From 792ba0dfb352fe6a0018dd7ee470c777da5658df Mon Sep 17 00:00:00 2001
From: Zoey <zoey@z0ey.de>
Date: Fri, 16 Jan 2026 22:54:58 +0100
Subject: [PATCH 1/3] update NPMplus images in reverse proxy guide

Signed-off-by: Zoey <zoey@z0ey.de>
---
 reverse-proxy.md | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 50a6bccd..bdeb3244 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -564,19 +564,14 @@ Note: this will cause that a non root user can bind privileged ports.
 
 Second, see these screenshots for a working config:
 
-![grafik](https://github.com/user-attachments/assets/c32c8fe8-7417-4f8f-9625-24b95651e630)
+<img width="675" height="695" alt="image" src="https://github.com/user-attachments/assets/196f53f9-ff86-4da2-960e-f7b7a2ceac0c" />
 
-![grafik](https://github.com/user-attachments/assets/f14bba5c-69ce-4514-a2ac-5e5d7fb97792)
+<img width="675" height="355" alt="image" src="https://github.com/user-attachments/assets/8a45a6d8-fbaf-4519-86f7-c7424ed780da" />
 
-<!-- ![grafik](https://github.com/user-attachments/assets/a26c53fd-6cc8-4a6b-a86f-c2f94b70088f) -->
+<img width="675" height="542" alt="image" src="https://github.com/user-attachments/assets/7e880d02-0f4f-459a-a3f6-216bcb1b04ca" />
 
-![grafik](https://github.com/user-attachments/assets/75d7f539-35d1-4a3e-8c51-43123f698893)
+<img width="675" height="570" alt="image" src="https://github.com/user-attachments/assets/2812ecc1-ecf0-44bd-9249-b76b30f8c25e" />
 
-![grafik](https://github.com/user-attachments/assets/e494edb5-8b70-4d45-bc9b-374219230041)
-
-`proxy_set_header Accept-Encoding $http_accept_encoding;`
-
-⚠️ **Please note:** Nextcloud will complain that X-XXS-Protection is set to the wrong value, this is intended by NPMplus. <br>
 ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>

From d5c3e79b31f34a66687db78bc9f1065bf24b31e4 Mon Sep 17 00:00:00 2001
From: ph818 <71797925+ph818@users.noreply.github.com>
Date: Sat, 17 Jan 2026 17:17:28 -0500
Subject: [PATCH 2/3] Update local-instance.md

Clarifying DNS-challenge description.

Signed-off-by: ph818 <71797925+ph818@users.noreply.github.com>
---
 local-instance.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/local-instance.md b/local-instance.md
index 1da26280..8abbddb6 100644
--- a/local-instance.md
+++ b/local-instance.md
@@ -22,10 +22,11 @@ The normal way is the following:
 **Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
 
 ## 3. Use the ACME DNS-challenge
-You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
+You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up using an external caddy reverse proxy: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
 
 ## 4. Use Cloudflare
 If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.
 
 ## 5. Buy a certificate and use that
 If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
+

From a3e43c5cd913d45b34d137bbecfb806d559cb6e7 Mon Sep 17 00:00:00 2001
From: ph818 <71797925+ph818@users.noreply.github.com>
Date: Sat, 17 Jan 2026 17:22:42 -0500
Subject: [PATCH 3/3] Update readme.md

Clarifying the Instructions for DNS-challenge so following the links will make more sense (configuring the caddyfile of the external caddy reverse proxy).

Signed-off-by: ph818 <71797925+ph818@users.noreply.github.com>
---
 readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.md b/readme.md
index bcbf7d57..66059954 100644
--- a/readme.md
+++ b/readme.md
@@ -340,7 +340,7 @@ Although it does not seems like it is the case but from AIO perspective a Cloudf
 For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
 
 ### How to get Nextcloud running using the ACME DNS-challenge?
-You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic.
+You can install AIO behind an external reverse proxy where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic.
 
 ### How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN.
 If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly.