From 9a684e8b3b1754e4ba011ecb23e442cd49d785dd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 13 Nov 2025 15:17:03 +0100
Subject: [PATCH] fix a bug with aio-caddy now proxying all traffic to aio-talk

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 community-containers/caddy/caddy.json  | 8 ++++----
 community-containers/caddy/readme.md   | 2 +-
 php/src/Docker/DockerActionManager.php | 5 +++--
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json
index 7245fe4d..e4669e09 100644
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -24,9 +24,7 @@
                 "TZ=%TIMEZONE%",
                 "NC_DOMAIN=%NC_DOMAIN%",
                 "APACHE_PORT=%APACHE_PORT%",
-                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%",
-                "turn_domain=turn.%NC_DOMAIN%",
-                "talk_port=443"
+                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%"
             ],
             "volumes": [
                 {
@@ -45,7 +43,9 @@
             ],
             "aio_variables": [
                 "apache_ip_binding=@INTERNAL",
-                "apache_port=11000"
+                "apache_port=11000",
+                "turn_domain=turn.%NC_DOMAIN%",
+                "talk_port=443"
             ],
             "nextcloud_exec_commands": [
                 "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-caddy'",
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index e26a680a..ba13015e 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -4,7 +4,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
-- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record.
+- Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `turn.your-nc-domain.com`. So instead of opening port 3478, you need to configure the mentioned subdomain by using a cname record. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active.
 - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files.
 - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 6694a39b..7197c56b 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -225,6 +225,7 @@ readonly class DockerActionManager {
         $aioVariables = $container->GetAioVariables()->GetVariables();
         foreach ($aioVariables as $variable) {
             $config = $this->configurationManager->GetConfig();
+            $variable = $this->replaceEnvPlaceholders($variable);
             $variableArray = explode('=', $variable);
             $config[$variableArray[0]] = $variableArray[1];
             $this->configurationManager->WriteConfig($config);
@@ -283,8 +284,8 @@ readonly class DockerActionManager {
                     }
                 } else if ($port === '%TALK_PORT%') {
                     $port = $this->configurationManager->GetTalkPort();
-                    // Skip publishing talk port if it is set to the same value like the apache port
-                    if ($port === $this->configurationManager->GetApachePort()) {
+                    // Skip publishing talk port if it is set to 443
+                    if ($port === '443') {
                         continue;
                     }
                 }