Merge 9360474bc1 into 178f8b65d3

* Add FORWARDED_FOR_HEADERS to the reverse-proxy config

Signed-off-by: Dominic Giebert <dominic.giebert@suse.com>

* Add FORWARDED_FOR_HEADERS to documentation

Signed-off-by: Dominic Giebert <dominic.giebert@suse.com>

---------

Signed-off-by: Dominic Giebert <dominic.giebert@suse.com>

.config/reverse-proxy.config.php

@@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
   $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
+
+$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+if ($forwardedForHeaders) {
+  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+}

.examples/docker-compose/insecure/mariadb/apache/compose.yaml

@@ -1,6 +1,6 @@
 services:
   db:
-    image: mariadb:10.6
+    image: mariadb:10.11
     command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
     restart: always
     volumes:

.examples/docker-compose/insecure/mariadb/fpm/compose.yaml

@@ -1,6 +1,6 @@
 services:
   db:
-    image: mariadb:10.6
+    image: mariadb:10.11
     command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
     restart: always
     volumes:

.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf

@@ -14,6 +14,7 @@ http {
     default_type  application/octet-stream;
     types {
         text/javascript mjs;
+        application/wasm wasm;
     }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
@@ -143,7 +144,7 @@ http {
         # to the URI, resulting in a HTTP 500 error response.
         location ~ \.php(?:$|/) {
             # Required for legacy support
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
 
             fastcgi_split_path_info ^(.+?\.php)(/.*)$;
             set $path_info $fastcgi_path_info;
@@ -166,7 +167,7 @@ http {
         }
 
         # Serve static files
-        location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463$asset_immutable";
             add_header Referrer-Policy                   "no-referrer"       always;

.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf

@@ -14,6 +14,7 @@ http {
     default_type  application/octet-stream;
     types {
         text/javascript mjs;
+        application/wasm wasm;
     }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
@@ -143,7 +144,7 @@ http {
         # to the URI, resulting in a HTTP 500 error response.
         location ~ \.php(?:$|/) {
             # Required for legacy support
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
 
             fastcgi_split_path_info ^(.+?\.php)(/.*)$;
             set $path_info $fastcgi_path_info;
@@ -166,7 +167,7 @@ http {
         }
 
         # Serve static files
-        location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463$asset_immutable";
             add_header Referrer-Policy                   "no-referrer"       always;

.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml

@@ -1,6 +1,6 @@
 services:
   db:
-    image: mariadb:10.6
+    image: mariadb:10.11
     command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
     restart: always
     volumes:

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml

@@ -1,6 +1,6 @@
 services:
   db:
-    image: mariadb:10.6
+    image: mariadb:10.11
     command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
     restart: always
     volumes:

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf

@@ -14,6 +14,7 @@ http {
     default_type  application/octet-stream;
     types {
         text/javascript mjs;
+        application/wasm wasm;
     }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
@@ -143,7 +144,7 @@ http {
         # to the URI, resulting in a HTTP 500 error response.
         location ~ \.php(?:$|/) {
             # Required for legacy support
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
 
             fastcgi_split_path_info ^(.+?\.php)(/.*)$;
             set $path_info $fastcgi_path_info;
@@ -166,7 +167,7 @@ http {
         }
 
         # Serve static files
-        location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463$asset_immutable";
             add_header Referrer-Policy                   "no-referrer"       always;

.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf

@@ -14,6 +14,7 @@ http {
     default_type  application/octet-stream;
     types {
         text/javascript mjs;
+        application/wasm wasm;
     }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
@@ -143,7 +144,7 @@ http {
         # to the URI, resulting in a HTTP 500 error response.
         location ~ \.php(?:$|/) {
             # Required for legacy support
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
 
             fastcgi_split_path_info ^(.+?\.php)(/.*)$;
             set $path_info $fastcgi_path_info;
@@ -166,7 +167,7 @@ http {
         }
 
         # Serve static files
-        location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463$asset_immutable";
             add_header Referrer-Policy                   "no-referrer"       always;

28/apache/Dockerfile

@@ -140,7 +140,7 @@ RUN { \
     } > /etc/apache2/conf-available/apache-limits.conf; \
     a2enconf apache-limits
 
-ENV NEXTCLOUD_VERSION 28.0.10
+ENV NEXTCLOUD_VERSION 28.0.11
 
 RUN set -ex; \
     fetchDeps=" \
@@ -150,8 +150,8 @@ RUN set -ex; \
     apt-get update; \
     apt-get install -y --no-install-recommends $fetchDeps; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \

28/apache/config/reverse-proxy.config.php

@@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
   $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
+
+$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+if ($forwardedForHeaders) {
+  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+}

28/fpm-alpine/Dockerfile

@@ -120,7 +120,7 @@ RUN { \
 VOLUME /var/www/html
 
 
-ENV NEXTCLOUD_VERSION 28.0.10
+ENV NEXTCLOUD_VERSION 28.0.11
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \
@@ -128,8 +128,8 @@ RUN set -ex; \
         gnupg \
     ; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com  --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \

28/fpm-alpine/config/reverse-proxy.config.php

@@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
   $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
+
+$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+if ($forwardedForHeaders) {
+  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+}

28/fpm/Dockerfile

@@ -125,7 +125,7 @@ RUN { \
 VOLUME /var/www/html
 
 
-ENV NEXTCLOUD_VERSION 28.0.10
+ENV NEXTCLOUD_VERSION 28.0.11
 
 RUN set -ex; \
     fetchDeps=" \
@@ -135,8 +135,8 @@ RUN set -ex; \
     apt-get update; \
     apt-get install -y --no-install-recommends $fetchDeps; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \

28/fpm/config/reverse-proxy.config.php

@@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
   $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
+
+$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+if ($forwardedForHeaders) {
+  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+}

29/apache/Dockerfile

@@ -21,6 +21,7 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
+ENV REDIS_DB_INDEX=0
 RUN set -ex; \
     \
     savedAptMark="$(apt-mark showmanual)"; \
@@ -140,7 +141,7 @@ RUN { \
     } > /etc/apache2/conf-available/apache-limits.conf; \
     a2enconf apache-limits
 
-ENV NEXTCLOUD_VERSION 29.0.7
+ENV NEXTCLOUD_VERSION 29.0.8
 
 RUN set -ex; \
     fetchDeps=" \
@@ -150,8 +151,8 @@ RUN set -ex; \
     apt-get update; \
     apt-get install -y --no-install-recommends $fetchDeps; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \

29/apache/config/redis.config.php

@@ -14,4 +14,8 @@ if (getenv('REDIS_HOST')) {
   } elseif (getenv('REDIS_HOST')[0] != '/') {
     $CONFIG['redis']['port'] = 6379;
   }
+  if (getenv('REDIS_DB_INDEX') !== false) {
+    $CONFIG['redis']['dbindex'] = (int) getenv('REDIS_DB_INDEX');
+  }
+
 }

29/apache/config/reverse-proxy.config.php

@@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
   $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
+
+$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+if ($forwardedForHeaders) {
+  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+}

29/fpm-alpine/Dockerfile

@@ -120,7 +120,7 @@ RUN { \
 VOLUME /var/www/html
 
 
-ENV NEXTCLOUD_VERSION 29.0.7
+ENV NEXTCLOUD_VERSION 29.0.8
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \
@@ -128,8 +128,8 @@ RUN set -ex; \
         gnupg \
     ; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com  --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \

29/fpm-alpine/config/reverse-proxy.config.php

@@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
   $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
+
+$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+if ($forwardedForHeaders) {
+  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+}

29/fpm/Dockerfile

@@ -125,7 +125,7 @@ RUN { \
 VOLUME /var/www/html
 
 
-ENV NEXTCLOUD_VERSION 29.0.7
+ENV NEXTCLOUD_VERSION 29.0.8
 
 RUN set -ex; \
     fetchDeps=" \
@@ -135,8 +135,8 @@ RUN set -ex; \
     apt-get update; \
     apt-get install -y --no-install-recommends $fetchDeps; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \

29/fpm/config/reverse-proxy.config.php

@@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
   $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
+
+$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+if ($forwardedForHeaders) {
+  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+}

30/apache/config/reverse-proxy.config.php

@@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
   $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
+
+$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+if ($forwardedForHeaders) {
+  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+}

30/fpm-alpine/config/reverse-proxy.config.php

@@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
   $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
+
+$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+if ($forwardedForHeaders) {
+  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+}

30/fpm/config/reverse-proxy.config.php

@@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
   $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
+
+$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+if ($forwardedForHeaders) {
+  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+}

README.md

@@ -68,7 +68,7 @@ Database:
 ```console
 $ docker run -d \
 -v db:/var/lib/mysql \
-mariadb:10.6
+mariadb:10.11
 ```
 
 ### Additional volumes
@@ -159,6 +159,7 @@ If you want to use Redis you have to create a separate [Redis](https://hub.docke
 - `REDIS_HOST` (not set by default) Name of Redis container
 - `REDIS_HOST_PORT` (default: `6379`) Optional port for Redis, only use for external Redis servers that run on non-standard ports.
 - `REDIS_HOST_PASSWORD` (not set by default) Redis password
+- `REDIS_DB_INDEX` (default: `0`) Value for dbindex config value
 
 The use of Redis is recommended to prevent file locking problems. See the examples for further instructions.
 
@@ -261,7 +262,7 @@ To use the hooks triggered by the `entrypoint` script, either
 ```
 
 
-## Using the apache image behind a reverse proxy and auto configure server host and protocol
+## Using the image behind a reverse proxy and auto configure server host and protocol
 
 The apache image will replace the remote addr (IP address visible to Nextcloud) with the IP address from `X-Real-IP` if the request is coming from a proxy in `10.0.0.0/8`, `172.16.0.0/12` or `192.168.0.0/16` by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client IP (`HTTP_X_FORWARDED_FOR`) from a trusted proxy, then disable rewrite IP and add the reverse proxy's IP address to `TRUSTED_PROXIES`.
 
@@ -276,6 +277,7 @@ If the `TRUSTED_PROXIES` approach does not work for you, try using fixed values
 - `OVERWRITECLIURL` (empty by default): Set the cli url of the proxy (e.g. https://mydnsname.example.com)
 - `OVERWRITEWEBROOT` (empty by default): Set the absolute path of the proxy.
 - `OVERWRITECONDADDR` (empty by default): Regex to overwrite the values dependent on the remote address.
+- `FORWARDED_FOR_HEADERS` (empty by default): HTTP headers with the original client IP address
 
 Check the [Nexcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html) for more details.
 
@@ -294,7 +296,7 @@ Make sure to pass in values for `MYSQL_ROOT_PASSWORD` and `MYSQL_PASSWORD` varia
 ```yaml
 services:
   db:
-    image: mariadb:10.6
+    image: mariadb:10.11
     restart: always
     command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
     volumes:
@@ -342,7 +344,7 @@ Make sure to pass in values for `MYSQL_ROOT_PASSWORD` and `MYSQL_PASSWORD` varia
 ```yaml
 services:
   db:
-    image: mariadb:10.6
+    image: mariadb:10.11
     restart: always
     command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
     volumes:

docker-entrypoint.sh

@@ -114,15 +114,15 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
             # check if redis host is an unix socket path
             if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
               if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
+                echo "session.save_path = \"unix://${REDIS_HOST}/${REDIS_DB_INDEX}?auth=${REDIS_HOST_PASSWORD}\""
               else
-                echo "session.save_path = \"unix://${REDIS_HOST}\""
+                echo "session.save_path = \"unix://${REDIS_HOST}/${REDIS_DB_INDEX}\""
               fi
             # check if redis password has been set
             elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
+                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}/${REDIS_DB_INDEX}?auth=${REDIS_HOST_PASSWORD}\""
             else
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
+                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}/${REDIS_DB_INDEX}\""
             fi
             echo "redis.session.locking_enabled = 1"
             echo "redis.session.lock_retries = -1"

versions.json

@@ -27,9 +27,9 @@
   },
   "29": {
     "branch": "29",
-    "version": "29.0.7",
+    "version": "29.0.8",
-    "url": "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2",
+    "url": "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2",
-    "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2.asc",
+    "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2.asc",
     "variants": {
       "apache": {
         "variant": "apache",
@@ -53,9 +53,9 @@
   },
   "28": {
     "branch": "28",
-    "version": "28.0.10",
+    "version": "28.0.11",
-    "url": "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2",
+    "url": "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2",
-    "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2.asc",
+    "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2.asc",
     "variants": {
       "apache": {
         "variant": "apache",