From 5dd2048500ebe904407b71093884913987d4a218 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 24 Nov 2025 17:38:50 +0100 Subject: [PATCH 01/14] fix remaining psalm issues Signed-off-by: Simon L. --- php/psalm-baseline.xml | 34 +------------------------ php/src/Controller/DockerController.php | 2 +- php/src/Data/ConfigurationManager.php | 3 +++ php/src/Docker/DockerActionManager.php | 4 +-- php/src/Twig/ClassExtension.php | 1 + php/src/Twig/CsrfExtension.php | 1 + 6 files changed, 9 insertions(+), 36 deletions(-) diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml index 041cf87c..d04c5aa8 100644 --- a/php/psalm-baseline.xml +++ b/php/psalm-baseline.xml @@ -1,34 +1,2 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 8473ed57..ed3d3bf9 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -185,7 +185,7 @@ readonly class DockerController { $config = $this->configurationManager->GetConfig(); // set AIO_URL - $config['AIO_URL'] = $host . ':' . $port . $path; + $config['AIO_URL'] = $host . ':' . (string)$port . $path; // set wasStartButtonClicked $config['wasStartButtonClicked'] = 1; // set install_latest_major diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 0b0a034d..253b1371 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -366,6 +366,9 @@ class ConfigurationManager // Check if response is correct $ch = curl_init(); + if ($ch === false) { + throw new InvalidSettingConfigurationException('Could not init curl! Please check the logs!'); + } $testUrl = $protocol . $domain . ':443'; curl_setopt($ch, CURLOPT_URL, $testUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index a6f5d223..7cd26db8 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -155,11 +155,11 @@ readonly class DockerActionManager { $response = ""; $separator = "\r\n"; $line = strtok($responseBody, $separator); - $response = substr($line, 8) . $separator; + $response = substr((string)$line, 8) . $separator; while ($line !== false) { $line = strtok($separator); - $response .= substr($line, 8) . $separator; + $response .= substr((string)$line, 8) . $separator; } return $response; diff --git a/php/src/Twig/ClassExtension.php b/php/src/Twig/ClassExtension.php index ff5ffe44..7f478994 100644 --- a/php/src/Twig/ClassExtension.php +++ b/php/src/Twig/ClassExtension.php @@ -7,6 +7,7 @@ use Twig\TwigFunction; class ClassExtension extends TwigExtension { + #[\Override] public function getFunctions() : array { return array( diff --git a/php/src/Twig/CsrfExtension.php b/php/src/Twig/CsrfExtension.php index feac9c72..51334864 100644 --- a/php/src/Twig/CsrfExtension.php +++ b/php/src/Twig/CsrfExtension.php @@ -12,6 +12,7 @@ class CsrfExtension extends AbstractExtension implements GlobalsInterface { ) { } + #[\Override] public function getGlobals() : array { // CSRF token name and value From 9ec7c087548eb6ee92bc099b50282ab2a8282e59 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 24 Nov 2025 18:03:08 +0100 Subject: [PATCH 02/14] aio-interface: always offer a reset backup button Signed-off-by: Simon L. --- php/templates/containers.twig | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 39a2de48..53b97dcc 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -476,23 +476,6 @@ - {% if has_backup_run_once == false %} -

Reset backup location

-

- If the configured backup host location {{ borg_backup_host_location }} - {% if borg_remote_repo %} - or the remote repo {{ borg_remote_repo }} - {% endif %} - is wrong, you can reset it by clicking on the button below. -

-
- - - - -
- {% endif %} - {% if has_backup_run_once == true %}

Backup Viewer

There is now a community container that allows to access your backups in a web session. See this documentation.

@@ -558,6 +541,21 @@

This option is currently set. You can disable it again by clearing the field and submitting your changes.

{% endif %} {% endif %} + +

Reset backup location

+

+ If the configured backup host location {{ borg_backup_host_location }} + {% if borg_remote_repo %} + or the remote repo {{ borg_remote_repo }} + {% endif %} + is wrong, you can reset it by clicking on the button below. +

+
+ + + + +
{% endif %} {% if has_backup_run_once == true %} From 1fff416829cf2f139c0b7203d6a3bdfe3a52b692 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Nov 2025 04:15:21 +0000 Subject: [PATCH 03/14] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 29.0.2-cli to 29.0.4-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 29.0.4-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index dae14ea5..65dc31e6 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:29.0.2-cli AS docker +FROM docker:29.0.4-cli AS docker # Caddy is a requirement FROM caddy:2.10.2-alpine AS caddy From f3fbfae5353015ca392cbc1662cc874b40b058a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Nov 2025 04:15:59 +0000 Subject: [PATCH 04/14] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.4.1 to v1.4.2. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.4.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index cce2ed85..fe5d89f7 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.1 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.2 USER root RUN set -ex; \ From 10b61a5edea92eab87a4c7de1ca37172c0edd9a4 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 24 Nov 2025 19:28:53 +0100 Subject: [PATCH 05/14] add `"com.docker.compose.project" => "nextcloud-aio"` to all containers Signed-off-by: Simon L. --- Containers/mastercontainer/Dockerfile | 4 +++- compose.yaml | 1 + php/src/Docker/DockerActionManager.php | 3 ++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index dae14ea5..a240fd4d 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -125,7 +125,9 @@ RUN set -ex; \ mkdir /var/log/supervisord; \ mkdir /var/run/supervisord; -LABEL org.label-schema.vendor="Nextcloud" +# hadolint ignore=DL3048 +LABEL org.label-schema.vendor="Nextcloud" \ + com.docker.compose.project="nextcloud-aio" # hadolint ignore=DL3002 USER root diff --git a/compose.yaml b/compose.yaml index e8966f4c..c18d92d3 100644 --- a/compose.yaml +++ b/compose.yaml @@ -1,3 +1,4 @@ +name: nextcloud-aio # Add the container to the same compose project like all the sibling containers are added to automatically. services: nextcloud-aio-mastercontainer: image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index a6f5d223..e22ab7f6 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -433,7 +433,8 @@ readonly class DockerActionManager { // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature. // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels - $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud"]; + // Additionally set a default org.label-schema.vendor and com.docker.compose.project + $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"]; // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589 $requestBody['Hostname'] = $container->GetIdentifier(); From a48a1d66be90d29d67a98278096f2845d6b1641b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 24 Nov 2025 23:21:50 +0100 Subject: [PATCH 06/14] update aio-caddy to v4 and add option for proxy protocol Signed-off-by: Simon L. --- community-containers/caddy/caddy.json | 3 ++- community-containers/caddy/readme.md | 1 + php/src/Docker/DockerActionManager.php | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json index f6143fbc..e27df683 100644 --- a/community-containers/caddy/caddy.json +++ b/community-containers/caddy/caddy.json @@ -5,7 +5,7 @@ "display_name": "Caddy with geoblocking", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy", "image": "ghcr.io/szaimen/aio-caddy", - "image_tag": "v3", + "image_tag": "v4", "internal_port": "443", "restart": "unless-stopped", "ports": [ @@ -19,6 +19,7 @@ "TZ=%TIMEZONE%", "NC_DOMAIN=%NC_DOMAIN%", "APACHE_PORT=%APACHE_PORT%", + "APACHE_IP_BINDING=%APACHE_IP_BINDING%", "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%" ], "volumes": [ diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index 99bf133e..209b9c4a 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -6,6 +6,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO. - Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active. - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files. +- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variables for the mastercontainer and set it to an ip-address under which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation). - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden. - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart. - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin. diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index a6f5d223..d19fd050 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -550,6 +550,7 @@ readonly class DockerActionManager { 'SELECTED_RESTORE_TIME' => $this->configurationManager->GetSelectedRestoreTime(), 'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(), 'APACHE_PORT' => $this->configurationManager->GetApachePort(), + 'APACHE_IP_BINDING' => $this->configurationManager->GetApacheIPBinding(), 'TALK_PORT' => $this->configurationManager->GetTalkPort(), 'TURN_DOMAIN' => $this->configurationManager->GetTurnDomain(), 'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(), From 256a259ae6f048f6034cd176374e9a8c645c70ef Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Nov 2025 12:41:00 +0100 Subject: [PATCH 07/14] update private ip-ranges Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 2 +- reverse-proxy.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 09d7d15c..0c03a973 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -741,7 +741,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then echo "No IPv6 address found for $COLLABORA_HOST." fi if [ -n "$COLLABORA_ALLOW_LIST" ]; then - PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1' + PRIVATE_IP_RANGES='127.0.0.0/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,100.64.0.0/10,fd00::/8,::1/128' if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES" fi diff --git a/reverse-proxy.md b/reverse-proxy.md index 546b8b78..e0497c84 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -1108,7 +1108,7 @@ Enter your domain in the AIO interface that you've used in the reverse proxy con ### 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1 If your reverse proxy connects to nextcloud using an ip-address and not localhost or 127.0.0.1* you must make the following configuration changes -*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1` +*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.0/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,100.64.0.0/10,fd00::/8,::1/128` #### Nextcloud trusted proxies Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this: From b2c24c92e307441e945a657c88689ac0b0e9a16c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Nov 2025 12:18:44 +0000 Subject: [PATCH 08/14] build(deps): bump shivammathur/setup-php in /.github/workflows Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.5 to 2.36.0. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](https://github.com/shivammathur/setup-php/compare/bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f...7bf05c6b704e0b9bfee22300130a31b5ea68d593) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 53707dec..5eefc5e1 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6.0.0 - - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 + - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index bf449e1f..9c74167a 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -41,7 +41,7 @@ jobs: persist-credentials: false - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 + uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0 with: php-version: ${{ matrix.php-versions }} coverage: none diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index 22ed9854..ac6aa187 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v6.0.0 - name: Set up php - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 + uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 49753535..91d41dfc 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v6.0.0 - name: Set up php - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 + uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 21ecf1e6..8f7da955 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -37,7 +37,7 @@ jobs: persist-credentials: false - name: Set up php - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 + uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index d8730987..1c453505 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v6.0.0 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 + uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: php-version: 8.4 extensions: apcu From 4a8288a527f329cdf5e42141f3f913f64ac9c6bd Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Nov 2025 20:44:09 +0100 Subject: [PATCH 09/14] fulltextsearch: disable memory locking Signed-off-by: Simon L. --- php/containers.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/containers.json b/php/containers.json index 0a48b3ea..8afb68e9 100644 --- a/php/containers.json +++ b/php/containers.json @@ -794,7 +794,7 @@ "environment": [ "TZ=%TIMEZONE%", "ES_JAVA_OPTS=%FULLTEXTSEARCH_JAVA_OPTIONS%", - "bootstrap.memory_lock=true", + "bootstrap.memory_lock=false", "cluster.name=nextcloud-aio", "discovery.type=single-node", "logger.level=WARN", From 38838be0b19334e73274a8b8165dcaaefdd4eb7d Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 28 Nov 2025 12:03:24 +0000 Subject: [PATCH 10/14] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 97 ++++++++++++++++++++++++----------------------- 1 file changed, 49 insertions(+), 48 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 6a33558f..fa856220 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -391,16 +391,16 @@ }, { "name": "laravel/serializable-closure", - "version": "v2.0.6", + "version": "v2.0.7", "source": { "type": "git", "url": "https://github.com/laravel/serializable-closure.git", - "reference": "038ce42edee619599a1debb7e81d7b3759492819" + "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/038ce42edee619599a1debb7e81d7b3759492819", - "reference": "038ce42edee619599a1debb7e81d7b3759492819", + "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/cb291e4c998ac50637c7eeb58189c14f5de5b9dd", + "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd", "shasum": "" }, "require": { @@ -409,7 +409,7 @@ "require-dev": { "illuminate/support": "^10.0|^11.0|^12.0", "nesbot/carbon": "^2.67|^3.0", - "pestphp/pest": "^2.36|^3.0", + "pestphp/pest": "^2.36|^3.0|^4.0", "phpstan/phpstan": "^2.0", "symfony/var-dumper": "^6.2.0|^7.0.0" }, @@ -448,7 +448,7 @@ "issues": "https://github.com/laravel/serializable-closure/issues", "source": "https://github.com/laravel/serializable-closure" }, - "time": "2025-10-09T13:42:30+00:00" + "time": "2025-11-21T20:52:36+00:00" }, { "name": "nikic/fast-route", @@ -3455,16 +3455,16 @@ }, { "name": "phpdocumentor/reflection-docblock", - "version": "5.6.4", + "version": "5.6.5", "source": { "type": "git", "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", - "reference": "90a04bcbf03784066f16038e87e23a0a83cee3c2" + "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/90a04bcbf03784066f16038e87e23a0a83cee3c2", - "reference": "90a04bcbf03784066f16038e87e23a0a83cee3c2", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/90614c73d3800e187615e2dd236ad0e2a01bf761", + "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761", "shasum": "" }, "require": { @@ -3513,22 +3513,22 @@ "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", "support": { "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues", - "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.4" + "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.5" }, - "time": "2025-11-17T21:13:10+00:00" + "time": "2025-11-27T19:50:05+00:00" }, { "name": "phpdocumentor/type-resolver", - "version": "1.11.1", + "version": "1.12.0", "source": { "type": "git", "url": "https://github.com/phpDocumentor/TypeResolver.git", - "reference": "f626740b38009078de0dc8b2b9dc4e7f749c6eba" + "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/f626740b38009078de0dc8b2b9dc4e7f749c6eba", - "reference": "f626740b38009078de0dc8b2b9dc4e7f749c6eba", + "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/92a98ada2b93d9b201a613cb5a33584dde25f195", + "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195", "shasum": "" }, "require": { @@ -3571,9 +3571,9 @@ "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names", "support": { "issues": "https://github.com/phpDocumentor/TypeResolver/issues", - "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.11.1" + "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.12.0" }, - "time": "2025-11-21T11:31:57+00:00" + "time": "2025-11-21T15:09:14+00:00" }, { "name": "phpstan/phpdoc-parser", @@ -3624,16 +3624,16 @@ }, { "name": "revolt/event-loop", - "version": "v1.0.7", + "version": "v1.0.8", "source": { "type": "git", "url": "https://github.com/revoltphp/event-loop.git", - "reference": "09bf1bf7f7f574453efe43044b06fafe12216eb3" + "reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/09bf1bf7f7f574453efe43044b06fafe12216eb3", - "reference": "09bf1bf7f7f574453efe43044b06fafe12216eb3", + "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/b6fc06dce8e9b523c9946138fa5e62181934f91c", + "reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c", "shasum": "" }, "require": { @@ -3690,9 +3690,9 @@ ], "support": { "issues": "https://github.com/revoltphp/event-loop/issues", - "source": "https://github.com/revoltphp/event-loop/tree/v1.0.7" + "source": "https://github.com/revoltphp/event-loop/tree/v1.0.8" }, - "time": "2025-01-25T19:27:39+00:00" + "time": "2025-08-27T21:33:23+00:00" }, { "name": "sebastian/diff", @@ -3763,16 +3763,16 @@ }, { "name": "spatie/array-to-xml", - "version": "3.4.1", + "version": "3.4.3", "source": { "type": "git", "url": "https://github.com/spatie/array-to-xml.git", - "reference": "6a740f39415aee8886aea10333403adc77d50791" + "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/6a740f39415aee8886aea10333403adc77d50791", - "reference": "6a740f39415aee8886aea10333403adc77d50791", + "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/7b9202dccfe18d4e3a13303156d6bbcc1c61dabf", + "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf", "shasum": "" }, "require": { @@ -3815,7 +3815,7 @@ "xml" ], "support": { - "source": "https://github.com/spatie/array-to-xml/tree/3.4.1" + "source": "https://github.com/spatie/array-to-xml/tree/3.4.3" }, "funding": [ { @@ -3827,7 +3827,7 @@ "type": "github" } ], - "time": "2025-11-12T10:32:50+00:00" + "time": "2025-11-27T09:08:26+00:00" }, { "name": "sserbin/twig-linter", @@ -3987,16 +3987,16 @@ }, { "name": "symfony/filesystem", - "version": "v7.3.6", + "version": "v7.4.0", "source": { "type": "git", "url": "https://github.com/symfony/filesystem.git", - "reference": "e9bcfd7837928ab656276fe00464092cc9e1826a" + "reference": "d551b38811096d0be9c4691d406991b47c0c630a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/filesystem/zipball/e9bcfd7837928ab656276fe00464092cc9e1826a", - "reference": "e9bcfd7837928ab656276fe00464092cc9e1826a", + "url": "https://api.github.com/repos/symfony/filesystem/zipball/d551b38811096d0be9c4691d406991b47c0c630a", + "reference": "d551b38811096d0be9c4691d406991b47c0c630a", "shasum": "" }, "require": { @@ -4005,7 +4005,7 @@ "symfony/polyfill-mbstring": "~1.8" }, "require-dev": { - "symfony/process": "^6.4|^7.0" + "symfony/process": "^6.4|^7.0|^8.0" }, "type": "library", "autoload": { @@ -4033,7 +4033,7 @@ "description": "Provides basic utilities for the filesystem", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/filesystem/tree/v7.3.6" + "source": "https://github.com/symfony/filesystem/tree/v7.4.0" }, "funding": [ { @@ -4053,7 +4053,7 @@ "type": "tidelift" } ], - "time": "2025-11-05T09:52:27+00:00" + "time": "2025-11-27T13:27:24+00:00" }, { "name": "symfony/finder", @@ -4459,22 +4459,23 @@ }, { "name": "symfony/string", - "version": "v7.3.4", + "version": "v7.4.0", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "f96476035142921000338bad71e5247fbc138872" + "reference": "d50e862cb0a0e0886f73ca1f31b865efbb795003" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/f96476035142921000338bad71e5247fbc138872", - "reference": "f96476035142921000338bad71e5247fbc138872", + "url": "https://api.github.com/repos/symfony/string/zipball/d50e862cb0a0e0886f73ca1f31b865efbb795003", + "reference": "d50e862cb0a0e0886f73ca1f31b865efbb795003", "shasum": "" }, "require": { "php": ">=8.2", + "symfony/deprecation-contracts": "^2.5|^3.0", "symfony/polyfill-ctype": "~1.8", - "symfony/polyfill-intl-grapheme": "~1.0", + "symfony/polyfill-intl-grapheme": "~1.33", "symfony/polyfill-intl-normalizer": "~1.0", "symfony/polyfill-mbstring": "~1.0" }, @@ -4482,11 +4483,11 @@ "symfony/translation-contracts": "<2.5" }, "require-dev": { - "symfony/emoji": "^7.1", - "symfony/http-client": "^6.4|^7.0", - "symfony/intl": "^6.4|^7.0", + "symfony/emoji": "^7.1|^8.0", + "symfony/http-client": "^6.4|^7.0|^8.0", + "symfony/intl": "^6.4|^7.0|^8.0", "symfony/translation-contracts": "^2.5|^3.0", - "symfony/var-exporter": "^6.4|^7.0" + "symfony/var-exporter": "^6.4|^7.0|^8.0" }, "type": "library", "autoload": { @@ -4525,7 +4526,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v7.3.4" + "source": "https://github.com/symfony/string/tree/v7.4.0" }, "funding": [ { @@ -4545,7 +4546,7 @@ "type": "tidelift" } ], - "time": "2025-09-11T14:36:48+00:00" + "time": "2025-11-27T13:27:24+00:00" }, { "name": "vimeo/psalm", From 8185c537323aeb88c4e9f34b54d192814c260900 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 28 Nov 2025 12:14:01 +0000 Subject: [PATCH 11/14] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 034ebba2..03663b85 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -86,7 +86,7 @@ RUN set -ex; \ pecl install APCu-5.1.27; \ pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \ pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.3.0; \ - pecl install -o imagick-3.8.0; \ + pecl install -o imagick-3.8.1; \ \ docker-php-ext-enable \ igbinary \ From 190a9824e0acb9f4a6d02d96413e5ad56e840280 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 28 Nov 2025 17:05:56 +0100 Subject: [PATCH 12/14] address review Co-authored-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index ed3d3bf9..ff33fbfd 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -185,7 +185,7 @@ readonly class DockerController { $config = $this->configurationManager->GetConfig(); // set AIO_URL - $config['AIO_URL'] = $host . ':' . (string)$port . $path; + $config['AIO_URL'] = $host . ':' . strval($port) . $path; // set wasStartButtonClicked $config['wasStartButtonClicked'] = 1; // set install_latest_major From 634e819ab15642400c916796356333feb92a352e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 28 Nov 2025 17:14:16 +0100 Subject: [PATCH 13/14] address review Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 53b97dcc..6fda338c 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -548,7 +548,7 @@ {% if borg_remote_repo %} or the remote repo {{ borg_remote_repo }} {% endif %} - is wrong, you can reset it by clicking on the button below. + is wrong or if you want to reset the backup location due to other reasons, you can do so by clicking on the button below.

From 411fe4cb531fdf08b24880941ae36a60f09bb7ab Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 28 Nov 2025 17:18:08 +0100 Subject: [PATCH 14/14] address review Signed-off-by: Simon L. --- community-containers/caddy/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index 209b9c4a..6cdcb452 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -6,7 +6,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO. - Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active. - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files. -- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variables for the mastercontainer and set it to an ip-address under which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation). +- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variable for the mastercontainer and set it to an ip-address from which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation). - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden. - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart. - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.