Skip to content

Add Service: NextExplorer #259

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MajnuRangeela wants to merge 2 commits into
base: main
Choose a base branch
from
+110 −0
Open

Add Service: NextExplorer #259

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
534fa7d
Added NextExplorer servide
MajnuRangeela Apr 10, 2026
52315a9
Modified .env file
MajnuRangeela Apr 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions services/next-explorer/.env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
#version=1.1
#URL=https://github.com/tailscale-dev/ScaleTail
#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure.

# Service Configuration
SERVICE=files
IMAGE_URL=nxzai/explorer

# Network Configuration
# SERVICEPORT=3000
# DNS_SERVER=9.9.9.9

# Tailscale Configuration
TS_AUTHKEY=your-auth-key # Change this to your Tailscale auth key.

# Tailnet Name
TAILNET_NAME=your-tailnet-name # Change this to your Tailnet name, which is the domain you use for Tailscale. For example, if your Tailnet is "example.com", set TAILNET_NAME=example.com.

SESSION_SECRET= your-super-secret # Use 'openssl rand -base64 32' in your CLI to generate a secure random key.

# Optional Service variables
PUID=1000 # Optional: Disable from compose file if not using.
PGID=1000 # Optional: Disable from compose file if not using.

# Access Path Configuration
ACCESS_PATH=/home/root # Change this to the path you want to share with Tailscale. This should be an absolute path on the host machine. For example, if you want to share the /home/user/files directory, set ACCESS_PATH=/home/user/files.
11 changes: 11 additions & 0 deletions services/next-explorer/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# NextExplorer with Tailscale Sidecar Configuration

This Docker Compose configuration sets up [NextExplorer](https://github.com/nxzai/NextExplorer) with Tailscale as a sidecar container to securely manage file system over a private Tailscale network. By using Tailscale in a sidecar configuration, you can enhance the security and privacy of your Next Explorer instance, ensuring that it is only accessible within your Tailscale network.

## NextExplorer

[NextExplorer](https://github.com/nxzai/NextExplorer) is a modern, self-hosted file explorer designed for teams, creative agencies, and homelabs that need both a polished user interface and fine-grained access control. It ships as a single Docker container, mounts any number of volumes, and pairs seamlessly with reverse proxies or zero-trust networks. Whether you're organizing project assets for a small studio or providing secure file access across a household, NextExplorer delivers a responsive, feature-rich experience out of the box. This configuration leverages Tailscale to securely connect to your NextExplorer instance, protecting your file management interface from unauthorized access.

## Configuration Overview

In this setup, the `tailscale-files` service runs Tailscale, which manages secure networking for the NextExplorer service. The `files` service uses the Tailscale network stack via Docker’s `network_mode: service:` configuration. This setup ensures that NextExplorer management interface is only accessible through the Tailscale network (or locally, if preferred), providing an extra layer of security and privacy for managing your file systems.
73 changes: 73 additions & 0 deletions services/next-explorer/compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
configs:
ts-serve:
content: |
{"TCP":{"443":{"HTTPS":true}},
"Web":{"$${TS_CERT_DOMAIN}:443":
{"Handlers":{"/":
{"Proxy":"http://127.0.0.1:3000"}}}},
"AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}}
services:
# Make sure you have updated/checked the .env file with the correct variables.
# All the ${ xx } need to be defined there.
# Tailscale Sidecar Configuration
tailscale:
image: tailscale/tailscale:latest # Image to be used
container_name: tailscale-${SERVICE} # Name for local container management
hostname: ${SERVICE} # Name used within your Tailscale environment
environment:
- TS_AUTHKEY=${TS_AUTHKEY}
- TS_STATE_DIR=/var/lib/tailscale
- TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required
- TS_USERSPACE=false
- TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz"
- TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The <addr>:<port> for the healthz endpoint
#- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS
- TS_AUTH_ONCE=true
configs:
- source: ts-serve
target: /config/serve.json
volumes:
- ./config:/config # Config folder used to store Tailscale files - you may need to change the path
- ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
devices:
- /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
cap_add:
- net_admin # Tailscale requirement
#ports:
# - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
# If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
# dns:
# - ${DNS_SERVER}
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational
interval: 1m # How often to perform the check
timeout: 10s # Time to wait for the check to succeed
retries: 3 # Number of retries before marking as unhealthy
start_period: 10s # Time to wait before starting health checks
restart: always

# ${SERVICE}
application:
image: ${IMAGE_URL}
network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
container_name: app-${SERVICE}
restart: unless-stopped
#ports:
# - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
# If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
#dns:
# - ${DNS_SERVER}
environment:
- NODE_ENV=production
- PUBLIC_URL=https://${SERVICE}.${TAILNET_NAME}.ts.net
# Optional: lock sessions to a known secret
- SESSION_SECRET=your-super-secret # Use 'openssl rand -base64 32' in your CLI to generate a secure random key.
# Optional host UID/GID mapping
- PUID=${PUID} # Change according to your customization if needed
- PGID=${PGID} # Change according to your customization if needed
volumes:
- ./config:/config
- ./cache:/cache
# Each /mnt/<Label> mount becomes a top-level volume in the UI
- ${ACCESS_PATH}:/mnt/Files # This needs to be changed by user