diff --git a/monitoring/docker-compose.yaml b/monitoring/docker-compose.yaml
index 98d3662..7fb6cd5 100644
--- a/monitoring/docker-compose.yaml
+++ b/monitoring/docker-compose.yaml
@@ -2,7 +2,7 @@ version: "3.3"
 services:
 
   grafana:
-    image: grafana/grafana:7.4.3
+    image: grafana/grafana:7.5.6
     restart: unless-stopped
     networks:
       - web
@@ -37,7 +37,7 @@ services:
 
 
   grafanadb:
-    image: postgres
+    image: postgres:13
     volumes:
       - ${VOLUMES_PATH}/grafanadb:/var/lib/postgresql/data
     networks:
diff --git a/nextcloud/docker-compose.yaml b/nextcloud/docker-compose.yaml
index 3d31b39..efb88ee 100644
--- a/nextcloud/docker-compose.yaml
+++ b/nextcloud/docker-compose.yaml
@@ -28,7 +28,7 @@ services:
       - "docker.group=netxtcloud"
 
   app:
-    image: nextcloud:20-fpm
+    image: nextcloud:21-fpm
     volumes:
       - ${VOLUMES_PATH}/nextcloud_html:/var/www/html
       - ${VOLUMES_PATH}/nextcloud_data:/var/www/html/data
diff --git a/nextcloud/nginx.conf b/nextcloud/nginx.conf
index b28955c..6ffd511 100644
--- a/nextcloud/nginx.conf
+++ b/nextcloud/nginx.conf
@@ -63,22 +63,18 @@ http {
             access_log off;
         }
 
-        # The following 2 rules are only needed for the user_webfinger app.
-        # Uncomment it if you're planning to use this app.
-        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+        # Make a regex exception for `/.well-known` so that clients can still
+        # access it despite the existence of the regex rule
+        # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+        # for `/.well-known`.
+        location ^~ /.well-known {
+            location = /.well-known/carddav     { return 301 https://$host:443/remote.php/dav; }
+            location = /.well-known/caldav      { return 301 https://$host:443/remote.php/dav; }
+            # Anything else is dynamically handled by Nextcloud
+            location ^~ /.well-known            { return 301 https://$host:443/index.php$uri; }
 
-        # The following rule is only needed for the Social app.
-        # Uncomment it if you're planning to use this app.
-        rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
-
-        location = /.well-known/carddav {
-            return 301 https://$host:443/remote.php/dav;
-        }
-
-        location = /.well-known/caldav {
-            return 301 https://$host:443/remote.php/dav;
-        }
+            try_files $uri $uri/ =404;
+    }
 
         # set max upload size
         client_max_body_size 10G;