diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh
index bb36407198c4465805ba2ffdf7282442cc102254..9eb90f5dfdea834013ec5e9c2f44943bc276e614 100755
--- a/scripts/postinstall.sh
+++ b/scripts/postinstall.sh
@@ -71,6 +71,20 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ db:add-mi
 
 docker-compose exec -T --user www-data nextcloud php occ maintenance:mode --off
 
+# define all default preview providers AND the video preview provider, now that ffmpeg is bundled in the image
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value='OC\Preview\PNG'
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set enabledPreviewProviders 1 --value='OC\Preview\JPEG'
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set enabledPreviewProviders 2 --value='OC\Preview\GIF'
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set enabledPreviewProviders 3 --value='OC\Preview\BMP'
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set enabledPreviewProviders 4 --value='OC\Preview\XBitmap'
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set enabledPreviewProviders 5 --value='OC\Preview\MP3'
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set enabledPreviewProviders 6 --value='OC\Preview\TXT'
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set enabledPreviewProviders 7 --value='OC\Preview\MarkDown'
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set enabledPreviewProviders 8 --value='OC\Preview\OpenDocument'
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set enabledPreviewProviders 9 --value='OC\Preview\Krita'
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set enabledPreviewProviders 10 --value='OC\Preview\Movie'
+
+
 echo "Restarting Nextcloud container"
 docker-compose restart nextcloud
 
diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml
index 0c7e7c17aa30c0d6c902573428a695f545b85900..8a37e6d28a2258e3f5c3dc9625c5c8e55a97c66a 100644
--- a/templates/docker-compose/docker-compose.yml
+++ b/templates/docker-compose/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3'
 
 services:
   mailserver:
-    image: mailserver2/mailserver:1.1.13
+    image: mailserver2/mailserver:1.1.14
     container_name: mailserver
     domainname: ${DOMAIN} # Mail server A/MX/FQDN & reverse PTR = mail.${DOMAIN}.
     hostname: mail
@@ -127,7 +127,7 @@ services:
       - "mail.${DOMAIN}:${NC_HOST_IP}"
 
   nextcloud:
-    image: registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:selfhost-24-0-10
+    image: registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:25-0-8-19
     container_name: nextcloud
     restart: always
     networks:
@@ -140,7 +140,7 @@ services:
       - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
       #  below ENV disabled so NC container do not start install
       # - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
-      - OVERWRITEPROTOCOL=https 
+      - OVERWRITEPROTOCOL=https
       - NEXTCLOUD_EMAIL_RECOVERY_APP_SECRET=${NEXTCLOUD_EMAIL_RECOVERY_APP_SECRET}
     volumes:
       - /mnt/repo-base/volumes/nextcloud/html:/var/www/html/
diff --git a/templates/nginx/sites-enabled/nextcloud.conf b/templates/nginx/sites-enabled/nextcloud.conf
index 5045add3a6708cdbf9d5dbdd7e7da96dd9118a98..ab4d31dba09549f74b7b2d508f678486911670f9 100644
--- a/templates/nginx/sites-enabled/nextcloud.conf
+++ b/templates/nginx/sites-enabled/nextcloud.conf
@@ -29,8 +29,8 @@ server {
     add_header X-XSS-Protection "1; mode=block";
     add_header Strict-Transport-Security "max-age=15768000";
     add_header Referrer-Policy "no-referrer" always;
-    add_header X-Frame-Options "SAMEORIGIN" always;    
-    add_header X-Robots-Tag "none" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Robots-Tag "noindex,nofollow" always;
     add_header X-Download-Options "noopen" always;
     add_header X-Permitted-Cross-Domain-Policies "none" always;
     fastcgi_hide_header X-Powered-By;
@@ -49,7 +49,7 @@ server {
     location = /.well-known/nodeinfo {
         return 301 $scheme://$host/index.php$uri;
     }
-    
+
     client_max_body_size 4096M;
     fastcgi_buffers 64 4K;
 
diff --git a/upgrade-guides/upgrade-to-25.0.8.19 md b/upgrade-guides/upgrade-to-25.0.8.19 md
new file mode 100644
index 0000000000000000000000000000000000000000..3ac5e24015dfde8ce00007bb5977c974a0488525
--- /dev/null
+++ b/upgrade-guides/upgrade-to-25.0.8.19 md	
@@ -0,0 +1,61 @@
+# To upgrade from ecloud 24.0.10.7 to 25.0.8.19
+
+
+- As usual, upgrade your OS with latest patchs, optionally take backup/snapshot
+  - NB: you may want to filter out incomming email (TCP 25 & 587) during this upgrade, to avoid losing any messages in case of a rollback
+
+- Go to `/mnt/repo_base`, then run:
+  - `docker-compose stop`
+  - `git pull origin master`
+
+- In your `docker-compose.yml` file update the following:
+  - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:25-0-8-19`
+  - Set `OVERWRITEPROTOCOL=https`
+  - Set the mailserver image to `mailserver2/mailserver:1.1.14`
+
+- In your config/nginx/sites-enabled/nextcloud.conf file, replace:
+  - add_header X-Robots-Tag "none" always; with add_header X-Robots-Tag "noindex,nofollow" always;
+
+- Run `docker-compose pull`
+- If pulls are OK, run `docker-compose up -d`
+
+- Examine `docker-compose logs --tail=500 nextcloud` for the following messages:
+  - `nextcloud       | Upgrading nextcloud from x.x.x.x ...` (x.x.x.x is your previous Nextcloud version)
+  - `nextcloud       | Update successful`
+
+- Run:
+  - `docker-compose exec -T --user www-data nextcloud php occ db:add-missing-indices`
+  - `docker exec -u www-data nextcloud /var/www/html/occ app:remove ecloud-dashboard`
+  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable murena-dashboard`
+  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable bruteforcesettings`
+  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable suspicious_login`
+  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable twofactor_totp`
+  - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable user_backend_sql_raw`
+  - `docker exec -u www-data nextcloud /var/www/html/occ config:system:set defaultapp --value "murena-dashboard,files"`
+  -`. scripts/base.sh`
+  -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set main_domain --value $DOMAIN`
+  -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set legacy_domain --value $DOMAIN`
+
+- $DOMAIN used above is the main domain where selfhost is installed
+
+- We added new murena logo in this theme and also added a new helper app-`selfhost-theme-helper`
+  - Enable the `selfhost-theme-helper` app:
+  - `docker exec -u www-data nextcloud /var/www/html/occ app:enable selfhost-theme-helper`
+
+- Videos previews can be enabled in this update, as ffmpeg is bundled in the image.
+  - if you did not defined any specific preview providers, to respect the default ones listed in [config.sample.php for nextcloud 25](https://github.com/nextcloud/server/blob/stable25/config/config.sample.php#L1220), you can set :
+    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 0 --value='OC\Preview\PNG'`
+    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 1 --value='OC\Preview\JPEG'`
+    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 2 --value='OC\Preview\GIF'`
+    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 3 --value='OC\Preview\BMP'`
+    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 4 --value='OC\Preview\XBitmap'`
+    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 5 --value='OC\Preview\MP3'`
+    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 6 --value='OC\Preview\TXT'`
+    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 7 --value='OC\Preview\MarkDown'`
+    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 8 --value='OC\Preview\OpenDocument'`
+    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 9 --value='OC\Preview\Krita'`
+    -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 10 --value='OC\Preview\Movie'`
+
+  - if you have a custom list of PreviewProviders, just add the `OC\Preview\Movie` in the list
+
+- Check all settings subsections starting from `/settings/admin/overview` while logged in with the admin user account to identify any issues found post upgrade