Self-hosted cloud storage gives you complete control over your data and eliminates subscription costs, but requires choosing between different architectures: centralized (Nextcloud, Seafile) or peer-to-peer (Syncthing). Each makes different tradeoffs between features, performance, ease of deployment, and operational complexity. This guide compares all three across encryption, hardware requirements, Docker setup, and real performance metrics, helping you choose based on your actual use case.
Why Self-Host Cloud Storage?
Proprietary cloud storage (Google Drive, OneDrive, iCloud) monetizes your data. You don’t control encryption, backups, or access policies. You’re one policy change away from losing access or having your data scanned.
Self-hosting gives you:
- Complete privacy: You control encryption keys
- No subscription costs: One hardware investment, no recurring fees
- Data ownership: Your data never leaves your infrastructure
- Unlimited storage: Limited only by hardware, not subscription tier
- Custom features: Add functionality your use case needs
The tradeoff: you manage updates, backups, uptime, and security. Not everyone should self-host. This guide assumes you’re willing to spend 2-3 hours on initial setup and 1 hour monthly on maintenance.
Architecture Comparison: Centralized vs Peer-to-Peer
Centralized Architecture (Nextcloud, Seafile)
One central server stores all data. Clients (phone, laptop, web browser) connect to the server. Server controls permissions, versioning, and backups.
Diagram:
Laptop → [Central Server] ← Phone
↓
Backup Storage
(External HDD or NAS)
Advantages:
- Single point of backup (easier)
- Fine-grained permissions (who accesses what)
- Web interface for access without client
- Versioning (restore old file versions)
- Selective sync (download only needed files)
Disadvantages:
- Server must be always-on and accessible
- Single point of failure (if server dies, access lost)
- Bandwidth limited by server’s internet connection
- Requires port forwarding or reverse proxy for external access
Peer-to-Peer Architecture (Syncthing)
No central server. Devices sync directly with each other. Each device stores its own copy.
Diagram:
Laptop ← Direct Sync → Phone
↓
Desktop ← Direct Sync → Tablet
Advantages:
- No single point of failure
- Works offline (devices sync when online)
- Bandwidth only limited by local network
- No port forwarding needed (uses UPnP/relay)
- Fully encrypted (no server sees data)
Disadvantages:
- All devices must have a copy (uses more storage)
- No web access (must use client app)
- No fine-grained permissions (sync is all-or-nothing)
- No version control (file overwrites are permanent)
Nextcloud: Feature-Rich Centralized Storage
Nextcloud is the most feature-complete option. It’s not just storage—it’s a full productivity suite. You get file sync, calendar, contacts, notes, office editing, and extensibility through apps.
What Nextcloud Does Well
- Web interface (access from any browser)
- Mobile apps (iOS/Android)
- Desktop sync client
- Calendar and contacts (CalDAV/CardDAV)
- Collaborative office editing (like Google Docs)
- File versioning and trash
- Selective sync (don’t download everything)
- Desktop integration (right-click share)
- Group management and permissions
- Large ecosystem of extensions
Nextcloud Docker Setup
# Create directory structure
mkdir -p nextcloud/data nextcloud/db nextcloud/config
# Create docker-compose.yml
cat > nextcloud/docker-compose.yml << 'EOF'
version: '3.8'
services:
db:
image: mariadb:10.9
container_name: nextcloud-db
restart: always
volumes:
- ./db:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: securepassword123
MYSQL_DATABASE: nextcloud
MYSQL_USER: nextcloud
MYSQL_PASSWORD: nextcloudpass
nextcloud:
image: nextcloud:27-apache
container_name: nextcloud-app
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- ./data:/var/www/html
- ./config:/var/www/html/config
environment:
MYSQL_HOST: db
MYSQL_DATABASE: nextcloud
MYSQL_USER: nextcloud
MYSQL_PASSWORD: nextcloudpass
depends_on:
- db
volumes:
db:
nextcloud:
EOF
# Start services
docker-compose up -d
# Follow logs
docker-compose logs -f nextcloud
# Initial setup (creates admin user)
# Visit http://localhost in browser
Nextcloud Performance on Different Hardware
| Hardware | Concurrent Users | Speed | Notes |
|---|---|---|---|
| Raspberry Pi 4 (4GB) | 2-3 | Slow | Suitable only for personal use, very slow office editing |
| Old laptop (4GB RAM, SSD) | 5-10 | Medium | Acceptable for small family, occasional sync |
| Mini PC (16GB RAM, SSD) | 20-30 | Good | Suitable for small office, responsive web interface |
| NAS (Synology, QNAP) | 50+ | Excellent | Professional deployment, good I/O performance |
Encryption in Nextcloud
Nextcloud has two encryption options:
Option 1: Server-Side Encryption
- Encrypted on server, server holds encryption keys
- Server can still decrypt (for search, sharing)
- Default in most setups
# Enable via Docker environment
ENABLE_CRYPT=1
Option 2: End-to-End Encryption (E2EE)
- Only client can decrypt
- Server cannot access content
- Limits features (no server-side search, no sharing with non-E2EE users)
- Requires browser extension
To enable:
- Settings → Encryption → “Enable encryption”
- Initialize E2EE
- Must share recovery key with recovery email
Nextcloud Architecture Diagram
┌─────────────────────────────────────┐
│ Client Devices (Laptop, Phone) │
│ ├─ Sync Client (auto-upload) │
│ ├─ Web Browser (manual access) │
│ └─ Mobile App (sync + client) │
└──────────────────┬──────────────────┘
│
┌────────┴────────┐
│ │
[Router/Firewall] [Reverse Proxy/HTTPS]
│ │
┌─────┴─────────────────┴─────┐
│ Nextcloud Docker Stack │
│ ┌──────────────┐ │
│ │ Nextcloud App│ (Port 443) │
│ │ │ │
│ │ ┌──────────┐ │ │
│ │ │ MariaDB │ │ (Local) │
│ │ └──────────┘ │ │
│ └──────────────┘ │
└─────────┬───────────────────┘
│
┌────┴──────┐
│ │
[Data Volume] [Config Volume]
(File Storage)
When to Use Nextcloud
- You want a web interface
- You need calendar/contacts sync
- You want collaborative editing
- You like having lots of extensions
- You have a NAS or server-grade hardware
When NOT to Use Nextcloud
- You’re on minimal hardware (Pi zero)
- You want minimal resource usage
- You don’t need web access
- You want zero configuration
Seafile: Lightweight and Fast
Seafile is a lightweight alternative to Nextcloud. It focuses on file sync without the productivity suite. It’s written in C for performance.
What Seafile Does Well
- Fast sync (even on limited hardware)
- Simple architecture (easier to troubleshoot)
- Library-based organization (not folder hierarchies)
- Good mobile apps
- Built-in SFTP
- S3-compatible backup
- Low resource usage
What Seafile Lacks
- No calendar/contacts
- No office editing
- No native web editing
- Smaller extension ecosystem
Seafile Docker Setup
# Create directory structure
mkdir -p seafile/seafile-data
# Create docker-compose.yml
cat > seafile/docker-compose.yml << 'EOF'
version: '3.8'
services:
db:
image: mariadb:10.9
container_name: seafile-db
restart: always
volumes:
- ./db:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: securepassword123
MYSQL_DATABASE: seafile
MYSQL_USER: seafile
MYSQL_PASSWORD: seafilepass
seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile-app
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- ./seafile-data:/shared
environment:
DB_HOST: db
DB_ROOT_PASSWD: securepassword123
SEAFILE_ADMIN_EMAIL: admin@example.com
SEAFILE_ADMIN_PASSWORD: adminpass
SEAFILE_SERVER_HOSTNAME: example.com
SEAFILE_SERVER_PROTOCOL: https
depends_on:
- db
volumes:
db:
EOF
# Start services
docker-compose up -d
# Check initialization
docker-compose logs seafile
Seafile Performance on Different Hardware
| Hardware | Concurrent Users | Speed | Notes |
|---|---|---|---|
| Raspberry Pi 4 (4GB) | 5-10 | Good | Much faster than Nextcloud |
| Old laptop (4GB RAM, SSD) | 20-30 | Good | Practical for small office |
| Mini PC (16GB RAM, SSD) | 50+ | Excellent | Production-ready performance |
Encryption in Seafile
Seafile uses library-level encryption:
# Create encrypted library via CLI
seaf-cli create -r {repo_id} -e {encryption_key}
# Or via web interface:
# Libraries → Create new library → Enable encryption
Encryption is client-side for encrypted libraries. Server stores encrypted data but cannot access content.
Seafile Architecture
┌────────────────────────────────┐
│ Client Devices │
│ ├─ Sync Client (C, fast) │
│ └─ Mobile App │
└────────────┬───────────────────┘
│
[Router]
│
┌────────┴────────────┐
│ Seafile Docker │
│ ┌──────────────┐ │
│ │ Seafile App │ │
│ │ (Port 443) │ │
│ │ │ │
│ │ ┌──────────┐ │ │
│ │ │ MariaDB │ │ │
│ │ └──────────┘ │ │
│ └──────────────┘ │
└─────────┬───────────┘
│
[Shared Volume]
(File Storage)
When to Use Seafile
- You have limited hardware
- You want simplicity
- You only need file sync
- You don’t need web editing
- You prioritize performance
Syncthing: Decentralized and Simple
Syncthing is fundamentally different—it’s peer-to-peer, not client-server. Every device is equal. Changes sync directly between devices.
What Syncthing Does Well
- No central server needed
- Works offline (syncs when online)
- Each device has complete copy (strong)
- Minimal bandwidth (only between devices)
- Zero privacy concerns (all data is local)
- Works on any device (Pi, old PC, laptop)
- Very low resource usage
What Syncthing Lacks
- No web access (client app required)
- No versioning or trash
- No selective sync (all devices get everything)
- All devices need storage space
- No permissions (it’s all-or-nothing)
Syncthing Docker Setup
# Create directory structure
mkdir -p syncthing/config syncthing/data
# Create docker-compose.yml
cat > syncthing/docker-compose.yml << 'EOF'
version: '3.8'
services:
syncthing:
image: syncthing/syncthing:latest
container_name: syncthing
restart: always
ports:
- "22000:22000/tcp" # Sync protocol
- "22000:22000/udp" # Sync protocol
- "21027:21027/udp" # Discovery
- "8384:8384" # Web UI
volumes:
- ./config:/var/syncthing/config
- ./data:/var/syncthing/Sync
environment:
STUID: 1000
STGID: 1000
volumes:
config:
data:
EOF
# Start service
docker-compose up -d
# Access web UI: http://localhost:8384
# Configure devices and folders in web interface
Syncthing Configuration Example
Once Docker starts, configure folders and devices:
Step 1: Access Web UI
http://localhost:8384
Step 2: Create Folder
Settings → Folders → Add Folder
Label: "Documents"
Path: /var/syncthing/Sync/Documents
Versioning: Simple (keep 5 old versions)
Step 3: Add Device
Actions → Show ID
(Copy Device ID)
Add on other devices with this ID
Step 4: Share Folder
Folders → Documents → Sharing
Select devices to share with
Syncthing Performance
Syncthing is extremely lightweight. Performance depends on network, not CPU:
| Hardware | Sync Speed | Notes |
|---|---|---|
| Raspberry Pi Zero | 10 Mbps | Network bottleneck, CPU not used |
| Raspberry Pi 4 | 100 Mbps | Gigabit network bottleneck |
| Mini PC (Gigabit) | 500+ Mbps | Fully saturates network |
For reference:
- 1 GB file sync on local network: 1-2 seconds
- 1 GB file sync over internet: 1-5 minutes (depends on ISP bandwidth)
Syncthing Encryption
All Syncthing connections are encrypted with TLS. Data is not encrypted at rest (each device stores unencrypted copy). If you need encryption:
Use encrypted filesystem:
- Linux: LUKS encryption on data partition
- macOS: FileVault on data folder
- Windows: BitLocker on data folder
Syncthing Architecture
Device A (Laptop) Device B (Desktop)
├─ Syncthing Client ├─ Syncthing Client
├─ Config ├─ Config
└─ /data (unencrypted) └─ /data (unencrypted)
↓ ↑
└─ TLS Sync Connection ─────┘
(Encrypted in transit)
(Works over internet via relay if needed)
When to Use Syncthing
- You have multiple devices
- You want zero maintenance
- You don’t need web access
- You don’t need fine-grained permissions
- You want maximum uptime (no single point of failure)
Hardware Requirements Comparison
| Task | Nextcloud | Seafile | Syncthing |
|---|---|---|---|
| 10 GB storage | 4GB RAM, 2 cores | 2GB RAM, 2 cores | 1GB RAM, 1 core |
| 100 GB storage | 8GB RAM, 4 cores | 4GB RAM, 2 cores | 2GB RAM, 1 core |
| 1 TB storage | 16GB RAM, 8 cores | 8GB RAM, 4 cores | 4GB RAM, 2 cores |
| Minimal device | Pi 4 (slow) | Pi 4 (good) | Pi Zero (good) |
Real hardware recommendations:
Budget option: Raspberry Pi 4 (4GB) + Seafile
Cost: $60
Setup: Install Seafile in Docker
Supports: 20-30 concurrent users
Maintenance: Check once per month
Balanced option: Used mini PC (Lenovo ThinkCenter) + Nextcloud
Cost: $150-200
Setup: Install Docker, run docker-compose
Supports: 50+ concurrent users
Maintenance: Updates once per month
Resilient option: Multiple Raspberry Pi 4s with Syncthing
Cost: $120-180 (3 devices)
Setup: Install Syncthing, configure peer connections
Supports: Unlimited (no server)
Maintenance: Minimal, devices sync automatically
Encryption and Security Comparison
| Aspect | Nextcloud | Seafile | Syncthing |
|---|---|---|---|
| In-transit encryption | TLS/HTTPS | TLS/HTTPS | TLS (enforced) |
| Server-side encryption | Optional | Optional (per library) | N/A (no server) |
| End-to-end encryption | E2EE mode | Available | N/A (all local) |
| Key management | Client or server | Client | Unnecessary |
| Audit trail | Yes | Yes | No audit |
| Access control | Granular | Per-library | None (peer) |
Real-World Scenario: Which to Choose?
Scenario 1: Family Backup
Goal: Backup family photos, documents, and calendars. No external access needed.
Choice: Syncthing on home PC + Raspberry Pi 4 backup
- Laptop syncs to home PC via Syncthing
- Home PC syncs to Raspberry Pi (backup)
- Raspberry Pi sits on NAS in closet
- If laptop breaks: restore from Pi
- If home PC breaks: restore from Pi
- Zero internet exposure, maximum privacy
- Cost: $60 (Raspberry Pi only)
Scenario 2: Small Remote Team
Goal: Sync documents, calendar, contacts across 5 people. Need to access remotely.
Choice: Nextcloud on mini PC or NAS
- Each person installs Nextcloud client
- Syncs automatically throughout day
- Can access via browser when traveling
- Calendar syncs (iCal), contacts syncs (CardDAV)
- 8-hour setup time
- Cost: $150-300 (hardware)
Scenario 3: Performance-Critical File Sync
Goal: Sync large media files frequently. Minimal overhead.
Choice: Seafile on mini PC
- Lightweight, fast sync
- Minimal CPU usage
- Can handle large files (GB+)
- Library-based organization works well
- Setup time: 2 hours
- Cost: $150 (hardware)
Backup Strategy for Self-Hosted Storage
Self-hosting storage requires a backup strategy. Data is your responsibility.
Strategy 1: External Drive Backup (Simple)
Daily:
1. Run backup script (rsync or duplicacy)
2. Copy data from server to external USB drive
3. Disconnect USB drive, store in different location
Script:
#!/bin/bash
rsync -av --delete /var/lib/docker/volumes/nextcloud_data/_data/ /mnt/external_backup/
Cost: $80 (2TB external drive)
Time: 5 minutes per backup
Recovery: 1 hour to restore
Strategy 2: Cloud Backup (Redundant)
Daily:
1. Run duplicacy/restic
2. Encrypts data with your key (provider can't read)
3. Uploads to B2, Wasabi, or Backblaze
Script:
#!/bin/bash
duplicacy backup -stats
Cost: $0.006/GB/month (Wasabi)
Time: Automatic
Recovery: Automatic restore
Combined Backup (Recommended)
Nextcloud/Seafile Server
├─ Daily local backup to external drive (onsite)
├─ Encrypted cloud backup to B2 (offsite)
└─ Weekly export of database to external drive
This handles:
- Hardware failure (external drive)
- Server compromise (cloud backup with your encryption key)
- Data corruption (weekly snapshots)
Related Reading
- Nextcloud vs OwnCloud Self-Hosted Comparison
- Best Self-Hosted File Sync Alternatives in 2026
- Bitwarden Self-Hosted Setup Guide
- Bitwarden vs Vaultwarden Self-Hosted: A Technical Comparison
- How To Set Up Jitsi Meet Self Hosted Encrypted Video Confere
Built by theluckystrike — More at zovo.one