Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/error311/filerise

πŸ—‚οΈ FileRise – lightweight, self-hosted file manager with granular ACLs, shared uploads, encrypted folders, WebDAV & SSO. Fully Docker / Unraid compatible.
https://github.com/error311/filerise

acl docker file-editor file-manager file-upload folder-management javascript multi-file-upload php self-hosted sso twofactor-auth unraid uploader web-application web-based webapp webdav

Last synced: 5 days ago
JSON representation

πŸ—‚οΈ FileRise – lightweight, self-hosted file manager with granular ACLs, shared uploads, encrypted folders, WebDAV & SSO. Fully Docker / Unraid compatible.

Awesome Lists containing this project

README 

          
# FileRise



[![GitHub stars](https://img.shields.io/github/stars/error311/FileRise?style=social)](https://github.com/error311/FileRise)

[![Docker pulls](https://img.shields.io/docker/pulls/error311/filerise-docker)](https://hub.docker.com/r/error311/filerise-docker)

[![Docker CI](https://img.shields.io/github/actions/workflow/status/error311/filerise-docker/main.yml?branch=main&label=Docker%20CI)](https://github.com/error311/filerise-docker/actions/workflows/main.yml)

[![CI](https://img.shields.io/github/actions/workflow/status/error311/FileRise/ci.yml?branch=master&label=CI)](https://github.com/error311/FileRise/actions/workflows/ci.yml)

[![Demo](https://img.shields.io/badge/demo-live-brightgreen)](https://demo.filerise.net)

[![Release](https://img.shields.io/github/v/release/error311/FileRise?include_prereleases&sort=semver)](https://github.com/error311/FileRise/releases)

[![License](https://img.shields.io/github/license/error311/FileRise)](LICENSE)

[![Discord](https://img.shields.io/badge/Discord-join_chat-5865F2?logo=discord&logoColor=white)](https://discord.gg/7WN6f56X2e)

[![Sponsor on GitHub](https://img.shields.io/badge/Sponsor-❀-red)](https://github.com/sponsors/error311)

[![Support on Ko-fi](https://img.shields.io/badge/Ko--fi-Buy%20me%20a%20coffee-orange)](https://ko-fi.com/error311)



**FileRise** is a self-hosted web file manager with WebDAV, sharing, and per-folder ACLs.  

Drag & drop uploads, OnlyOffice integration, and **optional folder-level encryption at rest** β€” all in one PHP app you control.



Built for homelabs, teams, and client portals that need fast browsing, strict ACLs, and zero-database simplicity.



## Table of contents



- [Quick links](#quick-links)

- [Install (Docker – recommended)](#install-docker--recommended)

- [Manual install (PHP web server)](#manual-install-php-web-server)

- [After install (5 minutes)](#after-install-5-minutes)

- [Data & backups](#data--backups)

- [First-run security checklist](#first-run-security-checklist)

- [Optional dependencies](#optional-dependencies)

- [WebDAV & ONLYOFFICE (optional)](#webdav--onlyoffice-optional)

- [Security & updates](#security--updates)

- [Community, support & contributing](#community-support--contributing)

- [AI Disclosure](#ai-disclosure)

- [License & third-party code](#license--third-party-code)

- [Press](#press)



---



## Highlights



- πŸ’Ύ **Self-hosted β€œcloud drive”** – Runs anywhere with PHP (or via Docker). No external database required.

- πŸ” **Granular per-folder ACLs** – Manage View (all/own), Upload, Create, Edit, Rename, Move, Copy, Delete, Extract, Share, and more β€” all enforced consistently across the UI, API, and WebDAV.

- πŸ” **Folder-level encryption at rest (optional)** – Encrypt entire folders (and all descendants) on disk using modern authenticated encryption.

  - Opt-in per folder with inherited protection for subfolders

  - Files are stored encrypted on disk and transparently decrypted on download

  - Master key can be generated by FileRise or supplied via environment variable

  - When enabled, incompatible features (WebDAV, sharing, ZIP operations, OnlyOffice) are automatically disabled for safety

- πŸ”„ **Fast drag-and-drop uploads** – Chunked, resumable uploads with pause/resume and progress tracking. If your connection drops, FileRise resumes automatically.

- πŸͺŸ **Dual-pane mode + keyboard shortcuts** – Optional two-pane file browser for fast workflows (copy/move between panes, compare folders, and operate without the mouse). Shortcut overlay + hotkeys (F3 preview, F4 edit, F5 copy, F6 move, F7 new folder, Del delete, `/` search).

- 🌳 **Scales to huge trees** – Tested with **100k+ folders** in the sidebar tree without choking the UI.

- 🌈 **Visual organization** – Color-code folders in the tree, inline list, and folder strip, plus tag files with color-coded labels for fast visual scanning.

- πŸ‘€ **Hover preview β€œpeek” cards** – On desktop, hover files or folders to see thumbnails (images/video), quick metadata (size, timestamps, tags), and effective permissions. Per-user toggle stored in `localStorage`.

- 🎬 **Smart media handling** – Track per-file video watch progress with a β€œwatched” indicator, remember last volume/mute state, and reset progress when needed.

- 🧩 **OnlyOffice support (optional)** – Edit DOCX/XLSX/PPTX using your own Document Server; ODT/ODS/ODP supported as well. PDFs can be viewed inline.

- 🌍 **WebDAV (ACL-aware)** – Mount FileRise as a drive from macOS, Windows, Linux, or Cyberduck/WinSCP. Listings, uploads, overwrites, deletes, and folder creation all honor the same ACLs as the web UI.

- 🏷️ **Tags, search & trash** – Tag files, search by name/tag/uploader/content via fuzzy search, and recover mistakes using a Trash with time-based retention.

- πŸ“š **API + live docs** – OpenAPI spec served at `api.php?spec=1` (from `openapi.json.dist`) with a Redoc UI at `api.php` (login required).

- πŸ“Š **Storage / disk usage summary** – CLI scanner with snapshots, total usage, and per-volume breakdowns surfaced in the admin panel.

- 🎨 **Polished, responsive UI** – Dark/light mode, mobile-friendly layout, in-browser previews, and a built-in code editor powered by CodeMirror.

- 🌐 **Internationalization** – English, Spanish, French, German, Polish, Russian, Japanese and Simplified Chinese included; community translations welcome.

- πŸ”‘ **Login + SSO** – Local users, TOTP 2FA, and OIDC (Auth0 / Authentik / Keycloak / etc.) with optional auto-provisioning, IdP-driven admin role assignment, and Pro user-group mapping.

- πŸ›‘οΈ **ClamAV virus scanning (Core) + Pro virus log** – Optional ClamAV upload scanning, with a Pro virus detection log in the admin panel and CSV export.

- 🌐 **Reverse proxy & subpath aware** – Designed to run cleanly behind Nginx, Traefik, Caddy, or Apache:

  - Supports installs under a subpath (e.g. `https://example.com/files`)

  - Correct URL generation for assets, APIs, portals, PWA, and share links

  - If the proxy strips the prefix, set `FR_BASE_PATH` or send `X-Forwarded-Prefix`

  - Explicit β€œPublished URL” setting for proxy / firewall environments

  - Works with `X-Forwarded-*` headers and Kubernetes ingress setups

- πŸ‘₯ **Pro: user groups, client portals, global search, storage explorer & audit logs** –  

  Group-based ACLs, brandable client upload portals, **ACL-aware global search across files, folders, users, and permissions**, an ncdu-style storage explorer for identifying large folders/files and reclaiming disk space directly from the UI, and **Pro Audit Logs** (configurable activity logging with filters + CSV export for tracking key actions across web, WebDAV, shares, and portals).

- 🌐 **Pro: Sources (multi-storage adapters)** –  

  Turn FileRise into a storage hub by connecting multiple backends and switching between them in the UI:

  - Multiple local roots (additional local paths)

  - **S3-compatible** (AWS S3 / MinIO / Wasabi / Backblaze B2 S3 / etc.)

  - **SMB/CIFS**, **SFTP**, **FTP**

  - **WebDAV** (Nextcloud / ownCloud / FileRise)

  - **Google Drive**, **OneDrive**, **Dropbox**

  - Works with **dual-pane** so you can copy/move via drag & drop or toolbar actions **between sources**, with **per-source Trash**



Full list of features: [Full Feature Wiki](https://github.com/error311/FileRise/wiki/Features)



![FileRise](https://raw.githubusercontent.com/error311/FileRise/master/resources/filerise-v3.0.0.png)



![Sources](https://raw.githubusercontent.com/error311/FileRise/master/resources/FileRisePro-Sources.gif)



> πŸ’‘ Looking for **FileRise Pro** (brandable header, **user groups**, **client upload portals**, license handling)?

> Check out [filerise.net](https://filerise.net) – FileRise Core stays fully open-source (MIT).



---



## Quick links



- πŸš€ **Live demo:** [Demo](https://demo.filerise.net) (username: `demo` / password: `demo`)

- 🧩 **FileRise Pro:** [filerise.net](https://filerise.net)

- πŸ“š **Docs & Wiki:** [Wiki](https://github.com/error311/FileRise/wiki)

  - [Features overview](https://github.com/error311/FileRise/wiki/Features)

  - [FAQ](https://github.com/error311/FileRise/wiki/FAQ)

  - [Troubleshooting and common errors](https://github.com/error311/FileRise/wiki/Troubleshooting-and-Common-Errors)

  - [Logs and diagnostics](https://github.com/error311/FileRise/wiki/Logs-and-Diagnostics)

  - [Screenshots](https://github.com/error311/FileRise/wiki/Screenshots)

  - [Installation & setup](https://github.com/error311/FileRise/wiki/Installation-Setup)

  - [Common env vars](https://github.com/error311/FileRise/wiki/Common-Env-Variables)

  - [Env vars (full reference)](https://github.com/error311/FileRise/wiki/Environment-Variables-Full-Reference)

  - [Admin Panel](https://github.com/error311/FileRise/wiki/Admin-Panel)

  - [ACL & permissions](https://github.com/error311/FileRise/wiki/ACL-and-Permissions)

  - [ACL recipes](https://github.com/error311/FileRise/wiki/ACL-Recipes)

  - [WebDAV (mount)](https://github.com/error311/FileRise/wiki/WebDAV)

  - [WebDAV via curl](https://github.com/error311/FileRise/wiki/Accessing-FileRise-via-curl%C2%A0(WebDAV))

  - [ONLYOFFICE](https://github.com/error311/FileRise/wiki/ONLYOFFICE)

  - [OIDC & SSO](https://github.com/error311/FileRise/wiki/OIDC-and-SSO)

  - [Nginx setup](https://github.com/error311/FileRise/wiki/Nginx-Setup)

  - [Kubernetes / k8s](https://github.com/error311/FileRise/wiki/Kubernetes---k8s-deployment)

  - [Backup & restore](https://github.com/error311/FileRise/wiki/Backup-and-Restore)

  - [Upgrade & migration](https://github.com/error311/FileRise/wiki/Upgrade-and-Migration)

  - [Maintenance scripts](https://github.com/error311/FileRise/wiki/Maintenance-Scripts)

  - [Reverse proxy & subpath](https://github.com/error311/FileRise/wiki/Reverse-Proxy-and-Subpath)

- 🐳 **Docker image:**  

  - Docker Hub: [Docker](https://hub.docker.com/r/error311/filerise-docker)

  - Build pipeline / tags: [Workflow](https://github.com/error311/filerise-docker)

- πŸ’¬ **Discord:** [Discord](https://discord.gg/7WN6f56X2e)

- πŸ“ **Changelog:** [Changelog](https://github.com/error311/FileRise/blob/master/CHANGELOG.md)



### Support checklist (please include)



If you open an issue/discussion, please include:



- FileRise version + install method (Docker tag / release ZIP / git)

- Reverse proxy (Nginx / Traefik / Caddy) + subpath (yes/no)

- Browser console errors (if any)

- Server/container logs around the error



---



## Install (Docker – recommended)



The easiest way to run FileRise is the official Docker image.



> βœ… **Tip:** For stability, pin a version tag (example: `error311/filerise-docker:vX.Y.Z`) instead of `:latest`. See [Releases](https://github.com/error311/FileRise/releases) for current versions.



### Option A – Quick start (docker run)



```bash

docker run -d \

  --name filerise \

  -p 8080:80 \

  -e TIMEZONE="America/New_York" \

  -e TOTAL_UPLOAD_SIZE="10G" \

  -e SECURE="false" \

  -e PERSISTENT_TOKENS_KEY="default_please_change_this_key" \

  -e SCAN_ON_START="true" \

  -e CHOWN_ON_START="true" \

  -v ~/filerise/uploads:/var/www/uploads \

  -v ~/filerise/users:/var/www/users \

  -v ~/filerise/metadata:/var/www/metadata \

  error311/filerise-docker:latest

```



Then visit:



```text

http://your-server-ip:8080

```



On first launch you’ll be guided through creating the **initial admin user**.



> πŸ’‘ After the first run, you can set `CHOWN_ON_START="false"` if permissions are already correct and you don’t want a recursive `chown` on uploads/metadata on every start.

>

> ⚠️ **Uploads folder recommendation**

>

> It’s strongly recommended to bind `/var/www/uploads` to a **dedicated folder**

> (for example `~/filerise/uploads` or `/mnt/user/appdata/FileRise/uploads`),

> not the root of a huge media share.

>

> If you really want FileRise to sit β€œon top of” an existing share, use a

> subfolder (e.g. `/mnt/user/media/filerise_root`) instead of the share root,

> so scans and permission changes stay scoped to that folder.



### Option B – docker-compose.yml



```yaml

services:

  filerise:

    image: error311/filerise-docker:latest

    container_name: filerise

    ports:

      - "8080:80"

    environment:

      TIMEZONE: "America/New_York"

      TOTAL_UPLOAD_SIZE: "10G"

      SECURE: "false"

      PERSISTENT_TOKENS_KEY: "default_please_change_this_key"

      SCAN_ON_START: "true"   # auto-index existing files on startup

      CHOWN_ON_START: "true"  # fix permissions on uploads/metadata on startup

    volumes:

      - ./uploads:/var/www/uploads

      - ./users:/var/www/users

      - ./metadata:/var/www/metadata

```



Bring it up with:



```bash

docker compose up -d

```



### Common environment variables



| Variable                | Required | Example                          | What it does |

|-------------------------|----------|----------------------------------|--------------|

| `TIMEZONE`              | βœ…       | `America/New_York`               | PHP / container timezone. |

| `TOTAL_UPLOAD_SIZE`     | βœ…       | `10G`                            | Max total upload size per request; also used to set PHP/Apache upload limits. |

| `SECURE`                | βœ…       | `false`                          | `true` when running behind HTTPS / a reverse proxy, else `false`. |

| `PERSISTENT_TOKENS_KEY` | βœ…       | `change_me_super_secret`         | Secret used to encrypt stored secrets (tokens, permissions, admin config). **Do not leave this at the default.** |

| `SCAN_ON_START`         | Optional | `true`                           | If `true`, runs a scan once on container start to index existing files. |

| `CHOWN_ON_START`        | Optional | `true`                           | If `true`, recursively normalizes ownership/permissions on `uploads/` + `metadata/`. |

| `PUID`                  | Optional | `99`                             | If running as root, remap `www-data` user to this UID (e.g. Unraid’s 99).                             |

| `PGID`                  | Optional | `100`                            | If running as root, remap `www-data` group to this GID (e.g. Unraid’s 100).                           |

| `FR_PUBLISHED_URL`      | Optional | `https://example.com/files`      | Public URL when behind proxies/subpaths (share links, portals, redirects). |

| `FR_BASE_PATH`          | Optional | `/files`                         | Force a subpath when the proxy strips the prefix (overrides auto-detect). |

| `FR_TRUSTED_PROXIES`    | Optional | `127.0.0.1,10.0.0.0/8`            | Comma-separated IPs/CIDRs for trusted proxies; only these can supply the client IP header. |

| `FR_IP_HEADER`          | Optional | `X-Forwarded-For`                | Header to trust for the real client IP when the proxy is trusted. |



> Full list of common env variables: [Common Environment variables](https://github.com/error311/FileRise/wiki/Common-Env-Variables)

> Full reference: [Environment Variables (Full Reference)](https://github.com/error311/FileRise/wiki/Environment-Variables-Full-Reference)

>

> Other useful env vars (optional):  

> `FR_WEBDAV_MAX_UPLOAD_BYTES` (WebDAV upload cap in bytes; `0` = unlimited),  

> `FR_ENCRYPTION_MASTER_KEY` (32-byte key: hex or `base64:...`),  

> `VIRUS_SCAN_ENABLED` / `VIRUS_SCAN_CMD` / `VIRUS_SCAN_EXCLUDE_DIRS` / `CLAMAV_AUTO_UPDATE`,  

> `LOG_STREAM` (`error`/`access`/`both`/`none`),  

> `HTTP_PORT` / `HTTPS_PORT` / `SERVER_NAME`,  

> `SHARE_URL` (override share endpoint; `FR_PUBLISHED_URL` preferred).

>

> 🧩 **Traefik + subpath note (Kubernetes):** use `StripPrefix` and rely on `X-Forwarded-Prefix` + `FR_PUBLISHED_URL`.  

> See: [Deployments Wiki](https://github.com/error311/FileRise/wiki/Kubernetes---k8s-deployment)

> More deployment docs: [Install Setup](https://github.com/error311/FileRise/wiki/Installation-Setup)



---



## Manual install (PHP web server)



Short version: FileRise expects data at `/var/www/{uploads,users,metadata}` and your web server must point to the **public/** folder (for example `DocumentRoot /var/www/filerise/public`).



Full guide + troubleshooting:  

[Installation & setup](https://github.com/error311/FileRise/wiki/Installation-Setup) β€’ [Upgrade & migration](https://github.com/error311/FileRise/wiki/Upgrade-and-Migration) β€’ [Reverse proxy & subpath](https://github.com/error311/FileRise/wiki/Reverse-Proxy-and-Subpath)



### Requirements



- PHP **8.3+**

- Web server (Apache / Nginx / Caddy + PHP-FPM)

- PHP extensions: `json`, `curl`, `zip` (and usual defaults)

- No database required



### Quick start (release ZIP)



1) Create data directories:



```bash

sudo mkdir -p /var/www/uploads /var/www/users /var/www/metadata

sudo chown -R www-data:www-data /var/www/uploads /var/www/users /var/www/metadata   # adjust web user if needed

sudo chmod -R 775 /var/www/uploads /var/www/users /var/www/metadata

```



2) Download a release and extract:



```bash

cd /var/www

sudo mkdir -p filerise

sudo chown -R $USER:$USER /var/www/filerise

cd /var/www/filerise



VERSION="vX.Y.Z"  # replace with the tag you want

ASSET="FileRise-${VERSION}.zip"



curl -fsSL "https://github.com/error311/FileRise/releases/download/${VERSION}/${ASSET}" -o "${ASSET}"

unzip "${ASSET}"

```



3) Point your web server at `/var/www/filerise/public`, then visit `http://serverip/`.



If you install FileRise outside `/var/www/filerise`, keep the data dirs in `/var/www` or update the paths in `config/config.php`.



---



## After install (5 minutes)



- Log in and create your first admin account (prompted on first run).

- Open Admin β†’ Users to add accounts, then Admin β†’ Folder Access to set permissions.

- If you’re behind a reverse proxy or subpath, set `FR_PUBLISHED_URL` (and `FR_BASE_PATH` if needed).

- Optional: enable WebDAV or ONLYOFFICE in Admin and follow the wiki guides.



---



## Data & backups



Back up these paths (Docker volumes or host directories):



- `/var/www/uploads` (file data)

- `/var/www/users` (users, ACLs, admin config, Pro license)

- `/var/www/metadata` (indexes, tags, logs)



Notes:

- Logs live in `/var/www/metadata/log` and can be rotated or pruned.

- Keep your `PERSISTENT_TOKENS_KEY` consistent when restoring backups.



## First-run security checklist



- Set a strong `PERSISTENT_TOKENS_KEY` (encrypts tokens, permissions, admin config).

- Use HTTPS and set `SECURE="true"` when behind TLS/reverse proxy.

- If behind a proxy, set `FR_TRUSTED_PROXIES` and `FR_IP_HEADER`.

- Set `FR_PUBLISHED_URL` (and `FR_BASE_PATH` if needed) so share links are correct.

- Block direct HTTP access to `/uploads` (serve only `public/` and deny access to `/uploads`, `/users`, `/metadata`).



## Optional dependencies



- **FFmpeg** – video thumbnails (set `FR_FFMPEG_PATH` if not on PATH).

- **ClamAV** – upload scanning (`VIRUS_SCAN_ENABLED=true`), optional `VIRUS_SCAN_EXCLUDE_DIRS` path excludes.

- **PHP sodium (libsodium)** – required for encryption-at-rest.

- **ONLYOFFICE Document Server** – document editing in the browser.



---



## WebDAV & ONLYOFFICE (optional)



### WebDAV



Once enabled in the Admin panel, FileRise exposes a WebDAV endpoint (e.g. `/webdav.php`). Use it with:



- **macOS Finder** – Go β†’ Connect to Server β†’ `https://your-host/webdav.php/`

- **Windows File Explorer** – Map Network Drive β†’ `https://your-host/webdav.php/`

- **Linux (GVFS/Nautilus)** – `dav://your-host/webdav.php/`

- Clients like **Cyberduck**, **WinSCP**, etc.



WebDAV operations honor the same ACLs as the web UI.



Docs: [WebDAV Wiki](https://github.com/error311/FileRise/wiki/WebDAV)



### ONLYOFFICE integration



If you run an ONLYOFFICE Document Server you can open/edit Office documents directly from FileRise (DOCX, XLSX, PPTX, ODT, ODS, ODP; PDFs view-only).



Configure it in **Admin β†’ ONLYOFFICE**:



- Enable ONLYOFFICE

- Set your Document Server origin (e.g. `https://docs.example.com`)

- Configure a shared JWT secret

- Copy the suggested Content-Security-Policy header into your reverse proxy



Docs: [ONLYOFFICE Wiki](https://github.com/error311/FileRise/wiki/ONLYOFFICE)



---



## Security & updates



- FileRise is actively maintained and has published security advisories.

- See **SECURITY.md** and GitHub Security Advisories for details.



### Upgrading



- **Docker:** pull the new tag and recreate the container with the same volumes.



Example:  



  ```bash

  docker pull error311/filerise-docker:latest

  # or pin a specific version from Releases

  ```



- **Manual:** replace app files with the latest release ZIP (keep `/var/www/uploads`, `/var/www/users`, `/var/www/metadata`, and your config).



Please report vulnerabilities responsibly via the channels listed in **SECURITY.md**.



---



## Community, support & contributing



Contributions are welcome β€” from bug fixes and docs to translations and UI polish.  

See `CONTRIBUTING.md` for guidelines.



If FileRise saves you time or becomes your daily driver, a ⭐ on GitHub or sponsorship is hugely appreciated:



- ❀️ [GitHub Sponsors](https://github.com/sponsors/error311)

- β˜• [Ko-Fi](https://ko-fi.com/error311)



---



## AI Disclosure



FileRise is my project. I use AI like a tool for some tasks (e.g., translations/snippets), but the architecture, core code, and ongoing maintenance are mine.



---



## License & third-party code



FileRise Core is released under the **MIT License** – see `LICENSE`.



It bundles a small set of well-known client and server libraries (Bootstrap, CodeMirror, DOMPurify, Fuse.js, Resumable.js, sabre/dav, etc.).  

All third-party code remains under its original licenses.



The official Docker image includes the **ClamAV** antivirus scanner (GPL-2.0-only) for optional upload scanning.



See `THIRD_PARTY.md` and the `licenses/` folder for full details.



---



## Press



- [Heise / iX Magazin – β€œFileRise 2.0: Web-Dateimanager mit Client Portals” (DE)](https://www.heise.de/news/FileRise-2-0-Web-Dateimanager-mit-Client-Portals-11092171.html)

- [Heise / iX Magazin – β€œFileRise 2.0: Web File Manager with Client Portals” (EN)](https://www.heise.de/en/news/FileRise-2-0-Web-File-Manager-with-Client-Portals-11092376.html)