From bc04ee6aeae6a469976b78c26984e0d22be5500f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Aug 2025 05:49:58 +0000 Subject: [PATCH 1/4] build(deps): bump caddy in /Containers/mastercontainer Bumps caddy from 2.10.0-alpine to 2.10.2-alpine. --- updated-dependencies: - dependency-name: caddy dependency-version: 2.10.2-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 395fa645..19b621cb 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -3,7 +3,7 @@ FROM docker:28.3.3-cli AS docker # Caddy is a requirement -FROM caddy:2.10.0-alpine AS caddy +FROM caddy:2.10.2-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile FROM php:8.4.11-fpm-alpine3.22 From 1e579b049e2104101747e3303f4541605852da04 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Aug 2025 05:55:45 +0000 Subject: [PATCH 2/4] build(deps): bump caddy in /Containers/apache Bumps caddy from 2.10.0-alpine to 2.10.2-alpine. --- updated-dependencies: - dependency-name: caddy dependency-version: 2.10.2-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/apache/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index 58e2ae05..d9602864 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM caddy:2.10.0-alpine AS caddy +FROM caddy:2.10.2-alpine AS caddy # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile FROM httpd:2.4.65-alpine3.22 From a2394e4621c0871a9cbbb9d8b67a96dd4579f407 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 27 Aug 2025 19:22:28 +0200 Subject: [PATCH 3/4] clamav: set permissions for `/var/lib/clamav` correctly Signed-off-by: Simon L. --- Containers/clamav/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index d00e34a7..c7353629 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -4,8 +4,9 @@ FROM alpine:3.22.1 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache tzdata clamav supervisor bash; \ - mkdir -p /run/clamav /var/log/supervisord /var/run/supervisord; \ + mkdir -p /var/lib/clamav /run/clamav /var/log/supervisord /var/run/supervisord; \ chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \ + chown -R 100:100 /var/lib/clamav; \ sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \ From 3badbf2d05754f7d6c18bc6e62a341bfac18a94c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 28 Aug 2025 15:59:37 +0200 Subject: [PATCH 4/4] compose.yaml: move the security_opt setting up for easier discovery Signed-off-by: Simon L. --- compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yaml b/compose.yaml index 93a6b7af..361c8a3f 100644 --- a/compose.yaml +++ b/compose.yaml @@ -12,6 +12,7 @@ services: - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - 8080:8080 - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md + # security_opt: ["label:disable"] # Is needed when using SELinux # environment: # Is needed when using any of the options below # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md @@ -35,7 +36,6 @@ services: # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock' - # security_opt: ["label:disable"] # Is needed when using SELinux # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575 # # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439