|  | @@ -26,7 +26,7 @@ Now you can access Nextcloud at http://localhost:8080/ from your host system.
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  ## Using the fpm image
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -To use the fpm image, you need an additional web server that can proxy http-request to the fpm-port of the container. For fpm connection this container exposes port 9000. In most cases, you might want use another container or your host as proxy. If you use your host you can address your Nextcloud container directly on port 9000. If you use another container, make sure that you add them to the same docker network (via `docker run --network <NAME> ...` or a `docker-compose` file). In both cases you don't want to map the fpm port to your host.
 | 
	
		
			
				|  |  | +To use the fpm image, you need an additional web server, such as [nginx](https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html), that can proxy http-request to the fpm-port of the container. For fpm connection this container exposes port 9000. In most cases, you might want use another container or your host as proxy. If you use your host you can address your Nextcloud container directly on port 9000. If you use another container, make sure that you add them to the same docker network (via `docker run --network <NAME> ...` or a `docker-compose` file). In both cases you don't want to map the fpm port to your host.
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  ```console
 | 
	
		
			
				|  |  |  $ docker run -d %%IMAGE%%:fpm
 | 
	
	
		
			
				|  | @@ -103,7 +103,7 @@ $ docker-compose exec --user www-data app php occ
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  ## Auto configuration via environment variables
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -The Nextcloud image supports auto configuration via environment variables. You can preconfigure everything that is asked on the install page on first run. To enable auto configuration, set your database connection via the following environment variables. ONLY use one database type!
 | 
	
		
			
				|  |  | +The Nextcloud image supports auto configuration via environment variables. You can preconfigure everything that is asked on the install page on first run. To enable auto configuration, set your database connection via the following environment variables. You must specify all of the environment variables for a given database or the database environment variables defaults to SQLITE. ONLY use one database type!
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  **SQLite**:
 | 
	
		
			
				|  |  |  
 | 
	
	
		
			
				|  | @@ -123,7 +123,9 @@ The Nextcloud image supports auto configuration via environment variables. You c
 | 
	
		
			
				|  |  |  -	`POSTGRES_PASSWORD` Password for the database user using postgres.
 | 
	
		
			
				|  |  |  -	`POSTGRES_HOST` Hostname of the database server using postgres.
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -If you set any values, they will not be asked in the install page on first run. With a complete configuration by using all variables for your database type, you can additionally configure your Nextcloud instance by setting admin user and password (only works if you set both):
 | 
	
		
			
				|  |  | +As an alternative to passing sensitive information via environment variables, `_FILE` may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. See [Docker secrets](#docker=secrets) section below.
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +If you set any group of values (i.e. all of `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_HOST`), they will not be asked in the install page on first run. With a complete configuration by using all variables for your database type, you can additionally configure your Nextcloud instance by setting admin user and password (only works if you set both):
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  -	`NEXTCLOUD_ADMIN_USER` Name of the Nextcloud admin user.
 | 
	
		
			
				|  |  |  -	`NEXTCLOUD_ADMIN_PASSWORD` Password for the Nextcloud admin user.
 | 
	
	
		
			
				|  | @@ -171,6 +173,9 @@ To use an external S3 compatible object store as primary storage, set the follow
 | 
	
		
			
				|  |  |  -	`OBJECTSTORE_S3_SSL` (default: `true`): Whether or not SSL/TLS should be used to communicate with object storage server
 | 
	
		
			
				|  |  |  -	`OBJECTSTORE_S3_REGION`: The region that the S3 bucket resides in.
 | 
	
		
			
				|  |  |  -	`OBJECTSTORE_S3_USEPATH_STYLE` (default: `false`): Not required for AWS S3
 | 
	
		
			
				|  |  | +-	`OBJECTSTORE_S3_LEGACYAUTH` (default: `false`): Not required for AWS S3
 | 
	
		
			
				|  |  | +-	`OBJECTSTORE_S3_OBJECT_PREFIX` (default: `urn:oid:`): Prefix to prepend to the fileid
 | 
	
		
			
				|  |  | +-	`OBJECTSTORE_S3_AUTOCREATE` (default: `true`): Create the container if it does not exist
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  Check the [Nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3) for more information.
 | 
	
		
			
				|  |  |  
 | 
	
	
		
			
				|  | @@ -184,22 +189,28 @@ To use an external OpenStack Swift object store as primary storage, set the foll
 | 
	
		
			
				|  |  |  -	`OBJECTSTORE_SWIFT_PROJECT_NAME`: OpenStack project name
 | 
	
		
			
				|  |  |  -	`OBJECTSTORE_SWIFT_PROJECT_DOMAIN` (default: `Default`): OpenStack project domain
 | 
	
		
			
				|  |  |  -	`OBJECTSTORE_SWIFT_SERVICE_NAME` (default: `swift`): Swift service name
 | 
	
		
			
				|  |  | --	`OBJECTSTORE_SWIFT_SERVICE_REGION`: Swift endpoint region
 | 
	
		
			
				|  |  | +-	`OBJECTSTORE_SWIFT_REGION`: Swift endpoint region
 | 
	
		
			
				|  |  |  -	`OBJECTSTORE_SWIFT_CONTAINER_NAME`: Swift container (bucket) that Nextcloud should store the data in
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  Check the [Nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#openstack-swift) for more information.
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | +To customize other PHP limits you can simply change the following variables:
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +-	`PHP_MEMORY_LIMIT` (default `512M`) This sets the maximum amount of memory in bytes that a script is allowed to allocate. This is meant to help prevent poorly written scripts from eating up all available memory but it can prevent normal operation if set too tight.
 | 
	
		
			
				|  |  | +-	`PHP_UPLOAD_LIMIT` (default `512M`) This sets the upload limit (`post_max_size` and `upload_max_filesize`) for big files. Note that you may have to change other limits depending on your client, webserver or operating system. Check the [Nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html) for more information.
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  |  ## Using the apache image behind a reverse proxy and auto configure server host and protocol
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -The apache image will replace the remote addr (ip address visible to Nextcloud) with the ip address from `X-Real-IP` if the request is coming from a proxy in 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16 by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client ip (`HTTP_X_FORWARDED_FOR`) from a trusted proxy, disable rewrite ip and add the reverse proxies ip address to `TRUSTED_PROXIES`.
 | 
	
		
			
				|  |  | +The apache image will replace the remote addr (IP address visible to Nextcloud) with the IP address from `X-Real-IP` if the request is coming from a proxy in `10.0.0.0/8`, `172.16.0.0/12` or `192.168.0.0/16` by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client IP (`HTTP_X_FORWARDED_FOR`) from a trusted proxy, then disable rewrite IP and add the reverse proxy's IP address to `TRUSTED_PROXIES`.
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | --	`APACHE_DISABLE_REWRITE_IP` (not set by default): Set to 1 to disable rewrite ip.
 | 
	
		
			
				|  |  | +-	`APACHE_DISABLE_REWRITE_IP` (not set by default): Set to 1 to disable rewrite IP.
 | 
	
		
			
				|  |  |  -	`TRUSTED_PROXIES` (empty by default): A space-separated list of trusted proxies. CIDR notation is supported for IPv4.
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  If the `TRUSTED_PROXIES` approach does not work for you, try using fixed values for overwrite parameters.
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  -	`OVERWRITEHOST` (empty by default): Set the hostname of the proxy. Can also specify a port.
 | 
	
		
			
				|  |  |  -	`OVERWRITEPROTOCOL` (empty by default): Set the protocol of the proxy, http or https.
 | 
	
		
			
				|  |  | +-	`OVERWRITECLIURL` (empty by default): Set the cli url of the proxy (e.g. https://mydnsname.example.com)
 | 
	
		
			
				|  |  |  -	`OVERWRITEWEBROOT` (empty by default): Set the absolute path of the proxy.
 | 
	
		
			
				|  |  |  -	`OVERWRITECONDADDR` (empty by default): Regex to overwrite the values dependent on the remote address.
 | 
	
		
			
				|  |  |  
 | 
	
	
		
			
				|  | @@ -364,28 +375,30 @@ volumes:
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  secrets:
 | 
	
		
			
				|  |  |    nextcloud_admin_password:
 | 
	
		
			
				|  |  | -    file: ./nextcloud_admin_password.txt # put admin password to this file
 | 
	
		
			
				|  |  | +    file: ./nextcloud_admin_password.txt # put admin password in this file
 | 
	
		
			
				|  |  |    nextcloud_admin_user:
 | 
	
		
			
				|  |  | -    file: ./nextcloud_admin_user.txt # put admin username to this file
 | 
	
		
			
				|  |  | +    file: ./nextcloud_admin_user.txt # put admin username in this file
 | 
	
		
			
				|  |  |    postgres_db:
 | 
	
		
			
				|  |  | -    file: ./postgres_db.txt # put postgresql db name to this file
 | 
	
		
			
				|  |  | +    file: ./postgres_db.txt # put postgresql db name in this file
 | 
	
		
			
				|  |  |    postgres_password:
 | 
	
		
			
				|  |  | -    file: ./postgres_password.txt # put postgresql password to this file
 | 
	
		
			
				|  |  | +    file: ./postgres_password.txt # put postgresql password in this file
 | 
	
		
			
				|  |  |    postgres_user:
 | 
	
		
			
				|  |  | -    file: ./postgres_user.txt # put postgresql username to this file
 | 
	
		
			
				|  |  | +    file: ./postgres_user.txt # put postgresql username in this file
 | 
	
		
			
				|  |  |  ```
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -Currently, this is only supported for `NEXTCLOUD_ADMIN_PASSWORD`, `NEXTCLOUD_ADMIN_USER`, `MYSQL_DB`, `MYSQL_PASSWORD`, `MYSQL_USER`, `POSTGRES_DB`, `POSTGRES_PASSWORD`, `POSTGRES_USER` and `REDIS_HOST_PASSWORD`.
 | 
	
		
			
				|  |  | +Currently, this is only supported for `NEXTCLOUD_ADMIN_PASSWORD`, `NEXTCLOUD_ADMIN_USER`, `MYSQL_DATABASE`, `MYSQL_PASSWORD`, `MYSQL_USER`, `POSTGRES_DB`, `POSTGRES_PASSWORD`, `POSTGRES_USER`, `REDIS_HOST_PASSWORD` and `SMTP_PASSWORD`.
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +If you set any group of values (i.e. all of `MYSQL_DATABASE_FILE`, `MYSQL_USER_FILE`, `MYSQL_PASSWORD_FILE`, `MYSQL_HOST`), the script will not use the corresponding group of environment variables (`MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_HOST`).
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  # Make your Nextcloud available from the internet
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -Until here, your Nextcloud is just available from you docker host. If you want your Nextcloud available from the internet adding SSL encryption is mandatory.
 | 
	
		
			
				|  |  | +Until here, your Nextcloud is just available from your docker host. If you want your Nextcloud available from the internet adding SSL encryption is mandatory.
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  ## HTTPS - SSL encryption
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  There are many different possibilities to introduce encryption depending on your setup.
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -We recommend using a reverse proxy in front of our Nextcloud installation. Your Nextcloud will only be reachable through the proxy, which encrypts all traffic to the clients. You can mount your manually generated certificates to the proxy or use a fully automated solution which generates and renews the certificates for you.
 | 
	
		
			
				|  |  | +We recommend using a reverse proxy in front of your Nextcloud installation. Your Nextcloud will only be reachable through the proxy, which encrypts all traffic to the clients. You can mount your manually generated certificates to the proxy or use a fully automated solution which generates and renews the certificates for you.
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  In our [examples](https://github.com/nextcloud/docker/tree/master/.examples) section we have an example for a fully automated setup using a reverse proxy, a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling, database and Nextcloud. It uses the popular [nginx-proxy](https://github.com/jwilder/nginx-proxy) and [docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers. Please check the according documentations before using this setup.
 | 
	
		
			
				|  |  |  
 | 
	
	
		
			
				|  | @@ -483,7 +496,7 @@ You're already using Nextcloud and want to switch to docker? Great! Here are som
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  	```console
 | 
	
		
			
				|  |  |  	docker cp ./database.dmp nextcloud_db_1:/dmp
 | 
	
		
			
				|  |  | -	docker-compose exec db sh -c "mysql -u USER -pPASSWORD nextcloud < /dmp"
 | 
	
		
			
				|  |  | +	docker-compose exec db sh -c "mysql -u USER -p PASSWORD nextcloud < /dmp"
 | 
	
		
			
				|  |  |  	docker-compose exec db rm /dmp
 | 
	
		
			
				|  |  |  	```
 | 
	
		
			
				|  |  |  
 | 
	
	
		
			
				|  | @@ -557,6 +570,12 @@ You're already using Nextcloud and want to switch to docker? Great! Here are som
 | 
	
		
			
				|  |  |  	docker-compose exec app chown -R www-data:www-data /var/www/html/config
 | 
	
		
			
				|  |  |  	```
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | +	If you want to preserve the metadata of your files like timestamps, copy the data directly on the host to the named volume using plain `cp` like this:
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	```console
 | 
	
		
			
				|  |  | +	cp --preserve --recursive ./data/ /path/to/nextcloudVolume/data
 | 
	
		
			
				|  |  | +	```
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  |  5.	Copy only the custom apps you use (or simply redownload them from the web interface):
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  	```console
 |