Skip to main content

Self-Hosted File Sync Solutions: Syncthing, Nextcloud, and OwnCloud

· 5 min read
Max Kaido
Max Kaido
Architect

In today's digital landscape, maintaining control over your data while ensuring accessibility across devices is crucial. Self-hosted file synchronization solutions offer a compelling alternative to commercial cloud services, providing enhanced privacy, customization, and ownership. This guide explores three popular options—Syncthing, Nextcloud, and OwnCloud—detailing their ideal use cases and how to secure them with Cloudflare Zero Trust.

Comparing the Solutions

Before diving into implementation details, let's understand the key differences between these platforms:

FeatureSyncthingNextcloudOwnCloud
ArchitectureDecentralized P2PClient-serverClient-server
Server RequirementNone (P2P)YesYes
Web InterfaceBasic monitoring onlyFull-featuredFull-featured
Mobile AppsAndroid/iOSAndroid/iOSAndroid/iOS
CollaborationLimitedExtensiveExtensive
Additional FeaturesFile sync onlyCalendar, Contacts, Office suite, etc.Calendar, Contacts, Office suite, etc.
Ideal ForSimple file sync between devicesComplete cloud replacementBusiness-focused cloud solution

Syncthing: Decentralized File Synchronization

Ideal Use Cases

Syncthing excels in scenarios where you need:

  • Direct device-to-device synchronization without a central server
  • Simple setup with minimal infrastructure requirements
  • Privacy-focused file sharing between trusted devices
  • Low-resource synchronization solution for older hardware
  • Selective synchronization of specific folders across devices

Syncthing is perfect for personal use cases like:

  • Keeping documents in sync between your work and home computers
  • Backing up photos from your phone to your desktop automatically
  • Sharing project files with a small team without a central server

Accessing Syncthing

Web UI Access

Syncthing provides a web interface for monitoring and configuration, typically available at:

http://localhost:8384

To access it remotely via Cloudflare Zero Trust:

  1. Create a Cloudflare Tunnel application:

    cloudflared tunnel create syncthing

  2. Configure the tunnel in your config.yml:

    tunnel: <your-tunnel-id>
    credentials-file: /path/to/credentials.json

    ingress:
      - hostname: syncthing.yourdomain.com
        service: http://localhost:8384
      - service: http_status:404

  3. Create a DNS record in Cloudflare:

    syncthing.yourdomain.com -> <your-tunnel-id>.cfargotunnel.com

  4. Configure Cloudflare Access policies to restrict access to authorized users.

Android Access

  1. Install the Syncthing app from Google Play Store
  2. Add your device ID to your other Syncthing instances
  3. Configure folders to sync with your other devices

Ubuntu Integration

To mount Syncthing folders on Ubuntu, you don't need special mounting as Syncthing works with regular directories. However, to ensure Syncthing starts automatically:

  1. Create a systemd service:

    sudo nano /etc/systemd/system/syncthing@.service

  2. Add the following content:

    [Unit]
    Description=Syncthing - Open Source Continuous File Synchronization for %I
    Documentation=man:syncthing(1)
    After=network.target

    [Service]
    User=%i
    ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0
    Restart=on-failure
    SuccessExitStatus=3 4
    RestartForceExitStatus=3 4

    [Install]
    WantedBy=multi-user.target

  3. Enable and start the service:

    sudo systemctl enable syncthing@username
    sudo systemctl start syncthing@username

Nextcloud: Comprehensive Self-Hosted Cloud

Ideal Use Cases

Nextcloud is ideal when you need:

  • Complete cloud solution with file sync, sharing, and collaboration
  • Centralized management of users, permissions, and data
  • Integration with existing tools through a rich app ecosystem
  • Advanced features like calendar, contacts, and office document editing
  • Multi-user environment with fine-grained access controls

Perfect for:

  • Small to medium businesses needing a Google Workspace/Microsoft 365 alternative
  • Families wanting to share photos, calendars, and documents
  • Teams requiring collaborative document editing and project management
  • Individuals seeking a complete replacement for commercial cloud services

Accessing Nextcloud

Web UI Access

Nextcloud's primary interface is web-based, typically available at:

https://your-server/nextcloud

To secure it with Cloudflare Zero Trust:

  1. Create a Cloudflare Tunnel:

    cloudflared tunnel create nextcloud

  2. Configure the tunnel:

    tunnel: <your-tunnel-id>
    credentials-file: /path/to/credentials.json

    ingress:
      - hostname: nextcloud.yourdomain.com
        service: http://localhost:80
      - service: http_status:404

  3. Create a DNS record:

    nextcloud.yourdomain.com -> <your-tunnel-id>.cfargotunnel.com

  4. Important: Update Nextcloud's trusted domains in config.php:

    'trusted_domains' =>
    array (
      0 => 'localhost',
      1 => 'nextcloud.yourdomain.com',
    ),

  5. Configure Cloudflare Access policies to restrict access to authorized users.

Android Access

  1. Install the Nextcloud app from Google Play Store
  2. Enter your server address: https://nextcloud.yourdomain.com
  3. Log in with your Nextcloud credentials

Additional Android apps:

Ubuntu Integration

To mount Nextcloud on Ubuntu:

  1. Install the required packages:

    sudo apt install davfs2

  2. Create a mount point:

    mkdir ~/nextcloud

  3. Add your credentials to the secrets file:

    echo "https://nextcloud.yourdomain.com/remote.php/dav/files/USERNAME/ USERNAME PASSWORD" | sudo tee -a /etc/davfs2/secrets

  4. Secure the secrets file:

    sudo chmod 600 /etc/davfs2/secrets

  5. Add to /etc/fstab for automatic mounting:

    https://nextcloud.yourdomain.com/remote.php/dav/files/USERNAME/ /home/user/nextcloud davfs user,rw,auto 0 0

  6. Add your user to the davfs2 group:

    sudo usermod -aG davfs2 $USER

  7. Mount the drive:

    mount ~/nextcloud

OwnCloud: Enterprise-Focused File Sharing

Ideal Use Cases

OwnCloud is best suited for:

  • Enterprise environments requiring robust file sharing
  • Integration with existing enterprise systems like LDAP/Active Directory
  • Compliance-focused deployments with audit logging
  • Hybrid cloud scenarios connecting on-premises and cloud storage
  • Customized deployments with specific business requirements

Perfect for:

  • Medium to large enterprises with complex compliance requirements
  • Organizations with existing infrastructure needing cloud capabilities
  • Teams requiring secure external sharing with clients and partners
  • Businesses needing to maintain data residency in specific regions

Accessing OwnCloud

Web UI Access

OwnCloud's web interface is typically available at:

https://your-server/owncloud

To secure it with Cloudflare Zero Trust:

  1. Create a Cloudflare Tunnel:

    cloudflared tunnel create owncloud

  2. Configure the tunnel:

    tunnel: <your-tunnel-id>
    credentials-file: /path/to/credentials.json

    ingress:
      - hostname: owncloud.yourdomain.com
        service: http://localhost:80
      - service: http_status:404

  3. Create a DNS record:

    owncloud.yourdomain.com -> <your-tunnel-id>.cfargotunnel.com

  4. Update OwnCloud's trusted domains in config.php:

    'trusted_domains' =>
    array (
      0 => 'localhost',
      1 => 'owncloud.yourdomain.com',
    ),

  5. Configure Cloudflare Access policies to restrict access to authorized users.

Android Access

  1. Install the OwnCloud app from Google Play Store
  2. Enter your server address: https://owncloud.yourdomain.com
  3. Log in with your OwnCloud credentials

Ubuntu Integration

To mount OwnCloud on Ubuntu:

  1. Install the required packages:

    sudo apt install davfs2

  2. Create a mount point:

    mkdir ~/owncloud

  3. Add your credentials to the secrets file:

    echo "https://owncloud.yourdomain.com/remote.php/dav/files/USERNAME/ USERNAME PASSWORD" | sudo tee -a /etc/davfs2/secrets

  4. Secure the secrets file:

    sudo chmod 600 /etc/davfs2/secrets

  5. Add to /etc/fstab for automatic mounting:

    https://owncloud.yourdomain.com/remote.php/dav/files/USERNAME/ /home/user/owncloud davfs user,rw,auto 0 0

  6. Add your user to the davfs2 group:

    sudo usermod -aG davfs2 $USER

  7. Mount the drive:

    mount ~/owncloud

Cloudflare Zero Trust Configuration Best Practices

When securing these services with Cloudflare Zero Trust, consider these additional best practices:

1. Application-Specific Policies

Create separate access policies for each application:

Access Policy for Syncthing:
- Allow access to syncthing.yourdomain.com
- Require email ending in @yourcompany.com
- Require successful authentication

Access Policy for Nextcloud:
- Allow access to nextcloud.yourdomain.com
- Require specific user group membership
- Enable device posture checks

2. Authentication Methods

Configure multiple authentication methods:

  • One-time PIN
  • Social login (Google, GitHub)
  • Corporate identity provider (Okta, Azure AD)
  • WebAuthn for passwordless authentication

3. Device Posture Checks

Implement device posture checks to ensure only secure devices can connect:

  • Require up-to-date operating systems
  • Verify firewall and antivirus status
  • Check for disk encryption
  • Validate certificate presence

4. Session Management

Configure appropriate session durations:

session_duration: 24h  # For regular access
session_duration: 1h   # For sensitive applications

5. Logging and Monitoring

Enable detailed logs for security monitoring:

  1. In Cloudflare dashboard, go to Access > Logs
  2. Configure log retention period
  3. Set up alerts for suspicious activities
  4. Consider integrating with SIEM solutions

Conclusion

Self-hosted file synchronization solutions offer powerful alternatives to commercial cloud services, providing greater control, privacy, and customization. By securing these services with Cloudflare Zero Trust, you can enjoy the benefits of self-hosting while maintaining enterprise-grade security.

  • Syncthing is ideal for simple, direct device-to-device synchronization without a central server.
  • Nextcloud provides a comprehensive cloud replacement with collaboration features.
  • OwnCloud focuses on enterprise needs with robust compliance and integration capabilities.

By following the configuration guidelines in this post, you can create a secure, accessible file synchronization environment that meets your specific needs while maintaining control over your data.

Remember that self-hosting comes with responsibilities—regular updates, backups, and security monitoring are essential to maintain a secure environment. However, the benefits of data sovereignty and privacy make these efforts worthwhile for many individuals and organizations.