Merge pull request #1020 from tilosp/bot/update

Add nextcloud 16.0.9RC1, 17.0.4RC1 and 18.0.2RC1
Run update.sh
2020-03-06 18:30:35 +01:00 · 2020-03-06 13:00:55 +00:00 · 2020-02-23 18:09:49 +00:00 · 2020-02-13 20:14:56 +01:00 · 2020-02-13 11:14:36 +00:00 · 2020-02-11 00:09:29 +01:00
253 changed files with 8306 additions and 1170 deletions
--- a/.config/autoconfig.php
+++ b/.config/autoconfig.php
@ -23,12 +23,9 @@ if (getenv('SQLITE_DATABASE')) {
 }
 if ($autoconfig_enabled) {
-    $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
+    if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
        $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
    }
    $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
    if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
        $AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
        $AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
    }
 }
--- a/.config/redis.config.php
+++ b/.config/redis.config.php
@ -0,0 +1,17 @@
 <?php
 if (getenv('REDIS_HOST')) {
  $CONFIG = array (
    'memcache.distributed' => '\OC\Memcache\Redis',
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
      'password' => getenv('REDIS_HOST_PASSWORD'),
    ),
  );
  if (getenv('REDIS_HOST_PORT') !== false) {
    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
 }
--- a/.config/smtp.config.php
+++ b/.config/smtp.config.php
@ -0,0 +1,15 @@
 <?php
 if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
  $CONFIG = array (
    'mail_smtpmode' => 'smtp',
    'mail_smtphost' => getenv('SMTP_HOST'),
    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
    'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
    'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '',
    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
    'mail_domain' => getenv('MAIL_DOMAIN'),
  );
 }
--- a/.examples/README.md
+++ b/.examples/README.md
@ -1,7 +1,7 @@
 # Examples section
 In this subfolders are some examples how to use the docker image. There are two sections:
- 
+
 * [`dockerfiles`](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles)
 * [`docker-compose`](https://github.com/nextcloud/docker/tree/master/.examples/docker-compose)
@ -13,7 +13,7 @@ The Dockerfiles use the default images as base image and build on top of it.
 Example | Description
 ------- | -------
-[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed).
+[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed). This image runs `supervisord` to start nextcloud and cron as two seperate processes inside the container.
 [imap](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/imap) | adds dependencies required to authenticate users via imap
 [smb](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/smb) | adds dependencies required to use smb shares
 [full](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/full) | adds dependencies for ALL optional packages and cron functionality via supervisor (as in the `cron` example Dockerfile).
@ -21,49 +21,46 @@ Example | Description
 ### full
 The `full` Dockerfile example adds dependencies for all optional packages suggested by nextcloud that may be needed for some features (e.g. Video Preview Generation), as stated in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html).
-NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the 13th line of the Dockerfile.</br>
+NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the appropriate line in the Dockerfile.
-NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html#previews)</br>
+NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html#previews)
-NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html?highlight=enabledpreviewproviders#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors.</br>
+NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html?highlight=enabledpreviewproviders#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors.
-The required steps for each optional/recommended package that is not already in the Nextcloud image are listed here, so that the Dockerfile can easily be modified to only install the needed extra packages. Simply remove the steps for the unwanted packages  from the Dockerfile.
+The required steps for each optional/recommended package that is not already in the Nextcloud image are listed here, so that the Dockerfile can easily be modified to only install the needed extra packages. Simply remove the steps for the unwanted packages from the Dockerfile.
 #### PHP Module bz2
-`docker-php-ext-install bz2` </br>
+`docker-php-ext-install bz2`
 #### PHP Module imagick
 `apt install libmagickwand-dev` </br>
 `pecl install imagick` </br>
 `docker-php-ext-enable imagick` </br>
 #### PHP Module imap
-`apt install libc-client-dev libkrb5-dev` </br>
+`apt install libc-client-dev libkrb5-dev`
-`docker-php-ext-configure imap --with-kerberos --with-imap-ssl` </br>
+`docker-php-ext-configure imap --with-kerberos --with-imap-ssl`
-`docker-php-ext-install imap` </br>
+`docker-php-ext-install imap`
 #### PHP Module gmp
-`apt install libgmp3-dev` </br>
+`apt install libgmp3-dev`
-`docker-php-ext-install gmp` </br>
+`docker-php-ext-install gmp`
 #### PHP Module smbclient
-`apt install smbclient libsmbclient-dev` </br>
+`apt install smbclient libsmbclient-dev`
-`pecl install smbclient` </br>
+`pecl install smbclient`
-`docker-php-ext-enable smbclient` </br>
+`docker-php-ext-enable smbclient`
 #### ffmpeg
-`echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list` </br>
+`apt install ffmpeg`
-`apt install ffmpeg` </br>
+
 #### imagemagick SVG support
 `apt install libmagickcore-6.q16-6-extra`
 #### LibreOffice
-`apt install LibreOffice` </br>
+`apt install libreoffice`
 #### CRON via supervisor
-`apt install supervisor` </br>
+`apt install supervisor`
-`mkdir /var/log/supervisord /var/run/supervisord` </br>
+`mkdir /var/log/supervisord /var/run/supervisord`
-The following Dockerfile commands are also necessary for a sucessfull cron installation: </br>
+The following Dockerfile commands are also necessary for a sucessfull cron installation:
-`COPY supervisord.conf /etc/supervisor/supervisord.conf` </br>
+`COPY supervisord.conf /etc/supervisor/supervisord.conf`
-`CMD ["/usr/bin/supervisord"]` </br>
+`CMD ["/usr/bin/supervisord"]`
@ -92,9 +89,12 @@ If you want to update your installation to a newer version of nextcloud, repeat
 ### with-nginx-proxy
 The nginx proxy adds a proxy layer between nextcloud and the internet. The proxy is designed to serve multiple sites on the same host machine.
 The advantage in adding this layer is the ability to add a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling.
 This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy) and [jrcs/docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers creates a fully automated https encryption of the nextcloud installation without worrying about certificate generation, validation or renewal.
 **This setup only works with a valid domain name on a server that is reachable from the internet.**
 To use this example complete the following steps:
 1. open `docker-compose.yml`
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/Dockerfile
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/Dockerfile
@ -1,3 +0,0 @@
 FROM nextcloud:apache
 COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/redis.config.php
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/redis.config.php
@ -1,8 +0,0 @@
 <?php
 $CONFIG = array (
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
    'host' => 'redis',
    'port' => 6379,
  ),
 );
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml
@ -13,11 +13,11 @@ services:
      - db.env
  redis:
-    image: redis
+    image: redis:alpine
    restart: always
-  app:  
+  app:
-    build: ./app
+    image: nextcloud:apache
    restart: always
    ports:
      - 8080:80
@ -25,6 +25,7 @@ services:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
@ -32,7 +33,7 @@ services:
      - redis
  cron:
-    build: ./app
+    image: nextcloud:apache
    restart: always
    volumes:
      - nextcloud:/var/www/html
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile
@ -1,3 +0,0 @@
 FROM nextcloud:fpm
 COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/redis.config.php
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/redis.config.php
@ -1,8 +0,0 @@
 <?php
 $CONFIG = array (
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
    'host' => 'redis',
    'port' => 6379,
  ),
 );
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml
@ -13,16 +13,17 @@ services:
      - db.env
  redis:
-    image: redis
+    image: redis:alpine
    restart: always
-  app:  
+  app:
-    build: ./app
+    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
@ -40,7 +41,7 @@ services:
      - app
  cron:
-    build: ./app
+    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile
@ -1,3 +1,3 @@
-FROM nginx
+FROM nginx:alpine
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf
@ -1,5 +1,4 @@
-user  www-data;
+worker_processes auto;
 worker_processes  1;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
@ -37,20 +36,25 @@ http {
        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
-        # add_header Strict-Transport-Security "max-age=15768000;
+        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
        # includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
-        add_header X-Content-Type-Options nosniff;
+        add_header Referrer-Policy "no-referrer" always;
-        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-Robots-Tag none;
+        add_header X-Download-Options "noopen" always;
-        add_header X-Download-Options noopen;
+        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
        # Path to the root of your installation
        root /var/www/html;
        location = /robots.txt {
@ -62,14 +66,18 @@ http {
        # The following 2 rules are only needed for the user_webfinger app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
+        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
-        # last;
+
        # The following rule is only needed for the Social app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
        location = /.well-known/carddav {
-            return 301 $scheme://$host/remote.php/dav;
+            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        location = /.well-known/caldav {
-            return 301 $scheme://$host/remote.php/dav;
+            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        # set max upload size
@ -89,66 +97,72 @@ http {
        #pagespeed off;
        location / {
-            rewrite ^ /index.php$uri;
+            rewrite ^ /index.php;
        }
-        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+        location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
            deny all;
        }
-        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+        location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
-        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
+        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
-            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
            set $path_info $fastcgi_path_info;
            try_files $fastcgi_script_name =404;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            fastcgi_param PATH_INFO $fastcgi_path_info;
+            fastcgi_param PATH_INFO $path_info;
            # fastcgi_param HTTPS on;
-            #Avoid sending the security headers twice
+
            # Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            # Enable pretty urls
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
-        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+        location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
            try_files $uri/ =404;
            index index.php;
        }
-        # Adding the cache control header for js and css files
+        # Adding the cache control header for js, css and map files
        # Make sure it is BELOW the PHP block
-        location ~ \.(?:css|js|woff|svg|gif)$ {
+        location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
-            # add_header Strict-Transport-Security "max-age=15768000;
+            #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
            #  includeSubDomains; preload;";
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
-            add_header X-Content-Type-Options nosniff;
+            add_header Referrer-Policy "no-referrer" always;
-            add_header X-XSS-Protection "1; mode=block";
+            add_header X-Content-Type-Options "nosniff" always;
-            add_header X-Robots-Tag none;
+            add_header X-Download-Options "noopen" always;
-            add_header X-Download-Options noopen;
+            add_header X-Frame-Options "SAMEORIGIN" always;
-            add_header X-Permitted-Cross-Domain-Policies none;
+            add_header X-Permitted-Cross-Domain-Policies "none" always;
            add_header X-Robots-Tag "none" always;
            add_header X-XSS-Protection "1; mode=block" always;
            # Optional: Don't log access to assets
            access_log off;
        }
-        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+        location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
 }
--- a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml
+++ b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml
@ -12,7 +12,7 @@ services:
    env_file:
      - db.env
-  app:  
+  app:
    image: nextcloud:apache
    restart: always
    ports:
--- a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml
+++ b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml
@ -12,8 +12,8 @@ services:
    env_file:
      - db.env
-  app:  
+  app:
-    image: nextcloud:fpm
+    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html
--- a/.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile
+++ b/.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile
@ -1,3 +1,3 @@
-FROM nginx
+FROM nginx:alpine
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
+++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
@ -1,5 +1,4 @@
-user  www-data;
+worker_processes auto;
 worker_processes  1;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
@ -37,20 +36,25 @@ http {
        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
-        # add_header Strict-Transport-Security "max-age=15768000;
+        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
        # includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
-        add_header X-Content-Type-Options nosniff;
+        add_header Referrer-Policy "no-referrer" always;
-        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-Robots-Tag none;
+        add_header X-Download-Options "noopen" always;
-        add_header X-Download-Options noopen;
+        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
        # Path to the root of your installation
        root /var/www/html;
        location = /robots.txt {
@ -62,14 +66,18 @@ http {
        # The following 2 rules are only needed for the user_webfinger app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
+        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
-        # last;
+
        # The following rule is only needed for the Social app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
        location = /.well-known/carddav {
-            return 301 $scheme://$host/remote.php/dav;
+            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        location = /.well-known/caldav {
-            return 301 $scheme://$host/remote.php/dav;
+            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        # set max upload size
@ -89,66 +97,72 @@ http {
        #pagespeed off;
        location / {
-            rewrite ^ /index.php$uri;
+            rewrite ^ /index.php;
        }
-        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+        location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
            deny all;
        }
-        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+        location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
-        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
+        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
-            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
            set $path_info $fastcgi_path_info;
            try_files $fastcgi_script_name =404;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            fastcgi_param PATH_INFO $fastcgi_path_info;
+            fastcgi_param PATH_INFO $path_info;
            # fastcgi_param HTTPS on;
-            #Avoid sending the security headers twice
+
            # Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            # Enable pretty urls
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
-        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+        location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
            try_files $uri/ =404;
            index index.php;
        }
-        # Adding the cache control header for js and css files
+        # Adding the cache control header for js, css and map files
        # Make sure it is BELOW the PHP block
-        location ~ \.(?:css|js|woff|svg|gif)$ {
+        location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
-            # add_header Strict-Transport-Security "max-age=15768000;
+            #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
            #  includeSubDomains; preload;";
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
-            add_header X-Content-Type-Options nosniff;
+            add_header Referrer-Policy "no-referrer" always;
-            add_header X-XSS-Protection "1; mode=block";
+            add_header X-Content-Type-Options "nosniff" always;
-            add_header X-Robots-Tag none;
+            add_header X-Download-Options "noopen" always;
-            add_header X-Download-Options noopen;
+            add_header X-Frame-Options "SAMEORIGIN" always;
-            add_header X-Permitted-Cross-Domain-Policies none;
+            add_header X-Permitted-Cross-Domain-Policies "none" always;
            add_header X-Robots-Tag "none" always;
            add_header X-XSS-Protection "1; mode=block" always;
            # Optional: Don't log access to assets
            access_log off;
        }
-        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+        location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
 }
--- a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml
+++ b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml
@ -2,14 +2,14 @@ version: '3'
 services:
  db:
-    image: postgres
+    image: postgres:alpine
    restart: always
    volumes:
      - db:/var/lib/postgresql/data
    env_file:
      - db.env
-  app:  
+  app:
    image: nextcloud:apache
    restart: always
    ports:
--- a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml
+++ b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml
@ -2,15 +2,15 @@ version: '3'
 services:
  db:
-    image: postgres
+    image: postgres:alpine
    restart: always
    volumes:
      - db:/var/lib/postgresql/data
    env_file:
      - db.env
-  app:  
+  app:
-    image: nextcloud:fpm
+    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html
--- a/.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile
+++ b/.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile
@ -1,3 +1,3 @@
-FROM nginx
+FROM nginx:alpine
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
+++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
@ -1,5 +1,4 @@
-user  www-data;
+worker_processes auto;
 worker_processes  1;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
@ -37,20 +36,25 @@ http {
        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
-        # add_header Strict-Transport-Security "max-age=15768000;
+        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
        # includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
-        add_header X-Content-Type-Options nosniff;
+        add_header Referrer-Policy "no-referrer" always;
-        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-Robots-Tag none;
+        add_header X-Download-Options "noopen" always;
-        add_header X-Download-Options noopen;
+        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
        # Path to the root of your installation
        root /var/www/html;
        location = /robots.txt {
@ -62,14 +66,18 @@ http {
        # The following 2 rules are only needed for the user_webfinger app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
+        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
-        # last;
+
        # The following rule is only needed for the Social app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
        location = /.well-known/carddav {
-            return 301 $scheme://$host/remote.php/dav;
+            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        location = /.well-known/caldav {
-            return 301 $scheme://$host/remote.php/dav;
+            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        # set max upload size
@ -89,66 +97,72 @@ http {
        #pagespeed off;
        location / {
-            rewrite ^ /index.php$uri;
+            rewrite ^ /index.php;
        }
-        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+        location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
            deny all;
        }
-        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+        location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
-        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
+        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
-            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
            set $path_info $fastcgi_path_info;
            try_files $fastcgi_script_name =404;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            fastcgi_param PATH_INFO $fastcgi_path_info;
+            fastcgi_param PATH_INFO $path_info;
            # fastcgi_param HTTPS on;
-            #Avoid sending the security headers twice
+
            # Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            # Enable pretty urls
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
-        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+        location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
            try_files $uri/ =404;
            index index.php;
        }
-        # Adding the cache control header for js and css files
+        # Adding the cache control header for js, css and map files
        # Make sure it is BELOW the PHP block
-        location ~ \.(?:css|js|woff|svg|gif)$ {
+        location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
-            # add_header Strict-Transport-Security "max-age=15768000;
+            #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
            #  includeSubDomains; preload;";
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
-            add_header X-Content-Type-Options nosniff;
+            add_header Referrer-Policy "no-referrer" always;
-            add_header X-XSS-Protection "1; mode=block";
+            add_header X-Content-Type-Options "nosniff" always;
-            add_header X-Robots-Tag none;
+            add_header X-Download-Options "noopen" always;
-            add_header X-Download-Options noopen;
+            add_header X-Frame-Options "SAMEORIGIN" always;
-            add_header X-Permitted-Cross-Domain-Policies none;
+            add_header X-Permitted-Cross-Domain-Policies "none" always;
            add_header X-Robots-Tag "none" always;
            add_header X-XSS-Protection "1; mode=block" always;
            # Optional: Don't log access to assets
            access_log off;
        }
-        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+        location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
 }
--- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/db.env
+++ b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/db.env
@ -0,0 +1,3 @@
 MYSQL_PASSWORD=
 MYSQL_DATABASE=nextcloud
 MYSQL_USER=nextcloud
--- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/docker-compose.yml
@ -0,0 +1,78 @@
 version: '3'
 services:
  db:
    image: mariadb
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
    env_file:
      - db.env
  app:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
  web:
    build: ./web
    restart: always
    volumes:
      - nextcloud:/var/www/html:ro
    environment:
      - VIRTUAL_HOST=
    depends_on:
      - app
    networks:
      - proxy-tier
      - default
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - certs:/etc/nginx/certs:ro
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - omgwtfssl
  omgwtfssl:
    image: paulczar/omgwtfssl
    restart: "no"
    volumes:
      - certs:/certs
    environment:
      - SSL_SUBJECT=servhostname.local
      - CA_SUBJECT=my@example.com
      - SSL_KEY=/certs/servhostname.local.key
      - SSL_CSR=/certs/servhostname.local.csr
      - SSL_CERT=/certs/servhostname.local.crt
    networks:
      - proxy-tier
 volumes:
  db:
  nextcloud:
  certs:
  vhost.d:
  html:
 networks:
  proxy-tier:
--- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile
@ -0,0 +1,3 @@
 FROM jwilder/nginx-proxy:alpine
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
--- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf
+++ b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf
@ -0,0 +1,2 @@
 client_max_body_size 10G;
 proxy_request_buffering off;
--- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/Dockerfile
@ -0,0 +1,3 @@
 FROM nginx:alpine
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf
+++ b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf
@ -0,0 +1,173 @@
 worker_processes auto;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
 events {
    worker_connections  1024;
 }
 http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    set_real_ip_from  10.0.0.0/8;
    set_real_ip_from  172.16.0.0/12;
    set_real_ip_from  192.168.0.0/16;
    real_ip_header    X-Real-IP;
    #gzip  on;
    upstream php-handler {
        server app:9000;
    }
    server {
        listen 80;
        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
        # Path to the root of your installation
        root /var/www/html;
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
        # The following 2 rules are only needed for the user_webfinger app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
        # The following rule is only needed for the Social app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
        location = /.well-known/carddav {
            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        location = /.well-known/caldav {
            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        # set max upload size
        client_max_body_size 10G;
        fastcgi_buffers 64 4K;
        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
        # Uncomment if your server is build with the ngx_pagespeed module
        # This module is currently not supported.
        #pagespeed off;
        location / {
            rewrite ^ /index.php;
        }
        location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
            deny all;
        }
        location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
            fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
            set $path_info $fastcgi_path_info;
            try_files $fastcgi_script_name =404;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $path_info;
            # fastcgi_param HTTPS on;
            # Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            # Enable pretty urls
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
        location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
            try_files $uri/ =404;
            index index.php;
        }
        # Adding the cache control header for js, css and map files
        # Make sure it is BELOW the PHP block
        location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
            #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
            add_header Referrer-Policy "no-referrer" always;
            add_header X-Content-Type-Options "nosniff" always;
            add_header X-Download-Options "noopen" always;
            add_header X-Frame-Options "SAMEORIGIN" always;
            add_header X-Permitted-Cross-Domain-Policies "none" always;
            add_header X-Robots-Tag "none" always;
            add_header X-XSS-Protection "1; mode=block" always;
            # Optional: Don't log access to assets
            access_log off;
        }
        location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
            try_files $uri /index.php$request_uri;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
 }
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile
@ -1,3 +0,0 @@
 FROM nextcloud:apache
 COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/redis.config.php
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/redis.config.php
@ -1,8 +0,0 @@
 <?php
 $CONFIG = array (
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
    'host' => 'redis',
    'port' => 6379,
  ),
 );
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml
@ -13,11 +13,11 @@ services:
      - db.env
  redis:
-    image: redis
+    image: redis:alpine
    restart: always
-  app:  
+  app:
-    build: ./app
+    image: nextcloud:apache
    restart: always
    volumes:
      - nextcloud:/var/www/html
@ -26,6 +26,7 @@ services:
      - LETSENCRYPT_HOST=
      - LETSENCRYPT_EMAIL=
      - MYSQL_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
@ -36,7 +37,7 @@ services:
      - default
  cron:
-    build: ./app
+    image: nextcloud:apache
    restart: always
    volumes:
      - nextcloud:/var/www/html
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf
@ -1 +1,2 @@
 client_max_body_size 10G;
 proxy_request_buffering off;
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/Dockerfile
@ -1,3 +0,0 @@
 FROM nextcloud:fpm
 COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/redis.config.php
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/redis.config.php
@ -1,8 +0,0 @@
 <?php
 $CONFIG = array (
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
    'host' => 'redis',
    'port' => 6379,
  ),
 );
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml
@ -13,16 +13,17 @@ services:
      - db.env
  redis:
-    image: redis
+    image: redis:alpine
    restart: always
-  app:  
+  app:
-    build: ./app
+    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
@ -45,7 +46,7 @@ services:
      - default
  cron:
-    build: ./app
+    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf
@ -1 +1,2 @@
 client_max_body_size 10G;
 proxy_request_buffering off;
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile
@ -1,3 +1,3 @@
-FROM nginx
+FROM nginx:alpine
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf
@ -1,5 +1,4 @@
-user  www-data;
+worker_processes auto;
 worker_processes  1;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
@ -42,20 +41,25 @@ http {
        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
-        # add_header Strict-Transport-Security "max-age=15768000;
+        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
        # includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
-        add_header X-Content-Type-Options nosniff;
+        add_header Referrer-Policy "no-referrer" always;
-        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-Robots-Tag none;
+        add_header X-Download-Options "noopen" always;
-        add_header X-Download-Options noopen;
+        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
        # Path to the root of your installation
        root /var/www/html;
        location = /robots.txt {
@ -67,14 +71,18 @@ http {
        # The following 2 rules are only needed for the user_webfinger app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
+        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
-        # last;
+
        # The following rule is only needed for the Social app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
        location = /.well-known/carddav {
-            return 301 $scheme://$host/remote.php/dav;
+            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        location = /.well-known/caldav {
-            return 301 $scheme://$host/remote.php/dav;
+            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        # set max upload size
@ -94,66 +102,72 @@ http {
        #pagespeed off;
        location / {
-            rewrite ^ /index.php$uri;
+            rewrite ^ /index.php;
        }
-        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+        location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
            deny all;
        }
-        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+        location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
-        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
+        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
-            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
            set $path_info $fastcgi_path_info;
            try_files $fastcgi_script_name =404;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            fastcgi_param PATH_INFO $fastcgi_path_info;
+            fastcgi_param PATH_INFO $path_info;
            # fastcgi_param HTTPS on;
-            #Avoid sending the security headers twice
+
            # Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            # Enable pretty urls
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
-        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+        location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
            try_files $uri/ =404;
            index index.php;
        }
-        # Adding the cache control header for js and css files
+        # Adding the cache control header for js, css and map files
        # Make sure it is BELOW the PHP block
-        location ~ \.(?:css|js|woff|svg|gif)$ {
+        location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
-            # add_header Strict-Transport-Security "max-age=15768000;
+            #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
            #  includeSubDomains; preload;";
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
-            add_header X-Content-Type-Options nosniff;
+            add_header Referrer-Policy "no-referrer" always;
-            add_header X-XSS-Protection "1; mode=block";
+            add_header X-Content-Type-Options "nosniff" always;
-            add_header X-Robots-Tag none;
+            add_header X-Download-Options "noopen" always;
-            add_header X-Download-Options noopen;
+            add_header X-Frame-Options "SAMEORIGIN" always;
-            add_header X-Permitted-Cross-Domain-Policies none;
+            add_header X-Permitted-Cross-Domain-Policies "none" always;
            add_header X-Robots-Tag "none" always;
            add_header X-XSS-Protection "1; mode=block" always;
            # Optional: Don't log access to assets
            access_log off;
        }
-        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+        location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
 }
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml
@ -12,7 +12,7 @@ services:
    env_file:
      - db.env
-  app:  
+  app:
    image: nextcloud:apache
    restart: always
    volumes:
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf
@ -1 +1,2 @@
 client_max_body_size 10G;
 proxy_request_buffering off;
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
@ -12,8 +12,8 @@ services:
    env_file:
      - db.env
-  app:  
+  app:
-    image: nextcloud:fpm
+    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf
@ -1 +1,2 @@
 client_max_body_size 10G;
 proxy_request_buffering off;
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile
@ -1,3 +1,3 @@
-FROM nginx
+FROM nginx:alpine
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
@ -1,5 +1,4 @@
-user  www-data;
+worker_processes auto;
 worker_processes  1;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
@ -42,20 +41,25 @@ http {
        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
-        # add_header Strict-Transport-Security "max-age=15768000;
+        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
        # includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
-        add_header X-Content-Type-Options nosniff;
+        add_header Referrer-Policy "no-referrer" always;
-        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-Robots-Tag none;
+        add_header X-Download-Options "noopen" always;
-        add_header X-Download-Options noopen;
+        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
        # Path to the root of your installation
        root /var/www/html;
        location = /robots.txt {
@ -67,14 +71,18 @@ http {
        # The following 2 rules are only needed for the user_webfinger app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
+        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
-        # last;
+
        # The following rule is only needed for the Social app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
        location = /.well-known/carddav {
-            return 301 $scheme://$host/remote.php/dav;
+            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        location = /.well-known/caldav {
-            return 301 $scheme://$host/remote.php/dav;
+            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        # set max upload size
@ -94,66 +102,72 @@ http {
        #pagespeed off;
        location / {
-            rewrite ^ /index.php$uri;
+            rewrite ^ /index.php;
        }
-        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+        location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
            deny all;
        }
-        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+        location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
-        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
+        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
-            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
            set $path_info $fastcgi_path_info;
            try_files $fastcgi_script_name =404;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            fastcgi_param PATH_INFO $fastcgi_path_info;
+            fastcgi_param PATH_INFO $path_info;
            # fastcgi_param HTTPS on;
-            #Avoid sending the security headers twice
+
            # Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            # Enable pretty urls
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
-        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+        location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
            try_files $uri/ =404;
            index index.php;
        }
-        # Adding the cache control header for js and css files
+        # Adding the cache control header for js, css and map files
        # Make sure it is BELOW the PHP block
-        location ~ \.(?:css|js|woff|svg|gif)$ {
+        location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
-            # add_header Strict-Transport-Security "max-age=15768000;
+            #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
            #  includeSubDomains; preload;";
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
-            add_header X-Content-Type-Options nosniff;
+            add_header Referrer-Policy "no-referrer" always;
-            add_header X-XSS-Protection "1; mode=block";
+            add_header X-Content-Type-Options "nosniff" always;
-            add_header X-Robots-Tag none;
+            add_header X-Download-Options "noopen" always;
-            add_header X-Download-Options noopen;
+            add_header X-Frame-Options "SAMEORIGIN" always;
-            add_header X-Permitted-Cross-Domain-Policies none;
+            add_header X-Permitted-Cross-Domain-Policies "none" always;
            add_header X-Robots-Tag "none" always;
            add_header X-XSS-Protection "1; mode=block" always;
            # Optional: Don't log access to assets
            access_log off;
        }
-        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+        location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
 }
--- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml
@ -2,14 +2,14 @@ version: '3'
 services:
  db:
-    image: postgres
+    image: postgres:alpine
    restart: always
    volumes:
      - db:/var/lib/postgresql/data
    env_file:
      - db.env
-  app:  
+  app:
    image: nextcloud:apache
    restart: always
    volumes:
--- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf
@ -1 +1,2 @@
 client_max_body_size 10G;
 proxy_request_buffering off;
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml
@ -2,15 +2,15 @@ version: '3'
 services:
  db:
-    image: postgres
+    image: postgres:alpine
    restart: always
    volumes:
      - db:/var/lib/postgresql/data
    env_file:
      - db.env
-  app:  
+  app:
-    image: nextcloud:fpm
+    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf
@ -1 +1,2 @@
 client_max_body_size 10G;
 proxy_request_buffering off;
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile
@ -1,3 +1,3 @@
-FROM nginx
+FROM nginx:alpine
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
@ -1,5 +1,4 @@
-user  www-data;
+worker_processes auto;
 worker_processes  1;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
@ -42,20 +41,25 @@ http {
        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
-        # add_header Strict-Transport-Security "max-age=15768000;
+        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
        # includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
-        add_header X-Content-Type-Options nosniff;
+        add_header Referrer-Policy "no-referrer" always;
-        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-Robots-Tag none;
+        add_header X-Download-Options "noopen" always;
-        add_header X-Download-Options noopen;
+        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
        # Path to the root of your installation
        root /var/www/html;
        location = /robots.txt {
@ -67,14 +71,18 @@ http {
        # The following 2 rules are only needed for the user_webfinger app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
+        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
-        # last;
+
        # The following rule is only needed for the Social app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
        location = /.well-known/carddav {
-            return 301 $scheme://$host/remote.php/dav;
+            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        location = /.well-known/caldav {
-            return 301 $scheme://$host/remote.php/dav;
+            return 301 $scheme://$host:$server_port/remote.php/dav;
        }
        # set max upload size
@ -94,66 +102,72 @@ http {
        #pagespeed off;
        location / {
-            rewrite ^ /index.php$uri;
+            rewrite ^ /index.php;
        }
-        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+        location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
            deny all;
        }
-        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+        location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
-        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
+        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
-            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
            set $path_info $fastcgi_path_info;
            try_files $fastcgi_script_name =404;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            fastcgi_param PATH_INFO $fastcgi_path_info;
+            fastcgi_param PATH_INFO $path_info;
            # fastcgi_param HTTPS on;
-            #Avoid sending the security headers twice
+
            # Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            # Enable pretty urls
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
-        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+        location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
            try_files $uri/ =404;
            index index.php;
        }
-        # Adding the cache control header for js and css files
+        # Adding the cache control header for js, css and map files
        # Make sure it is BELOW the PHP block
-        location ~ \.(?:css|js|woff|svg|gif)$ {
+        location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
-            # add_header Strict-Transport-Security "max-age=15768000;
+            #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
            #  includeSubDomains; preload;";
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
-            add_header X-Content-Type-Options nosniff;
+            add_header Referrer-Policy "no-referrer" always;
-            add_header X-XSS-Protection "1; mode=block";
+            add_header X-Content-Type-Options "nosniff" always;
-            add_header X-Robots-Tag none;
+            add_header X-Download-Options "noopen" always;
-            add_header X-Download-Options noopen;
+            add_header X-Frame-Options "SAMEORIGIN" always;
-            add_header X-Permitted-Cross-Domain-Policies none;
+            add_header X-Permitted-Cross-Domain-Policies "none" always;
            add_header X-Robots-Tag "none" always;
            add_header X-XSS-Protection "1; mode=block" always;
            # Optional: Don't log access to assets
            access_log off;
        }
-        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+        location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
 }
--- a/.examples/dockerfiles/cron/apache/Dockerfile
+++ b/.examples/dockerfiles/cron/apache/Dockerfile
@ -5,6 +5,8 @@ RUN apt-get update && apt-get install -y \
  && rm -rf /var/lib/apt/lists/* \
  && mkdir /var/log/supervisord /var/run/supervisord
-COPY supervisord.conf /etc/supervisor/supervisord.conf
+COPY supervisord.conf /
-CMD ["/usr/bin/supervisord"]
+ENV NEXTCLOUD_UPDATE=1
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
--- a/.examples/dockerfiles/cron/fpm-alpine/Dockerfile
+++ b/.examples/dockerfiles/cron/fpm-alpine/Dockerfile
@ -0,0 +1,10 @@
 FROM nextcloud:fpm-alpine
 RUN apk add --no-cache supervisor \
  && mkdir /var/log/supervisord /var/run/supervisord
 COPY supervisord.conf /
 ENV NEXTCLOUD_UPDATE=1
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
--- a/.examples/dockerfiles/cron/fpm-alpine/supervisord.conf
+++ b/.examples/dockerfiles/cron/fpm-alpine/supervisord.conf
@ -0,0 +1,22 @@
 [supervisord]
 nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
 pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
 logfile_backups=10                              ; number of backed up logfiles
 loglevel=error
 [program:php-fpm]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=php-fpm
 [program:cron]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/cron.sh
--- a/.examples/dockerfiles/cron/fpm/Dockerfile
+++ b/.examples/dockerfiles/cron/fpm/Dockerfile
@ -5,6 +5,8 @@ RUN apt-get update && apt-get install -y \
  && rm -rf /var/lib/apt/lists/* \
  && mkdir /var/log/supervisord /var/run/supervisord
-COPY supervisord.conf /etc/supervisor/supervisord.conf
+COPY supervisord.conf /
-CMD ["/usr/bin/supervisord"]
+ENV NEXTCLOUD_UPDATE=1
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
--- a/.examples/dockerfiles/full/apache/Dockerfile
+++ b/.examples/dockerfiles/full/apache/Dockerfile
@ -1,24 +1,59 @@
 FROM nextcloud:apache
-RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
+RUN set -ex; \
-    && apt-get update && apt-get install -y \
+    \
-        supervisor \
+    apt-get update; \
    apt-get install -y --no-install-recommends \
        ffmpeg \
-        libmagickwand-dev \
+        libmagickcore-6.q16-6-extra \
-        libgmp3-dev \
+        procps \
        smbclient \
        supervisor \
 #       libreoffice \
    ; \
    rm -rf /var/lib/apt/lists/*
 RUN set -ex; \
    \
    savedAptMark="$(apt-mark showmanual)"; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        libbz2-dev \
        libc-client-dev \
        libkrb5-dev \
        smbclient \
        libsmbclient-dev \
-#       LibreOffice \
+    ; \
-    && rm -rf /var/lib/apt/lists/* \
+    \
-    && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
+    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
-    && ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \
+    docker-php-ext-install \
-    && docker-php-ext-install bz2 gmp imap \
+        bz2 \
-    && pecl install imagick smbclient \
+        imap \
-    && docker-php-ext-enable imagick smbclient \
+    ; \
-    && mkdir /var/log/supervisord /var/run/supervisord
+    pecl install smbclient; \
    docker-php-ext-enable smbclient; \
    \
 # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
    apt-mark auto '.*' > /dev/null; \
    apt-mark manual $savedAptMark; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { print $3 }' \
        | sort -u \
        | xargs -r dpkg-query -S \
        | cut -d: -f1 \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
    rm -rf /var/lib/apt/lists/*
-COPY supervisord.conf /etc/supervisor/supervisord.conf
+RUN mkdir -p \
    /var/log/supervisord \
    /var/run/supervisord \
 ;
-CMD ["/usr/bin/supervisord"]
+COPY supervisord.conf /
 ENV NEXTCLOUD_UPDATE=1
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
--- a/.examples/dockerfiles/full/fpm-alpine/Dockerfile
+++ b/.examples/dockerfiles/full/fpm-alpine/Dockerfile
@ -0,0 +1,51 @@
 FROM nextcloud:fpm-alpine
 RUN set -ex; \
    \
    apk add --no-cache \
        ffmpeg \
        imagemagick \
        procps \
        samba-client \
        supervisor \
 #       libreoffice \
    ;
 RUN set -ex; \
    \
    apk add --no-cache --virtual .build-deps \
        $PHPIZE_DEPS \
        imap-dev \
        krb5-dev \
        libressl-dev \
        samba-dev \
        bzip2-dev \
    ; \
    \
    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
    docker-php-ext-install \
        bz2 \
        imap \
    ; \
    pecl install smbclient; \
    docker-php-ext-enable smbclient; \
    \
    runDeps="$( \
        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
            | tr ',' '\n' \
            | sort -u \
            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
    )"; \
    apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
    apk del .build-deps
 RUN mkdir -p \
    /var/log/supervisord \
    /var/run/supervisord \
 ;
 COPY supervisord.conf /
 ENV NEXTCLOUD_UPDATE=1
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
--- a/.examples/dockerfiles/full/fpm-alpine/supervisord.conf
+++ b/.examples/dockerfiles/full/fpm-alpine/supervisord.conf
@ -0,0 +1,22 @@
 [supervisord]
 nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
 pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
 logfile_backups=10                              ; number of backed up logfiles
 loglevel=error
 [program:php-fpm]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=php-fpm
 [program:cron]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/cron.sh
--- a/.examples/dockerfiles/full/fpm/Dockerfile
+++ b/.examples/dockerfiles/full/fpm/Dockerfile
@ -1,24 +1,59 @@
 FROM nextcloud:fpm
-RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
+RUN set -ex; \
-    && apt-get update && apt-get install -y \
+    \
-        supervisor \
+    apt-get update; \
    apt-get install -y --no-install-recommends \
        ffmpeg \
-        libmagickwand-dev \
+        libmagickcore-6.q16-6-extra \
-        libgmp3-dev \
+        procps \
        smbclient \
        supervisor \
 #       libreoffice \
    ; \
    rm -rf /var/lib/apt/lists/*
 RUN set -ex; \
    \
    savedAptMark="$(apt-mark showmanual)"; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        libbz2-dev \
        libc-client-dev \
        libkrb5-dev \
        smbclient \
        libsmbclient-dev \
-#       LibreOffice \
+    ; \
-    && rm -rf /var/lib/apt/lists/* \
+    \
-    && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
+    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
-    && ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \
+    docker-php-ext-install \
-    && docker-php-ext-install bz2 gmp imap \
+        bz2 \
-    && pecl install imagick smbclient \
+        imap \
-    && docker-php-ext-enable imagick smbclient \
+    ; \
-    && mkdir /var/log/supervisord /var/run/supervisord
+    pecl install smbclient; \
    docker-php-ext-enable smbclient; \
    \
 # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
    apt-mark auto '.*' > /dev/null; \
    apt-mark manual $savedAptMark; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { print $3 }' \
        | sort -u \
        | xargs -r dpkg-query -S \
        | cut -d: -f1 \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
    rm -rf /var/lib/apt/lists/*
-COPY supervisord.conf /etc/supervisor/supervisord.conf
+RUN mkdir -p \
    /var/log/supervisord \
    /var/run/supervisord \
 ;
-CMD ["/usr/bin/supervisord"]
+COPY supervisord.conf /
 ENV NEXTCLOUD_UPDATE=1
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
--- a/.examples/dockerfiles/imap/apache/Dockerfile
+++ b/.examples/dockerfiles/imap/apache/Dockerfile
@ -1,7 +1,28 @@
 FROM nextcloud:apache
-RUN apt-get update \
+RUN set -ex; \
- && apt-get install -y libc-client-dev libkrb5-dev \
+    \
- && rm -rf /var/lib/apt/lists/* \
+    savedAptMark="$(apt-mark showmanual)"; \
- && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
+    \
- && docker-php-ext-install imap
+    apt-get update; \
    apt-get install -y --no-install-recommends \
        libc-client-dev \
        libkrb5-dev \
    ; \
    \
    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
    docker-php-ext-install imap; \
    \
 # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
    apt-mark auto '.*' > /dev/null; \
    apt-mark manual $savedAptMark; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { print $3 }' \
        | sort -u \
        | xargs -r dpkg-query -S \
        | cut -d: -f1 \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
    rm -rf /var/lib/apt/lists/*
--- a/.examples/dockerfiles/imap/fpm-alpine/Dockerfile
+++ b/.examples/dockerfiles/imap/fpm-alpine/Dockerfile
@ -0,0 +1,22 @@
 FROM nextcloud:fpm-alpine
 RUN set -ex; \
    \
    apk add --no-cache --virtual .build-deps \
        $PHPIZE_DEPS \
        imap-dev \
        krb5-dev \
        libressl-dev \
    ; \
    \
    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
    docker-php-ext-install imap; \
    \
    runDeps="$( \
        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
            | tr ',' '\n' \
            | sort -u \
            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
    )"; \
    apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
    apk del .build-deps
--- a/.examples/dockerfiles/imap/fpm/Dockerfile
+++ b/.examples/dockerfiles/imap/fpm/Dockerfile
@ -1,7 +1,28 @@
 FROM nextcloud:fpm
-RUN apt-get update \
+RUN set -ex; \
- && apt-get install -y libc-client-dev libkrb5-dev \
+    \
- && rm -rf /var/lib/apt/lists/* \
+    savedAptMark="$(apt-mark showmanual)"; \
- && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
+    \
- && docker-php-ext-install imap
+    apt-get update; \
    apt-get install -y --no-install-recommends \
        libc-client-dev \
        libkrb5-dev \
    ; \
    \
    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
    docker-php-ext-install imap; \
    \
 # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
    apt-mark auto '.*' > /dev/null; \
    apt-mark manual $savedAptMark; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { print $3 }' \
        | sort -u \
        | xargs -r dpkg-query -S \
        | cut -d: -f1 \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
    rm -rf /var/lib/apt/lists/*
--- a/.examples/dockerfiles/smb/apache/Dockerfile
+++ b/.examples/dockerfiles/smb/apache/Dockerfile
@ -1,3 +1,3 @@
 FROM nextcloud:apache
-RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/*
--- a/.examples/dockerfiles/smb/fpm-alpine/Dockerfile
+++ b/.examples/dockerfiles/smb/fpm-alpine/Dockerfile
@ -0,0 +1,3 @@
 FROM nextcloud:fpm-alpine
 RUN apk add --no-cache procps samba-client
--- a/.examples/dockerfiles/smb/fpm/Dockerfile
+++ b/.examples/dockerfiles/smb/fpm/Dockerfile
@ -1,3 +1,3 @@
 FROM nextcloud:fpm
-RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/*
--- a/.travis.yml
+++ b/.travis.yml
@ -1,42 +1,60 @@
 dist: trusty
 sudo: required
 services: docker
 language: bash
 services: docker
 branches:
  only:
    - master
 # preload images to avoid timeouts in tests
 before_install:
  - docker pull mariadb:10
  - docker pull postgres:11-alpine
 install:
  - git clone https://github.com/docker-library/official-images.git ~/official-images
 before_script:
  - env | sort
  - wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash
  - image="nextcloud:${VERSION}${VARIANT:+-$VARIANT}"
  - if [[ "$ARCH" == 'i386' ]]; then sed -i -e 's/FROM php/FROM i386\/php/g' "${VERSION}/${VARIANT}/Dockerfile"; fi
 script:
-  - travis_retry docker build -t "$image" "${VERSION}/${VARIANT}"
+  - |
-  - ~/official-images/test/run.sh "$image"
+    (
-  - .travis/test-example-dockerfiles.sh "$image"
+      set -Eeuo pipefail
      set -x
      travis_retry docker build -t "$image" "${VERSION}/${VARIANT}"
      travis_retry ~/official-images/test/run.sh "$image"
      .travis/test-example-dockerfiles.sh "$image"
    )
 after_script:
  - docker images
 jobs:
  # https://github.com/docker-library/php/issues/822
  allow_failures:
    - env: VERSION=15.0 VARIANT=apache ARCH=i386
    - env: VERSION=16.0 VARIANT=apache ARCH=i386
    - env: VERSION=17.0 VARIANT=apache ARCH=i386
    - env: VERSION=18.0 VARIANT=apache ARCH=i386
    - env: VERSION=15.0-rc VARIANT=apache ARCH=i386
    - env: VERSION=16.0-rc VARIANT=apache ARCH=i386
    - env: VERSION=17.0-rc VARIANT=apache ARCH=i386
    - env: VERSION=18.0-rc VARIANT=apache ARCH=i386
    - env: VERSION=17.0-beta VARIANT=apache ARCH=i386
    - env: VERSION=18.0-beta VARIANT=apache ARCH=i386
  include:
    - &test-scripts
      stage: test scripts
      env: SCRIPT=update.sh
      sudo: false
      services: []
      install: skip
      before_script: skip
      script:
        - hash_before=$(git write-tree)
-        - ./update.sh
+        - travis_retry ./update.sh
        - bash -c "[[ $hash_before = $(git add -A && git write-tree) ]]"
      after_script: skip
@ -46,18 +64,42 @@ jobs:
        - wget -O "$HOME/bin/bashbrew" https://doi-janky.infosiftr.net/job/bashbrew/lastSuccessfulBuild/artifact/bin/bashbrew-amd64
        - chmod +x "$HOME/bin/bashbrew"
      script:
-        - ./generate-stackbrew-library.sh
+        - travis_retry ./generate-stackbrew-library.sh
    - stage: test images
-      env: VERSION=12.0 VARIANT=fpm-alpine ARCH=amd64
+      env: VERSION=16.0-rc VARIANT=fpm-alpine ARCH=amd64
-    - env: VERSION=12.0 VARIANT=fpm-alpine ARCH=i386
+    - env: VERSION=16.0-rc VARIANT=fpm-alpine ARCH=i386
-    - env: VERSION=12.0 VARIANT=fpm ARCH=amd64
+    - env: VERSION=16.0-rc VARIANT=fpm ARCH=amd64
-    - env: VERSION=12.0 VARIANT=fpm ARCH=i386
+    - env: VERSION=16.0-rc VARIANT=fpm ARCH=i386
-    - env: VERSION=12.0 VARIANT=apache ARCH=amd64
+    - env: VERSION=16.0-rc VARIANT=apache ARCH=amd64
-    - env: VERSION=12.0 VARIANT=apache ARCH=i386
+    - env: VERSION=16.0-rc VARIANT=apache ARCH=i386
-    - env: VERSION=13.0 VARIANT=fpm-alpine ARCH=amd64
+    - env: VERSION=17.0-rc VARIANT=fpm-alpine ARCH=amd64
-    - env: VERSION=13.0 VARIANT=fpm-alpine ARCH=i386
+    - env: VERSION=17.0-rc VARIANT=fpm-alpine ARCH=i386
-    - env: VERSION=13.0 VARIANT=fpm ARCH=amd64
+    - env: VERSION=17.0-rc VARIANT=fpm ARCH=amd64
-    - env: VERSION=13.0 VARIANT=fpm ARCH=i386
+    - env: VERSION=17.0-rc VARIANT=fpm ARCH=i386
-    - env: VERSION=13.0 VARIANT=apache ARCH=amd64
+    - env: VERSION=17.0-rc VARIANT=apache ARCH=amd64
-    - env: VERSION=13.0 VARIANT=apache ARCH=i386
+    - env: VERSION=17.0-rc VARIANT=apache ARCH=i386
    - env: VERSION=18.0-rc VARIANT=fpm-alpine ARCH=amd64
    - env: VERSION=18.0-rc VARIANT=fpm-alpine ARCH=i386
    - env: VERSION=18.0-rc VARIANT=fpm ARCH=amd64
    - env: VERSION=18.0-rc VARIANT=fpm ARCH=i386
    - env: VERSION=18.0-rc VARIANT=apache ARCH=amd64
    - env: VERSION=18.0-rc VARIANT=apache ARCH=i386
    - env: VERSION=16.0 VARIANT=fpm-alpine ARCH=amd64
    - env: VERSION=16.0 VARIANT=fpm-alpine ARCH=i386
    - env: VERSION=16.0 VARIANT=fpm ARCH=amd64
    - env: VERSION=16.0 VARIANT=fpm ARCH=i386
    - env: VERSION=16.0 VARIANT=apache ARCH=amd64
    - env: VERSION=16.0 VARIANT=apache ARCH=i386
    - env: VERSION=17.0 VARIANT=fpm-alpine ARCH=amd64
    - env: VERSION=17.0 VARIANT=fpm-alpine ARCH=i386
    - env: VERSION=17.0 VARIANT=fpm ARCH=amd64
    - env: VERSION=17.0 VARIANT=fpm ARCH=i386
    - env: VERSION=17.0 VARIANT=apache ARCH=amd64
    - env: VERSION=17.0 VARIANT=apache ARCH=i386
    - env: VERSION=18.0 VARIANT=fpm-alpine ARCH=amd64
    - env: VERSION=18.0 VARIANT=fpm-alpine ARCH=i386
    - env: VERSION=18.0 VARIANT=fpm ARCH=amd64
    - env: VERSION=18.0 VARIANT=fpm ARCH=i386
    - env: VERSION=18.0 VARIANT=apache ARCH=amd64
    - env: VERSION=18.0 VARIANT=apache ARCH=i386
--- a/.travis/test-example-dockerfiles.sh
+++ b/.travis/test-example-dockerfiles.sh
@ -10,10 +10,9 @@ dirs=( "${dirs[@]%/}" )
 for dir in "${dirs[@]}"; do
    if [ -d "$dir/$VARIANT" ]; then
        (
-            cd "$dir/$VARIANT" 
+            cd "$dir/$VARIANT"
            sed -ri -e 's/^FROM .*/FROM '"$image"'/g' 'Dockerfile'
            docker build -t "$image-$dir" .
            ~/official-images/test/run.sh "$image-$dir"
        )
    fi
 done
--- a/12.0/apache/entrypoint.sh
+++ b/12.0/apache/entrypoint.sh
@ -1,62 +0,0 @@
 #!/bin/sh
 set -eu
 # version_greater A B returns whether A > B
 version_greater() {
 	[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
 }
 # return true if specified directory is empty
 directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }
 run_as() {
  if [ "$(id -u)" = 0 ]; then
    su - www-data -s /bin/sh -c "$1"
  else
    sh -c "$1"
  fi
 }
 installed_version="0.0.0.0"
 if [ -f /var/www/html/version.php ]; then
    # shellcheck disable=SC2016
    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
 fi
 # shellcheck disable=SC2016
 image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
 if version_greater "$installed_version" "$image_version"; then
    echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
    exit 1
 fi
 if version_greater "$image_version" "$installed_version"; then
    if [ "$installed_version" != "0.0.0.0" ]; then
        run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
    fi
    if [ "$(id -u)" = 0 ]; then
      rsync_options="-rlDog --chown www-data:root"
    else
      rsync_options="-rlD"
    fi
    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
    for dir in config data custom_apps themes; do
        if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
            rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        fi
    done
    if [ "$installed_version" != "0.0.0.0" ]; then
        run_as 'php /var/www/html/occ upgrade --no-app-disable'
        run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
        echo "The following apps have beed disabled:"
        diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
        rm -f /tmp/list_before /tmp/list_after
    fi
 fi
 exec "$@"
--- a/12.0/fpm-alpine/entrypoint.sh
+++ b/12.0/fpm-alpine/entrypoint.sh
@ -1,62 +0,0 @@
 #!/bin/sh
 set -eu
 # version_greater A B returns whether A > B
 version_greater() {
 	[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
 }
 # return true if specified directory is empty
 directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }
 run_as() {
  if [ "$(id -u)" = 0 ]; then
    su - www-data -s /bin/sh -c "$1"
  else
    sh -c "$1"
  fi
 }
 installed_version="0.0.0.0"
 if [ -f /var/www/html/version.php ]; then
    # shellcheck disable=SC2016
    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
 fi
 # shellcheck disable=SC2016
 image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
 if version_greater "$installed_version" "$image_version"; then
    echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
    exit 1
 fi
 if version_greater "$image_version" "$installed_version"; then
    if [ "$installed_version" != "0.0.0.0" ]; then
        run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
    fi
    if [ "$(id -u)" = 0 ]; then
      rsync_options="-rlDog --chown www-data:root"
    else
      rsync_options="-rlD"
    fi
    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
    for dir in config data custom_apps themes; do
        if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
            rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        fi
    done
    if [ "$installed_version" != "0.0.0.0" ]; then
        run_as 'php /var/www/html/occ upgrade --no-app-disable'
        run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
        echo "The following apps have beed disabled:"
        diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
        rm -f /tmp/list_before /tmp/list_after
    fi
 fi
 exec "$@"
--- a/12.0/fpm/entrypoint.sh
+++ b/12.0/fpm/entrypoint.sh
@ -1,62 +0,0 @@
 #!/bin/sh
 set -eu
 # version_greater A B returns whether A > B
 version_greater() {
 	[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
 }
 # return true if specified directory is empty
 directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }
 run_as() {
  if [ "$(id -u)" = 0 ]; then
    su - www-data -s /bin/sh -c "$1"
  else
    sh -c "$1"
  fi
 }
 installed_version="0.0.0.0"
 if [ -f /var/www/html/version.php ]; then
    # shellcheck disable=SC2016
    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
 fi
 # shellcheck disable=SC2016
 image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
 if version_greater "$installed_version" "$image_version"; then
    echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
    exit 1
 fi
 if version_greater "$image_version" "$installed_version"; then
    if [ "$installed_version" != "0.0.0.0" ]; then
        run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
    fi
    if [ "$(id -u)" = 0 ]; then
      rsync_options="-rlDog --chown www-data:root"
    else
      rsync_options="-rlD"
    fi
    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
    for dir in config data custom_apps themes; do
        if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
            rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        fi
    done
    if [ "$installed_version" != "0.0.0.0" ]; then
        run_as 'php /var/www/html/occ upgrade --no-app-disable'
        run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
        echo "The following apps have beed disabled:"
        diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
        rm -f /tmp/list_before /tmp/list_after
    fi
 fi
 exec "$@"
--- a/13.0/apache/entrypoint.sh
+++ b/13.0/apache/entrypoint.sh
@ -1,62 +0,0 @@
 #!/bin/sh
 set -eu
 # version_greater A B returns whether A > B
 version_greater() {
 	[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
 }
 # return true if specified directory is empty
 directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }
 run_as() {
  if [ "$(id -u)" = 0 ]; then
    su - www-data -s /bin/sh -c "$1"
  else
    sh -c "$1"
  fi
 }
 installed_version="0.0.0.0"
 if [ -f /var/www/html/version.php ]; then
    # shellcheck disable=SC2016
    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
 fi
 # shellcheck disable=SC2016
 image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
 if version_greater "$installed_version" "$image_version"; then
    echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
    exit 1
 fi
 if version_greater "$image_version" "$installed_version"; then
    if [ "$installed_version" != "0.0.0.0" ]; then
        run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
    fi
    if [ "$(id -u)" = 0 ]; then
      rsync_options="-rlDog --chown www-data:root"
    else
      rsync_options="-rlD"
    fi
    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
    for dir in config data custom_apps themes; do
        if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
            rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        fi
    done
    if [ "$installed_version" != "0.0.0.0" ]; then
        run_as 'php /var/www/html/occ upgrade --no-app-disable'
        run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
        echo "The following apps have beed disabled:"
        diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
        rm -f /tmp/list_before /tmp/list_after
    fi
 fi
 exec "$@"
--- a/13.0/fpm-alpine/config/autoconfig.php
+++ b/13.0/fpm-alpine/config/autoconfig.php
@ -1,34 +0,0 @@
 <?php
 $autoconfig_enabled = false;
 if (getenv('SQLITE_DATABASE')) {
    $AUTOCONFIG["dbtype"] = "sqlite";
    $AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
    $autoconfig_enabled = true;
 } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
    $AUTOCONFIG["dbtype"] = "mysql";
    $AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
    $AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
    $AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
    $AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
    $autoconfig_enabled = true;
 } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
    $AUTOCONFIG["dbtype"] = "pgsql";
    $AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
    $AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
    $AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
    $AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
    $autoconfig_enabled = true;
 }
 if ($autoconfig_enabled) {
    $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
    $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
    if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
        $AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
        $AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
    }
 }
--- a/13.0/fpm-alpine/config/redis.config.php
+++ b/13.0/fpm-alpine/config/redis.config.php
@ -1,8 +0,0 @@
 <?php
 $CONFIG = array (
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
    'host' => 'redis',
    'port' => 6379,
  ),
 );
--- a/13.0/fpm-alpine/entrypoint.sh
+++ b/13.0/fpm-alpine/entrypoint.sh
@ -1,62 +0,0 @@
 #!/bin/sh
 set -eu
 # version_greater A B returns whether A > B
 version_greater() {
 	[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
 }
 # return true if specified directory is empty
 directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }
 run_as() {
  if [ "$(id -u)" = 0 ]; then
    su - www-data -s /bin/sh -c "$1"
  else
    sh -c "$1"
  fi
 }
 installed_version="0.0.0.0"
 if [ -f /var/www/html/version.php ]; then
    # shellcheck disable=SC2016
    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
 fi
 # shellcheck disable=SC2016
 image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
 if version_greater "$installed_version" "$image_version"; then
    echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
    exit 1
 fi
 if version_greater "$image_version" "$installed_version"; then
    if [ "$installed_version" != "0.0.0.0" ]; then
        run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
    fi
    if [ "$(id -u)" = 0 ]; then
      rsync_options="-rlDog --chown www-data:root"
    else
      rsync_options="-rlD"
    fi
    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
    for dir in config data custom_apps themes; do
        if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
            rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        fi
    done
    if [ "$installed_version" != "0.0.0.0" ]; then
        run_as 'php /var/www/html/occ upgrade --no-app-disable'
        run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
        echo "The following apps have beed disabled:"
        diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
        rm -f /tmp/list_before /tmp/list_after
    fi
 fi
 exec "$@"
--- a/13.0/fpm/config/autoconfig.php
+++ b/13.0/fpm/config/autoconfig.php
@ -1,66 +0,0 @@
 <?php
 $autoconfig_enabled = false;
 if (getenv('SQLITE_DATABASE')) {
    $AUTOCONFIG["dbtype"] = "sqlite";
    $AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
    $autoconfig_enabled = true;
 }elseif (getenv('MYSQL_ROOT_PASSWORD') && getenv('MYSQL_ROOT_USER') && getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
    $root_user = getenv('MYSQL_ROOT_USER');
    $root_password = getenv('MYSQL_ROOT_PASSWORD');
    $user = getenv('MYSQL_USER');
    $password = getenv('MYSQL_PASSWORD');
    $database = getenv('MYSQL_DATABASE');
    $host = getenv('MYSQL_HOST');
    // Erase root environment variables
    putenv('MYSQL_ROOT_USER');
    putenv('MYSQL_ROOT_PASSWORD');
    // Create connection
    $connection = new mysqli($host, $root_user, $root_password);
    // Check connection
    if ($connection->connect_error) {
        die("Connection failed: " . $connection->connect_error);
    }
    // Create database
    $create_database = "CREATE DATABASE " .$database;
    $create_user = "GRANT ALL PRIVILEGES ON " .$database. ".* TO '" .$user."'@'%' IDENTIFIED BY '" .$password. "';";
    if ($connection->query($create_database) && $connection->query($create_user)) {
        $AUTOCONFIG["dbtype"] = "mysql";
        $AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
        $AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
        $AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
        $AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
        $autoconfig_enabled = true;
    } else {
        echo "Error creating database: " . $connection->error;
    }
    $connection->close();
 } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
    $AUTOCONFIG["dbtype"] = "mysql";
    $AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
    $AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
    $AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
    $AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
    $autoconfig_enabled = true;
 } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
    $AUTOCONFIG["dbtype"] = "pgsql";
    $AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
    $AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
    $AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
    $AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
    $autoconfig_enabled = true;
 }
 if ($autoconfig_enabled) {
    $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
    $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
    if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
        $AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
        $AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
    }
 }
--- a/13.0/fpm/config/redis.config.php
+++ b/13.0/fpm/config/redis.config.php
@ -1,8 +0,0 @@
 <?php
 $CONFIG = array (
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
    'host' => 'redis',
    'port' => 6379,
  ),
 );
--- a/13.0/fpm/entrypoint.sh
+++ b/13.0/fpm/entrypoint.sh
@ -1,62 +0,0 @@
 #!/bin/sh
 set -eu
 # version_greater A B returns whether A > B
 version_greater() {
 	[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
 }
 # return true if specified directory is empty
 directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }
 run_as() {
  if [ "$(id -u)" = 0 ]; then
    su - www-data -s /bin/sh -c "$1"
  else
    sh -c "$1"
  fi
 }
 installed_version="0.0.0.0"
 if [ -f /var/www/html/version.php ]; then
    # shellcheck disable=SC2016
    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
 fi
 # shellcheck disable=SC2016
 image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
 if version_greater "$installed_version" "$image_version"; then
    echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
    exit 1
 fi
 if version_greater "$image_version" "$installed_version"; then
    if [ "$installed_version" != "0.0.0.0" ]; then
        run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
    fi
    if [ "$(id -u)" = 0 ]; then
      rsync_options="-rlDog --chown www-data:root"
    else
      rsync_options="-rlD"
    fi
    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
    for dir in config data custom_apps themes; do
        if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
            rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        fi
    done
    if [ "$installed_version" != "0.0.0.0" ]; then
        run_as 'php /var/www/html/occ upgrade --no-app-disable'
        run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
        echo "The following apps have beed disabled:"
        diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
        rm -f /tmp/list_before /tmp/list_after
    fi
 fi
 exec "$@"
--- a/16.0-rc/apache/Dockerfile
+++ b/16.0-rc/apache/Dockerfile
@ -0,0 +1,151 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
 FROM php:7.3-apache-buster
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        rsync \
        bzip2 \
        busybox-static \
    ; \
    rm -rf /var/lib/apt/lists/*; \
    \
    mkdir -p /var/spool/cron/crontabs; \
    echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
 # install the PHP extensions we need
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 RUN set -ex; \
    \
    savedAptMark="$(apt-mark showmanual)"; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        libcurl4-openssl-dev \
        libevent-dev \
        libfreetype6-dev \
        libicu-dev \
        libjpeg-dev \
        libldap2-dev \
        libmcrypt-dev \
        libmemcached-dev \
        libpng-dev \
        libpq-dev \
        libxml2-dev \
        libmagickwand-dev \
        libzip-dev \
        libwebp-dev \
        libgmp-dev \
    ; \
    \
    debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
    if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\
    docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
    docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
    docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
    docker-php-ext-install -j "$(nproc)" \
        exif \
        gd \
        intl \
        ldap \
        opcache \
        pcntl \
        pdo_mysql \
        pdo_pgsql \
        zip \
        gmp \
    ; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
    pecl install APCu-5.1.18; \
    pecl install memcached-3.1.5; \
    pecl install redis-4.3.0; \
    pecl install imagick-3.4.4; \
    \
    docker-php-ext-enable \
        apcu \
        memcached \
        redis \
        imagick \
    ; \
    \
 # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
    apt-mark auto '.*' > /dev/null; \
    apt-mark manual $savedAptMark; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { print $3 }' \
        | sort -u \
        | xargs -r dpkg-query -S \
        | cut -d: -f1 \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
    rm -rf /var/lib/apt/lists/*
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
 RUN { \
        echo 'opcache.enable=1'; \
        echo 'opcache.interned_strings_buffer=8'; \
        echo 'opcache.max_accelerated_files=10000'; \
        echo 'opcache.memory_consumption=128'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=1'; \
    } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
    \
    echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
    \
    echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
    \
    mkdir /var/www/data; \
    chown -R www-data:root /var/www; \
    chmod -R g=u /var/www
 VOLUME /var/www/html
 RUN a2enmod rewrite remoteip ;\
    {\
     echo RemoteIPHeader X-Real-IP ;\
     echo RemoteIPTrustedProxy 10.0.0.0/8 ;\
     echo RemoteIPTrustedProxy 172.16.0.0/12 ;\
     echo RemoteIPTrustedProxy 192.168.0.0/16 ;\
    } > /etc/apache2/conf-available/remoteip.conf;\
    a2enconf remoteip
 ENV NEXTCLOUD_VERSION 16.0.9RC1
 RUN set -ex; \
    fetchDeps=" \
        gnupg \
        dirmngr \
    "; \
    apt-get update; \
    apt-get install -y --no-install-recommends $fetchDeps; \
    \
    curl -fsSL -o nextcloud.tar.bz2 \
        "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
    curl -fsSL -o nextcloud.tar.bz2.asc \
        "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
    gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
    gpgconf --kill all; \
    rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
    rm -rf /usr/src/nextcloud/updater; \
    mkdir -p /usr/src/nextcloud/data; \
    mkdir -p /usr/src/nextcloud/custom_apps; \
    chmod +x /usr/src/nextcloud/occ; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
    rm -rf /var/lib/apt/lists/*
 COPY *.sh upgrade.exclude /
 COPY config/* /usr/src/nextcloud/config/
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["apache2-foreground"]
--- a/16.0-rc/apache/config/apache-pretty-urls.config.php
+++ b/16.0-rc/apache/config/apache-pretty-urls.config.php
--- a/16.0-rc/apache/config/apcu.config.php
+++ b/16.0-rc/apache/config/apcu.config.php
--- a/16.0-rc/apache/config/apps.config.php
+++ b/16.0-rc/apache/config/apps.config.php
--- a/16.0-rc/apache/config/autoconfig.php
+++ b/16.0-rc/apache/config/autoconfig.php
@ -23,12 +23,9 @@ if (getenv('SQLITE_DATABASE')) {
 }
 if ($autoconfig_enabled) {
-    $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
+    if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
        $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
    }
    $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
    if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
        $AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
        $AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
    }
 }
--- a/16.0-rc/apache/config/redis.config.php
+++ b/16.0-rc/apache/config/redis.config.php
@ -0,0 +1,17 @@
 <?php
 if (getenv('REDIS_HOST')) {
  $CONFIG = array (
    'memcache.distributed' => '\OC\Memcache\Redis',
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
      'password' => getenv('REDIS_HOST_PASSWORD'),
    ),
  );
  if (getenv('REDIS_HOST_PORT') !== false) {
    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
 }
--- a/16.0-rc/apache/config/smtp.config.php
+++ b/16.0-rc/apache/config/smtp.config.php
@ -0,0 +1,15 @@
 <?php
 if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
  $CONFIG = array (
    'mail_smtpmode' => 'smtp',
    'mail_smtphost' => getenv('SMTP_HOST'),
    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
    'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
    'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '',
    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
    'mail_domain' => getenv('MAIL_DOMAIN'),
  );
 }
--- a/16.0-rc/apache/cron.sh
+++ b/16.0-rc/apache/cron.sh
--- a/16.0-rc/apache/entrypoint.sh
+++ b/16.0-rc/apache/entrypoint.sh
@ -0,0 +1,152 @@
 #!/bin/sh
 set -eu
 # version_greater A B returns whether A > B
 version_greater() {
    [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
 }
 # return true if specified directory is empty
 directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }
 run_as() {
    if [ "$(id -u)" = 0 ]; then
        su -p www-data -s /bin/sh -c "$1"
    else
        sh -c "$1"
    fi
 }
 if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
    if [ -n "${REDIS_HOST+x}" ]; then
        echo "Configuring Redis as session handler"
        {
            echo 'session.save_handler = redis'
            # check if redis host is an unix socket path
            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
              else
                echo "session.save_path = \"unix://${REDIS_HOST}\""
              fi
            # check if redis password has been set
            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
            else
                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
            fi
        } > /usr/local/etc/php/conf.d/redis-session.ini
    fi
    installed_version="0.0.0.0"
    if [ -f /var/www/html/version.php ]; then
        # shellcheck disable=SC2016
        installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
    fi
    # shellcheck disable=SC2016
    image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
    if version_greater "$installed_version" "$image_version"; then
        echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
        exit 1
    fi
    if version_greater "$image_version" "$installed_version"; then
        echo "Initializing nextcloud $image_version ..."
        if [ "$installed_version" != "0.0.0.0" ]; then
            echo "Upgrading nextcloud from $installed_version ..."
            run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
        fi
        if [ "$(id -u)" = 0 ]; then
            rsync_options="-rlDog --chown www-data:root"
        else
            rsync_options="-rlD"
        fi
        rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
        for dir in config data custom_apps themes; do
            if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
                rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
            fi
        done
        rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        echo "Initializing finished"
        #install
        if [ "$installed_version" = "0.0.0.0" ]; then
            echo "New nextcloud instance"
            if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
                # shellcheck disable=SC2016
                install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
                if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then
                    # shellcheck disable=SC2016
                    install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"'
                fi
                if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
                    # shellcheck disable=SC2016
                    install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
                fi
                install=false
                if [ -n "${SQLITE_DATABASE+x}" ]; then
                    echo "Installing with SQLite database"
                    # shellcheck disable=SC2016
                    install_options=$install_options' --database-name "$SQLITE_DATABASE"'
                    install=true
                elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
                    echo "Installing with MySQL database"
                    # shellcheck disable=SC2016
                    install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
                    install=true
                elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
                    echo "Installing with PostgreSQL database"
                    # shellcheck disable=SC2016
                    install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
                    install=true
                fi
                if [ "$install" = true ]; then
                    echo "starting nextcloud installation"
                    max_retries=10
                    try=0
                    until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
                    do
                        echo "retrying install..."
                        try=$((try+1))
                        sleep 10s
                    done
                    if [ "$try" -gt "$max_retries" ]; then
                        echo "installing of nextcloud failed!"
                        exit 1
                    fi
                    if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
                        echo "setting trusted domains…"
                        NC_TRUSTED_DOMAIN_IDX=1
                        for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
                            DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
                            run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
                            NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1))
                        done
                    fi
                else
                    echo "running web-based installer on first connect!"
                fi
            fi
        #upgrade
        else
            run_as 'php /var/www/html/occ upgrade'
            run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
            echo "The following apps have been disabled:"
            diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
            rm -f /tmp/list_before /tmp/list_after
        fi
    fi
 fi
 exec "$@"
--- a/16.0-rc/apache/upgrade.exclude
+++ b/16.0-rc/apache/upgrade.exclude
@ -0,0 +1,5 @@
 /config/
 /data/
 /custom_apps/
 /themes/
 /version.php
--- a/16.0-rc/fpm-alpine/Dockerfile
+++ b/16.0-rc/fpm-alpine/Dockerfile
@ -0,0 +1,126 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
 FROM php:7.3-fpm-alpine3.11
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
    \
    apk add --no-cache \
        rsync \
    ; \
    \
    rm /var/spool/cron/crontabs/root; \
    echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
 # install the PHP extensions we need
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 RUN set -ex; \
    \
    apk add --no-cache --virtual .build-deps \
        $PHPIZE_DEPS \
        autoconf \
        freetype-dev \
        icu-dev \
        libevent-dev \
        libjpeg-turbo-dev \
        libmcrypt-dev \
        libpng-dev \
        libmemcached-dev \
        libxml2-dev \
        libzip-dev \
        openldap-dev \
        pcre-dev \
        postgresql-dev \
        imagemagick-dev \
        libwebp-dev \
        gmp-dev \
    ; \
    \
    docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
    docker-php-ext-configure ldap; \
    docker-php-ext-install -j "$(nproc)" \
        exif \
        gd \
        intl \
        ldap \
        opcache \
        pcntl \
        pdo_mysql \
        pdo_pgsql \
        zip \
        gmp \
    ; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
    pecl install APCu-5.1.18; \
    pecl install memcached-3.1.5; \
    pecl install redis-4.3.0; \
    pecl install imagick-3.4.4; \
    \
    docker-php-ext-enable \
        apcu \
        memcached \
        redis \
        imagick \
    ; \
    \
    runDeps="$( \
        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
            | tr ',' '\n' \
            | sort -u \
            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
    )"; \
    apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
    apk del .build-deps
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
 RUN { \
        echo 'opcache.enable=1'; \
        echo 'opcache.interned_strings_buffer=8'; \
        echo 'opcache.max_accelerated_files=10000'; \
        echo 'opcache.memory_consumption=128'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=1'; \
    } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
    \
    echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
    \
    echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
    \
    mkdir /var/www/data; \
    chown -R www-data:root /var/www; \
    chmod -R g=u /var/www
 VOLUME /var/www/html
 ENV NEXTCLOUD_VERSION 16.0.9RC1
 RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
        bzip2 \
        gnupg \
    ; \
    \
    curl -fsSL -o nextcloud.tar.bz2 \
        "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
    curl -fsSL -o nextcloud.tar.bz2.asc \
        "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
    gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
    gpgconf --kill all; \
    rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
    rm -rf /usr/src/nextcloud/updater; \
    mkdir -p /usr/src/nextcloud/data; \
    mkdir -p /usr/src/nextcloud/custom_apps; \
    chmod +x /usr/src/nextcloud/occ; \
    apk del .fetch-deps
 COPY *.sh upgrade.exclude /
 COPY config/* /usr/src/nextcloud/config/
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["php-fpm"]
--- a/16.0-rc/fpm-alpine/config/apcu.config.php
+++ b/16.0-rc/fpm-alpine/config/apcu.config.php
--- a/16.0-rc/fpm-alpine/config/apps.config.php
+++ b/16.0-rc/fpm-alpine/config/apps.config.php
--- a/16.0-rc/fpm-alpine/config/autoconfig.php
+++ b/16.0-rc/fpm-alpine/config/autoconfig.php
@ -23,12 +23,9 @@ if (getenv('SQLITE_DATABASE')) {
 }
 if ($autoconfig_enabled) {
-    $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
+    if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
        $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
    }
    $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
    if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
        $AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
        $AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
    }
 }
--- a/16.0-rc/fpm-alpine/config/redis.config.php
+++ b/16.0-rc/fpm-alpine/config/redis.config.php
@ -0,0 +1,17 @@
 <?php
 if (getenv('REDIS_HOST')) {
  $CONFIG = array (
    'memcache.distributed' => '\OC\Memcache\Redis',
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
      'password' => getenv('REDIS_HOST_PASSWORD'),
    ),
  );
  if (getenv('REDIS_HOST_PORT') !== false) {
    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
 }
--- a/16.0-rc/fpm-alpine/config/smtp.config.php
+++ b/16.0-rc/fpm-alpine/config/smtp.config.php
@ -0,0 +1,15 @@
 <?php
 if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
  $CONFIG = array (
    'mail_smtpmode' => 'smtp',
    'mail_smtphost' => getenv('SMTP_HOST'),
    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
    'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
    'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '',
    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
    'mail_domain' => getenv('MAIL_DOMAIN'),
  );
 }
--- a/16.0-rc/fpm-alpine/cron.sh
+++ b/16.0-rc/fpm-alpine/cron.sh
--- a/16.0-rc/fpm-alpine/entrypoint.sh
+++ b/16.0-rc/fpm-alpine/entrypoint.sh
@ -0,0 +1,152 @@
 #!/bin/sh
 set -eu
 # version_greater A B returns whether A > B
 version_greater() {
    [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
 }
 # return true if specified directory is empty
 directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }
 run_as() {
    if [ "$(id -u)" = 0 ]; then
        su -p www-data -s /bin/sh -c "$1"
    else
        sh -c "$1"
    fi
 }
 if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
    if [ -n "${REDIS_HOST+x}" ]; then
        echo "Configuring Redis as session handler"
        {
            echo 'session.save_handler = redis'
            # check if redis host is an unix socket path
            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
              else
                echo "session.save_path = \"unix://${REDIS_HOST}\""
              fi
            # check if redis password has been set
            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
            else
                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
            fi
        } > /usr/local/etc/php/conf.d/redis-session.ini
    fi
    installed_version="0.0.0.0"
    if [ -f /var/www/html/version.php ]; then
        # shellcheck disable=SC2016
        installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
    fi
    # shellcheck disable=SC2016
    image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
    if version_greater "$installed_version" "$image_version"; then
        echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
        exit 1
    fi
    if version_greater "$image_version" "$installed_version"; then
        echo "Initializing nextcloud $image_version ..."
        if [ "$installed_version" != "0.0.0.0" ]; then
            echo "Upgrading nextcloud from $installed_version ..."
            run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
        fi
        if [ "$(id -u)" = 0 ]; then
            rsync_options="-rlDog --chown www-data:root"
        else
            rsync_options="-rlD"
        fi
        rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
        for dir in config data custom_apps themes; do
            if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
                rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
            fi
        done
        rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        echo "Initializing finished"
        #install
        if [ "$installed_version" = "0.0.0.0" ]; then
            echo "New nextcloud instance"
            if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
                # shellcheck disable=SC2016
                install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
                if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then
                    # shellcheck disable=SC2016
                    install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"'
                fi
                if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
                    # shellcheck disable=SC2016
                    install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
                fi
                install=false
                if [ -n "${SQLITE_DATABASE+x}" ]; then
                    echo "Installing with SQLite database"
                    # shellcheck disable=SC2016
                    install_options=$install_options' --database-name "$SQLITE_DATABASE"'
                    install=true
                elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
                    echo "Installing with MySQL database"
                    # shellcheck disable=SC2016
                    install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
                    install=true
                elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
                    echo "Installing with PostgreSQL database"
                    # shellcheck disable=SC2016
                    install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
                    install=true
                fi
                if [ "$install" = true ]; then
                    echo "starting nextcloud installation"
                    max_retries=10
                    try=0
                    until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
                    do
                        echo "retrying install..."
                        try=$((try+1))
                        sleep 10s
                    done
                    if [ "$try" -gt "$max_retries" ]; then
                        echo "installing of nextcloud failed!"
                        exit 1
                    fi
                    if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
                        echo "setting trusted domains…"
                        NC_TRUSTED_DOMAIN_IDX=1
                        for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
                            DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
                            run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
                            NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1))
                        done
                    fi
                else
                    echo "running web-based installer on first connect!"
                fi
            fi
        #upgrade
        else
            run_as 'php /var/www/html/occ upgrade'
            run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
            echo "The following apps have been disabled:"
            diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
            rm -f /tmp/list_before /tmp/list_after
        fi
    fi
 fi
 exec "$@"
--- a/16.0-rc/fpm-alpine/upgrade.exclude
+++ b/16.0-rc/fpm-alpine/upgrade.exclude
@ -0,0 +1,5 @@
 /config/
 /data/
 /custom_apps/
 /themes/
 /version.php
--- a/16.0-rc/fpm/Dockerfile
+++ b/16.0-rc/fpm/Dockerfile
@ -0,0 +1,143 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
 FROM php:7.3-fpm-buster
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        rsync \
        bzip2 \
        busybox-static \
    ; \
    rm -rf /var/lib/apt/lists/*; \
    \
    mkdir -p /var/spool/cron/crontabs; \
    echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
 # install the PHP extensions we need
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 RUN set -ex; \
    \
    savedAptMark="$(apt-mark showmanual)"; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        libcurl4-openssl-dev \
        libevent-dev \
        libfreetype6-dev \
        libicu-dev \
        libjpeg-dev \
        libldap2-dev \
        libmcrypt-dev \
        libmemcached-dev \
        libpng-dev \
        libpq-dev \
        libxml2-dev \
        libmagickwand-dev \
        libzip-dev \
        libwebp-dev \
        libgmp-dev \
    ; \
    \
    debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
    if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\
    docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
    docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
    docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
    docker-php-ext-install -j "$(nproc)" \
        exif \
        gd \
        intl \
        ldap \
        opcache \
        pcntl \
        pdo_mysql \
        pdo_pgsql \
        zip \
        gmp \
    ; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
    pecl install APCu-5.1.18; \
    pecl install memcached-3.1.5; \
    pecl install redis-4.3.0; \
    pecl install imagick-3.4.4; \
    \
    docker-php-ext-enable \
        apcu \
        memcached \
        redis \
        imagick \
    ; \
    \
 # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
    apt-mark auto '.*' > /dev/null; \
    apt-mark manual $savedAptMark; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { print $3 }' \
        | sort -u \
        | xargs -r dpkg-query -S \
        | cut -d: -f1 \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
    rm -rf /var/lib/apt/lists/*
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
 RUN { \
        echo 'opcache.enable=1'; \
        echo 'opcache.interned_strings_buffer=8'; \
        echo 'opcache.max_accelerated_files=10000'; \
        echo 'opcache.memory_consumption=128'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=1'; \
    } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
    \
    echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
    \
    echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
    \
    mkdir /var/www/data; \
    chown -R www-data:root /var/www; \
    chmod -R g=u /var/www
 VOLUME /var/www/html
 ENV NEXTCLOUD_VERSION 16.0.9RC1
 RUN set -ex; \
    fetchDeps=" \
        gnupg \
        dirmngr \
    "; \
    apt-get update; \
    apt-get install -y --no-install-recommends $fetchDeps; \
    \
    curl -fsSL -o nextcloud.tar.bz2 \
        "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
    curl -fsSL -o nextcloud.tar.bz2.asc \
        "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
    gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
    gpgconf --kill all; \
    rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
    rm -rf /usr/src/nextcloud/updater; \
    mkdir -p /usr/src/nextcloud/data; \
    mkdir -p /usr/src/nextcloud/custom_apps; \
    chmod +x /usr/src/nextcloud/occ; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
    rm -rf /var/lib/apt/lists/*
 COPY *.sh upgrade.exclude /
 COPY config/* /usr/src/nextcloud/config/
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["php-fpm"]
--- a/16.0-rc/fpm/config/apcu.config.php
+++ b/16.0-rc/fpm/config/apcu.config.php
--- a/16.0-rc/fpm/config/apps.config.php
+++ b/16.0-rc/fpm/config/apps.config.php
--- a/12.0/fpm-alpine/config/autoconfig.php
+++ b/12.0/fpm-alpine/config/autoconfig.php
@ -23,12 +23,9 @@ if (getenv('SQLITE_DATABASE')) {
 }
 if ($autoconfig_enabled) {
-    $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
+    if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
        $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
    }
    $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
    if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
        $AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
        $AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
    }
 }
--- a/16.0-rc/fpm/config/redis.config.php
+++ b/16.0-rc/fpm/config/redis.config.php
@ -0,0 +1,17 @@
 <?php
 if (getenv('REDIS_HOST')) {
  $CONFIG = array (
    'memcache.distributed' => '\OC\Memcache\Redis',
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
      'password' => getenv('REDIS_HOST_PASSWORD'),
    ),
  );
  if (getenv('REDIS_HOST_PORT') !== false) {
    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
 }
--- a/16.0-rc/fpm/config/smtp.config.php
+++ b/16.0-rc/fpm/config/smtp.config.php
@ -0,0 +1,15 @@
 <?php
 if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
  $CONFIG = array (
    'mail_smtpmode' => 'smtp',
    'mail_smtphost' => getenv('SMTP_HOST'),
    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
    'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
    'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '',
    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
    'mail_domain' => getenv('MAIL_DOMAIN'),
  );
 }
--- a/16.0-rc/fpm/cron.sh
+++ b/16.0-rc/fpm/cron.sh
--- a/Show More
+++ b/Show More
		`@ -1,3 +0,0 @@`
			`FROM nextcloud:apache`

			`COPY redis.config.php /usr/src/nextcloud/config/redis.config.php`
		`@ -1,3 +0,0 @@`
			`FROM nextcloud:fpm`

			`COPY redis.config.php /usr/src/nextcloud/config/redis.config.php`
`@ -1,3 +1,3 @@`
	`FROM nginx`	`FROM nginx:alpine`

	`COPY nginx.conf /etc/nginx/nginx.conf`	`COPY nginx.conf /etc/nginx/nginx.conf`
		`@ -0,0 +1,3 @@`
							`FROM jwilder/nginx-proxy:alpine`

							`COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf`
		`@ -0,0 +1,2 @@`
							`client_max_body_size 10G;`
							`proxy_request_buffering off;`
`@ -1 +1,2 @@`
	`client_max_body_size 10G;`	`client_max_body_size 10G;`
		`proxy_request_buffering off;`
		`@ -0,0 +1,3 @@`
							`FROM nextcloud:fpm-alpine`

							`RUN apk add --no-cache procps samba-client`