{"id":27002040,"url":"https://github.com/error311/filerise","last_synced_at":"2026-03-15T10:36:28.800Z","repository":{"id":278839768,"uuid":"936511251","full_name":"error311/FileRise","owner":"error311","description":"πŸ—‚οΈ FileRise – lightweight, self-hosted file manager with granular ACLs, shared uploads, encrypted folders, WebDAV \u0026 SSO. Fully Docker / Unraid compatible.","archived":false,"fork":false,"pushed_at":"2026-02-08T08:13:26.000Z","size":93964,"stargazers_count":874,"open_issues_count":0,"forks_count":37,"subscribers_count":9,"default_branch":"master","last_synced_at":"2026-02-08T12:24:06.870Z","etag":null,"topics":["acl","docker","file-editor","file-manager","file-upload","folder-management","javascript","multi-file-upload","php","self-hosted","sso","twofactor-auth","unraid","uploader","web-application","web-based","webapp","webdav"],"latest_commit_sha":null,"homepage":"https://filerise.net","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"sensboston/uploader","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/error311.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["error311"],"ko_fi":"error311"}},"created_at":"2025-02-21T08:02:37.000Z","updated_at":"2026-02-08T08:13:29.000Z","dependencies_parsed_at":null,"dependency_job_id":"de05dbb0-216e-4d2e-8e76-d124df52c633","html_url":"https://github.com/error311/FileRise","commit_stats":null,"previous_names":["error311/uploader","error311/uploader-and-editor","error311/filerise"],"tags_count":139,"template":false,"template_full_name":null,"purl":"pkg:github/error311/FileRise","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/error311%2FFileRise","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/error311%2FFileRise/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/error311%2FFileRise/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/error311%2FFileRise/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/error311","download_url":"https://codeload.github.com/error311/FileRise/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/error311%2FFileRise/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29292053,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-10T03:42:42.660Z","status":"ssl_error","status_checked_at":"2026-02-10T03:42:41.897Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acl","docker","file-editor","file-manager","file-upload","folder-management","javascript","multi-file-upload","php","self-hosted","sso","twofactor-auth","unraid","uploader","web-application","web-based","webapp","webdav"],"created_at":"2025-04-04T04:28:30.432Z","updated_at":"2026-03-15T10:36:28.793Z","avatar_url":"https://github.com/error311.png","language":"JavaScript","readme":"# FileRise\n\n[![GitHub stars](https://img.shields.io/github/stars/error311/FileRise?style=social)](https://github.com/error311/FileRise)\n[![Docker pulls](https://img.shields.io/docker/pulls/error311/filerise-docker)](https://hub.docker.com/r/error311/filerise-docker)\n[![Docker CI](https://img.shields.io/github/actions/workflow/status/error311/filerise-docker/main.yml?branch=main\u0026label=Docker%20CI)](https://github.com/error311/filerise-docker/actions/workflows/main.yml)\n[![CI](https://img.shields.io/github/actions/workflow/status/error311/FileRise/ci.yml?branch=master\u0026label=CI)](https://github.com/error311/FileRise/actions/workflows/ci.yml)\n[![Demo](https://img.shields.io/badge/demo-live-brightgreen)](https://demo.filerise.net)\n[![Release](https://img.shields.io/github/v/release/error311/FileRise?include_prereleases\u0026sort=semver)](https://github.com/error311/FileRise/releases)\n[![License](https://img.shields.io/github/license/error311/FileRise)](LICENSE)\n[![Discord](https://img.shields.io/badge/Discord-join_chat-5865F2?logo=discord\u0026logoColor=white)](https://discord.gg/7WN6f56X2e)\n\n**FileRise** is a self-hosted web file manager and storage hub with WebDAV, sharing, and per-folder ACLs.\nDrag \u0026 drop uploads, OnlyOffice integration, and **optional folder-level encryption at rest** β€” all in one PHP app you control.\n\nQuick links: [Website](https://filerise.net) β€’ [Docs](https://filerise.net/docs/) β€’ [Live demo](https://demo.filerise.net) β€’ [Install](#install-docker--recommended) β€’ [FileRise Pro](https://filerise.net/pro/)\n\n- **Built for:** anyone who wants a fast, self-hosted file manager, storage hub, client portal, and AI workflow workspace on their own infrastructure.\n- **Core (MIT):** full open-source FileRise feature set (ACLs, folder and file sharing, uploads, tags/search, PDF previews, and more), plus multiple local roots and WebDAV sources for storage-hub workflows.\n- **Pro:** adds user groups, client portals, automation, additional source adapters, gateway shares, search everywhere/audit tooling, and a permissions-aware AI workspace for structured extraction, organization, approvals, and scoped copilots.\n\n- [FileRise Pro AI Chat: Organize Files By Type](https://youtu.be/zoM7LudY934)\n- [FileRise Pro AI Chat: Extract Invoice Fields to JSON and CSV](https://youtu.be/HhY__X695KM)\n\n[![Sponsor on GitHub](https://img.shields.io/badge/Sponsor-❀-red)](https://github.com/sponsors/error311)\n[![Support on Ko-fi](https://img.shields.io/badge/Ko--fi-Buy%20me%20a%20coffee-orange)](https://ko-fi.com/error311)\n\n![Sources](https://raw.githubusercontent.com/error311/FileRise/master/resources/FileRisePro-Sources.gif)\n\n## Table of contents\n\n- [Quick links](#quick-links)\n- [Install (Docker – recommended)](#install-docker--recommended)\n- [Manual install (PHP web server)](#manual-install-php-web-server)\n- [After install (5 minutes)](#after-install-5-minutes)\n- [Data \u0026 backups](#data--backups)\n- [First-run security checklist](#first-run-security-checklist)\n- [Optional dependencies](#optional-dependencies)\n- [WebDAV \u0026 ONLYOFFICE (optional)](#webdav--onlyoffice-optional)\n- [Security \u0026 updates](#security--updates)\n- [Community, support \u0026 contributing](#community-support--contributing)\n- [AI Disclosure](#ai-disclosure)\n- [License \u0026 third-party code](#license--third-party-code)\n- [Press](#press)\n\n---\n\n## Highlights\n\n- πŸ’Ύ **Self-hosted β€œcloud drive”** – Runs anywhere with PHP (or via Docker). No external database required.\n- πŸ” **Granular per-folder ACLs** – Manage View (all/own), Upload, Create, Edit, Rename, Move, Copy, Delete, Extract, Share, and more β€” all enforced consistently across the UI, API, and WebDAV.\n- πŸ”— **Link File (authenticated deep links)** – Generate internal links to specific files, require login + ACL checks, and open directly to the target in the app.\n- 🀝 **Folder and file sharing** – Share folders for browsing or upload-only file requests, protect links with passwords/expiration, and share individual files with generated links.\n- πŸ“₯ **File Request links (upload-only)** – Share upload-only links so external users can submit files into a folder without browsing existing files.\n- πŸ“„ **PDF viewing + optional local PDF thumbnails** – View PDFs inline in the preview modal, and optionally enable first-page PDF thumbnails for gallery cards and hover previews using `pdftoppm`.\n- πŸ” **Folder-level encryption at rest (optional)** – Encrypt entire folders (and all descendants) on disk using modern authenticated encryption.\n - Opt-in per folder with inherited protection for subfolders\n - Files are stored encrypted on disk and transparently decrypted on download\n - Master key can be generated by FileRise or supplied via environment variable\n - When enabled, incompatible features (WebDAV, sharing, ZIP operations, OnlyOffice) are automatically disabled for safety\n- πŸ”„ **Fast drag-and-drop uploads** – Chunked, resumable uploads with pause/resume and progress tracking. If your connection drops, FileRise resumes automatically.\n- πŸͺŸ **Dual-pane mode + keyboard shortcuts** – Optional two-pane file browser for fast workflows (copy/move between panes, compare folders, and operate without the mouse). Shortcut overlay + hotkeys (F3 preview, F4 edit, F5 copy, F6 move, F7 new folder, Del delete, `/` search).\n- 🌳 **Scales to huge trees** – Tested with **100k+ folders** in the sidebar tree without choking the UI.\n- 🌈 **Visual organization** – Color-code folders in the tree, inline list, and folder strip, plus tag files with color-coded labels for fast visual scanning.\n- πŸ‘€ **Hover preview β€œpeek” cards** – On desktop, hover files or folders to see thumbnails (images/video), quick metadata (size, timestamps, tags), and effective permissions. Per-user toggle stored in `localStorage`.\n- 🎬 **Smart media handling** – Track per-file video watch progress with a β€œwatched” indicator, remember last volume/mute state, and reset progress when needed.\n- 🧩 **OnlyOffice support (optional)** – Edit DOCX/XLSX/PPTX using your own Document Server; ODT/ODS/ODP supported as well. PDFs can be viewed inline.\n- 🌍 **WebDAV (ACL-aware)** – Mount FileRise as a drive from macOS, Windows, Linux, or Cyberduck/WinSCP. Listings, uploads, overwrites, deletes, and folder creation all honor the same ACLs as the web UI.\n- 🏷️ **Tags, search \u0026 trash** – Tag files, search by name/tag/uploader/content via fuzzy search, and recover mistakes using a Trash with time-based retention.\n- πŸ“š **API + live docs** – OpenAPI spec served at `api.php?spec=1` (from `openapi.json.dist`) with a Redoc UI at `api.php` (login required).\n- πŸ“Š **Storage / disk usage summary** – CLI scanner with snapshots, total usage, and per-volume breakdowns surfaced in the admin panel.\n- 🎨 **Polished, responsive UI** – Dark/light mode, mobile-friendly layout, in-browser previews, and a built-in code editor powered by CodeMirror.\n- 🌐 **Internationalization** – English, Spanish, French, German, Polish, Russian, Japanese and Simplified Chinese included; community translations welcome.\n- πŸ”‘ **Login + SSO** – Local users, TOTP 2FA, and OIDC (Auth0 / Authentik / Keycloak / etc.) with optional auto-provisioning, IdP-driven admin role assignment, and Pro user-group mapping.\n- πŸ›‘οΈ **ClamAV virus scanning (Core) + Pro virus log** – Optional ClamAV upload scanning, with a Pro virus detection log in the admin panel and CSV export.\n- 🌐 **Reverse proxy \u0026 subpath aware** – Designed to run cleanly behind Nginx, Traefik, Caddy, or Apache:\n - Supports installs under a subpath (e.g. `https://example.com/files`)\n - Correct URL generation for assets, APIs, portals, PWA, and share links\n - If the proxy strips the prefix, set `FR_BASE_PATH` or send `X-Forwarded-Prefix`\n - Explicit β€œPublished URL” setting for proxy / firewall environments\n - Works with `X-Forwarded-*` headers and Kubernetes ingress setups\n- πŸ‘₯ **Pro: user groups, client portals, global search, storage explorer \u0026 audit logs** –\n Group-based ACLs, brandable client upload portals, **ACL-aware global search across files, folders, users, and permissions**, an ncdu-style storage explorer for identifying large folders/files and reclaiming disk space directly from the UI, and **Pro Audit Logs** (configurable activity logging with filters + CSV export for tracking key actions across web, WebDAV, shares, and portals).\n- βš™οΈ **Pro: Automation (Webhooks + Jobs)** –\n Send FileRise events to other apps/services using managed webhook endpoints with async delivery, retries, queue visibility, and job history from Admin.\n- πŸ€– **Pro: AI workflows + workspace** –\n Use a permissions-aware AI workspace for structured extraction, folder organization, watched-folder workflows, approval-gated bulk actions, and scoped share/portal copilots with cited answers and admin controls.\n- 🌐 **Sources (Core + Pro adapters)** –\n Turn FileRise into a storage hub by connecting multiple backends and switching between them in the UI:\n - **Core:** Multiple local roots (additional local paths)\n - **Core:** **WebDAV** sources (Nextcloud / ownCloud / FileRise)\n - **Pro:** **S3-compatible** (AWS S3 / MinIO / Wasabi / Backblaze B2 S3 / etc.)\n - **Pro:** **SMB/CIFS**, **SFTP**, **FTP**\n - **Pro:** **Google Drive**, **OneDrive**, **Dropbox**\n - Works with **dual-pane** so you can copy/move via drag \u0026 drop or toolbar actions **between sources**, with **per-source Trash**\n- πŸ”Œ **Pro: Gateway Shares v2 (SFTP / S3 / MCP)** –\n Expose selected source roots through managed gateways for external clients and workflows:\n - Managed **start/stop/restart/status/log** controls from Admin\n - **SFTP gateway** for tools like FileZilla, WinSCP, and rclone\n - **S3 gateway** for S3-compatible clients and automation\n - **Scoped MCP users/tokens** mapped to FileRise user + source/root scope\n - AI/tool integrations stay **ACL-scoped and auditable**\n\nFull list of features: [Full Feature Wiki](https://github.com/error311/FileRise/wiki/Features)\n\n![FileRise](https://raw.githubusercontent.com/error311/FileRise/master/resources/filerise-v3.0.0.png)\n\n\u003e πŸ’‘ Looking for **FileRise Pro** (brandable header, **user groups**, **client upload portals**, license handling)?\n\u003e Check out [filerise.net](https://filerise.net) – FileRise Core stays fully open-source (MIT).\n\n---\n\n## Quick links\n\n- πŸš€ **Live demo:** [Demo](https://demo.filerise.net) (username: `demo` / password: `demo`)\n- 🧩 **FileRise Pro:** [filerise.net](https://filerise.net)\n- πŸ“š **Docs \u0026 Wiki:** [Wiki](https://github.com/error311/FileRise/wiki)\n - [Features overview](https://github.com/error311/FileRise/wiki/Features)\n - [FAQ](https://github.com/error311/FileRise/wiki/FAQ)\n - [Troubleshooting and common errors](https://github.com/error311/FileRise/wiki/Troubleshooting-and-Common-Errors)\n - [Logs and diagnostics](https://github.com/error311/FileRise/wiki/Logs-and-Diagnostics)\n - [Screenshots](https://github.com/error311/FileRise/wiki/Screenshots)\n - [Installation \u0026 setup](https://github.com/error311/FileRise/wiki/Installation-Setup)\n - [Common env vars](https://github.com/error311/FileRise/wiki/Common-Env-Variables)\n - [Env vars (full reference)](https://github.com/error311/FileRise/wiki/Environment-Variables-Full-Reference)\n - [Admin Panel](https://github.com/error311/FileRise/wiki/Admin-Panel)\n - [Pro MCP AI quickstart](https://github.com/error311/FileRise/wiki/Pro-MCP-AI-Quickstart)\n - [ACL \u0026 permissions](https://github.com/error311/FileRise/wiki/ACL-and-Permissions)\n - [ACL recipes](https://github.com/error311/FileRise/wiki/ACL-Recipes)\n - [WebDAV (mount)](https://github.com/error311/FileRise/wiki/WebDAV)\n - [WebDAV via curl](https://github.com/error311/FileRise/wiki/Accessing-FileRise-via-curl%C2%A0(WebDAV))\n - [ONLYOFFICE](https://github.com/error311/FileRise/wiki/ONLYOFFICE)\n - [OIDC \u0026 SSO](https://github.com/error311/FileRise/wiki/OIDC-and-SSO)\n - [Nginx setup](https://github.com/error311/FileRise/wiki/Nginx-Setup)\n - [Kubernetes / k8s](https://github.com/error311/FileRise/wiki/Kubernetes---k8s-deployment)\n - [Backup \u0026 restore](https://github.com/error311/FileRise/wiki/Backup-and-Restore)\n - [Upgrade \u0026 migration](https://github.com/error311/FileRise/wiki/Upgrade-and-Migration)\n - [Maintenance scripts](https://github.com/error311/FileRise/wiki/Maintenance-Scripts)\n - [Reverse proxy \u0026 subpath](https://github.com/error311/FileRise/wiki/Reverse-Proxy-and-Subpath)\n- 🐳 **Docker image:** \n - Docker Hub: [Docker](https://hub.docker.com/r/error311/filerise-docker)\n - Build pipeline / tags: [Workflow](https://github.com/error311/filerise-docker)\n- ⎈ **Community Helm chart (unofficial):** [dofevine/charts/filerise](https://github.com/dofevine/charts/tree/main/filerise) *(community-maintained, not maintained by FileRise core)*\n- πŸ’¬ **Discord:** [Discord](https://discord.gg/7WN6f56X2e)\n- πŸ“ **Changelog:** [Changelog](https://github.com/error311/FileRise/blob/master/CHANGELOG.md)\n\n### Support checklist (please include)\n\nIf you open an issue/discussion, please include:\n\n- FileRise version + install method (Docker tag / release ZIP / git)\n- Reverse proxy (Nginx / Traefik / Caddy) + subpath (yes/no)\n- Browser console errors (if any)\n- Server/container logs around the error\n\n---\n\n## Install (Docker – recommended)\n\nThe easiest way to run FileRise is the official Docker image.\n\n\u003e βœ… **Tip:** For stability, pin a version tag (example: `error311/filerise-docker:vX.Y.Z`) instead of `:latest`. See [Releases](https://github.com/error311/FileRise/releases) for current versions.\n\n### Option A – Quick start (docker run)\n\nPristine Docker installs can omit `PERSISTENT_TOKENS_KEY`. FileRise will generate a unique key on first start and persist it in `metadata/persistent_tokens.key`.\n\nIf you prefer to manage the key yourself, set one before first start:\n\n```bash\nexport PERSISTENT_TOKENS_KEY=\"$(openssl rand -hex 32)\"\n```\n\n```bash\ndocker run -d \\\n --name filerise \\\n -p 8080:80 \\\n -e TIMEZONE=\"America/New_York\" \\\n -e TOTAL_UPLOAD_SIZE=\"10G\" \\\n -e SECURE=\"false\" \\\n -e SCAN_ON_START=\"true\" \\\n -e CHOWN_ON_START=\"true\" \\\n -v ~/filerise/uploads:/var/www/uploads \\\n -v ~/filerise/users:/var/www/users \\\n -v ~/filerise/metadata:/var/www/metadata \\\n error311/filerise-docker:latest\n```\n\nThen visit:\n\n```text\nhttp://your-server-ip:8080\n```\n\nOn first launch you’ll be guided through creating the **initial admin user**.\n\n\u003e πŸ’‘ After the first run, you can set `CHOWN_ON_START=\"false\"` if permissions are already correct and you don’t want a recursive `chown` on uploads/metadata on every start.\n\u003e\n\u003e ⚠️ **Uploads folder recommendation**\n\u003e\n\u003e It’s strongly recommended to bind `/var/www/uploads` to a **dedicated folder**\n\u003e (for example `~/filerise/uploads` or `/mnt/user/appdata/FileRise/uploads`),\n\u003e not the root of a huge media share.\n\u003e\n\u003e πŸ” **Persistent tokens key note**\n\u003e\n\u003e Keep `/var/www/metadata` persistent. On a pristine install, FileRise writes the\n\u003e generated persistent tokens key to `metadata/persistent_tokens.key`. If you\n\u003e choose to manage the key via env instead, keep that value stable for the life\n\u003e of the instance.\n\u003e\n\u003e If you really want FileRise to sit β€œon top of” an existing share, use a\n\u003e subfolder (e.g. `/mnt/user/media/filerise_root`) instead of the share root,\n\u003e so scans and permission changes stay scoped to that folder.\n\n### Option B – docker-compose.yml\n\n```yaml\nservices:\n filerise:\n image: error311/filerise-docker:latest\n container_name: filerise\n ports:\n - \"8080:80\"\n environment:\n TIMEZONE: \"America/New_York\"\n TOTAL_UPLOAD_SIZE: \"10G\"\n SECURE: \"false\"\n PERSISTENT_TOKENS_KEY: \"${PERSISTENT_TOKENS_KEY:-}\" # optional; blank = pristine installs auto-generate and persist a key in metadata\n SCAN_ON_START: \"true\" # auto-index existing files on startup\n CHOWN_ON_START: \"true\" # fix permissions on uploads/metadata on startup\n volumes:\n - ./uploads:/var/www/uploads\n - ./users:/var/www/users\n - ./metadata:/var/www/metadata\n```\n\nBring it up with:\n\n```bash\ndocker compose up -d\n```\n\nYou can leave `PERSISTENT_TOKENS_KEY` blank for pristine installs, or set it in your shell / `.env` if you want to manage the key yourself:\n\n```bash\nexport PERSISTENT_TOKENS_KEY=\"$(openssl rand -hex 32)\"\n```\n\n### Common environment variables\n\n| Variable | Required | Example | What it does |\n|-------------------------|----------|----------------------------------|--------------|\n| `TIMEZONE` | βœ… | `America/New_York` | PHP / container timezone. |\n| `TOTAL_UPLOAD_SIZE` | βœ… | `10G` | Max total upload size per request; also used to set PHP/Apache upload limits. |\n| `SECURE` | βœ… | `false` | `true` when running behind HTTPS / a reverse proxy, else `false`. |\n| `PERSISTENT_TOKENS_KEY` | Optional | `openssl rand -hex 32` | Secret used to encrypt stored secrets (tokens, permissions, admin config). If omitted on a pristine Docker install, FileRise auto-generates and persists one in `metadata/persistent_tokens.key`; existing installs without an explicit key stay on the legacy compatibility path until rotated. |\n| `SCAN_ON_START` | Optional | `true` | If `true`, runs a scan once on container start to index existing files. |\n| `CHOWN_ON_START` | Optional | `true` | If `true`, recursively normalizes ownership/permissions on `uploads/` + `metadata/`. |\n| `PUID` | Optional | `99` | If running as root, remap `www-data` user to this UID (e.g. Unraid’s 99). |\n| `PGID` | Optional | `100` | If running as root, remap `www-data` group to this GID (e.g. Unraid’s 100). |\n| `FR_PUBLISHED_URL` | Optional | `https://example.com/files` | Public URL when behind proxies/subpaths (share links, portals, redirects). |\n| `FR_BASE_PATH` | Optional | `/files` | Force a subpath when the proxy strips the prefix (overrides auto-detect). |\n| `FR_TRUSTED_PROXIES` | Optional | `127.0.0.1,10.0.0.0/8` | Comma-separated IPs/CIDRs for trusted proxies; only these can supply the client IP header. |\n| `FR_IP_HEADER` | Optional | `X-Forwarded-For` | Header to trust for the real client IP when the proxy is trusted. |\n\n\u003e Full list of common env variables: [Common Environment variables](https://github.com/error311/FileRise/wiki/Common-Env-Variables)\n\u003e Full reference: [Environment Variables (Full Reference)](https://github.com/error311/FileRise/wiki/Environment-Variables-Full-Reference)\n\u003e\n\u003e Other useful env vars (optional): \n\u003e `FR_WEBDAV_MAX_UPLOAD_BYTES` (WebDAV upload cap in bytes; `0` = unlimited), \n\u003e `FR_ENCRYPTION_MASTER_KEY` (32-byte key: hex or `base64:...`), \n\u003e `VIRUS_SCAN_ENABLED` / `VIRUS_SCAN_CMD` / `VIRUS_SCAN_EXCLUDE_DIRS` / `CLAMAV_AUTO_UPDATE`, \n\u003e `LOG_STREAM` (`error`/`access`/`both`/`none`), \n\u003e `HTTP_PORT` / `HTTPS_PORT` / `SERVER_NAME`, \n\u003e `SHARE_URL` (override share endpoint; `FR_PUBLISHED_URL` preferred).\n\u003e\n\u003e 🧩 **Traefik + subpath note (Kubernetes):** use `StripPrefix` and rely on `X-Forwarded-Prefix` + `FR_PUBLISHED_URL`. \n\u003e See: [Deployments Wiki](https://github.com/error311/FileRise/wiki/Kubernetes---k8s-deployment)\n\u003e More deployment docs: [Install Setup](https://github.com/error311/FileRise/wiki/Installation-Setup)\n\n---\n\n## Manual install (PHP web server)\n\nShort version: FileRise expects data at `/var/www/{uploads,users,metadata}` and your web server must point to the **public/** folder (for example `DocumentRoot /var/www/filerise/public`).\n\nFull guide + troubleshooting: \n[Installation \u0026 setup](https://github.com/error311/FileRise/wiki/Installation-Setup) β€’ [Upgrade \u0026 migration](https://github.com/error311/FileRise/wiki/Upgrade-and-Migration) β€’ [Reverse proxy \u0026 subpath](https://github.com/error311/FileRise/wiki/Reverse-Proxy-and-Subpath)\n\n### Requirements\n\n- PHP **8.3+**\n- Web server (Apache / Nginx / Caddy + PHP-FPM)\n- PHP extensions: `json`, `curl`, `zip` (and usual defaults)\n- No database required\n\n### Quick start (release ZIP)\n\n1) Create data directories:\n\n```bash\nsudo mkdir -p /var/www/uploads /var/www/users /var/www/metadata\nsudo chown -R www-data:www-data /var/www/uploads /var/www/users /var/www/metadata # adjust web user if needed\nsudo chmod -R 775 /var/www/uploads /var/www/users /var/www/metadata\n```\n\n2) Download a release and extract:\n\n```bash\ncd /var/www\nsudo mkdir -p filerise\nsudo chown -R $USER:$USER /var/www/filerise\ncd /var/www/filerise\n\nVERSION=\"vX.Y.Z\" # replace with the tag you want\nASSET=\"FileRise-${VERSION}.zip\"\n\ncurl -fsSL \"https://github.com/error311/FileRise/releases/download/${VERSION}/${ASSET}\" -o \"${ASSET}\"\nunzip \"${ASSET}\"\n```\n\n3) Point your web server at `/var/www/filerise/public`, then visit `http://serverip/`.\n\nIf you install FileRise outside `/var/www/filerise`, keep the data dirs in `/var/www` or update the paths in `config/config.php`.\n\n---\n\n## After install (5 minutes)\n\n- Log in and create your first admin account (prompted on first run).\n- Open Admin β†’ Users to add accounts, then Admin β†’ Folder Access to set permissions.\n- If you’re behind a reverse proxy or subpath, set `FR_PUBLISHED_URL` (and `FR_BASE_PATH` if needed).\n- Optional: enable WebDAV or ONLYOFFICE in Admin and follow the wiki guides.\n\n---\n\n## Data \u0026 backups\n\nBack up these paths (Docker volumes or host directories):\n\n- `/var/www/uploads` (file data)\n- `/var/www/users` (users, ACLs, admin config, Pro license)\n- `/var/www/metadata` (indexes, tags, logs)\n\nNotes:\n- Logs live in `/var/www/metadata/log` and can be rotated or pruned.\n- If you use the auto-generated key path, back up `/var/www/metadata/persistent_tokens.key` with the rest of `metadata/`.\n- If you manage the key via env, keep your `PERSISTENT_TOKENS_KEY` consistent when restoring backups.\n\n## First-run security checklist\n\n- Persist `/var/www/metadata` so the generated persistent tokens key survives container recreation.\n- Either set your own strong `PERSISTENT_TOKENS_KEY` or let a pristine install generate one and then back up `metadata/persistent_tokens.key`.\n- Use HTTPS and set `SECURE=\"true\"` when behind TLS/reverse proxy.\n- If behind a proxy, set `FR_TRUSTED_PROXIES` and `FR_IP_HEADER`.\n- Set `FR_PUBLISHED_URL` (and `FR_BASE_PATH` if needed) so share links are correct.\n- Block direct HTTP access to `/uploads` (serve only `public/` and deny access to `/uploads`, `/users`, `/metadata`).\n\n## Optional dependencies\n\n- **FFmpeg** – video thumbnails (set `FR_FFMPEG_PATH` if not on PATH).\n- **ClamAV** – upload scanning (`VIRUS_SCAN_ENABLED=true`), optional `VIRUS_SCAN_EXCLUDE_DIRS` path excludes.\n- **PHP sodium (libsodium)** – required for encryption-at-rest.\n- **ONLYOFFICE Document Server** – document editing in the browser.\n\n---\n\n## WebDAV \u0026 ONLYOFFICE (optional)\n\n### WebDAV\n\nOnce enabled in the Admin panel, FileRise exposes a WebDAV endpoint (e.g. `/webdav.php`). Use it with:\n\n- **macOS Finder** – Go β†’ Connect to Server β†’ `https://your-host/webdav.php/`\n- **Windows File Explorer** – Map Network Drive β†’ `https://your-host/webdav.php/`\n- **Linux (GVFS/Nautilus)** – `dav://your-host/webdav.php/`\n- Clients like **Cyberduck**, **WinSCP**, etc.\n\nWebDAV operations honor the same ACLs as the web UI.\n\nDocs: [WebDAV Wiki](https://github.com/error311/FileRise/wiki/WebDAV)\n\n### ONLYOFFICE integration\n\nIf you run an ONLYOFFICE Document Server you can open/edit Office documents directly from FileRise (DOCX, XLSX, PPTX, ODT, ODS, ODP; PDFs view-only).\n\nConfigure it in **Admin β†’ ONLYOFFICE**:\n\n- Enable ONLYOFFICE\n- Set your Document Server origin (e.g. `https://docs.example.com`)\n- Configure a shared JWT secret\n- Copy the suggested Content-Security-Policy header into your reverse proxy\n\nDocs: [ONLYOFFICE Wiki](https://github.com/error311/FileRise/wiki/ONLYOFFICE)\n\n---\n\n## Security \u0026 updates\n\n- FileRise is actively maintained and has published security advisories.\n- See **SECURITY.md** and GitHub Security Advisories for details.\n\n### Upgrading\n\n- **Docker:** pull the new tag and recreate the container with the same volumes.\n\nExample: \n\n ```bash\n docker pull error311/filerise-docker:latest\n # or pin a specific version from Releases\n ```\n\n- **Manual:** replace app files with the latest release ZIP (keep `/var/www/uploads`, `/var/www/users`, `/var/www/metadata`, and your config).\n\nPlease report vulnerabilities responsibly via the channels listed in **SECURITY.md**.\n\n---\n\n## Community, support \u0026 contributing\n\nContributions are welcome β€” from bug fixes and docs to translations and UI polish. \nSee `CONTRIBUTING.md` for guidelines.\n\nIf FileRise saves you time or becomes your daily driver, a ⭐ on GitHub or sponsorship is hugely appreciated:\n\n- ❀️ [GitHub Sponsors](https://github.com/sponsors/error311)\n- β˜• [Ko-Fi](https://ko-fi.com/error311)\n\n---\n\n## AI Disclosure\n\nFileRise is my project. I use AI like a tool for some tasks (e.g., translations/snippets), but the architecture, core code, and ongoing maintenance are mine.\n\n---\n\n## License \u0026 third-party code\n\nFileRise Core is released under the **MIT License** – see `LICENSE`.\n\nIt bundles a small set of well-known client and server libraries (Bootstrap, CodeMirror, DOMPurify, Fuse.js, Resumable.js, sabre/dav, etc.). \nAll third-party code remains under its original licenses.\n\nThe official Docker image includes the **ClamAV** antivirus scanner (GPL-2.0-only) for optional upload scanning.\n\nSee `THIRD_PARTY.md` and the `licenses/` folder for full details.\n\n---\n\n## Press\n\n- [Heise / iX Magazin – β€œFileRise 2.0: Web-Dateimanager mit Client Portals” (DE)](https://www.heise.de/news/FileRise-2-0-Web-Dateimanager-mit-Client-Portals-11092171.html)\n- [Heise / iX Magazin – β€œFileRise 2.0: Web File Manager with Client Portals” (EN)](https://www.heise.de/en/news/FileRise-2-0-Web-File-Manager-with-Client-Portals-11092376.html)\n","funding_links":["https://github.com/sponsors/error311","https://ko-fi.com/error311"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ferror311%2Ffilerise","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ferror311%2Ffilerise","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ferror311%2Ffilerise/lists"}