diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index a2b653cf..ca9eeac5 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
# syntax=docker/dockerfile:latest
FROM caddy:2.7.6-alpine as caddy
-FROM httpd:2.4.58-alpine3.19
+FROM httpd:2.4.59-alpine3.19
COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index 3b6fcb78..d10da1ea 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest
# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.0-45
+FROM clamav/clamav:1.3.0-47
COPY clamav.conf /tmp/clamav.conf
diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile
index 2f2b23a8..26278cf8 100644
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest
-FROM haproxy:2.9.6-alpine3.19
+FROM haproxy:2.9.7-alpine3.19
# hadolint ignore=DL3002
USER root
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index ea48c16f..fbd022b1 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,12 +1,12 @@
# syntax=docker/dockerfile:latest
# Docker CLI is a requirement
-FROM docker:25.0.5-cli as docker
+FROM docker:26.0.1-cli as docker
# Caddy is a requirement
FROM caddy:2.7.6-alpine as caddy
# From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile
-FROM php:8.3.4-fpm-alpine3.19
+FROM php:8.3.6-fpm-alpine3.19
EXPOSE 80
EXPOSE 8080
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index a382b521..76f1e159 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest
-FROM php:8.2.17-fpm-alpine3.19
+FROM php:8.2.18-fpm-alpine3.19
ENV PHP_MEMORY_LIMIT 512M
ENV PHP_UPLOAD_LIMIT 10G
@@ -10,12 +10,12 @@ ENV SOURCE_LOCATION /usr/src/nextcloud
ENV NEXTCLOUD_VERSION 28.0.4
ENV AIO_TOKEN 123456
ENV AIO_URL localhost
-COPY supervisord.conf /supervisord.conf
# AIO settings end # Do not remove or change this line!
COPY --chmod=775 *.sh /
COPY --chmod=774 upgrade.exclude /upgrade.exclude
COPY config/*.php /
+COPY supervisord.conf /supervisord.conf
VOLUME /mnt/ncdata
VOLUME /var/www/html
@@ -44,6 +44,8 @@ RUN set -ex; \
icu-dev \
imagemagick-dev \
imagemagick-svg \
+ imagemagick-heic \
+ imagemagick-tiff \
libevent-dev \
libjpeg-turbo-dev \
libmcrypt-dev \
@@ -196,6 +198,8 @@ RUN set -ex; \
/var/log/supervisord \
/var/run/supervisord \
; \
+ chown www-data:root -R /var/log/supervisord; \
+ chown www-data:root -R /var/run/supervisord; \
\
apk add --no-cache \
bash \
@@ -211,6 +215,8 @@ RUN set -ex; \
bind-tools \
imagemagick \
imagemagick-svg \
+ imagemagick-heic \
+ imagemagick-tiff \
coreutils; \
\
grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
diff --git a/Containers/nextcloud/cron.sh b/Containers/nextcloud/cron.sh
index 87f6bf7a..0b888279 100644
--- a/Containers/nextcloud/cron.sh
+++ b/Containers/nextcloud/cron.sh
@@ -1,6 +1,4 @@
#!/bin/bash
-set -eu
-
wait_for_cron() {
set -x
while [ -n "$(pgrep -f /var/www/html/cron.php)" ]; do
@@ -8,7 +6,7 @@ wait_for_cron() {
sleep 5
done
echo "Cronjob successfully exited."
- set +x
+ exit
}
trap wait_for_cron SIGINT SIGTERM
diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh
index be057297..44ed9acd 100644
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -498,6 +498,14 @@ php /var/www/html/occ maintenance:update:htaccess
# Revert dbpersistent setting to check if it fixes too many db connections
php /var/www/html/occ config:system:set dbpersistent --value=false --type=bool
+if [ "$DISABLE_BRUTEFORCE_PROTECTION" = yes ]; then
+ php /var/www/html/occ config:system:set auth.bruteforce.protection.enabled --type=bool --value=false
+ php /var/www/html/occ config:system:set ratelimit.protection.enabled --type=bool --value=false
+else
+ php /var/www/html/occ config:system:set auth.bruteforce.protection.enabled --type=bool --value=true
+ php /var/www/html/occ config:system:set ratelimit.protection.enabled --type=bool --value=true
+fi
+
# Disallow creating local external storages when nothing was mounted
if [ -z "$NEXTCLOUD_MOUNT" ]; then
php /var/www/html/occ config:system:set files_external_allow_create_new_local --type=bool --value=false
@@ -628,6 +636,9 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
TALK_HOST="$NC_DOMAIN"
HPB_PATH="/standalone-signaling/"
fi
+ if [ -z "$TURN_DOMAIN" ]; then
+ TURN_DOMAIN="$TALK_HOST"
+ fi
set +x
if ! [ -d "/var/www/html/custom_apps/spreed" ]; then
php /var/www/html/occ app:install spreed
@@ -639,11 +650,11 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
# Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
# shellcheck disable=SC2153
- php /var/www/html/occ talk:turn:add turn "$TALK_HOST:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
+ php /var/www/html/occ talk:turn:add turn "$TURN_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
fi
STUN_SERVER="$(php /var/www/html/occ talk:stun:list --output="plain")"
if [ -z "$STUN_SERVER" ] || echo "$STUN_SERVER" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
- php /var/www/html/occ talk:stun:add "$TALK_HOST:$TALK_PORT"
+ php /var/www/html/occ talk:stun:add "$TURN_DOMAIN:$TALK_PORT"
php /var/www/html/occ talk:stun:delete "stun.nextcloud.com:443"
fi
if ! php /var/www/html/occ talk:signaling:list --output="plain" | grep -q "https://$TALK_HOST$HPB_PATH"; then
diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh
index b4ca3519..108dbdcf 100644
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -56,7 +56,7 @@ if [ -n "$ADDITIONAL_APKS" ]; then
if ! [ -f "/additional-apks-are-installed" ]; then
# Allow to disable imagemagick without having to download it each time
if ! echo "$ADDITIONAL_APKS" | grep -q imagemagick; then
- apk del imagemagick imagemagick-svg;
+ apk del imagemagick imagemagick-svg imagemagick-heic imagemagick-tiff;
fi
read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile
index 41875ecb..b2c2d28b 100644
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest
-FROM python:3.12.2-alpine3.19
+FROM python:3.12.3-alpine3.19
COPY --chmod=775 start.sh /start.sh
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 3ad643fb..304c9555 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest
-FROM nats:2.10.12-scratch as nats
+FROM nats:2.10.14-scratch as nats
FROM eturnal/eturnal:1.12.0 AS eturnal
FROM strukturag/nextcloud-spreed-signaling:1.2.4 as signaling
FROM alpine:3.19.1 as janus
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index 76bfbb81..37d2682e 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -60,6 +60,10 @@ if [ -z "$TALK_MAX_STREAM_BITRATE" ]; then
TALK_MAX_STREAM_BITRATE=1048576
fi
+if [ -z "$TALK_MAX_SCREEN_BITRATE" ]; then
+ TALK_MAX_SCREEN_BITRATE=2097152
+fi
+
# Signling
cat << SIGNALING_CONF > "/conf/signaling.conf"
[http]
@@ -85,6 +89,7 @@ connectionsperhost = 8
url = https://${NC_DOMAIN}
secret = ${SIGNALING_SECRET}
maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
+maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE}
[nats]
url = nats://127.0.0.1:4222
@@ -93,6 +98,7 @@ url = nats://127.0.0.1:4222
type = janus
url = ws://127.0.0.1:8188
maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
+maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE}
SIGNALING_CONF
exec "$@"
diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index eef44781..d74edcea 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
name: nextcloud-aio-helm-chart
description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 8.2.0-dev
+version: 8.2.0-dev2
apiVersion: v2
keywords:
- latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 75db22fd..9b8651c1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -27,7 +27,9 @@ spec:
- env:
- name: TALK_MAX_STREAM_BITRATE
value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
- - name: INTERNAL_SECRET
+ - name: TALK_MAX_STREAM_BITRATE
+ value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
+ - name: TALK_MAX_SCREEN_BITRATE
value: "{{ .Values.TALK_INTERNAL_SECRET }}"
- name: NC_DOMAIN
value: "{{ .Values.NC_DOMAIN }}"
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index c1719ef2..22098412 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -304,6 +304,8 @@ find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additio
cat << EOL > /tmp/additional-talk.config
- name: TALK_MAX_STREAM_BITRATE
value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
+ - name: TALK_MAX_SCREEN_BITRATE
+ value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
EOL
# shellcheck disable=SC1083
find ./ -name '*talk-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-talk.config" \{} \;
@@ -365,6 +367,7 @@ SMTP_PASSWORD: # (empty by default): The password for the authentication
MAIL_FROM_ADDRESS: # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
MAIL_DOMAIN: # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
TALK_MAX_STREAM_BITRATE: "1048576" # This allows to adjust the max stream bitrate of the talk hpb
+TALK_MAX_SCREEN_BITRATE: "2097152" # This allows to adjust the max stream bitrate of the talk hpb
IMAGE_MIRROR_PREFIX: # Setting this allows you to pull Nextcloud images through a mirror registry.
NEXTCLOUD_IMAGE_ORG: nextcloud # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml
index f554d9b8..58276b24 100755
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -62,6 +62,7 @@ SMTP_PASSWORD: # (empty by default): The password for the authentication
MAIL_FROM_ADDRESS: # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
MAIL_DOMAIN: # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
TALK_MAX_STREAM_BITRATE: "1048576" # This allows to adjust the max stream bitrate of the talk hpb
+TALK_MAX_SCREEN_BITRATE: "2097152" # This allows to adjust the max stream bitrate of the talk hpb
IMAGE_MIRROR_PREFIX: # Setting this allows you to pull Nextcloud images through a mirror registry.
NEXTCLOUD_IMAGE_ORG: nextcloud # Setting this allows you to change the image's org name in case a different image needs to be used e.g. for compliance reasons.
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index 06bc52a9..64285e05 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -173,7 +173,7 @@ public function StartContainer(Request $request, Response $response, array $args
}
if (isset($request->getParsedBody()['install_latest_major'])) {
- $installLatestMajor = 28;
+ $installLatestMajor = 29;
} else {
$installLatestMajor = "";
}
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index c4ff2412..a3fd4162 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -28,7 +28,7 @@
{% set isBackupOrRestoreRunning = false %}
{% set isApacheStarting = false %}
{# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
- {% set newMajorVersion = '' %}
+ {% set newMajorVersion = 29 %}
{% if is_backup_container_running == true %}
{% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -292,7 +292,7 @@
{% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
Note about Nextcloud {{ newMajorVersion }}
- If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow this documentation
+ If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow this documentation
{% endif %}
{% endif %}
diff --git a/readme.md b/readme.md
index 19f910b2..6a686949 100644
--- a/readme.md
+++ b/readme.md
@@ -323,6 +323,11 @@ If your Nextcloud is running and you are logged in as admin in your Nextcloud, y
If you set up a new AIO instance, you need to enter a domain. Currently there is no way to change this domain afterwards from the AIO interface. So in order to change it, you need to edit the configuration.json manually using `sudo docker run -it --rm --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config:rw alpine sh -c "apk add --no-cache nano && nano /mnt/docker-aio-config/data/configuration.json"`, substitute each occurrence of your old domain with your new domain and save and write out the file. Afterwards restart your containers from the AIO interface and everything should work as expected if the new domain is correctly configured.
If you are running AIO behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to obviously also change the domain in your reverse proxy config.
+Additionally, after restarting the containers, you need to open the admin settings and update some values manually that cannot be changed automatically. Here is a list of some known places:
+- `https://your-nc-domain.com/settings/admin/talk` for Turn/Stun server and Signaling Server if you enabled Talk via the AIO interface
+- `https://your-nc-domain.com/settings/admin/theming` for the theming URL
+- `https://your-nc-domain.com/settings/admin/app_api` for the deploy daemon if you enabled the App API via the AIO interface
+
### How to properly reset the instance?
If something goes unexpected routes during the initial installation, you might want to reset the AIO installation to be able to start from scratch.