Update to correct MariaDB command

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>
Merge branch 'nextcloud:master' into compose-v2
2025-07-31 10:38:05 +02:00 · 2024-09-19 00:52:45 +03:00 · 2024-09-19 00:22:08 +03:00 · 2024-09-18 20:45:28 +00:00 · 2024-09-18 20:45:15 +00:00 · 2024-09-18 20:06:41 +00:00
127 changed files with 1266 additions and 1119 deletions
--- a/.config/redis.config.php
+++ b/.config/redis.config.php
@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
+      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
    ),
  );

--- a/.config/s3.config.php
+++ b/.config/s3.config.php
@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    )
  );

-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['key'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['secret'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
--- a/.config/smtp.config.php
+++ b/.config/smtp.config.php
@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
    'mail_smtphost' => getenv('SMTP_HOST'),
    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
+    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
    'mail_domain' => getenv('MAIL_DOMAIN'),
  );

-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
+  if (getenv('SMTP_PASSWORD_FILE')) {
      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
  } elseif (getenv('SMTP_PASSWORD')) {
      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
--- a/.examples/README.md
+++ b/.examples/README.md
@ -52,9 +52,6 @@ The required steps for each optional/recommended package that is not already in
 #### ffmpeg
 `apt install ffmpeg`

-#### imagemagick SVG support
-`apt install libmagickcore-6.q16-6-extra`
-
 #### LibreOffice
 `apt install libreoffice`

--- a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml
+++ b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml
@ -1,9 +1,7 @@
-version: '3'
-
 services:
  db:
    image: mariadb:10.6
-    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-read-only-compressed=OFF
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
--- a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml
+++ b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml
@ -1,9 +1,7 @@
-version: '3'
-
 services:
  db:
    image: mariadb:10.6
-    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-read-only-compressed=OFF
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
--- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
+++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
@ -12,6 +12,9 @@ events {
 http {
    include mime.types;
    default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
@ -30,7 +33,7 @@ http {
    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
-    default "immutable";
+    default ", immutable";
    }

    #gzip  on;
@ -162,24 +165,16 @@ http {
            fastcgi_max_temp_file_size 0;
        }

-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            default_type "text/javascript";
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
        # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets

            location ~ \.wasm$ {
--- a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml
+++ b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml
@ -1,5 +1,3 @@
-version: '3'
-
 services:
  db:
    image: postgres:alpine
@ -41,4 +39,4 @@ services:

 volumes:
  db:
-  nextcloud:
+  nextcloud:
--- a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml
+++ b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml
@ -1,11 +1,9 @@
-version: '3'
-
 services:
  db:
    image: postgres:alpine
    restart: always
    volumes:
-      - db:/var/lib/postgresql/data:z
+      - db:/var/lib/postgresql/data:Z
    env_file:
      - db.env

--- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
+++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
@ -12,6 +12,9 @@ events {
 http {
    include mime.types;
    default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
@ -30,7 +33,7 @@ http {
    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
-    default "immutable";
+    default ", immutable";
    }

    #gzip  on;
@ -162,23 +165,16 @@ http {
            fastcgi_max_temp_file_size 0;
        }

-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
        # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets

            location ~ \.wasm$ {
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml
@ -1,9 +1,7 @@
-version: '3'
-
 services:
  db:
    image: mariadb:10.6
-    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-read-only-compressed=OFF
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
@ -34,6 +32,10 @@ services:
    depends_on:
      - db
      - redis
+      # Added proxy container dependency below. 
+      # It is unclear on when or why it happens, but sometimes NC manages to start before the proxy 
+      #  and it breaks for whatever weird reason resulting in the need of manual proxy container restart.
+      - proxy
    networks:
      - proxy-tier
      - default
@ -55,11 +57,12 @@ services:
      - 80:80
      - 443:443
    labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
-      - certs:/etc/nginx/certs:z,ro
+      - certs:/etc/nginx/certs:ro,z
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
+      - dhparam:/etc/nginx/dhparam:z
      - /var/run/docker.sock:/tmp/docker.sock:z,ro
    networks:
      - proxy-tier
@ -67,6 +70,8 @@ services:
  letsencrypt-companion:
    image: nginxproxy/acme-companion
    restart: always
+    environment:
+      - DEFAULT_EMAIL=
    volumes:
      - certs:/etc/nginx/certs:z
      - acme:/etc/acme.sh:z
@ -100,6 +105,7 @@ volumes:
  acme:
  vhost.d:
  html:
+  dhparam:

 networks:
  proxy-tier:
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
@ -1,9 +1,7 @@
-version: '3'
-
 services:
  db:
    image: mariadb:10.6
-    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-read-only-compressed=OFF
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
@ -31,6 +29,7 @@ services:
    depends_on:
      - db
      - redis
+      - proxy

  web:
    build: ./web
@ -64,7 +63,7 @@ services:
      - 80:80
      - 443:443
    labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
      - certs:/etc/nginx/certs:z,ro
      - vhost.d:/etc/nginx/vhost.d:z
@ -76,6 +75,8 @@ services:
  letsencrypt-companion:
    image: nginxproxy/acme-companion
    restart: always
+    environment:
+      - DEFAULT_EMAIL=
    volumes:
      - certs:/etc/nginx/certs:z
      - acme:/etc/acme.sh:z
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
@ -12,6 +12,9 @@ events {
 http {
    include mime.types;
    default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
@ -30,7 +33,7 @@ http {
    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
-    default "immutable";
+    default ", immutable";
    }

    #gzip  on;
@ -162,23 +165,16 @@ http {
            fastcgi_max_temp_file_size 0;
        }

-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
        # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets

            location ~ \.wasm$ {
--- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml
@ -1,5 +1,3 @@
-version: '3'
-
 services:
  db:
    image: postgres:alpine
@ -29,6 +27,7 @@ services:
    depends_on:
      - db
      - redis
+      - proxy
    networks:
      - proxy-tier
      - default
@ -50,9 +49,9 @@ services:
      - 80:80
      - 443:443
    labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
-      - certs:/etc/nginx/certs:z,ro
+      - certs:/etc/nginx/certs:ro,z
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/tmp/docker.sock:z,ro
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml
@ -26,6 +26,7 @@ services:
    depends_on:
      - db
      - redis
+      - proxy

  web:
    build: ./web
@ -59,7 +60,7 @@ services:
      - 80:80
      - 443:443
    labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
      - certs:/etc/nginx/certs:z,ro
      - vhost.d:/etc/nginx/vhost.d:z
@ -77,6 +78,8 @@ services:
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/var/run/docker.sock:z,ro
+    environment:
+      - DEFAULT_EMAIL=
    networks:
      - proxy-tier
    depends_on:
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
@ -12,6 +12,9 @@ events {
 http {
    include mime.types;
    default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
@ -30,7 +33,7 @@ http {
    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
-    default "immutable";
+    default ", immutable";
    }

    #gzip  on;
@ -162,23 +165,16 @@ http {
            fastcgi_max_temp_file_size 0;
        }

-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
        # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets

            location ~ \.wasm$ {
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@ -1,51 +0,0 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-
-name: Rebase command
-
-on:
-  issue_comment:
-    types: created
-
-permissions:
-  contents: read
-
-jobs:
-  rebase:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: none
-
-    # On pull requests and if the comment starts with `/rebase`
-    if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/rebase')
-
-    steps:
-      - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
-        with:
-          token: ${{ secrets.COMMAND_BOT_PAT }}
-          repository: ${{ github.event.repository.full_name }}
-          comment-id: ${{ github.event.comment.id }}
-          reaction-type: "+1"
-
-      - name: Checkout the latest code
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.COMMAND_BOT_PAT }}
-
-      - name: Automatic Rebase
-        uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8
-        env:
-          GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
-
-      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
-        if: failure()
-        with:
-          token: ${{ secrets.COMMAND_BOT_PAT }}
-          repository: ${{ github.event.repository.full_name }}
-          comment-id: ${{ github.event.comment.id }}
-          reaction-type: "-1"
--- a/27/fpm-alpine/config/redis.config.php
+++ b/27/fpm-alpine/config/redis.config.php
@ -1,17 +0,0 @@
-<?php
-if (getenv('REDIS_HOST')) {
-  $CONFIG = array(
-    'memcache.distributed' => '\OC\Memcache\Redis',
-    'memcache.locking' => '\OC\Memcache\Redis',
-    'redis' => array(
-      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
-    ),
-  );
-
-  if (getenv('REDIS_HOST_PORT') !== false) {
-    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
-  } elseif (getenv('REDIS_HOST')[0] != '/') {
-    $CONFIG['redis']['port'] = 6379;
-  }
-}
--- a/27/fpm-alpine/config/s3.config.php
+++ b/27/fpm-alpine/config/s3.config.php
@ -1,48 +0,0 @@
-<?php
-if (getenv('OBJECTSTORE_S3_BUCKET')) {
-  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
-  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
-  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
-  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
-  $CONFIG = array(
-    'objectstore' => array(
-      'class' => '\OC\Files\ObjectStore\S3',
-      'arguments' => array(
-        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
-        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
-        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
-        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
-        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
-        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
-        // required for some non Amazon S3 implementations
-        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
-        // required for older protocol versions
-        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
-      )
-    )
-  );
-
-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
-    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
-  } else {
-    $CONFIG['objectstore']['arguments']['key'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
-    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
-    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
-  } else {
-    $CONFIG['objectstore']['arguments']['secret'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
-  }
-}
--- a/27/fpm-alpine/config/smtp.config.php
+++ b/27/fpm-alpine/config/smtp.config.php
@ -1,22 +0,0 @@
-<?php
-if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
-  $CONFIG = array (
-    'mail_smtpmode' => 'smtp',
-    'mail_smtphost' => getenv('SMTP_HOST'),
-    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
-    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
-    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
-    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
-    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
-    'mail_domain' => getenv('MAIL_DOMAIN'),
-  );
-
-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
-      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
-  } elseif (getenv('SMTP_PASSWORD')) {
-      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
-  } else {
-      $CONFIG['mail_smtppassword'] = '';
-  }
-}
--- a/27/fpm-alpine/entrypoint.sh
+++ b/27/fpm-alpine/entrypoint.sh
@ -1,279 +0,0 @@
-#!/bin/sh
-set -eu
-
-# version_greater A B returns whether A > B
-version_greater() {
-    [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
-}
-
-# return true if specified directory is empty
-directory_empty() {
-    [ -z "$(ls -A "$1/")" ]
-}
-
-run_as() {
-    if [ "$(id -u)" = 0 ]; then
-        su -p "$user" -s /bin/sh -c "$1"
-    else
-        sh -c "$1"
-    fi
-}
-
-# Execute all executable files in a given directory in alphanumeric order
-run_path() {
-    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
-    local return_code=0
-
-    if ! [ -d "${hook_folder_path}" ]; then
-        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
-        return 0
-    fi
-
-    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
-
-    (
-        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
-            if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
-                continue
-            fi
-
-            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-
-            run_as "${script_file_path}" || return_code="$?"
-
-            if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
-                exit 1
-            fi
-
-            echo "==> Finished the script: \"${script_file_path}\""
-        done
-    )
-}
-
-# usage: file_env VAR [DEFAULT]
-#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
-    if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
-        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-        exit 1
-    fi
-    if [ -n "${varValue}" ]; then
-        export "$var"="${varValue}"
-    elif [ -n "${fileVarValue}" ]; then
-        export "$var"="$(cat "${fileVarValue}")"
-    elif [ -n "${def}" ]; then
-        export "$var"="$def"
-    fi
-    unset "$fileVar"
-}
-
-if expr "$1" : "apache" 1>/dev/null; then
-    if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
-        a2disconf remoteip
-    fi
-fi
-
-if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
-    uid="$(id -u)"
-    gid="$(id -g)"
-    if [ "$uid" = '0' ]; then
-        case "$1" in
-            apache2*)
-                user="${APACHE_RUN_USER:-www-data}"
-                group="${APACHE_RUN_GROUP:-www-data}"
-
-                # strip off any '#' symbol ('#1000' is valid syntax for Apache)
-                user="${user#'#'}"
-                group="${group#'#'}"
-                ;;
-            *) # php-fpm
-                user='www-data'
-                group='www-data'
-                ;;
-        esac
-    else
-        user="$uid"
-        group="$gid"
-    fi
-
-    if [ -n "${REDIS_HOST+x}" ]; then
-
-        echo "Configuring Redis as session handler"
-        {
-            file_env REDIS_HOST_PASSWORD
-            echo 'session.save_handler = redis'
-            # check if redis host is an unix socket path
-            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
-              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-              else
-                echo "session.save_path = \"unix://${REDIS_HOST}\""
-              fi
-            # check if redis password has been set
-            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-            else
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
-            fi
-            echo "redis.session.locking_enabled = 1"
-            echo "redis.session.lock_retries = -1"
-            # redis.session.lock_wait_time is specified in microseconds.
-            # Wait 10ms before retrying the lock rather than the default 2ms.
-            echo "redis.session.lock_wait_time = 10000"
-        } > /usr/local/etc/php/conf.d/redis-session.ini
-    fi
-
-    # If another process is syncing the html folder, wait for
-    # it to be done, then escape initalization.
-    (
-        if ! flock -n 9; then
-            # If we couldn't get it immediately, show a message, then wait for real
-            echo "Another process is initializing Nextcloud. Waiting..."
-            flock 9
-        fi
-
-        installed_version="0.0.0.0"
-        if [ -f /var/www/html/version.php ]; then
-            # shellcheck disable=SC2016
-            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-        fi
-        # shellcheck disable=SC2016
-        image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
-
-        if version_greater "$installed_version" "$image_version"; then
-            echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
-            exit 1
-        fi
-
-        if version_greater "$image_version" "$installed_version"; then
-            echo "Initializing nextcloud $image_version ..."
-            if [ "$installed_version" != "0.0.0.0" ]; then
-                if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
-                    echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
-                    echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
-                    exit 1
-                fi
-                echo "Upgrading nextcloud from $installed_version ..."
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
-            fi
-            if [ "$(id -u)" = 0 ]; then
-                rsync_options="-rlDog --chown $user:$group"
-            else
-                rsync_options="-rlD"
-            fi
-
-            rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
-            for dir in config data custom_apps themes; do
-                if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
-                    rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-                fi
-            done
-            rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-
-            # Install
-            if [ "$installed_version" = "0.0.0.0" ]; then
-                echo "New nextcloud instance"
-
-                file_env NEXTCLOUD_ADMIN_PASSWORD
-                file_env NEXTCLOUD_ADMIN_USER
-
-                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
-                    # shellcheck disable=SC2016
-                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
-                    if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
-                    fi
-
-                    file_env MYSQL_DATABASE
-                    file_env MYSQL_PASSWORD
-                    file_env MYSQL_USER
-                    file_env POSTGRES_DB
-                    file_env POSTGRES_PASSWORD
-                    file_env POSTGRES_USER
-
-                    install=false
-                    if [ -n "${SQLITE_DATABASE+x}" ]; then
-                        echo "Installing with SQLite database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database-name "$SQLITE_DATABASE"'
-                        install=true
-                    elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
-                        echo "Installing with MySQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
-                        install=true
-                    elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
-                        echo "Installing with PostgreSQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
-                        install=true
-                    fi
-
-                    if [ "$install" = true ]; then
-                        run_path pre-installation
-
-                        echo "Starting nextcloud installation"
-                        max_retries=10
-                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
-                        do
-                            echo "Retrying install..."
-                            try=$((try+1))
-                            sleep 10s
-                        done
-                        if [ "$try" -gt "$max_retries" ]; then
-                            echo "Installing of nextcloud failed!"
-                            exit 1
-                        fi
-                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
-                            echo "Setting trusted domains…"
-                            NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
-                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
-                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
-                            done
-                        fi
-
-                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
-                fi
-            # Upgrade
-            else
-                run_path pre-upgrade
-
-                run_as 'php /var/www/html/occ upgrade'
-
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
-                echo "The following apps have been disabled:"
-                diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
-                rm -f /tmp/list_before /tmp/list_after
-
-                run_path post-upgrade
-            fi
-
-            echo "Initializing finished"
-        fi
-
-        # Update htaccess after init if requested
-        if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
-            run_as 'php /var/www/html/occ maintenance:update:htaccess'
-        fi
-    ) 9> /var/www/html/nextcloud-init-sync.lock
-
-    run_path before-starting
-fi
-
-exec "$@"
--- a/27/fpm/config/redis.config.php
+++ b/27/fpm/config/redis.config.php
@ -1,17 +0,0 @@
-<?php
-if (getenv('REDIS_HOST')) {
-  $CONFIG = array(
-    'memcache.distributed' => '\OC\Memcache\Redis',
-    'memcache.locking' => '\OC\Memcache\Redis',
-    'redis' => array(
-      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
-    ),
-  );
-
-  if (getenv('REDIS_HOST_PORT') !== false) {
-    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
-  } elseif (getenv('REDIS_HOST')[0] != '/') {
-    $CONFIG['redis']['port'] = 6379;
-  }
-}
--- a/27/fpm/config/s3.config.php
+++ b/27/fpm/config/s3.config.php
@ -1,48 +0,0 @@
-<?php
-if (getenv('OBJECTSTORE_S3_BUCKET')) {
-  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
-  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
-  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
-  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
-  $CONFIG = array(
-    'objectstore' => array(
-      'class' => '\OC\Files\ObjectStore\S3',
-      'arguments' => array(
-        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
-        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
-        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
-        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
-        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
-        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
-        // required for some non Amazon S3 implementations
-        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
-        // required for older protocol versions
-        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
-      )
-    )
-  );
-
-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
-    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
-  } else {
-    $CONFIG['objectstore']['arguments']['key'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
-    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
-    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
-  } else {
-    $CONFIG['objectstore']['arguments']['secret'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
-  }
-}
--- a/27/fpm/config/smtp.config.php
+++ b/27/fpm/config/smtp.config.php
@ -1,22 +0,0 @@
-<?php
-if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
-  $CONFIG = array (
-    'mail_smtpmode' => 'smtp',
-    'mail_smtphost' => getenv('SMTP_HOST'),
-    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
-    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
-    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
-    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
-    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
-    'mail_domain' => getenv('MAIL_DOMAIN'),
-  );
-
-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
-      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
-  } elseif (getenv('SMTP_PASSWORD')) {
-      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
-  } else {
-      $CONFIG['mail_smtppassword'] = '';
-  }
-}
--- a/27/fpm/entrypoint.sh
+++ b/27/fpm/entrypoint.sh
@ -1,279 +0,0 @@
-#!/bin/sh
-set -eu
-
-# version_greater A B returns whether A > B
-version_greater() {
-    [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
-}
-
-# return true if specified directory is empty
-directory_empty() {
-    [ -z "$(ls -A "$1/")" ]
-}
-
-run_as() {
-    if [ "$(id -u)" = 0 ]; then
-        su -p "$user" -s /bin/sh -c "$1"
-    else
-        sh -c "$1"
-    fi
-}
-
-# Execute all executable files in a given directory in alphanumeric order
-run_path() {
-    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
-    local return_code=0
-
-    if ! [ -d "${hook_folder_path}" ]; then
-        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
-        return 0
-    fi
-
-    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
-
-    (
-        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
-            if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
-                continue
-            fi
-
-            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-
-            run_as "${script_file_path}" || return_code="$?"
-
-            if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
-                exit 1
-            fi
-
-            echo "==> Finished the script: \"${script_file_path}\""
-        done
-    )
-}
-
-# usage: file_env VAR [DEFAULT]
-#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
-    if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
-        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-        exit 1
-    fi
-    if [ -n "${varValue}" ]; then
-        export "$var"="${varValue}"
-    elif [ -n "${fileVarValue}" ]; then
-        export "$var"="$(cat "${fileVarValue}")"
-    elif [ -n "${def}" ]; then
-        export "$var"="$def"
-    fi
-    unset "$fileVar"
-}
-
-if expr "$1" : "apache" 1>/dev/null; then
-    if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
-        a2disconf remoteip
-    fi
-fi
-
-if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
-    uid="$(id -u)"
-    gid="$(id -g)"
-    if [ "$uid" = '0' ]; then
-        case "$1" in
-            apache2*)
-                user="${APACHE_RUN_USER:-www-data}"
-                group="${APACHE_RUN_GROUP:-www-data}"
-
-                # strip off any '#' symbol ('#1000' is valid syntax for Apache)
-                user="${user#'#'}"
-                group="${group#'#'}"
-                ;;
-            *) # php-fpm
-                user='www-data'
-                group='www-data'
-                ;;
-        esac
-    else
-        user="$uid"
-        group="$gid"
-    fi
-
-    if [ -n "${REDIS_HOST+x}" ]; then
-
-        echo "Configuring Redis as session handler"
-        {
-            file_env REDIS_HOST_PASSWORD
-            echo 'session.save_handler = redis'
-            # check if redis host is an unix socket path
-            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
-              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-              else
-                echo "session.save_path = \"unix://${REDIS_HOST}\""
-              fi
-            # check if redis password has been set
-            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-            else
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
-            fi
-            echo "redis.session.locking_enabled = 1"
-            echo "redis.session.lock_retries = -1"
-            # redis.session.lock_wait_time is specified in microseconds.
-            # Wait 10ms before retrying the lock rather than the default 2ms.
-            echo "redis.session.lock_wait_time = 10000"
-        } > /usr/local/etc/php/conf.d/redis-session.ini
-    fi
-
-    # If another process is syncing the html folder, wait for
-    # it to be done, then escape initalization.
-    (
-        if ! flock -n 9; then
-            # If we couldn't get it immediately, show a message, then wait for real
-            echo "Another process is initializing Nextcloud. Waiting..."
-            flock 9
-        fi
-
-        installed_version="0.0.0.0"
-        if [ -f /var/www/html/version.php ]; then
-            # shellcheck disable=SC2016
-            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-        fi
-        # shellcheck disable=SC2016
-        image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
-
-        if version_greater "$installed_version" "$image_version"; then
-            echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
-            exit 1
-        fi
-
-        if version_greater "$image_version" "$installed_version"; then
-            echo "Initializing nextcloud $image_version ..."
-            if [ "$installed_version" != "0.0.0.0" ]; then
-                if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
-                    echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
-                    echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
-                    exit 1
-                fi
-                echo "Upgrading nextcloud from $installed_version ..."
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
-            fi
-            if [ "$(id -u)" = 0 ]; then
-                rsync_options="-rlDog --chown $user:$group"
-            else
-                rsync_options="-rlD"
-            fi
-
-            rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
-            for dir in config data custom_apps themes; do
-                if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
-                    rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-                fi
-            done
-            rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-
-            # Install
-            if [ "$installed_version" = "0.0.0.0" ]; then
-                echo "New nextcloud instance"
-
-                file_env NEXTCLOUD_ADMIN_PASSWORD
-                file_env NEXTCLOUD_ADMIN_USER
-
-                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
-                    # shellcheck disable=SC2016
-                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
-                    if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
-                    fi
-
-                    file_env MYSQL_DATABASE
-                    file_env MYSQL_PASSWORD
-                    file_env MYSQL_USER
-                    file_env POSTGRES_DB
-                    file_env POSTGRES_PASSWORD
-                    file_env POSTGRES_USER
-
-                    install=false
-                    if [ -n "${SQLITE_DATABASE+x}" ]; then
-                        echo "Installing with SQLite database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database-name "$SQLITE_DATABASE"'
-                        install=true
-                    elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
-                        echo "Installing with MySQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
-                        install=true
-                    elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
-                        echo "Installing with PostgreSQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
-                        install=true
-                    fi
-
-                    if [ "$install" = true ]; then
-                        run_path pre-installation
-
-                        echo "Starting nextcloud installation"
-                        max_retries=10
-                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
-                        do
-                            echo "Retrying install..."
-                            try=$((try+1))
-                            sleep 10s
-                        done
-                        if [ "$try" -gt "$max_retries" ]; then
-                            echo "Installing of nextcloud failed!"
-                            exit 1
-                        fi
-                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
-                            echo "Setting trusted domains…"
-                            NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
-                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
-                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
-                            done
-                        fi
-
-                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
-                fi
-            # Upgrade
-            else
-                run_path pre-upgrade
-
-                run_as 'php /var/www/html/occ upgrade'
-
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
-                echo "The following apps have been disabled:"
-                diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
-                rm -f /tmp/list_before /tmp/list_after
-
-                run_path post-upgrade
-            fi
-
-            echo "Initializing finished"
-        fi
-
-        # Update htaccess after init if requested
-        if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
-            run_as 'php /var/www/html/occ maintenance:update:htaccess'
-        fi
-    ) 9> /var/www/html/nextcloud-init-sync.lock
-
-    run_path before-starting
-fi
-
-exec "$@"
--- a/28/apache/Dockerfile
+++ b/28/apache/Dockerfile
@ -140,7 +140,7 @@ RUN { \
    } > /etc/apache2/conf-available/apache-limits.conf; \
    a2enconf apache-limits

-ENV NEXTCLOUD_VERSION 28.0.4
+ENV NEXTCLOUD_VERSION 28.0.10

 RUN set -ex; \
    fetchDeps=" \
@ -150,8 +150,8 @@ RUN set -ex; \
    apt-get update; \
    apt-get install -y --no-install-recommends $fetchDeps; \
    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
--- a/28/apache/config/redis.config.php
+++ b/28/apache/config/redis.config.php
@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
+      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
    ),
  );

--- a/28/apache/config/s3.config.php
+++ b/28/apache/config/s3.config.php
@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    )
  );

-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['key'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['secret'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
--- a/28/apache/config/smtp.config.php
+++ b/28/apache/config/smtp.config.php
@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
    'mail_smtphost' => getenv('SMTP_HOST'),
    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
+    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
    'mail_domain' => getenv('MAIL_DOMAIN'),
  );

-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
+  if (getenv('SMTP_PASSWORD_FILE')) {
      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
  } elseif (getenv('SMTP_PASSWORD')) {
      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
--- a/28/apache/entrypoint.sh
+++ b/28/apache/entrypoint.sh
@ -186,6 +186,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                file_env NEXTCLOUD_ADMIN_PASSWORD
                file_env NEXTCLOUD_ADMIN_USER

+                install=false
                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
                    # shellcheck disable=SC2016
                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
@ -201,7 +202,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                    file_env POSTGRES_PASSWORD
                    file_env POSTGRES_USER

-                    install=false
                    if [ -n "${SQLITE_DATABASE+x}" ]; then
                        echo "Installing with SQLite database"
                        # shellcheck disable=SC2016
@ -225,7 +225,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        echo "Starting nextcloud installation"
                        max_retries=10
                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
+                        until  [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options" 
                        do
                            echo "Retrying install..."
                            try=$((try+1))
@ -246,9 +246,12 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        fi

                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
+		    fi
+                fi
+		# not enough specified to do a fully automated installation 
+                if [ "$install" = false ]; then 
+                    echo "Next step: Access your instance to finish the web-based installation!"
+                    echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
                fi
            # Upgrade
            else
@ -273,6 +276,17 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
        fi
    ) 9> /var/www/html/nextcloud-init-sync.lock

+    # warn if config files on persistent storage differ from the latest version of this image
+    for cfgPath in /usr/src/nextcloud/config/*.php; do
+        cfgFile=$(basename "$cfgPath")
+
+        if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
+            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
+                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
+            fi
+        fi
+    done
+
    run_path before-starting
 fi

--- a/28/fpm-alpine/Dockerfile
+++ b/28/fpm-alpine/Dockerfile
@ -1,11 +1,18 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
-FROM php:8.2-fpm-alpine3.19
+FROM php:8.2-fpm-alpine3.20

 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
    \
    apk add --no-cache \
        imagemagick \
+        imagemagick-pdf \
+        imagemagick-jpeg \
+        imagemagick-raw \
+        imagemagick-tiff \
+        imagemagick-heic \
+        imagemagick-webp \
+        imagemagick-svg \
        rsync \
    ; \
    \
@ -113,7 +120,7 @@ RUN { \
 VOLUME /var/www/html


-ENV NEXTCLOUD_VERSION 28.0.4
+ENV NEXTCLOUD_VERSION 28.0.10

 RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
@ -121,8 +128,8 @@ RUN set -ex; \
        gnupg \
    ; \
    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver keyserver.ubuntu.com  --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
--- a/28/fpm-alpine/config/redis.config.php
+++ b/28/fpm-alpine/config/redis.config.php
@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
+      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
    ),
  );

--- a/28/fpm-alpine/config/s3.config.php
+++ b/28/fpm-alpine/config/s3.config.php
@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    )
  );

-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['key'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['secret'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
--- a/28/fpm-alpine/config/smtp.config.php
+++ b/28/fpm-alpine/config/smtp.config.php
@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
    'mail_smtphost' => getenv('SMTP_HOST'),
    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
+    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
    'mail_domain' => getenv('MAIL_DOMAIN'),
  );

-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
+  if (getenv('SMTP_PASSWORD_FILE')) {
      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
  } elseif (getenv('SMTP_PASSWORD')) {
      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
--- a/28/fpm-alpine/entrypoint.sh
+++ b/28/fpm-alpine/entrypoint.sh
@ -186,6 +186,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                file_env NEXTCLOUD_ADMIN_PASSWORD
                file_env NEXTCLOUD_ADMIN_USER

+                install=false
                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
                    # shellcheck disable=SC2016
                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
@ -201,7 +202,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                    file_env POSTGRES_PASSWORD
                    file_env POSTGRES_USER

-                    install=false
                    if [ -n "${SQLITE_DATABASE+x}" ]; then
                        echo "Installing with SQLite database"
                        # shellcheck disable=SC2016
@ -225,7 +225,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        echo "Starting nextcloud installation"
                        max_retries=10
                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
+                        until  [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options" 
                        do
                            echo "Retrying install..."
                            try=$((try+1))
@ -246,9 +246,12 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        fi

                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
+		    fi
+                fi
+		# not enough specified to do a fully automated installation 
+                if [ "$install" = false ]; then 
+                    echo "Next step: Access your instance to finish the web-based installation!"
+                    echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
                fi
            # Upgrade
            else
@ -273,6 +276,17 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
        fi
    ) 9> /var/www/html/nextcloud-init-sync.lock

+    # warn if config files on persistent storage differ from the latest version of this image
+    for cfgPath in /usr/src/nextcloud/config/*.php; do
+        cfgFile=$(basename "$cfgPath")
+
+        if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
+            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
+                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
+            fi
+        fi
+    done
+
    run_path before-starting
 fi

--- a/28/fpm/Dockerfile
+++ b/28/fpm/Dockerfile
@ -125,7 +125,7 @@ RUN { \
 VOLUME /var/www/html


-ENV NEXTCLOUD_VERSION 28.0.4
+ENV NEXTCLOUD_VERSION 28.0.10

 RUN set -ex; \
    fetchDeps=" \
@ -135,8 +135,8 @@ RUN set -ex; \
    apt-get update; \
    apt-get install -y --no-install-recommends $fetchDeps; \
    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
--- a/28/fpm/config/redis.config.php
+++ b/28/fpm/config/redis.config.php
@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
+      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
    ),
  );

--- a/28/fpm/config/s3.config.php
+++ b/28/fpm/config/s3.config.php
@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    )
  );

-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['key'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['secret'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
--- a/28/fpm/config/smtp.config.php
+++ b/28/fpm/config/smtp.config.php
@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
    'mail_smtphost' => getenv('SMTP_HOST'),
    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
+    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
    'mail_domain' => getenv('MAIL_DOMAIN'),
  );

-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
+  if (getenv('SMTP_PASSWORD_FILE')) {
      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
  } elseif (getenv('SMTP_PASSWORD')) {
      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
--- a/28/fpm/entrypoint.sh
+++ b/28/fpm/entrypoint.sh
@ -186,6 +186,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                file_env NEXTCLOUD_ADMIN_PASSWORD
                file_env NEXTCLOUD_ADMIN_USER

+                install=false
                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
                    # shellcheck disable=SC2016
                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
@ -201,7 +202,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                    file_env POSTGRES_PASSWORD
                    file_env POSTGRES_USER

-                    install=false
                    if [ -n "${SQLITE_DATABASE+x}" ]; then
                        echo "Installing with SQLite database"
                        # shellcheck disable=SC2016
@ -225,7 +225,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        echo "Starting nextcloud installation"
                        max_retries=10
                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
+                        until  [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options" 
                        do
                            echo "Retrying install..."
                            try=$((try+1))
@ -246,9 +246,12 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        fi

                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
+		    fi
+                fi
+		# not enough specified to do a fully automated installation 
+                if [ "$install" = false ]; then 
+                    echo "Next step: Access your instance to finish the web-based installation!"
+                    echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
                fi
            # Upgrade
            else
@ -273,6 +276,17 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
        fi
    ) 9> /var/www/html/nextcloud-init-sync.lock

+    # warn if config files on persistent storage differ from the latest version of this image
+    for cfgPath in /usr/src/nextcloud/config/*.php; do
+        cfgFile=$(basename "$cfgPath")
+
+        if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
+            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
+                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
+            fi
+        fi
+    done
+
    run_path before-starting
 fi

--- a/29/apache/Dockerfile
+++ b/29/apache/Dockerfile
@ -140,7 +140,7 @@ RUN { \
    } > /etc/apache2/conf-available/apache-limits.conf; \
    a2enconf apache-limits

-ENV NEXTCLOUD_VERSION 27.1.8
+ENV NEXTCLOUD_VERSION 29.0.7

 RUN set -ex; \
    fetchDeps=" \
@ -150,8 +150,8 @@ RUN set -ex; \
    apt-get update; \
    apt-get install -y --no-install-recommends $fetchDeps; \
    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
--- a/29/apache/config/apache-pretty-urls.config.php
+++ b/29/apache/config/apache-pretty-urls.config.php
--- a/29/apache/config/apcu.config.php
+++ b/29/apache/config/apcu.config.php
--- a/29/apache/config/apps.config.php
+++ b/29/apache/config/apps.config.php
--- a/29/apache/config/autoconfig.php
+++ b/29/apache/config/autoconfig.php
--- a/29/apache/config/redis.config.php
+++ b/29/apache/config/redis.config.php
@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
+      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
    ),
  );

--- a/29/apache/config/reverse-proxy.config.php
+++ b/29/apache/config/reverse-proxy.config.php
--- a/29/apache/config/s3.config.php
+++ b/29/apache/config/s3.config.php
@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    )
  );

-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['key'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['secret'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
--- a/29/apache/config/smtp.config.php
+++ b/29/apache/config/smtp.config.php
@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
    'mail_smtphost' => getenv('SMTP_HOST'),
    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
+    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
    'mail_domain' => getenv('MAIL_DOMAIN'),
  );

-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
+  if (getenv('SMTP_PASSWORD_FILE')) {
      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
  } elseif (getenv('SMTP_PASSWORD')) {
      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
--- a/29/apache/config/swift.config.php
+++ b/29/apache/config/swift.config.php
--- a/29/apache/config/upgrade-disable-web.config.php
+++ b/29/apache/config/upgrade-disable-web.config.php
--- a/29/apache/cron.sh
+++ b/29/apache/cron.sh
--- a/29/apache/entrypoint.sh
+++ b/29/apache/entrypoint.sh
@ -186,6 +186,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                file_env NEXTCLOUD_ADMIN_PASSWORD
                file_env NEXTCLOUD_ADMIN_USER

+                install=false
                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
                    # shellcheck disable=SC2016
                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
@ -201,7 +202,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                    file_env POSTGRES_PASSWORD
                    file_env POSTGRES_USER

-                    install=false
                    if [ -n "${SQLITE_DATABASE+x}" ]; then
                        echo "Installing with SQLite database"
                        # shellcheck disable=SC2016
@ -225,7 +225,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        echo "Starting nextcloud installation"
                        max_retries=10
                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
+                        until  [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options" 
                        do
                            echo "Retrying install..."
                            try=$((try+1))
@ -246,9 +246,12 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        fi

                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
+		    fi
+                fi
+		# not enough specified to do a fully automated installation 
+                if [ "$install" = false ]; then 
+                    echo "Next step: Access your instance to finish the web-based installation!"
+                    echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
                fi
            # Upgrade
            else
@ -273,6 +276,17 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
        fi
    ) 9> /var/www/html/nextcloud-init-sync.lock

+    # warn if config files on persistent storage differ from the latest version of this image
+    for cfgPath in /usr/src/nextcloud/config/*.php; do
+        cfgFile=$(basename "$cfgPath")
+
+        if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
+            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
+                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
+            fi
+        fi
+    done
+
    run_path before-starting
 fi

--- a/29/apache/upgrade.exclude
+++ b/29/apache/upgrade.exclude
--- a/29/fpm-alpine/Dockerfile
+++ b/29/fpm-alpine/Dockerfile
@ -1,11 +1,18 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
-FROM php:8.2-fpm-alpine3.19
+FROM php:8.2-fpm-alpine3.20

 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
    \
    apk add --no-cache \
        imagemagick \
+        imagemagick-pdf \
+        imagemagick-jpeg \
+        imagemagick-raw \
+        imagemagick-tiff \
+        imagemagick-heic \
+        imagemagick-webp \
+        imagemagick-svg \
        rsync \
    ; \
    \
@ -113,7 +120,7 @@ RUN { \
 VOLUME /var/www/html


-ENV NEXTCLOUD_VERSION 27.1.8
+ENV NEXTCLOUD_VERSION 29.0.7

 RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
@ -121,8 +128,8 @@ RUN set -ex; \
        gnupg \
    ; \
    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver keyserver.ubuntu.com  --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
--- a/29/fpm-alpine/config/apcu.config.php
+++ b/29/fpm-alpine/config/apcu.config.php
--- a/29/fpm-alpine/config/apps.config.php
+++ b/29/fpm-alpine/config/apps.config.php
--- a/29/fpm-alpine/config/autoconfig.php
+++ b/29/fpm-alpine/config/autoconfig.php
--- a/29/fpm-alpine/config/redis.config.php
+++ b/29/fpm-alpine/config/redis.config.php
@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
+      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
    ),
  );

--- a/29/fpm-alpine/config/reverse-proxy.config.php
+++ b/29/fpm-alpine/config/reverse-proxy.config.php
--- a/29/fpm-alpine/config/s3.config.php
+++ b/29/fpm-alpine/config/s3.config.php
@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    )
  );

-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['key'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['secret'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
--- a/29/fpm-alpine/config/smtp.config.php
+++ b/29/fpm-alpine/config/smtp.config.php
@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
    'mail_smtphost' => getenv('SMTP_HOST'),
    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
+    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
    'mail_domain' => getenv('MAIL_DOMAIN'),
  );

-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
+  if (getenv('SMTP_PASSWORD_FILE')) {
      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
  } elseif (getenv('SMTP_PASSWORD')) {
      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
--- a/29/fpm-alpine/config/swift.config.php
+++ b/29/fpm-alpine/config/swift.config.php
--- a/29/fpm-alpine/config/upgrade-disable-web.config.php
+++ b/29/fpm-alpine/config/upgrade-disable-web.config.php
--- a/29/fpm-alpine/cron.sh
+++ b/29/fpm-alpine/cron.sh
--- a/29/fpm-alpine/entrypoint.sh
+++ b/29/fpm-alpine/entrypoint.sh
@ -186,6 +186,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                file_env NEXTCLOUD_ADMIN_PASSWORD
                file_env NEXTCLOUD_ADMIN_USER

+                install=false
                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
                    # shellcheck disable=SC2016
                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
@ -201,7 +202,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                    file_env POSTGRES_PASSWORD
                    file_env POSTGRES_USER

-                    install=false
                    if [ -n "${SQLITE_DATABASE+x}" ]; then
                        echo "Installing with SQLite database"
                        # shellcheck disable=SC2016
@ -225,7 +225,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        echo "Starting nextcloud installation"
                        max_retries=10
                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
+                        until  [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options" 
                        do
                            echo "Retrying install..."
                            try=$((try+1))
@ -246,9 +246,12 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        fi

                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
+		    fi
+                fi
+		# not enough specified to do a fully automated installation 
+                if [ "$install" = false ]; then 
+                    echo "Next step: Access your instance to finish the web-based installation!"
+                    echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
                fi
            # Upgrade
            else
@ -273,6 +276,17 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
        fi
    ) 9> /var/www/html/nextcloud-init-sync.lock

+    # warn if config files on persistent storage differ from the latest version of this image
+    for cfgPath in /usr/src/nextcloud/config/*.php; do
+        cfgFile=$(basename "$cfgPath")
+
+        if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
+            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
+                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
+            fi
+        fi
+    done
+
    run_path before-starting
 fi

--- a/29/fpm-alpine/upgrade.exclude
+++ b/29/fpm-alpine/upgrade.exclude
--- a/29/fpm/Dockerfile
+++ b/29/fpm/Dockerfile
@ -125,7 +125,7 @@ RUN { \
 VOLUME /var/www/html


-ENV NEXTCLOUD_VERSION 27.1.8
+ENV NEXTCLOUD_VERSION 29.0.7

 RUN set -ex; \
    fetchDeps=" \
@ -135,8 +135,8 @@ RUN set -ex; \
    apt-get update; \
    apt-get install -y --no-install-recommends $fetchDeps; \
    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
--- a/29/fpm/config/apcu.config.php
+++ b/29/fpm/config/apcu.config.php
--- a/29/fpm/config/apps.config.php
+++ b/29/fpm/config/apps.config.php
--- a/29/fpm/config/autoconfig.php
+++ b/29/fpm/config/autoconfig.php
--- a/27/apache/config/redis.config.php
+++ b/27/apache/config/redis.config.php
@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
+      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
    ),
  );

--- a/29/fpm/config/reverse-proxy.config.php
+++ b/29/fpm/config/reverse-proxy.config.php
--- a/29/fpm/config/s3.config.php
+++ b/29/fpm/config/s3.config.php
@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    )
  );

-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['key'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['secret'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
--- a/27/apache/config/smtp.config.php
+++ b/27/apache/config/smtp.config.php
@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
    'mail_smtphost' => getenv('SMTP_HOST'),
    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
+    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
    'mail_domain' => getenv('MAIL_DOMAIN'),
  );

-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
+  if (getenv('SMTP_PASSWORD_FILE')) {
      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
  } elseif (getenv('SMTP_PASSWORD')) {
      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
--- a/29/fpm/config/swift.config.php
+++ b/29/fpm/config/swift.config.php
--- a/29/fpm/config/upgrade-disable-web.config.php
+++ b/29/fpm/config/upgrade-disable-web.config.php
--- a/29/fpm/cron.sh
+++ b/29/fpm/cron.sh
--- a/29/fpm/entrypoint.sh
+++ b/29/fpm/entrypoint.sh
@ -186,6 +186,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                file_env NEXTCLOUD_ADMIN_PASSWORD
                file_env NEXTCLOUD_ADMIN_USER

+                install=false
                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
                    # shellcheck disable=SC2016
                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
@ -201,7 +202,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                    file_env POSTGRES_PASSWORD
                    file_env POSTGRES_USER

-                    install=false
                    if [ -n "${SQLITE_DATABASE+x}" ]; then
                        echo "Installing with SQLite database"
                        # shellcheck disable=SC2016
@ -225,7 +225,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        echo "Starting nextcloud installation"
                        max_retries=10
                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
+                        until  [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options" 
                        do
                            echo "Retrying install..."
                            try=$((try+1))
@ -246,9 +246,12 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        fi

                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
+		    fi
+                fi
+		# not enough specified to do a fully automated installation 
+                if [ "$install" = false ]; then 
+                    echo "Next step: Access your instance to finish the web-based installation!"
+                    echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
                fi
            # Upgrade
            else
@ -273,6 +276,17 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
        fi
    ) 9> /var/www/html/nextcloud-init-sync.lock

+    # warn if config files on persistent storage differ from the latest version of this image
+    for cfgPath in /usr/src/nextcloud/config/*.php; do
+        cfgFile=$(basename "$cfgPath")
+
+        if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
+            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
+                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
+            fi
+        fi
+    done
+
    run_path before-starting
 fi

--- a/29/fpm/upgrade.exclude
+++ b/29/fpm/upgrade.exclude
--- a/30/apache/Dockerfile
+++ b/30/apache/Dockerfile
@ -140,7 +140,7 @@ RUN { \
    } > /etc/apache2/conf-available/apache-limits.conf; \
    a2enconf apache-limits

-ENV NEXTCLOUD_VERSION 26.0.13
+ENV NEXTCLOUD_VERSION 30.0.0

 RUN set -ex; \
    fetchDeps=" \
@ -150,8 +150,8 @@ RUN set -ex; \
    apt-get update; \
    apt-get install -y --no-install-recommends $fetchDeps; \
    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.13.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.13.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-30.0.0.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-30.0.0.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
--- a/30/apache/config/apache-pretty-urls.config.php
+++ b/30/apache/config/apache-pretty-urls.config.php
--- a/30/apache/config/apcu.config.php
+++ b/30/apache/config/apcu.config.php
--- a/30/apache/config/apps.config.php
+++ b/30/apache/config/apps.config.php
--- a/30/apache/config/autoconfig.php
+++ b/30/apache/config/autoconfig.php
--- a/26/fpm-alpine/config/redis.config.php
+++ b/26/fpm-alpine/config/redis.config.php
@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
+      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
    ),
  );

--- a/30/apache/config/reverse-proxy.config.php
+++ b/30/apache/config/reverse-proxy.config.php
--- a/30/apache/config/s3.config.php
+++ b/30/apache/config/s3.config.php
@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    )
  );

-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['key'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
    $CONFIG['objectstore']['arguments']['secret'] = '';
  }

-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
--- a/26/fpm-alpine/config/smtp.config.php
+++ b/26/fpm-alpine/config/smtp.config.php
@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
    'mail_smtphost' => getenv('SMTP_HOST'),
    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
+    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
    'mail_domain' => getenv('MAIL_DOMAIN'),
  );

-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
+  if (getenv('SMTP_PASSWORD_FILE')) {
      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
  } elseif (getenv('SMTP_PASSWORD')) {
      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
--- a/30/apache/config/swift.config.php
+++ b/30/apache/config/swift.config.php
--- a/30/apache/config/upgrade-disable-web.config.php
+++ b/30/apache/config/upgrade-disable-web.config.php
--- a/30/apache/cron.sh
+++ b/30/apache/cron.sh
--- a/30/apache/entrypoint.sh
+++ b/30/apache/entrypoint.sh
@ -186,6 +186,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                file_env NEXTCLOUD_ADMIN_PASSWORD
                file_env NEXTCLOUD_ADMIN_USER

+                install=false
                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
                    # shellcheck disable=SC2016
                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
@ -201,7 +202,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                    file_env POSTGRES_PASSWORD
                    file_env POSTGRES_USER

-                    install=false
                    if [ -n "${SQLITE_DATABASE+x}" ]; then
                        echo "Installing with SQLite database"
                        # shellcheck disable=SC2016
@ -225,7 +225,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        echo "Starting nextcloud installation"
                        max_retries=10
                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
+                        until  [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options" 
                        do
                            echo "Retrying install..."
                            try=$((try+1))
@ -246,9 +246,12 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                        fi

                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
+		    fi
+                fi
+		# not enough specified to do a fully automated installation 
+                if [ "$install" = false ]; then 
+                    echo "Next step: Access your instance to finish the web-based installation!"
+                    echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
                fi
            # Upgrade
            else
@ -273,6 +276,17 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
        fi
    ) 9> /var/www/html/nextcloud-init-sync.lock

+    # warn if config files on persistent storage differ from the latest version of this image
+    for cfgPath in /usr/src/nextcloud/config/*.php; do
+        cfgFile=$(basename "$cfgPath")
+
+        if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
+            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
+                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
+            fi
+        fi
+    done
+
    run_path before-starting
 fi

--- a/30/apache/upgrade.exclude
+++ b/30/apache/upgrade.exclude
--- a/30/fpm-alpine/Dockerfile
+++ b/30/fpm-alpine/Dockerfile
@ -1,11 +1,18 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
-FROM php:8.2-fpm-alpine3.19
+FROM php:8.2-fpm-alpine3.20

 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
    \
    apk add --no-cache \
        imagemagick \
+        imagemagick-pdf \
+        imagemagick-jpeg \
+        imagemagick-raw \
+        imagemagick-tiff \
+        imagemagick-heic \
+        imagemagick-webp \
+        imagemagick-svg \
        rsync \
    ; \
    \
@ -113,7 +120,7 @@ RUN { \
 VOLUME /var/www/html


-ENV NEXTCLOUD_VERSION 26.0.13
+ENV NEXTCLOUD_VERSION 30.0.0

 RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
@ -121,8 +128,8 @@ RUN set -ex; \
        gnupg \
    ; \
    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.13.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.13.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-30.0.0.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-30.0.0.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver keyserver.ubuntu.com  --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
--- a/30/fpm-alpine/config/apcu.config.php
+++ b/30/fpm-alpine/config/apcu.config.php
--- a/30/fpm-alpine/config/apps.config.php
+++ b/30/fpm-alpine/config/apps.config.php
--- a/30/fpm-alpine/config/autoconfig.php
+++ b/30/fpm-alpine/config/autoconfig.php
--- a/30/fpm-alpine/config/redis.config.php
+++ b/30/fpm-alpine/config/redis.config.php
@ -0,0 +1,17 @@
+<?php
+if (getenv('REDIS_HOST')) {
+  $CONFIG = array(
+    'memcache.distributed' => '\OC\Memcache\Redis',
+    'memcache.locking' => '\OC\Memcache\Redis',
+    'redis' => array(
+      'host' => getenv('REDIS_HOST'),
+      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
+    ),
+  );
+
+  if (getenv('REDIS_HOST_PORT') !== false) {
+    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
+  } elseif (getenv('REDIS_HOST')[0] != '/') {
+    $CONFIG['redis']['port'] = 6379;
+  }
+}
--- a/30/fpm-alpine/config/reverse-proxy.config.php
+++ b/30/fpm-alpine/config/reverse-proxy.config.php
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Kaloyan Nikolov	3fb5f13b2e	Update to correct MariaDB command Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>	2024-09-19 00:52:45 +03:00
Kaloyan Nikolov	c31a0a8035	Merge branch 'nextcloud:master' into compose-v2	2024-09-19 00:22:08 +03:00
GitHub Workflow	30b570f0b5	Runs update.sh	2024-09-18 20:45:28 +00:00
Florian Latifi	2bc1036e61	Exclude autoconfig.php from user config check (#2290 ) Signed-off-by: Florian Latifi <mail@florian-latifi.at>	2024-09-18 20:45:15 +00:00
J0WI	f87e26d355	Update .examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml Signed-off-by: J0WI <J0WI@users.noreply.github.com>	2024-09-18 20:06:41 +00:00
Kaloyan Nikolov	326ed47848	typo Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>	2024-09-18 20:06:41 +00:00
Kaloyan Nikolov	a39742175e	Removed GH specific markdown from Readme, change mariadb to recommended version Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>	2024-09-18 20:06:41 +00:00
Kaloyan Nikolov	cbcbeea070	Remove extra nginx volume Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>	2024-09-18 20:06:41 +00:00
Kaloyan Nikolov	e87ce110f3	Restored MariaDB to 10.6 as per docs suggestions Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>	2024-09-18 20:06:41 +00:00
Kaloyan Nikolov	d2edd7df49	Removed logging from compose files. Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>	2024-09-18 20:06:41 +00:00
Kaloyan Nikolov	c90aee5f6c	Typos fixed, minor clarification changes Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>	2024-09-18 20:06:41 +00:00
Kaloyan Nikolov	2d439a2b6d	Add mjs file extension in a proper way. Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>	2024-09-18 20:06:41 +00:00
Kaloyan Nikolov	bd456a2ab1	Fix cache control Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>	2024-09-18 20:06:41 +00:00
Kaloyan Nikolov	4b9c57d1e4	Add missing headers to fpm config Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>	2024-09-18 20:06:41 +00:00
Kaloyan Nikolov	ee6e17785d	Fix wrong environment variable Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>	2024-09-18 20:06:41 +00:00
Kaloyan Nikolov	f4d89ecb29	Minor readme updates to match the changes for the compose v2 syntax. Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>	2024-09-18 20:06:41 +00:00
Kaloyan Nikolov	6dc29f2a72	Update examples section according to the latest docker compose requirements. Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>	2024-09-18 20:06:41 +00:00
John Molakvoæ	a1e93f429c	Bump stable to 29.0.7 (#2297 ) Fix #2294 Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>	2024-09-18 19:43:16 +00:00
GitHub Workflow	0ffd24170f	Runs update.sh	2024-09-15 00:34:40 +00:00
GitHub Workflow	1c8d764f3c	Runs update.sh	2024-09-13 00:30:28 +00:00
Joas Schilling	ec854e4d3c	Merge pull request #2292 from nextcloud/ci/noid/update-workflow-109 ci: Update workflows	2024-09-10 10:58:03 +02:00
Joas Schilling	f3bd22ca92	ci: Update workflows Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-09-10 10:57:46 +02:00
J0WI	d78afcbcda	Bump stable to 29.0.6 Signed-off-by: J0WI <J0WI@users.noreply.github.com>	2024-09-03 20:17:50 +00:00
GitHub Workflow	53653c2648	Runs update.sh	2024-09-03 19:57:56 +00:00
J0WI	e6d024039f	29.0.5 (#2281 ) * Bump stable to 29.0.5 Signed-off-by: J0WI <J0WI@users.noreply.github.com> * 27 EOL Signed-off-by: J0WI <J0WI@users.noreply.github.com> --------- Signed-off-by: J0WI <J0WI@users.noreply.github.com>	2024-08-21 12:19:50 +00:00
GitHub Workflow	3677cdf9ad	Runs update.sh Some checks failed update.sh / Run update.sh script (push) Has been cancelled	2024-08-21 00:28:49 +00:00
J0WI	65138b6d22	Bump stable to 29.0.4 (fix #2258 ) Signed-off-by: J0WI <J0WI@users.noreply.github.com>	2024-07-20 12:47:17 +00:00
GitHub Workflow	258cc4ee2d	Runs update.sh	2024-07-19 01:05:00 +00:00
GitHub Workflow	f02b8b04e3	Runs update.sh	2024-07-11 21:07:50 +00:00
Aakash parmar	75e1b80ba4	Fix: Retry logic in entrypoint.sh for Nextcloud installation (#2256 ) * issue Fix #1911 Signed-off-by: Aakash788 <aakashparmar788@gmail.com> * Fixed issue #1708 Signed-off-by: Aakash788 <aakashparmar788@gmail.com> --------- Signed-off-by: Aakash788 <aakashparmar788@gmail.com>	2024-07-11 21:07:21 +00:00
J0WI	95c4929210	Bump stable to 28.0.7 Fix #2252 Signed-off-by: J0WI <J0WI@users.noreply.github.com>	2024-07-03 00:15:33 +00:00
Josh	7d0795c0b2	Merge pull request #2248 from jessebot/add-imagemagick-pdf-support-for-alpine Add pdf+other image preview support to alpine images after Alpine's packaging change	2024-07-02 14:02:09 -04:00
JesseBot	08596d2c3e	Merge branch 'master' into add-imagemagick-pdf-support-for-alpine Signed-off-by: JesseBot <jessebot@linux.com>	2024-06-29 07:51:59 +02:00
Josh	747a3f8414	Merge pull request #2246 from jessebot/add-imagemagick-svg add imagemagick-svg back to all the alpine images	2024-06-28 15:53:28 -04:00
jessebot	437a2e0599	add imagemagick support for heic, jpeg, pdf, raw, tiff, and webp for the alpine docker image Signed-off-by: jessebot <jessebot@linux.com>	2024-06-28 15:10:06 +02:00
JesseBot	46b8caa689	Merge branch 'nextcloud:master' into add-imagemagick-svg	2024-06-27 09:35:32 +02:00
GitHub Workflow	cd162a4321	Runs update.sh	2024-06-25 21:25:51 +00:00
Florian Latifi	5c58b2aa09	Warn on mismatching auto-config files (#2120 ) Signed-off-by: Florian Latifi <mail@florian-latifi.at> Co-authored-by: Josh <josh.t.richards@gmail.com>	2024-06-25 21:25:29 +00:00
GitHub Workflow	3e9cdb17c4	Runs update.sh	2024-06-25 20:16:53 +00:00
jessebot	4ac47a97c8	add imagemagick-svg to all the alpine images Signed-off-by: jessebot <jessebot@linux.com>	2024-06-25 10:10:01 +02:00
Josh	f454867803	docs(README): SMTP/MAIL values always override web UI (#2243 ) Fixes #1312 Signed-off-by: Josh <josh.t.richards@gmail.com>	2024-06-18 20:21:30 +00:00
GitHub Workflow	bf8136a838	Runs update.sh	2024-06-18 20:13:20 +00:00
J0WI	2accbecd97	Drop file_exists check for _FILE variables (#2234 ) * Drop file_exists check for _FILE variables A PHP warning is generated if the file does not exist. Otherwise there is no indicator why the variable is not used. Signed-off-by: J0WI <J0WI@users.noreply.github.com> * fixup: typo in smtp.config.php Signed-off-by: Josh <josh.t.richards@gmail.com> --------- Signed-off-by: J0WI <J0WI@users.noreply.github.com> Signed-off-by: Josh <josh.t.richards@gmail.com> Co-authored-by: Josh <josh.t.richards@gmail.com>	2024-06-18 20:13:05 +00:00
Josh	064069b306	Merge pull request #2230 from nextcloud/fix-examples-libmagick-extra fix(examples): `libmagickcore-6.q16-6-extra` is already in the image	2024-06-12 15:50:28 -04:00
GitHub Workflow	1ad8fd89b9	Runs update.sh	2024-06-06 21:28:04 +00:00
Vesperia Art	ec1af314c2	Update redis.config.php (#2232 ) Correctly set the redis password config from the REDIS_HOST_PASSWORD_FILE environment variable. Fix an issue similar to #1402 when using the REDIS_HOST_PASSWORD_FILE environment variable to provide the redis host secret. Signed-off-by: Vesperia Art <vesperiaart@gmail.com>	2024-06-06 21:27:42 +00:00
J0WI	5fdeb7bc4a	Alpine 3.20 (#2233 )	2024-06-04 21:48:48 +00:00
Josh	48180ee807	fix(install): Finish via web reminder now shown under all relevant scenarios (#2223 ) Signed-off-by: Josh Richards <josh.t.richards@gmail.com>	2024-06-04 21:05:49 +00:00
J0WI	13f51c4f70	Bump to 28.0.6 Signed-off-by: J0WI <J0WI@users.noreply.github.com>	2024-05-31 00:08:06 +00:00
GitHub Workflow	a643e4b439	Runs update.sh	2024-05-30 23:55:59 +00:00
Josh	cb7acf5fe3	fix(examples): `libmagickcore-6.q16-6-extra` is already in the image Signed-off-by: Josh <josh.t.richards@gmail.com>	2024-05-30 18:39:58 -04:00
GitHub Workflow	3b13c02caa	Runs update.sh	2024-05-24 00:27:40 +00:00
Josh	7a4823180d	Merge pull request #2216 from nextcloud/fix/readme-help fix(README): Point help seekers to forum first	2024-05-07 11:58:49 -04:00
Josh	ba9a6c2d93	fix(README): Point help seekers to forum first Signed-off-by: Josh <josh.t.richards@gmail.com>	2024-05-06 11:57:08 -04:00
J0WI	ef38201477	Bump to 28.0.5 Signed-off-by: J0WI <J0WI@users.noreply.github.com>	2024-04-25 23:55:07 +00:00
GitHub Workflow	19417a8eb9	Runs update.sh	2024-04-25 23:42:16 +00:00
J0WI	1741b47319	Remove 26 (#2205 )	2024-04-25 23:42:04 +00:00
GitHub Workflow	473af1bed1	Runs update.sh	2024-04-24 20:53:16 +00:00
J0WI	1be53d4bee	Drop Nextcloud 26 Signed-off-by: J0WI <J0WI@users.noreply.github.com>	2024-04-24 20:53:02 +00:00
GitHub Workflow	f7b20139eb	Runs update.sh	2024-04-24 00:28:00 +00:00