All systems operational 21 cryptocurrencies accepted · Monero welcome No-KYC policy
ChainVPS

Cloud storage · no KYC

Host Nextcloud on an Offshore VPS

Nextcloud gives you a full private cloud — files, sync, calendar, and contacts — running entirely on hardware you control, with no third party reading your data.

What it is

Nextcloud is an open-source cloud storage and collaboration platform: file sync across desktop and mobile, sharing, calendar, contacts, and an app ecosystem for office documents, notes, and photos. It is the leading self-hosted alternative to Dropbox, Google Drive, and iCloud, with all data stored on your own server.

Why host it offshore

On a no-KYC, offshore VPS your files never touch a US or EU big-cloud account tied to your identity, and unmetered bandwidth means large sync loads and shared media downloads don't rack up egress fees. Paying in crypto and choosing a privacy-tier location keeps the storage of personal documents free of identity records and outside common data-request jurisdictions.

The deploy

A working reference setup

Copy this onto a fresh ChainVPS instance. Replace the placeholders, then bring it up.

docker-compose.yml
## docker-compose.yml — Nextcloud + MariaDB + Redis
## Prereqs on Ubuntu 24.04:
##   apt update && apt install -y docker.io docker-compose-v2
## Put this file in /opt/nextcloud/ and run:  docker compose up -d
## Then front it with a TLS reverse proxy (Caddy/Nginx) on 443 -> 127.0.0.1:8080

services:
  db:
    image: mariadb:11
    restart: unless-stopped
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    environment:
      - MARIADB_ROOT_PASSWORD=CHANGE_ME_root
      - MARIADB_DATABASE=nextcloud
      - MARIADB_USER=nextcloud
      - MARIADB_PASSWORD=CHANGE_ME_db
    networks:
      - nc

  redis:
    image: redis:7-alpine
    restart: unless-stopped
    command: redis-server --requirepass CHANGE_ME_redis
    networks:
      - nc

  app:
    image: nextcloud:30-apache
    restart: unless-stopped
    depends_on:
      - db
      - redis
    ports:
      - "127.0.0.1:8080:80"   # bind to localhost; expose via reverse proxy TLS
    volumes:
      - nextcloud:/var/www/html          # app + config + apps
      - ./data:/var/www/html/data        # user files (put on your big data volume)
    environment:
      - MYSQL_HOST=db
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=CHANGE_ME_db
      - REDIS_HOST=redis
      - REDIS_HOST_PASSWORD=CHANGE_ME_redis
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_ADMIN_PASSWORD=CHANGE_ME_admin
      - NEXTCLOUD_TRUSTED_DOMAINS=cloud.example.com
      - OVERWRITEPROTOCOL=https           # required behind a TLS proxy
    networks:
      - nc

volumes:
  db:
  nextcloud:

networks:
  nc:

Firewall

Ports to open

PortProtocolPurpose
443TCPHTTPS access via your TLS reverse proxy (Caddy/Nginx) — the only port you expose publicly
80TCPHTTP for ACME/Let's Encrypt challenge and redirect to HTTPS
8080TCPNextcloud container HTTP, bound to 127.0.0.1 only and reached by the reverse proxy
3478TCP/UDPOptional: TURN/coturn for Nextcloud Talk audio/video calls

Right-sizing

Which plan you need

Light

VPS Small (2 vCPU / 4 GB RAM)

1-5 users, personal file sync + calendar/contacts. Add a Storage plan volume for the data directory as your library grows.

Medium

VPS Pro (4 vCPU / 8 GB RAM)

10-30 users with active sync, previews, and Collabora/OnlyOffice document editing. Pair with a large Storage-tier data volume.

Heavy

Dedicated (8+ cores / 32 GB RAM) + Storage node

50+ users, team collaboration, Talk video calls, and heavy preview generation. Move user data to a dedicated Storage server or S3-compatible external storage.

Best locations: Because Nextcloud holds personal documents, pick a privacy-tier location — NL, CH, RO, IS, MD, or LU. Switzerland and Iceland have strong constitutional data-protection and are outside the 14-Eyes core; Moldova and Romania sit outside EU data-sharing pressure. Choose the region nearest your users to keep sync latency low while staying in a privacy-friendly jurisdiction.

Lock it down

Hardening checklist

  • Never expose the container port directly — bind Nextcloud to 127.0.0.1:8080 and terminate TLS at a Caddy or Nginx reverse proxy, forcing HTTPS with HSTS. Set OVERWRITEPROTOCOL=https so generated URLs are correct.
  • Lock NEXTCLOUD_TRUSTED_DOMAINS to your real hostname, use long random passwords for the admin/db/redis, and after first boot run 'occ config:system:set trusted_domains' rather than leaving wildcards.
  • Enable server-side encryption for external storage and turn on brute-force protection plus 2FA (TOTP) for all accounts; put the login behind fail2ban watching the Nextcloud log.
  • Move the /data directory onto a separate large volume (ChainVPS Storage) and schedule 'occ maintenance:mode' backups of both the database dump and the data dir; test restores periodically.
  • Run the recommended cron background job via a system cron calling 'docker compose exec -u www-data app php cron.php' every 5 minutes instead of AJAX cron, and add memory caching (Redis is wired above) to clear the admin overview warnings.

Questions

Hosting Nextcloud — FAQ

Do I need a domain name?

Yes, in practice. Nextcloud needs a hostname for a valid TLS certificate and for the mobile/desktop sync clients to connect securely. Point an A record at your VPS IP and put it in NEXTCLOUD_TRUSTED_DOMAINS.

Which ChainVPS product should I pick — VPS or Storage?

Start on a VPS for the app itself, and attach or pair a Storage plan for the actual file data. Nextcloud's compute needs are modest; it is disk-hungry, so cheap high-capacity storage is where the real sizing decision lives.

Can I keep my file data outside the main disk?

Yes. Mount a separate Storage volume at the /data path, or configure S3-compatible external storage. This lets you grow capacity independently of the VPS and simplifies backups.

Is unmetered bandwidth actually useful for Nextcloud?

Very. Initial syncs, large media libraries, and multi-device usage move a lot of data. Unmetered transfer means big uploads and downloads don't generate surprise egress bills the way big-cloud providers do.

How do I keep it updated and secure?

Pin a major image tag (e.g. nextcloud:30-apache), snapshot before upgrading, then bump one major version at a time and run 'occ upgrade'. Combine that with 2FA, fail2ban, and off-host backups for a solid baseline.

Will paying in crypto keep my storage private?

Payment is no-KYC and no identity is attached to the account, but privacy end-to-end also depends on your setup: use a privacy-tier location, enable encryption, and control your own admin credentials. ChainVPS never asks for identity documents.

Spin up Nextcloud
in the next 60 seconds.

Unmetered bandwidth · DDoS included · 21 cryptocurrencies · no KYC.