NextExplorer
Self-hosted web file managers tool that provides modern web-based file explorer.
Overview
Web based File Explorer Modern, self-hosted file explorer The project has 842 GitHub stars and is licensed under GPL-3.0.
Key Features
Source: GitHub README
- Secure by default: local users & groups, optional OIDC SSO.
- Fast previews: images, videos, PDFs, thumbnails (FFmpeg), and inline players.
- Built-in editor: edit text/code with syntax highlighting (extensible via
EDITOR_EXTENSIONS). - Sharing workflows: link-based sharing (read-only/read-write), guest access, “Shared with me”.
- Smart search: ripgrep-backed filename + content search with tunable limits.
- Modern UX: grid/list/column views, drag-and-drop, context menus, keyboard shortcuts.
- Docker-native: single image, mount volumes under
/mnt, reverse-proxy friendly viaPUBLIC_URL.
Getting Started
Source: GitHub README
services:
nextexplorer:
image: nxzai/explorer:latest
container_name: nextexplorer
restart: unless-stopped
ports:
- '3000:3000'
volumes:
- ./config:/config
- ./cache:/cache
# Each /mnt/ mount becomes a top-level volume in the UI
- /path/to/your/files:/mnt/Files
environment:
- NODE_ENV=production
- PUBLIC_URL=http://localhost:3000services:
nextexplorer:
image: nxzai/explorer:latest
container_name: nextexplorer
restart: unless-stopped
ports:
- '3000:3000'
volumes:
- ./config:/config # contains config files, db, settings etc.
- ./cache:/cache # contains thumbnail cache and other files which are generated automatically
# Each /mnt/ mount becomes a top-level volume in the UI
- /path/to/your/files:/mnt/Files
environment:
# Required basics
NODE_ENV: production # Set to `production` for the Docker image defaults.
PORT: '3000' # Port the Express API + frontend listen on *inside* the container.
PUBLIC_URL: 'http://localhost:3000' # External URL (no trailing slash); drives cookies, CORS defaults, and derived callback URLs. Accessing the app via a different URL may cause CORS/cookie/OIDC issues.
# Reverse proxy / networking (optional)
# TRUST_PROXY: "loopback,uniquelocal" # Express trust proxy config; set when running behind a reverse proxy (often auto-derived when `PUBLIC_URL` is set).
# CORS_ORIGINS: "" # Comma-separated allowed origins; aliases: `CORS_ORIGIN`, `ALLOWED_ORIGINS` (defaults to `PUBLIC_URL` origin when set).
# Logging & debugging (optional)
# LOG_LEVEL: "info" # `trace|debug|info|warn|error` (defaults to `debug` when `DEBUG=true`).
# DEBUG: "false" # When `true`, forces `LOG_LEVEL=debug` and enables more verbose diagnostics.
# ENABLE_HTTP_LOGGING: "false" # When `true`, logs HTTP requests (recommended with centralized logs in production).
# Paths & volumes (optional)
# VOLUME_ROOT: "/mnt" # Root directory that houses all mounted volumes. App will display all directores inside this directory as volumes.
# CONFIG_DIR: "/config" # Location for SQLite, `app-config.json`, extensions, and settings.
# CACHE_DIR: "/cache" # Location for thumbnails, ripgrep indexes, and temporary data.
# USER_ROOT: "/mnt/_users" # Root directory for per-user personal folders (defaults to `/_users` when unset). Make sure you persist this path if you use USER_DIR_ENABLED.
# Authentication (optional)
# AUTH_MODE: "both" # `local|oidc|both|disabled` what authentication methods you want to enable.
# AUTH_ENABLED: "true" # Deprecated: use `AUTH_MODE=disabled` to skip login.
# SESSION_SECRET: "please-change-me" # Session cookie secret (alias: `AUTH_SESSION_SECRET`); set a long, random, stable value (>= 32 chars) to keep sessions valid across restarts/replicas.
# AUTH_MAX_FAILED: "5" # Failed login attempts before temporary lockout.
# AUTH_LOCK_MINUTES: "15" # Lockout duration (minutes) when max failures reached.
# AUTH_ADMIN_EMAIL: "" # First-run bootstrap (local auth): when set with `AUTH_ADMIN_PASSWORD`, creates an admin user on startup and skips setup.
# AUTH_ADMIN_PASSWORD: "" # Password for `AUTH_ADMIN_EMAIL` bootstrap; overrides/resets password on startup if the user already exists.
# OIDC & SSO (optional)
# OIDC_ENABLED: "false" # Enable Express OpenID Connect auth flow.
# OIDC_ISSUER: "https://auth.example.com/application/o/next/" # IdP issuer URL (discovery).
# OIDC_AUTHORIZATION_URL: "" # Optional discovery override.
# OIDC_TOKEN_URL: "" # Optional discovery override.
# OIDC_USERINFO_URL: "" # Optional discovery override.
# OIDC_CLIENT_ID: "nextexplorer" # IdP client ID.
# OIDC_CLIENT_SECRET: "" # IdP client secret.
# OIDC_CALLBACK_URL: "http://localhost:3000/callback" # Explicit callback URL (defaults to `$\{PUBLIC_URL\}/callback` when `PUBLIC_URL` is set).
# OIDC_SCOPES: "openid profile email" # Add `groups` to propagate group claims.
# OIDC_ADMIN_GROUPS: "" # Space/comma-separated group names that grant admin rights (matched in `groups`, `roles`, or `entitlements`).
# OIDC_REQUIRE_EMAIL_VERIFIED: "false" # When `true`, requires IdP to verify user email before allowing user creation/auto-linking.
# OIDC_AUTO_CREATE_USERS: "true" # When `false`, denies OIDC login unless the user already exists in the DB.
# Feature toggles (optional)
# SEARCH_DEEP: "false" # Enables deep content search (ripgrep used when `SEARCH_RIPGREP=true`).
# SEARCH_RIPGREP: "true" # Prefer ripgrep for fast searches; fallback search used when unavailable.
# SEARCH_MAX_FILESIZE: "" # Skip ripgrep for files larger than this (e.g., `5MB`).
# SHOW_VOLUME_USAGE: "false" # Show volume usage badges in the sidebar.
# USER_DIR_ENABLED: "false" # Enables per-user “My Files” spaces under `USER_ROOT`.
# USER_VOLUMES: "false" # Restrict non-admin users to only volumes assigned by an admin.
# SKIP_HOME: "false" # When `true`, `/browse/` redirects into the first volume.
# Editor (optional)
# EDITOR_EXTENSIONS: "" # Extra file extensions supported by the inline editor (comma-separated, added to built-in defaults).
# OnlyOffice & thumbnails (optional)
# ONLYOFFICE_URL: "" # Public URL for OnlyOffice Document Server (must reach your app's `PUBLIC_URL`).
# ONLYOFFICE_SECRET: "" # JWT secret shared with OnlyOffice Document Server for `/api/onlyoffice`.
# ONLYOFFICE_LANG: "en" # Language code for the editor UI.
# ONLYOFFICE_FORCE_SAVE: "false" # When `true`, OnlyOffice forces users to save via the editor UI.
# ONLYOFFICE_FILE_EXTENSIONS: "" # Extra file extensions to surface to the Document Server.
# FFMPEG_PATH: "" # Point to a custom ffmpeg binary (defaults to bundled binary).
# FFPROBE_PATH: "" # Point to a custom ffprobe binary (defaults to bundled binary).
# Container user mapping (optional)
# PUID: "1000" # Map container processes to host UID so created files have consistent ownership.
# PGID: "1000" # Map container processes to host GID so created files have consistent ownership.Normalized Features
Source: tool-features-normalized.json
docker, docker compose, rest api, sqlite, sso.
Deploy
Features
Authentication & Access
- Single Sign-On (SSO)
Integrations & APIs
- REST API
Compare NextExplorer
Related File Management & Sharing Tools
View all 133 →
Syncthing
81KOpen-source continuous file synchronization — peer-to-peer, encrypted, no central server, no cloud account required.
file management MPL-2.0
LocalSend
77KAn open-source, cross-platform alternative to AirDrop — share files between nearby devices over your local network without the cloud.
file management Apache-2.0
MinIO
61KHigh-performance, S3-compatible object storage for AI, analytics, and cloud-native workloads. Deploy on-premises or in any cloud with a single binary.
file management AGPL-3.0
Rclone
56KCommand-line tool that syncs, copies, and manages files across 70+ cloud storage providers. The rsync for cloud storage.
file management MIT
AList
49KFile list program that aggregates multiple storage backends into a single web interface with WebDAV support. Mount cloud drives, local storage, and S3 in one place.
file management AGPL-3.0
copyparty
44KCopyparty is a portable, single-file Python file server with resumable uploads, deduplication, WebDAV, SFTP, FTP, media indexing, and audio transcoding — no dependencies required.
file management MIT