Self-host Nextcloud on a VPS.
Your own Google Drive, Photos, Contacts and Office.
Nextcloud is the open, self-hostable replacement for the Google Workspace stack. File sync, photo backup, contacts, calendar, collaborative documents, end-to-end encrypted chat and video — running on a Nordic VPS you own, behind a domain you chose, on disks you control.
- 01
Nextcloud All-in-One is one Docker container that bundles the server, database, Redis, the office suite, the chat backend, automatic HTTPS and automatic backups. The right starting point in 2026.
- 02
Size the VPS to your photo library plus 2×. A single-user setup wants 4 GB RAM, multi-core and 80–200 GB of disk. The Iron tier covers most personal use.
- 03
Data residency matters as much as the install. Nordic constitutional press-freedom jurisdictions constrain how a state can compel cloud data; that is the half of the privacy story the software cannot solve.
What Nextcloud actually replaces. And what it does not.
Nextcloud started in 2016 as a fork of ownCloud and is now the most-deployed self-hosted productivity suite in the world. The core is a PHP application that handles file sync, the apps ecosystem extends it into roughly every adjacent workflow Google and Microsoft sell.
What it replaces 1:1. Google Drive (Files), Google Photos (Photos with face recognition, geo-tagging, albums), Google Contacts and Google Calendar (via CardDAV / CalDAV which iOS and Android both speak natively), Dropbox sync, basic Office 365 document editing (Nextcloud Office, based on Collabora). For these, the migration story is bulk-import the existing data, point your devices at the new server, done.
What it replaces with caveats. Zoom (Nextcloud Talk does 1:1 and small-group video calls comfortably; large webinars need a Talk High-Performance Backend), WhatsApp for file shares (Nextcloud Files external share + Talk chat), Microsoft Teams (Talk + Office), Notion (Deck for kanban, Text for documents — less polished than Notion, more permanent).
What it does not replace. Google Sheets at the high end (Nextcloud Office's spreadsheet is roughly Excel 2010), Gmail (use a self-hosted mail server — covered in a separate guide), search across all your data (Nextcloud Search is per-app, not unified). For these, plan on a parallel solution rather than the Nextcloud-only path.
Sizing the VPS. The surprises are always in disk.
Nextcloud is not CPU-heavy. The PHP application spends most of its time waiting on disk and database. The two sizing axes that actually matter are RAM (for the database + Redis + PHP-FPM workers) and disk (for everything you sync).
RAM floor. All-in-One needs 2 GB to start. With ten installed apps, the photo Memories app indexing in the background and three concurrent clients syncing, expect a working set of 3–4 GB. The <a href="/vps/" class="text-nord-cyan border-b border-nord-cyan/40 hover:border-nord-cyan transition">Iron tier</a> (4 vCPU, 8 GB RAM, 160 GB SSD, $24.90/mo) is the sweet spot for a single-user personal cloud.
Disk reality. Your phone's camera roll plus document archive is the floor. A 5-year iPhone library is typically 80–200 GB; double it because you will also keep file versions, the trash, generated photo thumbnails and the database indices. For a family of four, plan 500 GB minimum — the Granite tier (12 vCPU, 32 GB RAM, 640 GB NVMe) is sized for this.
CPU. Two cores will do for one user. Memories app face-recognition indexing is the only thing that benefits from more — and it runs once, then idles. There is no reason to overspec CPU for Nextcloud; the budget is better spent on RAM and SSD.
The All-in-One install. One command, one wizard, sixty minutes.
Spin up a fresh Debian 12 VPS, point a DNS A record (cloud.example.com) at it, SSH in as a sudo user. The install is a single docker run that spawns the master container, which in turn orchestrates the rest of the stack.
1. Install Docker. curl -fsSL https://get.docker.com | sh — log out, log back in if you added your user to the docker group.
2. Run the AIO master. docker run -d --name nextcloud-aio-mastercontainer --restart always -p 80:80 -p 8080:8080 -p 8443:8443 -v nextcloud_aio_mastercontainer:/mnt/docker-aio-config -v /var/run/docker.sock:/var/run/docker.sock:ro nextcloud/all-in-one:latest — the container exposes the admin UI on https://your-server:8080.
3. Open the admin wizard. Browse to https://<vps-ip>:8080, copy the one-time admin password the wizard displays, enter your cloud.example.com domain, select the apps you want (Office, Talk, Memories, Mail bridge — pick whatever is relevant), kick off the deployment. The wizard pulls the dependent containers, configures TLS via Let's Encrypt, runs the initial database migrations, generates the admin account credentials.
4. First login. After ~10 minutes (longer on small VPS) the wizard shows you the admin password for Nextcloud itself. Log into https://cloud.example.com with admin + that password, change the password immediately, create your real user account, walk through the per-app initial settings.
5. Lock the admin UI behind your IP. The wizard at port 8080 is publicly reachable until you close it. Add an ufw rule: ufw allow from <your-home-ip> to any port 8080 && ufw deny 8080 — the admin remains accessible from your home address, invisible elsewhere.
Mobile, Office, Talk. Plumbing the clients.
iOS / Android. Install the official Nextcloud app from the App Store / Play Store. Sign in with cloud.example.com + your account credentials. Enable AutoUpload in settings for photos and videos — this is the Google Photos replacement; phone goes idle on the charger, photos sync to the server in the background.
Contacts and calendar. iOS: Settings → Calendar / Contacts → Accounts → Add Account → Other → CardDAV / CalDAV → cloud.example.com/remote.php/dav, your username, app password. Android: install DAVx5 from F-Droid, point at the same URL. Now your iPhone Contacts app and your Android Contacts app are the same address book, synced through Nextcloud.
Office. If you ticked the Office app in the AIO wizard, Collabora Online is already running. Open any .docx / .xlsx / .pptx in the Files app, the document opens in a browser-based Word-equivalent editor with real-time collaborative editing if you share the link.
Talk. Voice and video calls, group chat, screen sharing — Talk handles 1:1 and small-group calls (up to ~6) directly through the AIO Talk container. Above that count, you need the High-Performance Backend (a separate Janus-based service). For a personal cloud, the default is sufficient.
Backups, snapshots, encryption. Three independent layers.
Application backups (AIO BorgBackup). AIO includes a built-in BorgBackup integration. Configure the daily backup target in the admin UI — a second VPS over SSH, a Backblaze B2 bucket via rclone, your home NAS over WireGuard. Borg deduplicates and encrypts; a 100 GB Nextcloud typically backs up in ~5 GB after dedup.
Snapshot backups (VPS panel). NordBastion VPS supports filesystem snapshots from the panel — take one before any major Nextcloud upgrade (28→29, 29→30) and before installing any third-party app. Rolling back is one click. Snapshots complement but do not replace the Borg backup — they live on the same datacentre.
Encryption at rest. Nextcloud supports server-side encryption for file data, but the encryption key lives on the same server — it protects against an offline disk seizure, not against a live root compromise. For a stronger story, encrypt the VPS root disk itself (LUKS + remote unlock via Tang/Clevis) and treat the server-side encryption as a defence-in-depth layer.
End-to-end encryption. Nextcloud E2EE encrypts files in client-marked folders before they leave the device — the server holds ciphertext only. Coverage is partial (no Office, no Photos preview, no Talk attachments) so it is the right answer for sensitive subsets, not the whole vault.
Why the data centre matters. The jurisdiction floor.
Self-hosting is half the privacy story. The other half is what jurisdiction the metal sits in. Nextcloud running on a US-based VPS is technically the same software running on a Swedish one, but the legal regime that touches the disk is different. A US warrant compels disclosure under the Stored Communications Act and the CLOUD Act; a Swedish equivalent operates under Tryckfrihetsförordningen, with explicit protections for communication infrastructure operators.
The four Nordic constitutional press-freedom regimes (Sweden, Finland, Norway, Iceland) constrain the shape of state compulsion. Each is different — the deep-dive is the dedicated <a href="/guides/nordic-jurisdictions-for-privacy-hosting/" class="text-nord-cyan border-b border-nord-cyan/40 hover:border-nord-cyan transition">Nordic jurisdictions guide</a> — but they share the same fundamental property: an infrastructure operator has explicit statutory standing to refuse over-broad requests, with documented case-law to point at.
For Nextcloud specifically, the workload contains photos, location-tagged, dated, of family and friends — plus a calendar that shows where you go and when, contacts that show who you know, documents that include tax filings and contracts. The aggregate is a richer profile than your bank holds. Putting that aggregate in a jurisdiction that has constitutional protections around compulsion is not paranoia; it is matching the legal floor to the value of the data.
NordBastion VPS exists for exactly this combination — KYC-free signup so the rental is not tied to your real-world identity, crypto payment so the wallet trail is not tied to your bank, and a choice of four Nordic data centres so you control the legal regime. Self-hosting Nextcloud is a great decision; making sure the metal underneath it shares the same posture is the move that completes the story.
Questions, answered.
Eight questions that surface before, during and after migrating to a self-hosted Nextcloud.
What does Nextcloud actually replace?
Google Drive, Google Photos, Google Contacts, Google Calendar, Office 365, Dropbox, WhatsApp file-sharing and Zoom — at the level of file sync, photo backup, contact and calendar CalDAV/CardDAV, collaborative document editing, video calls. The replacement is not 1:1 for every workflow (Google Sheets has features Nextcloud Office does not) but for the bulk of personal cloud use it is genuinely complete.
How much disk and RAM does Nextcloud need?
The Nextcloud Docker All-in-One image needs 2 GB of RAM as the practical minimum, 4 GB to be comfortable for a single user, 8 GB for a small team. Disk depends entirely on what you sync; budget your phone's photo library plus 2× as a starting point. The NordBastion Iron VPS tier (4 vCPU, 8 GB RAM, 160 GB SSD) is right for a single user with a 100 GB photo library plus documents.
Why does where I host Nextcloud matter?
Because everything you put in Nextcloud — photos, documents, contacts, calendar, password-recovery keys — sits on the disk of the VPS. Whoever can compel the data centre can in principle compel the disk. Nordic jurisdictions (Sweden, Finland, Norway, Iceland) constrain that compulsion through constitutional press-freedom statutes; the same workflow on a US-based VPS sits under a different legal regime. Server-side encryption helps but is not a complete answer because the key lives on the same server.
Should I use the Nextcloud All-in-One image or the bare-metal install?
For most readers, All-in-One is the right answer in 2026. The bare-metal LAMP install gives you more control and slightly better performance, at the cost of managing PHP-FPM, MariaDB, Redis, the cron and the update flow yourself. All-in-One bundles all of that into one orchestrated container with automatic backups, automatic updates and HTTPS — the operational overhead is roughly 10% of the bare-metal path. The performance gap is real but small for personal use.
Is Nextcloud GDPR-friendly?
Yes — and self-hosting Nextcloud is one of the cleanest GDPR postures available. You are the data controller, the data sits on infrastructure you rent in a jurisdiction you chose, no third-party processor is involved by default. The GDPR data-export and right-to-be-forgotten requirements that hosted SaaS struggles with reduce to a tar.gz and a docker rm. For EU citizens specifically, hosting Nextcloud on a Nordic VPS keeps the data within the EU/EEA legal perimeter, removing the Schrems-II problem at source.
Can I use S3 storage with Nextcloud?
Yes — Nextcloud supports S3 as a primary storage backend or as External Storage mounted on a per-user basis. The primary-storage mode pushes every file the user uploads directly to the bucket and lets the VPS itself stay small (the disk only holds the database, the cache and the application). Use this when you want disk-cheap scaling and accept the per-request S3 latency. The External Storage mode is the better fit for "old archives over here, hot files local" hybrid setups.
How do I handle Nextcloud upgrades without breaking things?
All-in-One: the container handles the upgrade flow itself, snapshots the database before each upgrade, rolls back on failure. Bare-metal: occ upgrade is the supported path, but the rule of "snapshot the whole VPS, then upgrade, then verify" is non-optional. Nextcloud minor upgrades (28.0 → 28.1) are generally safe; major upgrades (28 → 29) deserve more care. NordBastion VPS supports filesystem snapshots from the panel, which makes the rollback path one click.
What is the biggest reason people abandon their self-hosted Nextcloud?
They run out of disk and the sync silently breaks. Two prevention steps: enable the Quota app to enforce per-user limits before the disk fills, and set a Prometheus or Uptime-Kuma alert on disk usage at 80%. The third step — actually move old data to cold storage when alerted — is the one people skip. Build it into your monthly maintenance from day one.
Rent a Nordic VPS, pay in crypto, run your own Nextcloud.
The Iron tier (4 vCPU, 8 GB RAM, 160 GB NVMe, $24.90/month) is right for a personal cloud. The Granite tier (12 vCPU, 32 GB RAM, 640 GB) is the family-of-four answer.
Last reviewed · 2026-05-20 · Sources · Nextcloud upstream docs, AIO release notes, Collabora / Talk compatibility matrix · Cadence · yearly
Anonymous VPS hosting in 2026 — the cluster.
This guide is one spoke of a larger series. The pillar walks the three privacy layers end to end — the sibling spokes below dive into the specifics.
Three independent layers — signup, payment, network — explained, legal context included, common mistakes flagged.
Bitwarden-compatible password vault under your own control.
Postfix, Dovecot, SPF/DKIM/DMARC — deliverability included.
A meta search engine that does not log you — because you own it.
What “no KYC” actually means — and what it does not.