@luckow I think the feature is still "experimental" per the docs - This solution is currently still in testing you could experience performance issues.

The second solution listed in the section suggests enabling "Enable higher security image uploads". I can confirm that option works. Since, we enable .htaccess in the apache configs, directory indexes are disabled as well.

I think if people still want local_secure, they can always fix up env as required but there's probably a reason that the upstream does not use this as the default.

BTW: kind of same behaviour for nextcloud.
There is a UID in the user settings, which you can only see with /app/code/occ user:setting in the terminal.

And because I switched from internal Cloudron LDAP to an external LDAP I got a new UID for all my users. The strange behavior from nextcloud is:
Login with user:pass works. (the schema is firstname.lastname as username).
But internally nextcloud adds a _RANDOMNUMBER to it.
In my case a stephan.luckow is internally changed to stephan.luckow_3096

Problem is: all my calendar entries are based on stephan.luckow_3096 and not on stephan.luckow.

@girish Got it. So as long as I stick with the Cloudron LDAP, all is well. Thanks for the explanation, and also for the update to the docs.

@girish Only Bookstack. Yourls installed just fine.

I have updated bookstack package to support optional cloudron authentication. If you do a fresh install, you will get the option to install without cloudron auth. After that, you can enable external registration.

@subven thank you 👍 I will give it a try.