Add reaction on failure
        uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
        if: failure()
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          repository: ${{ github.event.repository.full_name }}
          comment-id: ${{ github.event.comment.id }}
          reaction-type: "-1"
--- a/.github/workflows/update-sh.yml
+++ b/.github/workflows/update-sh.yml
@ -5,7 +5,7 @@ on:
    branches:
    - master
  schedule:
-  - cron:  '15 0 * * *'
+  - cron:  '15 18 * * *'
  workflow_dispatch:
 jobs:
--- a/29/fpm-alpine/config/redis.config.php
+++ b/29/fpm-alpine/config/redis.config.php
@ -1,17 +0,0 @@
 <?php
 if (getenv('REDIS_HOST')) {
  $CONFIG = array(
    'memcache.distributed' => '\OC\Memcache\Redis',
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
    ),
  );
  if (getenv('REDIS_HOST_PORT') !== false) {
    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
 }
--- a/29/fpm-alpine/config/reverse-proxy.config.php
+++ b/29/fpm-alpine/config/reverse-proxy.config.php
@ -1,30 +0,0 @@
 <?php
 $overwriteHost = getenv('OVERWRITEHOST');
 if ($overwriteHost) {
  $CONFIG['overwritehost'] = $overwriteHost;
 }
 $overwriteProtocol = getenv('OVERWRITEPROTOCOL');
 if ($overwriteProtocol) {
  $CONFIG['overwriteprotocol'] = $overwriteProtocol;
 }
 $overwriteCliUrl = getenv('OVERWRITECLIURL');
 if ($overwriteCliUrl) {
  $CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
 }
 $overwriteWebRoot = getenv('OVERWRITEWEBROOT');
 if ($overwriteWebRoot) {
  $CONFIG['overwritewebroot'] = $overwriteWebRoot;
 }
 $overwriteCondAddr = getenv('OVERWRITECONDADDR');
 if ($overwriteCondAddr) {
  $CONFIG['overwritecondaddr'] = $overwriteCondAddr;
 }
 $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
--- a/29/fpm-alpine/config/s3.config.php
+++ b/29/fpm-alpine/config/s3.config.php
@ -1,48 +0,0 @@
 <?php
 if (getenv('OBJECTSTORE_S3_BUCKET')) {
  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
  $CONFIG = array(
    'objectstore' => array(
      'class' => '\OC\Files\ObjectStore\S3',
      'arguments' => array(
        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
        // required for some non Amazon S3 implementations
        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
        // required for older protocol versions
        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
      )
    )
  );
  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
  } else {
    $CONFIG['objectstore']['arguments']['key'] = '';
  }
  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
  } else {
    $CONFIG['objectstore']['arguments']['secret'] = '';
  }
  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
  }
 }
--- a/29/fpm-alpine/entrypoint.sh
+++ b/29/fpm-alpine/entrypoint.sh
@ -1,293 +0,0 @@
 #!/bin/sh
 set -eu
 # version_greater A B returns whether A > B
 version_greater() {
    [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
 }
 # return true if specified directory is empty
 directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }
 run_as() {
    if [ "$(id -u)" = 0 ]; then
        su -p "$user" -s /bin/sh -c "$1"
    else
        sh -c "$1"
    fi
 }
 # Execute all executable files in a given directory in alphanumeric order
 run_path() {
    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
    local return_code=0
    if ! [ -d "${hook_folder_path}" ]; then
        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
        return 0
    fi
    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
    (
        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
            if ! [ -x "${script_file_path}" ]; then
                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
                continue
            fi
            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
            run_as "${script_file_path}" || return_code="$?"
            if [ "${return_code}" -ne "0" ]; then
                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
                exit 1
            fi
            echo "==> Finished the script: \"${script_file_path}\""
        done
    )
 }
 # usage: file_env VAR [DEFAULT]
 #    ie: file_env 'XYZ_DB_PASSWORD' 'example'
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 #  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
 file_env() {
    local var="$1"
    local fileVar="${var}_FILE"
    local def="${2:-}"
    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
    if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
        exit 1
    fi
    if [ -n "${varValue}" ]; then
        export "$var"="${varValue}"
    elif [ -n "${fileVarValue}" ]; then
        export "$var"="$(cat "${fileVarValue}")"
    elif [ -n "${def}" ]; then
        export "$var"="$def"
    fi
    unset "$fileVar"
 }
 if expr "$1" : "apache" 1>/dev/null; then
    if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
        a2disconf remoteip
    fi
 fi
 if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
    uid="$(id -u)"
    gid="$(id -g)"
    if [ "$uid" = '0' ]; then
        case "$1" in
            apache2*)
                user="${APACHE_RUN_USER:-www-data}"
                group="${APACHE_RUN_GROUP:-www-data}"
                # strip off any '#' symbol ('#1000' is valid syntax for Apache)
                user="${user#'#'}"
                group="${group#'#'}"
                ;;
            *) # php-fpm
                user='www-data'
                group='www-data'
                ;;
        esac
    else
        user="$uid"
        group="$gid"
    fi
    if [ -n "${REDIS_HOST+x}" ]; then
        echo "Configuring Redis as session handler"
        {
            file_env REDIS_HOST_PASSWORD
            echo 'session.save_handler = redis'
            # check if redis host is an unix socket path
            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
              else
                echo "session.save_path = \"unix://${REDIS_HOST}\""
              fi
            # check if redis password has been set
            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
            else
                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
            fi
            echo "redis.session.locking_enabled = 1"
            echo "redis.session.lock_retries = -1"
            # redis.session.lock_wait_time is specified in microseconds.
            # Wait 10ms before retrying the lock rather than the default 2ms.
            echo "redis.session.lock_wait_time = 10000"
        } > /usr/local/etc/php/conf.d/redis-session.ini
    fi
    # If another process is syncing the html folder, wait for
    # it to be done, then escape initalization.
    (
        if ! flock -n 9; then
            # If we couldn't get it immediately, show a message, then wait for real
            echo "Another process is initializing Nextcloud. Waiting..."
            flock 9
        fi
        installed_version="0.0.0.0"
        if [ -f /var/www/html/version.php ]; then
            # shellcheck disable=SC2016
            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
        fi
        # shellcheck disable=SC2016
        image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
        if version_greater "$installed_version" "$image_version"; then
            echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
            exit 1
        fi
        if version_greater "$image_version" "$installed_version"; then
            echo "Initializing nextcloud $image_version ..."
            if [ "$installed_version" != "0.0.0.0" ]; then
                if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
                    echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
                    echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
                    exit 1
                fi
                echo "Upgrading nextcloud from $installed_version ..."
                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
            fi
            if [ "$(id -u)" = 0 ]; then
                rsync_options="-rlDog --chown $user:$group"
            else
                rsync_options="-rlD"
            fi
            rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
            for dir in config data custom_apps themes; do
                if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
                    rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
                fi
            done
            rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
            # Install
            if [ "$installed_version" = "0.0.0.0" ]; then
                echo "New nextcloud instance"
                file_env NEXTCLOUD_ADMIN_PASSWORD
                file_env NEXTCLOUD_ADMIN_USER
                install=false
                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
                    # shellcheck disable=SC2016
                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
                    if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
                        # shellcheck disable=SC2016
                        install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
                    fi
                    file_env MYSQL_DATABASE
                    file_env MYSQL_PASSWORD
                    file_env MYSQL_USER
                    file_env POSTGRES_DB
                    file_env POSTGRES_PASSWORD
                    file_env POSTGRES_USER
                    if [ -n "${SQLITE_DATABASE+x}" ]; then
                        echo "Installing with SQLite database"
                        # shellcheck disable=SC2016
                        install_options=$install_options' --database-name "$SQLITE_DATABASE"'
                        install=true
                    elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
                        echo "Installing with MySQL database"
                        # shellcheck disable=SC2016
                        install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
                        install=true
                    elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
                        echo "Installing with PostgreSQL database"
                        # shellcheck disable=SC2016
                        install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
                        install=true
                    fi
                    if [ "$install" = true ]; then
                        run_path pre-installation
                        echo "Starting nextcloud installation"
                        max_retries=10
                        try=0
                        until  [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options" 
                        do
                            echo "Retrying install..."
                            try=$((try+1))
                            sleep 10s
                        done
                        if [ "$try" -gt "$max_retries" ]; then
                            echo "Installing of nextcloud failed!"
                            exit 1
                        fi
                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
                            echo "Setting trusted domains…"
                            NC_TRUSTED_DOMAIN_IDX=1
                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
                            done
                        fi
                        run_path post-installation
 		    fi
                fi
 		# not enough specified to do a fully automated installation 
                if [ "$install" = false ]; then 
                    echo "Next step: Access your instance to finish the web-based installation!"
                    echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
                fi
            # Upgrade
            else
                run_path pre-upgrade
                run_as 'php /var/www/html/occ upgrade'
                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
                echo "The following apps have been disabled:"
                diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
                rm -f /tmp/list_before /tmp/list_after
                run_path post-upgrade
            fi
            echo "Initializing finished"
        fi
        # Update htaccess after init if requested
        if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
            run_as 'php /var/www/html/occ maintenance:update:htaccess'
        fi
    ) 9> /var/www/html/nextcloud-init-sync.lock
    # warn if config files on persistent storage differ from the latest version of this image
    for cfgPath in /usr/src/nextcloud/config/*.php; do
        cfgFile=$(basename "$cfgPath")
        if [ "$cfgFile" != "config.sample.php" ]; then
            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
            fi
        fi
    done
    run_path before-starting
 fi
 exec "$@"
--- a/29/fpm/config/redis.config.php
+++ b/29/fpm/config/redis.config.php
@ -1,17 +0,0 @@
 <?php
 if (getenv('REDIS_HOST')) {
  $CONFIG = array(
    'memcache.distributed' => '\OC\Memcache\Redis',
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
    ),
  );
  if (getenv('REDIS_HOST_PORT') !== false) {
    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
 }
--- a/29/fpm/config/reverse-proxy.config.php
+++ b/29/fpm/config/reverse-proxy.config.php
@ -1,30 +0,0 @@
 <?php
 $overwriteHost = getenv('OVERWRITEHOST');
 if ($overwriteHost) {
  $CONFIG['overwritehost'] = $overwriteHost;
 }
 $overwriteProtocol = getenv('OVERWRITEPROTOCOL');
 if ($overwriteProtocol) {
  $CONFIG['overwriteprotocol'] = $overwriteProtocol;
 }
 $overwriteCliUrl = getenv('OVERWRITECLIURL');
 if ($overwriteCliUrl) {
  $CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
 }
 $overwriteWebRoot = getenv('OVERWRITEWEBROOT');
 if ($overwriteWebRoot) {
  $CONFIG['overwritewebroot'] = $overwriteWebRoot;
 }
 $overwriteCondAddr = getenv('OVERWRITECONDADDR');
 if ($overwriteCondAddr) {
  $CONFIG['overwritecondaddr'] = $overwriteCondAddr;
 }
 $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
--- a/29/fpm/config/s3.config.php
+++ b/29/fpm/config/s3.config.php
@ -1,48 +0,0 @@
 <?php
 if (getenv('OBJECTSTORE_S3_BUCKET')) {
  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
  $CONFIG = array(
    'objectstore' => array(
      'class' => '\OC\Files\ObjectStore\S3',
      'arguments' => array(
        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
        // required for some non Amazon S3 implementations
        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
        // required for older protocol versions
        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
      )
    )
  );
  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
  } else {
    $CONFIG['objectstore']['arguments']['key'] = '';
  }
  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
  } else {
    $CONFIG['objectstore']['arguments']['secret'] = '';
  }
  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
  }
 }
--- a/29/fpm/entrypoint.sh
+++ b/29/fpm/entrypoint.sh
@ -1,293 +0,0 @@
 #!/bin/sh
 set -eu
 # version_greater A B returns whether A > B
 version_greater() {
    [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
 }
 # return true if specified directory is empty
 directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }
 run_as() {
    if [ "$(id -u)" = 0 ]; then
        su -p "$user" -s /bin/sh -c "$1"
    else
        sh -c "$1"
    fi
 }
 # Execute all executable files in a given directory in alphanumeric order
 run_path() {
    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
    local return_code=0
    if ! [ -d "${hook_folder_path}" ]; then
        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
        return 0
    fi
    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
    (
        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
            if ! [ -x "${script_file_path}" ]; then
                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
                continue
            fi
            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
            run_as "${script_file_path}" || return_code="$?"
            if [ "${return_code}" -ne "0" ]; then
                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
                exit 1
            fi
            echo "==> Finished the script: \"${script_file_path}\""
        done
    )
 }
 # usage: file_env VAR [DEFAULT]
 #    ie: file_env 'XYZ_DB_PASSWORD' 'example'
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 #  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
 file_env() {
    local var="$1"
    local fileVar="${var}_FILE"
    local def="${2:-}"
    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
    if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
        exit 1
    fi
    if [ -n "${varValue}" ]; then
        export "$var"="${varValue}"
    elif [ -n "${fileVarValue}" ]; then
        export "$var"="$(cat "${fileVarValue}")"
    elif [ -n "${def}" ]; then
        export "$var"="$def"
    fi
    unset "$fileVar"
 }
 if expr "$1" : "apache" 1>/dev/null; then
    if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
        a2disconf remoteip
    fi
 fi
 if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
    uid="$(id -u)"
    gid="$(id -g)"
    if [ "$uid" = '0' ]; then
        case "$1" in
            apache2*)
                user="${APACHE_RUN_USER:-www-data}"
                group="${APACHE_RUN_GROUP:-www-data}"
                # strip off any '#' symbol ('#1000' is valid syntax for Apache)
                user="${user#'#'}"
                group="${group#'#'}"
                ;;
            *) # php-fpm
                user='www-data'
                group='www-data'
                ;;
        esac
    else
        user="$uid"
        group="$gid"
    fi
    if [ -n "${REDIS_HOST+x}" ]; then
        echo "Configuring Redis as session handler"
        {
            file_env REDIS_HOST_PASSWORD
            echo 'session.save_handler = redis'
            # check if redis host is an unix socket path
            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
              else
                echo "session.save_path = \"unix://${REDIS_HOST}\""
              fi
            # check if redis password has been set
            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
            else
                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
            fi
            echo "redis.session.locking_enabled = 1"
            echo "redis.session.lock_retries = -1"
            # redis.session.lock_wait_time is specified in microseconds.
            # Wait 10ms before retrying the lock rather than the default 2ms.
            echo "redis.session.lock_wait_time = 10000"
        } > /usr/local/etc/php/conf.d/redis-session.ini
    fi
    # If another process is syncing the html folder, wait for
    # it to be done, then escape initalization.
    (
        if ! flock -n 9; then
            # If we couldn't get it immediately, show a message, then wait for real
            echo "Another process is initializing Nextcloud. Waiting..."
            flock 9
        fi
        installed_version="0.0.0.0"
        if [ -f /var/www/html/version.php ]; then
            # shellcheck disable=SC2016
            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
        fi
        # shellcheck disable=SC2016
        image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
        if version_greater "$installed_version" "$image_version"; then
            echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
            exit 1
        fi
        if version_greater "$image_version" "$installed_version"; then
            echo "Initializing nextcloud $image_version ..."
            if [ "$installed_version" != "0.0.0.0" ]; then
                if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
                    echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
                    echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
                    exit 1
                fi
                echo "Upgrading nextcloud from $installed_version ..."
                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
            fi
            if [ "$(id -u)" = 0 ]; then
                rsync_options="-rlDog --chown $user:$group"
            else
                rsync_options="-rlD"
            fi
            rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
            for dir in config data custom_apps themes; do
                if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
                    rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
                fi
            done
            rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
            # Install
            if [ "$installed_version" = "0.0.0.0" ]; then
                echo "New nextcloud instance"
                file_env NEXTCLOUD_ADMIN_PASSWORD
                file_env NEXTCLOUD_ADMIN_USER
                install=false
                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
                    # shellcheck disable=SC2016
                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
                    if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
                        # shellcheck disable=SC2016
                        install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
                    fi
                    file_env MYSQL_DATABASE
                    file_env MYSQL_PASSWORD
                    file_env MYSQL_USER
                    file_env POSTGRES_DB
                    file_env POSTGRES_PASSWORD
                    file_env POSTGRES_USER
                    if [ -n "${SQLITE_DATABASE+x}" ]; then
                        echo "Installing with SQLite database"
                        # shellcheck disable=SC2016
                        install_options=$install_options' --database-name "$SQLITE_DATABASE"'
                        install=true
                    elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
                        echo "Installing with MySQL database"
                        # shellcheck disable=SC2016
                        install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
                        install=true
                    elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
                        echo "Installing with PostgreSQL database"
                        # shellcheck disable=SC2016
                        install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
                        install=true
                    fi
                    if [ "$install" = true ]; then
                        run_path pre-installation
                        echo "Starting nextcloud installation"
                        max_retries=10
                        try=0
                        until  [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options" 
                        do
                            echo "Retrying install..."
                            try=$((try+1))
                            sleep 10s
                        done
                        if [ "$try" -gt "$max_retries" ]; then
                            echo "Installing of nextcloud failed!"
                            exit 1
                        fi
                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
                            echo "Setting trusted domains…"
                            NC_TRUSTED_DOMAIN_IDX=1
                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
                            done
                        fi
                        run_path post-installation
 		    fi
                fi
 		# not enough specified to do a fully automated installation 
                if [ "$install" = false ]; then 
                    echo "Next step: Access your instance to finish the web-based installation!"
                    echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
                fi
            # Upgrade
            else
                run_path pre-upgrade
                run_as 'php /var/www/html/occ upgrade'
                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
                echo "The following apps have been disabled:"
                diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
                rm -f /tmp/list_before /tmp/list_after
                run_path post-upgrade
            fi
            echo "Initializing finished"
        fi
        # Update htaccess after init if requested
        if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
            run_as 'php /var/www/html/occ maintenance:update:htaccess'
        fi
    ) 9> /var/www/html/nextcloud-init-sync.lock
    # warn if config files on persistent storage differ from the latest version of this image
    for cfgPath in /usr/src/nextcloud/config/*.php; do
        cfgFile=$(basename "$cfgPath")
        if [ "$cfgFile" != "config.sample.php" ]; then
            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
            fi
        fi
    done
    run_path before-starting
 fi
 exec "$@"
--- a/31/apache/Dockerfile
+++ b/31/apache/Dockerfile
@ -1,5 +1,5 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
-FROM php:8.2-apache-bookworm
+FROM php:8.3-apache-trixie
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
@ -9,10 +9,10 @@ RUN set -ex; \
        busybox-static \
        bzip2 \
        libldap-common \
-        libmagickcore-6.q16-6-extra \
+        libmagickcore-7.q16-10-extra \
        rsync \
    ; \
-    rm -rf /var/lib/apt/lists/*; \
+    apt-get dist-clean; \
    \
    mkdir -p /var/spool/cron/crontabs; \
    echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
@ -21,6 +21,7 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
 ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128
 RUN set -ex; \
    \
    savedAptMark="$(apt-mark showmanual)"; \
@ -34,8 +35,8 @@ RUN set -ex; \
        libicu-dev \
        libjpeg-dev \
        libldap2-dev \
        liblz4-dev \
        libmagickwand-dev \
        libmcrypt-dev \
        libmemcached-dev \
        libpng-dev \
        libpq-dev \
@ -56,7 +57,6 @@ RUN set -ex; \
        gmp \
        intl \
        ldap \
        opcache \
        pcntl \
        pdo_mysql \
        pdo_pgsql \
@ -65,13 +65,17 @@ RUN set -ex; \
    ; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.23; \
+    pecl install APCu-5.1.28; \
-    pecl install imagick-3.7.0; \
+    pecl install igbinary-3.2.16; \
-    pecl install memcached-3.2.0; \
+    pecl install imagick-3.8.1; \
-    pecl install redis-6.0.2; \
+    pecl install --configureoptions 'enable-memcached-igbinary="yes"' \
        memcached-3.4.0; \
    pecl install --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
        redis-6.3.0; \
    \
    docker-php-ext-enable \
        apcu \
        igbinary \
        imagick \
        memcached \
        redis \
@ -84,13 +88,14 @@ RUN set -ex; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
        | sort -u \
-        | xargs -r dpkg-query --search \
+        | xargs -rt dpkg-query --search \
-        | cut -d: -f1 \
+# https://manpages.debian.org/trixie/dpkg/dpkg-query.1.en.html#S (we ignore diversions and it'll be really unusual for more than one package to provide any given .so file)
        | awk 'sub(":$", "", $1) { print $1 }' \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-    rm -rf /var/lib/apt/lists/*
+    apt-get dist-clean
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
@ -98,15 +103,20 @@ RUN { \
        echo 'opcache.enable=1'; \
        echo 'opcache.interned_strings_buffer=32'; \
        echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=128'; \
+        echo 'opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION}'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=60'; \
        echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=128M'; \
+        echo 'opcache.jit_buffer_size=8M'; \
    } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
    \
    echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
    \
    { \
        echo 'apc.serializer=igbinary'; \
        echo 'session.serialize_handler=igbinary'; \
    } >> "${PHP_INI_DIR}/conf.d/docker-php-ext-igbinary.ini"; \
    \
    { \
        echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
        echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
@ -140,7 +150,7 @@ RUN { \
    } > /etc/apache2/conf-available/apache-limits.conf; \
    a2enconf apache-limits
-ENV NEXTCLOUD_VERSION 29.0.5
+ENV NEXTCLOUD_VERSION 31.0.12
 RUN set -ex; \
    fetchDeps=" \
@ -150,8 +160,8 @@ RUN set -ex; \
    apt-get update; \
    apt-get install -y --no-install-recommends $fetchDeps; \
    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.5.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.5.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
@ -165,7 +175,7 @@ RUN set -ex; \
    chmod +x /usr/src/nextcloud/occ; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
-    rm -rf /var/lib/apt/lists/*
+    apt-get dist-clean
 COPY *.sh upgrade.exclude /
 COPY config/* /usr/src/nextcloud/config/
--- a/31/apache/config/apache-pretty-urls.config.php
+++ b/31/apache/config/apache-pretty-urls.config.php
--- a/31/apache/config/apcu.config.php
+++ b/31/apache/config/apcu.config.php
--- a/31/apache/config/apps.config.php
+++ b/31/apache/config/apps.config.php
--- a/31/apache/config/autoconfig.php
+++ b/31/apache/config/autoconfig.php
--- a/31/apache/config/redis.config.php
+++ b/31/apache/config/redis.config.php
@ -14,4 +14,8 @@ if (getenv('REDIS_HOST')) {
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
  if (getenv('REDIS_HOST_USER') !== false) {
    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
  }
 }
--- a/31/apache/config/reverse-proxy.config.php
+++ b/31/apache/config/reverse-proxy.config.php
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
 $forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
 if ($forwardedForHeaders) {
  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
 }
--- a/31/apache/config/s3.config.php
+++ b/31/apache/config/s3.config.php
@ -14,8 +14,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
+        'autocreate' => strtolower($autocreate) !== 'false',
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
+        'use_ssl' => strtolower($use_ssl) !== 'false',
        // required for some non Amazon S3 implementations
        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
        // required for older protocol versions
--- a/31/apache/config/smtp.config.php
+++ b/31/apache/config/smtp.config.php
--- a/31/apache/config/swift.config.php
+++ b/31/apache/config/swift.config.php
--- a/31/apache/config/upgrade-disable-web.config.php
+++ b/31/apache/config/upgrade-disable-web.config.php
--- a/31/apache/cron.sh
+++ b/31/apache/cron.sh
--- a/31/apache/entrypoint.sh
+++ b/31/apache/entrypoint.sh
@ -23,32 +23,39 @@ run_as() {
 run_path() {
    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
    local return_code=0
    local found=0
-    if ! [ -d "${hook_folder_path}" ]; then
+    echo "=> Searching for hook scripts (*.sh) to run, located in the folder \"${hook_folder_path}\""
-        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
+
    if ! [ -d "${hook_folder_path}" ] || directory_empty "${hook_folder_path}"; then
        echo "==> Skipped: the \"$1\" folder is empty (or does not exist)"
        return 0
    fi
-    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
+    find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | (
-
+        while read -r script_file_path; do
    (
        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
            if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
+                echo "==> The script \"${script_file_path}\" was skipped, because it lacks the executable flag"
                found=$((found-1))
                continue
            fi
            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-
+            found=$((found+1))
            run_as "${script_file_path}" || return_code="$?"
            if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
+                echo "==> Failed at executing script \"${script_file_path}\". Exit code: ${return_code}"
                exit 1
            fi
-            echo "==> Finished the script: \"${script_file_path}\""
+            echo "==> Finished executing the script: \"${script_file_path}\""
        done
        if [ "$found" -lt "1" ]; then
            echo "==> Skipped: the \"$1\" folder does not contain any valid scripts"
        else
            echo "=> Completed executing scripts in the \"$1\" folder"
        fi
    )
 }
@ -114,13 +121,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
            # check if redis host is an unix socket path
            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
+                if [ -n "${REDIS_HOST_USER+x}" ]; then
                  echo "session.save_path = \"unix://${REDIS_HOST}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
                else
                  echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
                fi
              else
                echo "session.save_path = \"unix://${REDIS_HOST}\""
              fi
            # check if redis password has been set
            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
+                if [ -n "${REDIS_HOST_USER+x}" ]; then
                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
                else
                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
                fi
            else
                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
            fi
@ -237,12 +252,14 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        fi
                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
                            echo "Setting trusted domains…"
 			    set -f # turn off glob
                            NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
+                            for DOMAIN in ${NEXTCLOUD_TRUSTED_DOMAINS}; do
-                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+                                DOMAIN=$(echo "${DOMAIN}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
+                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=\"${DOMAIN}\""
                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
                            done
 			    set +f # turn glob back on
                        fi
                        run_path post-installation
@ -280,7 +297,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
    for cfgPath in /usr/src/nextcloud/config/*.php; do
        cfgFile=$(basename "$cfgPath")
-        if [ "$cfgFile" != "config.sample.php" ]; then
+        if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
            fi
--- a/31/apache/upgrade.exclude
+++ b/31/apache/upgrade.exclude
--- a/31/fpm-alpine/Dockerfile
+++ b/31/fpm-alpine/Dockerfile
@ -1,5 +1,5 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
-FROM php:8.2-fpm-alpine3.20
+FROM php:8.3-fpm-alpine3.23
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
@ -32,7 +32,6 @@ RUN set -ex; \
        imagemagick-dev \
        libevent-dev \
        libjpeg-turbo-dev \
        libmcrypt-dev \
        libmemcached-dev \
        libpng-dev \
        libwebp-dev \
@ -54,7 +53,6 @@ RUN set -ex; \
        gmp \
        intl \
        ldap \
        opcache \
        pcntl \
        pdo_mysql \
        pdo_pgsql \
@ -63,13 +61,17 @@ RUN set -ex; \
    ; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.23; \
+    pecl install APCu-5.1.28; \
-    pecl install imagick-3.7.0; \
+    pecl install igbinary-3.2.16; \
-    pecl install memcached-3.2.0; \
+    pecl install imagick-3.8.1; \
-    pecl install redis-6.0.2; \
+    pecl install --configureoptions 'enable-memcached-igbinary="yes"' \
        memcached-3.4.0; \
    pecl install --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
        redis-6.3.0; \
    \
    docker-php-ext-enable \
        apcu \
        igbinary \
        imagick \
        memcached \
        redis \
@ -89,19 +91,25 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
 ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128
 RUN { \
        echo 'opcache.enable=1'; \
        echo 'opcache.interned_strings_buffer=32'; \
        echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=128'; \
+        echo 'opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION}'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=60'; \
        echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=128M'; \
+        echo 'opcache.jit_buffer_size=8M'; \
    } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
    \
    echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
    \
    { \
        echo 'apc.serializer=igbinary'; \
        echo 'session.serialize_handler=igbinary'; \
    } >> "${PHP_INI_DIR}/conf.d/docker-php-ext-igbinary.ini"; \
    \
    { \
        echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
        echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
@ -120,7 +128,7 @@ RUN { \
 VOLUME /var/www/html
-ENV NEXTCLOUD_VERSION 28.0.9
+ENV NEXTCLOUD_VERSION 31.0.12
 RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
@ -128,8 +136,8 @@ RUN set -ex; \
        gnupg \
    ; \
    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.9.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.9.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver keyserver.ubuntu.com  --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
--- a/31/fpm-alpine/config/apcu.config.php
+++ b/31/fpm-alpine/config/apcu.config.php
--- a/31/fpm-alpine/config/apps.config.php
+++ b/31/fpm-alpine/config/apps.config.php
--- a/31/fpm-alpine/config/autoconfig.php
+++ b/31/fpm-alpine/config/autoconfig.php
--- a/31/fpm-alpine/config/redis.config.php
+++ b/31/fpm-alpine/config/redis.config.php
@ -14,4 +14,8 @@ if (getenv('REDIS_HOST')) {
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
  if (getenv('REDIS_HOST_USER') !== false) {
    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
  }
 }
--- a/31/fpm-alpine/config/reverse-proxy.config.php
+++ b/31/fpm-alpine/config/reverse-proxy.config.php
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
 $forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
 if ($forwardedForHeaders) {
  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
 }
--- a/31/fpm-alpine/config/s3.config.php
+++ b/31/fpm-alpine/config/s3.config.php
@ -14,8 +14,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
+        'autocreate' => strtolower($autocreate) !== 'false',
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
+        'use_ssl' => strtolower($use_ssl) !== 'false',
        // required for some non Amazon S3 implementations
        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
        // required for older protocol versions
--- a/31/fpm-alpine/config/smtp.config.php
+++ b/31/fpm-alpine/config/smtp.config.php
--- a/31/fpm-alpine/config/swift.config.php
+++ b/31/fpm-alpine/config/swift.config.php
--- a/31/fpm-alpine/config/upgrade-disable-web.config.php
+++ b/31/fpm-alpine/config/upgrade-disable-web.config.php
--- a/31/fpm-alpine/cron.sh
+++ b/31/fpm-alpine/cron.sh
--- a/31/fpm-alpine/entrypoint.sh
+++ b/31/fpm-alpine/entrypoint.sh
@ -23,32 +23,39 @@ run_as() {
 run_path() {
    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
    local return_code=0
    local found=0
-    if ! [ -d "${hook_folder_path}" ]; then
+    echo "=> Searching for hook scripts (*.sh) to run, located in the folder \"${hook_folder_path}\""
-        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
+
    if ! [ -d "${hook_folder_path}" ] || directory_empty "${hook_folder_path}"; then
        echo "==> Skipped: the \"$1\" folder is empty (or does not exist)"
        return 0
    fi
-    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
+    find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | (
-
+        while read -r script_file_path; do
    (
        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
            if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
+                echo "==> The script \"${script_file_path}\" was skipped, because it lacks the executable flag"
                found=$((found-1))
                continue
            fi
            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-
+            found=$((found+1))
            run_as "${script_file_path}" || return_code="$?"
            if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
+                echo "==> Failed at executing script \"${script_file_path}\". Exit code: ${return_code}"
                exit 1
            fi
-            echo "==> Finished the script: \"${script_file_path}\""
+            echo "==> Finished executing the script: \"${script_file_path}\""
        done
        if [ "$found" -lt "1" ]; then
            echo "==> Skipped: the \"$1\" folder does not contain any valid scripts"
        else
            echo "=> Completed executing scripts in the \"$1\" folder"
        fi
    )
 }
@ -114,13 +121,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
            # check if redis host is an unix socket path
            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
+                if [ -n "${REDIS_HOST_USER+x}" ]; then
                  echo "session.save_path = \"unix://${REDIS_HOST}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
                else
                  echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
                fi
              else
                echo "session.save_path = \"unix://${REDIS_HOST}\""
              fi
            # check if redis password has been set
            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
+                if [ -n "${REDIS_HOST_USER+x}" ]; then
                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
                else
                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
                fi
            else
                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
            fi
@ -237,12 +252,14 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        fi
                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
                            echo "Setting trusted domains…"
 			    set -f # turn off glob
                            NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
+                            for DOMAIN in ${NEXTCLOUD_TRUSTED_DOMAINS}; do
-                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+                                DOMAIN=$(echo "${DOMAIN}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
+                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=\"${DOMAIN}\""
                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
                            done
 			    set +f # turn glob back on
                        fi
                        run_path post-installation
@ -280,7 +297,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
    for cfgPath in /usr/src/nextcloud/config/*.php; do
        cfgFile=$(basename "$cfgPath")
-        if [ "$cfgFile" != "config.sample.php" ]; then
+        if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
            fi
--- a/31/fpm-alpine/upgrade.exclude
+++ b/31/fpm-alpine/upgrade.exclude
--- a/31/fpm/Dockerfile
+++ b/31/fpm/Dockerfile
@ -1,5 +1,5 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
-FROM php:8.2-fpm-bookworm
+FROM php:8.3-fpm-trixie
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
@ -9,10 +9,10 @@ RUN set -ex; \
        busybox-static \
        bzip2 \
        libldap-common \
-        libmagickcore-6.q16-6-extra \
+        libmagickcore-7.q16-10-extra \
        rsync \
    ; \
-    rm -rf /var/lib/apt/lists/*; \
+    apt-get dist-clean; \
    \
    mkdir -p /var/spool/cron/crontabs; \
    echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
@ -21,6 +21,7 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
 ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128
 RUN set -ex; \
    \
    savedAptMark="$(apt-mark showmanual)"; \
@ -34,8 +35,8 @@ RUN set -ex; \
        libicu-dev \
        libjpeg-dev \
        libldap2-dev \
        liblz4-dev \
        libmagickwand-dev \
        libmcrypt-dev \
        libmemcached-dev \
        libpng-dev \
        libpq-dev \
@ -56,7 +57,6 @@ RUN set -ex; \
        gmp \
        intl \
        ldap \
        opcache \
        pcntl \
        pdo_mysql \
        pdo_pgsql \
@ -65,13 +65,17 @@ RUN set -ex; \
    ; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.23; \
+    pecl install APCu-5.1.28; \
-    pecl install imagick-3.7.0; \
+    pecl install igbinary-3.2.16; \
-    pecl install memcached-3.2.0; \
+    pecl install imagick-3.8.1; \
-    pecl install redis-6.0.2; \
+    pecl install --configureoptions 'enable-memcached-igbinary="yes"' \
        memcached-3.4.0; \
    pecl install --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
        redis-6.3.0; \
    \
    docker-php-ext-enable \
        apcu \
        igbinary \
        imagick \
        memcached \
        redis \
@ -84,13 +88,14 @@ RUN set -ex; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
        | sort -u \
-        | xargs -r dpkg-query --search \
+        | xargs -rt dpkg-query --search \
-        | cut -d: -f1 \
+# https://manpages.debian.org/trixie/dpkg/dpkg-query.1.en.html#S (we ignore diversions and it'll be really unusual for more than one package to provide any given .so file)
        | awk 'sub(":$", "", $1) { print $1 }' \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-    rm -rf /var/lib/apt/lists/*
+    apt-get dist-clean
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
@ -98,15 +103,20 @@ RUN { \
        echo 'opcache.enable=1'; \
        echo 'opcache.interned_strings_buffer=32'; \
        echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=128'; \
+        echo 'opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION}'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=60'; \
        echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=128M'; \
+        echo 'opcache.jit_buffer_size=8M'; \
    } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
    \
    echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
    \
    { \
        echo 'apc.serializer=igbinary'; \
        echo 'session.serialize_handler=igbinary'; \
    } >> "${PHP_INI_DIR}/conf.d/docker-php-ext-igbinary.ini"; \
    \
    { \
        echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
        echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
@ -125,7 +135,7 @@ RUN { \
 VOLUME /var/www/html
-ENV NEXTCLOUD_VERSION 28.0.9
+ENV NEXTCLOUD_VERSION 31.0.12
 RUN set -ex; \
    fetchDeps=" \
@ -135,8 +145,8 @@ RUN set -ex; \
    apt-get update; \
    apt-get install -y --no-install-recommends $fetchDeps; \
    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.9.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.9.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
@ -150,7 +160,7 @@ RUN set -ex; \
    chmod +x /usr/src/nextcloud/occ; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
-    rm -rf /var/lib/apt/lists/*
+    apt-get dist-clean
 COPY *.sh upgrade.exclude /
 COPY config/* /usr/src/nextcloud/config/
--- a/31/fpm/config/apcu.config.php
+++ b/31/fpm/config/apcu.config.php
--- a/31/fpm/config/apps.config.php
+++ b/31/fpm/config/apps.config.php
--- a/31/fpm/config/autoconfig.php
+++ b/31/fpm/config/autoconfig.php
--- a/31/fpm/config/redis.config.php
+++ b/31/fpm/config/redis.config.php
@ -14,4 +14,8 @@ if (getenv('REDIS_HOST')) {
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
  if (getenv('REDIS_HOST_USER') !== false) {
    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
  }
 }
--- a/28/fpm-alpine/config/reverse-proxy.config.php
+++ b/28/fpm-alpine/config/reverse-proxy.config.php
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
 $forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
 if ($forwardedForHeaders) {
  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
 }
--- a/31/fpm/config/s3.config.php
+++ b/31/fpm/config/s3.config.php
@ -14,8 +14,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
+        'autocreate' => strtolower($autocreate) !== 'false',
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
+        'use_ssl' => strtolower($use_ssl) !== 'false',
        // required for some non Amazon S3 implementations
        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
        // required for older protocol versions
--- a/31/fpm/config/smtp.config.php
+++ b/31/fpm/config/smtp.config.php
--- a/31/fpm/config/swift.config.php
+++ b/31/fpm/config/swift.config.php
--- a/31/fpm/config/upgrade-disable-web.config.php
+++ b/31/fpm/config/upgrade-disable-web.config.php
--- a/31/fpm/cron.sh
+++ b/31/fpm/cron.sh
--- a/31/fpm/entrypoint.sh
+++ b/31/fpm/entrypoint.sh
@ -23,32 +23,39 @@ run_as() {
 run_path() {
    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
    local return_code=0
    local found=0
-    if ! [ -d "${hook_folder_path}" ]; then
+    echo "=> Searching for hook scripts (*.sh) to run, located in the folder \"${hook_folder_path}\""
-        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
+
    if ! [ -d "${hook_folder_path}" ] || directory_empty "${hook_folder_path}"; then
        echo "==> Skipped: the \"$1\" folder is empty (or does not exist)"
        return 0
    fi
-    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
+    find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | (
-
+        while read -r script_file_path; do
    (
        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
            if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
+                echo "==> The script \"${script_file_path}\" was skipped, because it lacks the executable flag"
                found=$((found-1))
                continue
            fi
            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-
+            found=$((found+1))
            run_as "${script_file_path}" || return_code="$?"
            if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
+                echo "==> Failed at executing script \"${script_file_path}\". Exit code: ${return_code}"
                exit 1
            fi
-            echo "==> Finished the script: \"${script_file_path}\""
+            echo "==> Finished executing the script: \"${script_file_path}\""
        done
        if [ "$found" -lt "1" ]; then
            echo "==> Skipped: the \"$1\" folder does not contain any valid scripts"
        else
            echo "=> Completed executing scripts in the \"$1\" folder"
        fi
    )
 }
@ -114,13 +121,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
            # check if redis host is an unix socket path
            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
+                if [ -n "${REDIS_HOST_USER+x}" ]; then
                  echo "session.save_path = \"unix://${REDIS_HOST}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
                else
                  echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
                fi
              else
                echo "session.save_path = \"unix://${REDIS_HOST}\""
              fi
            # check if redis password has been set
            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
+                if [ -n "${REDIS_HOST_USER+x}" ]; then
                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
                else
                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
                fi
            else
                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
            fi
@ -237,12 +252,14 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        fi
                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
                            echo "Setting trusted domains…"
 			    set -f # turn off glob
                            NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
+                            for DOMAIN in ${NEXTCLOUD_TRUSTED_DOMAINS}; do
-                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+                                DOMAIN=$(echo "${DOMAIN}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
+                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=\"${DOMAIN}\""
                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
                            done
 			    set +f # turn glob back on
                        fi
                        run_path post-installation
@ -280,7 +297,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
    for cfgPath in /usr/src/nextcloud/config/*.php; do
        cfgFile=$(basename "$cfgPath")
-        if [ "$cfgFile" != "config.sample.php" ]; then
+        if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
            fi
--- a/31/fpm/upgrade.exclude
+++ b/31/fpm/upgrade.exclude
--- a/32/apache/Dockerfile
+++ b/32/apache/Dockerfile
@ -1,5 +1,5 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
-FROM php:8.2-apache-bookworm
+FROM php:8.3-apache-trixie
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
@ -9,10 +9,10 @@ RUN set -ex; \
        busybox-static \
        bzip2 \
        libldap-common \
-        libmagickcore-6.q16-6-extra \
+        libmagickcore-7.q16-10-extra \
        rsync \
    ; \
-    rm -rf /var/lib/apt/lists/*; \
+    apt-get dist-clean; \
    \
    mkdir -p /var/spool/cron/crontabs; \
    echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
@ -21,6 +21,7 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
 ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128
 RUN set -ex; \
    \
    savedAptMark="$(apt-mark showmanual)"; \
@ -34,8 +35,8 @@ RUN set -ex; \
        libicu-dev \
        libjpeg-dev \
        libldap2-dev \
        liblz4-dev \
        libmagickwand-dev \
        libmcrypt-dev \
        libmemcached-dev \
        libpng-dev \
        libpq-dev \
@ -56,7 +57,6 @@ RUN set -ex; \
        gmp \
        intl \
        ldap \
        opcache \
        pcntl \
        pdo_mysql \
        pdo_pgsql \
@ -65,13 +65,17 @@ RUN set -ex; \
    ; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.23; \
+    pecl install APCu-5.1.28; \
-    pecl install imagick-3.7.0; \
+    pecl install igbinary-3.2.16; \
-    pecl install memcached-3.2.0; \
+    pecl install imagick-3.8.1; \
-    pecl install redis-6.0.2; \
+    pecl install --configureoptions 'enable-memcached-igbinary="yes"' \
        memcached-3.4.0; \
    pecl install --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
        redis-6.3.0; \
    \
    docker-php-ext-enable \
        apcu \
        igbinary \
        imagick \
        memcached \
        redis \
@ -84,13 +88,14 @@ RUN set -ex; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
        | sort -u \
-        | xargs -r dpkg-query --search \
+        | xargs -rt dpkg-query --search \
-        | cut -d: -f1 \
+# https://manpages.debian.org/trixie/dpkg/dpkg-query.1.en.html#S (we ignore diversions and it'll be really unusual for more than one package to provide any given .so file)
        | awk 'sub(":$", "", $1) { print $1 }' \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-    rm -rf /var/lib/apt/lists/*
+    apt-get dist-clean
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
@ -98,15 +103,20 @@ RUN { \
        echo 'opcache.enable=1'; \
        echo 'opcache.interned_strings_buffer=32'; \
        echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=128'; \
+        echo 'opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION}'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=60'; \
        echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=128M'; \
+        echo 'opcache.jit_buffer_size=8M'; \
    } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
    \
    echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
    \
    { \
        echo 'apc.serializer=igbinary'; \
        echo 'session.serialize_handler=igbinary'; \
    } >> "${PHP_INI_DIR}/conf.d/docker-php-ext-igbinary.ini"; \
    \
    { \
        echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
        echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
@ -140,7 +150,7 @@ RUN { \
    } > /etc/apache2/conf-available/apache-limits.conf; \
    a2enconf apache-limits
-ENV NEXTCLOUD_VERSION 28.0.9
+ENV NEXTCLOUD_VERSION 32.0.3
 RUN set -ex; \
    fetchDeps=" \
@ -150,8 +160,8 @@ RUN set -ex; \
    apt-get update; \
    apt-get install -y --no-install-recommends $fetchDeps; \
    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.9.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://github.com/nextcloud-releases/server/releases/download/v32.0.3/nextcloud-32.0.3.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.9.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://github.com/nextcloud-releases/server/releases/download/v32.0.3/nextcloud-32.0.3.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
@ -165,7 +175,7 @@ RUN set -ex; \
    chmod +x /usr/src/nextcloud/occ; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
-    rm -rf /var/lib/apt/lists/*
+    apt-get dist-clean
 COPY *.sh upgrade.exclude /
 COPY config/* /usr/src/nextcloud/config/
--- a/32/apache/config/apache-pretty-urls.config.php
+++ b/32/apache/config/apache-pretty-urls.config.php
--- a/32/apache/config/apcu.config.php
+++ b/32/apache/config/apcu.config.php
--- a/32/apache/config/apps.config.php
+++ b/32/apache/config/apps.config.php
--- a/32/apache/config/autoconfig.php
+++ b/32/apache/config/autoconfig.php
--- a/32/apache/config/redis.config.php
+++ b/32/apache/config/redis.config.php
@ -14,4 +14,8 @@ if (getenv('REDIS_HOST')) {
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
  if (getenv('REDIS_HOST_USER') !== false) {
    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
  }
 }
--- a/32/apache/config/reverse-proxy.config.php
+++ b/32/apache/config/reverse-proxy.config.php
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
 $forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
 if ($forwardedForHeaders) {
  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
 }
--- a/32/apache/config/s3.config.php
+++ b/32/apache/config/s3.config.php
@ -14,8 +14,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
+        'autocreate' => strtolower($autocreate) !== 'false',
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
+        'use_ssl' => strtolower($use_ssl) !== 'false',
        // required for some non Amazon S3 implementations
        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
        // required for older protocol versions
--- a/32/apache/config/smtp.config.php
+++ b/32/apache/config/smtp.config.php
--- a/32/apache/config/swift.config.php
+++ b/32/apache/config/swift.config.php
--- a/32/apache/config/upgrade-disable-web.config.php
+++ b/32/apache/config/upgrade-disable-web.config.php
--- a/32/apache/cron.sh
+++ b/32/apache/cron.sh
--- a/32/apache/entrypoint.sh
+++ b/32/apache/entrypoint.sh
@ -23,32 +23,39 @@ run_as() {
 run_path() {
    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
    local return_code=0
    local found=0
-    if ! [ -d "${hook_folder_path}" ]; then
+    echo "=> Searching for hook scripts (*.sh) to run, located in the folder \"${hook_folder_path}\""
-        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
+
    if ! [ -d "${hook_folder_path}" ] || directory_empty "${hook_folder_path}"; then
        echo "==> Skipped: the \"$1\" folder is empty (or does not exist)"
        return 0
    fi
-    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
+    find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | (
-
+        while read -r script_file_path; do
    (
        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
            if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
+                echo "==> The script \"${script_file_path}\" was skipped, because it lacks the executable flag"
                found=$((found-1))
                continue
            fi
            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-
+            found=$((found+1))
            run_as "${script_file_path}" || return_code="$?"
            if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
+                echo "==> Failed at executing script \"${script_file_path}\". Exit code: ${return_code}"
                exit 1
            fi
-            echo "==> Finished the script: \"${script_file_path}\""
+            echo "==> Finished executing the script: \"${script_file_path}\""
        done
        if [ "$found" -lt "1" ]; then
            echo "==> Skipped: the \"$1\" folder does not contain any valid scripts"
        else
            echo "=> Completed executing scripts in the \"$1\" folder"
        fi
    )
 }
@ -114,13 +121,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
            # check if redis host is an unix socket path
            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
+                if [ -n "${REDIS_HOST_USER+x}" ]; then
                  echo "session.save_path = \"unix://${REDIS_HOST}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
                else
                  echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
                fi
              else
                echo "session.save_path = \"unix://${REDIS_HOST}\""
              fi
            # check if redis password has been set
            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
+                if [ -n "${REDIS_HOST_USER+x}" ]; then
                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
                else
                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
                fi
            else
                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
            fi
@ -237,12 +252,14 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        fi
                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
                            echo "Setting trusted domains…"
 			    set -f # turn off glob
                            NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
+                            for DOMAIN in ${NEXTCLOUD_TRUSTED_DOMAINS}; do
-                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+                                DOMAIN=$(echo "${DOMAIN}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
+                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=\"${DOMAIN}\""
                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
                            done
 			    set +f # turn glob back on
                        fi
                        run_path post-installation
@ -280,7 +297,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
    for cfgPath in /usr/src/nextcloud/config/*.php; do
        cfgFile=$(basename "$cfgPath")
-        if [ "$cfgFile" != "config.sample.php" ]; then
+        if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
            fi
--- a/32/apache/upgrade.exclude
+++ b/32/apache/upgrade.exclude
--- a/32/fpm-alpine/Dockerfile
+++ b/32/fpm-alpine/Dockerfile
@ -1,5 +1,5 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
-FROM php:8.2-fpm-alpine3.20
+FROM php:8.3-fpm-alpine3.23
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
@ -32,7 +32,6 @@ RUN set -ex; \
        imagemagick-dev \
        libevent-dev \
        libjpeg-turbo-dev \
        libmcrypt-dev \
        libmemcached-dev \
        libpng-dev \
        libwebp-dev \
@ -54,7 +53,6 @@ RUN set -ex; \
        gmp \
        intl \
        ldap \
        opcache \
        pcntl \
        pdo_mysql \
        pdo_pgsql \
@ -63,13 +61,17 @@ RUN set -ex; \
    ; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.23; \
+    pecl install APCu-5.1.28; \
-    pecl install imagick-3.7.0; \
+    pecl install igbinary-3.2.16; \
-    pecl install memcached-3.2.0; \
+    pecl install imagick-3.8.1; \
-    pecl install redis-6.0.2; \
+    pecl install --configureoptions 'enable-memcached-igbinary="yes"' \
        memcached-3.4.0; \
    pecl install --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
        redis-6.3.0; \
    \
    docker-php-ext-enable \
        apcu \
        igbinary \
        imagick \
        memcached \
        redis \
@ -89,19 +91,25 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
 ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128
 RUN { \
        echo 'opcache.enable=1'; \
        echo 'opcache.interned_strings_buffer=32'; \
        echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=128'; \
+        echo 'opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION}'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=60'; \
        echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=128M'; \
+        echo 'opcache.jit_buffer_size=8M'; \
    } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
    \
    echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
    \
    { \
        echo 'apc.serializer=igbinary'; \
        echo 'session.serialize_handler=igbinary'; \
    } >> "${PHP_INI_DIR}/conf.d/docker-php-ext-igbinary.ini"; \
    \
    { \
        echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
        echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
@ -120,7 +128,7 @@ RUN { \
 VOLUME /var/www/html
-ENV NEXTCLOUD_VERSION 29.0.5
+ENV NEXTCLOUD_VERSION 32.0.3
 RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
@ -128,8 +136,8 @@ RUN set -ex; \
        gnupg \
    ; \
    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.5.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://github.com/nextcloud-releases/server/releases/download/v32.0.3/nextcloud-32.0.3.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.5.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://github.com/nextcloud-releases/server/releases/download/v32.0.3/nextcloud-32.0.3.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver keyserver.ubuntu.com  --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
--- a/32/fpm-alpine/config/apcu.config.php
+++ b/32/fpm-alpine/config/apcu.config.php
--- a/32/fpm-alpine/config/apps.config.php
+++ b/32/fpm-alpine/config/apps.config.php
--- a/32/fpm-alpine/config/autoconfig.php
+++ b/32/fpm-alpine/config/autoconfig.php
--- a/32/fpm-alpine/config/redis.config.php
+++ b/32/fpm-alpine/config/redis.config.php
@ -0,0 +1,21 @@
 <?php
 if (getenv('REDIS_HOST')) {
  $CONFIG = array(
    'memcache.distributed' => '\OC\Memcache\Redis',
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
    ),
  );
  if (getenv('REDIS_HOST_PORT') !== false) {
    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
  if (getenv('REDIS_HOST_USER') !== false) {
    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
  }
 }
--- a/32/fpm-alpine/config/reverse-proxy.config.php
+++ b/32/fpm-alpine/config/reverse-proxy.config.php
@ -0,0 +1,35 @@
 <?php
 $overwriteHost = getenv('OVERWRITEHOST');
 if ($overwriteHost) {
  $CONFIG['overwritehost'] = $overwriteHost;
 }
 $overwriteProtocol = getenv('OVERWRITEPROTOCOL');
 if ($overwriteProtocol) {
  $CONFIG['overwriteprotocol'] = $overwriteProtocol;
 }
 $overwriteCliUrl = getenv('OVERWRITECLIURL');
 if ($overwriteCliUrl) {
  $CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
 }
 $overwriteWebRoot = getenv('OVERWRITEWEBROOT');
 if ($overwriteWebRoot) {
  $CONFIG['overwritewebroot'] = $overwriteWebRoot;
 }
 $overwriteCondAddr = getenv('OVERWRITECONDADDR');
 if ($overwriteCondAddr) {
  $CONFIG['overwritecondaddr'] = $overwriteCondAddr;
 }
 $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
 $forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
 if ($forwardedForHeaders) {
  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
 }
--- a/32/fpm-alpine/config/s3.config.php
+++ b/32/fpm-alpine/config/s3.config.php
@ -0,0 +1,48 @@
 <?php
 if (getenv('OBJECTSTORE_S3_BUCKET')) {
  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
  $CONFIG = array(
    'objectstore' => array(
      'class' => '\OC\Files\ObjectStore\S3',
      'arguments' => array(
        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
        'autocreate' => strtolower($autocreate) !== 'false',
        'use_ssl' => strtolower($use_ssl) !== 'false',
        // required for some non Amazon S3 implementations
        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
        // required for older protocol versions
        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
      )
    )
  );
  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
  } else {
    $CONFIG['objectstore']['arguments']['key'] = '';
  }
  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
  } else {
    $CONFIG['objectstore']['arguments']['secret'] = '';
  }
  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
  }
 }
--- a/Show More
+++ b/Show More
		`@ -1,3 +0,0 @@`
			`FROM nginx:alpine`

			`COPY nginx.conf /etc/nginx/nginx.conf`
`@ -1,3 +1,3 @@`
	`FROM nginxproxy/nginx-proxy:alpine`	`FROM nginxproxy/nginx-proxy:1.7-alpine`

	`COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf`	`COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf`