Cotton Cloud is self-hosted cloud storage. For serious files.

Open-source file storage you run yourself: drop in 100 GB, walk away, and come back to done. No babysitting, no broken uploads, no "finalizing" freeze.

Cotton workspaceLibrary / Photography / 2026
FilesSnapshotsShares
Library/Photography/2026
2.4k
Photography
18.4 GB
947
Documents
92.1 GB
mountain-backup.jpg
lake-trip.heic
leaf-macro.jpg
spring-blossom.jpg
castle-raw.jpg
02:14walkthrough.mov
Security report
audit.pdfPDF
12:48
voice-note.m4aencrypted preview
bracket-v3.stl
Apps

Not just a browser tab.

Cotton Cloud ships real clients: an Android app and a Cotton Sync desktop agent for Windows and Linux. Install once, keep your files in sync.

What it does

Eight things most self-hosted cloud storage skips.

The details that usually hide in a backlog. The developer wrote them anyway. Each one is a real product surface, not a screenshot from a pitch deck.

Seek on encrypted video. Without decrypting the file.Range reads through AES-GCM chunks. Per-chunk auth tags assemble the byte range on the fly. No temp file, no full download. Most self-hosted clouds decrypt to disk first. This one doesn't.
Audio you can actually browse.Embedded cover art when it's there. Generated waveform when it's not. Synced lyrics from a sidecar LRC file. One preview component, no plugin marketplace.
3D models. In the browser. Right now.STL, OBJ, 3MF -- rendered with f3d in the same preview pipeline. 3MF uses embedded thumbnails when present, falls back to live render otherwise. The point is not another viewer; it is one file surface for photos, docs, audio, video, and models.
Upload 100 GB. Walk away. No "finalizing" freeze.Chunks hash in a web worker. Parallel uploads. Only missing chunks retry. No "wait while we recompute" step at the end. The product proof is sustained progress, not a fast-looking first burst.
Markdown that renders like a document.Headings, code blocks with syntax highlighting, table of contents, selectable text. Open a README inside the file cloud instead of downloading it to find out what's in it.
Search across millions of files. Instant.Structural metadata, not path-string grep. Folder trees with hundreds of thousands of entries return matches without spinning. Try the same search on a folder you forgot you had.
Admin Security Checkup. Your hardening, scored 0-10.15+ container hardening signals checked from inside the app: .NET diagnostics, seccomp, ptrace caps, no-new-privileges, dumpability, AppArmor, Docker socket exposure. You get a score, not a 'skill issue'.
DB lost? Cotton restores from its own backup.On boot Cotton checks if the database is empty, finds the latest backup manifest in its own protected storage, rebuilds the dump from stored chunks, verifies hashes, restores it, and notifies admins. Recovery is part of the product path, not only an external runbook.
Click around the real instance instead of reading about it.Open live demo
Try it

Pick your network. See what you actually get.

Pick the link you run on at home or at work. Cotton compares that network to the slowest measured local write-path stage, so the table reads like deployment capacity instead of a synthetic headline.

How storage works

Ten people upload the same file. One slot on disk.

Cotton Cloud separates who owns a file from where the bytes live. The same file from ten users does not need ten physical copies. Each user keeps their own visible file, versions, shares and permissions; the chunks live once.

The naive way

Three uploads. Three copies. Disk eaten three times.

What most file clouds do. Easy to picture, expensive to grow, and you pay for every duplicate forever.

Encrypted but blind

Three sealed blobs. Encrypted, and still triplicated.

Some self-hosted clouds add encryption on top of naive storage. Security goes up, dedup goes to zero, disk bill stays the same.

The Cotton way

Three visible files. One set of chunks on disk.

Each user keeps their own file, versions, shares, permissions. The bytes live once. Hash identity, compression, encryption and manifests work together by design.

Client-side encrypted folders keep a stricter privacy boundary - for those, the server stores opaque blobs and dedup steps aside on purpose.
Lifecycle

Same engine, browser to disk and back. No special crisis path.

Upload, encrypt, store, preview, seek, share, verify, reclaim - all of it through one pipeline, same chunks, same model. A 10 KB note and a 100 GB folder follow the same code.

Ingest01

Hash. Split. Resume what is missing.

1
Hashing in a web worker
Off the UI thread, so the browser stays responsive even mid-upload.
2
Parallel chunk upload
Drop Wi-Fi at 47 GB? Only the missing chunks retry.
client server validation
Transform02

Compress. Encrypt. Stay in the hot path.

3
Zstd before encryption
Compressible data shrinks before it goes opaque.
4
Streaming AES-GCM
Authenticated chunks. No "load whole file into RAM" step.
buffers filesystem or S3
Serve03

Preview, seek, share, verify, reclaim.

5
Seek inside encrypted files
Range reads assemble the byte slice through the cipher. No temp file.
6
Background integrity
Re-hash chunks at random. Catches a dying disk before users do.
manifest product features
User tree
Layout
Folder nodes
Visible file
Node file
Version lineage
Content
Manifest
Ordered chunk refs
Storage
SHA-256 chunks
Filesystem or S3
Run the whole pipeline yourself in 30 seconds.docker compose up -d
Why it exists

Built because nothing else worked.

Seven things Cotton Cloud treats as table stakes. Most self-hosted clouds treat them as roadmap items, plugins, or someone-else's problem.

Modern stack

Doesn't feel like 2012. Doesn't feel abandoned either.

Next.js on the front, .NET on the back, Postgres underneath. New releases ship every few weeks. The product feels fast because the stack is fast, and the git log is public if you want to watch the work happen.

Encrypted

By default. Not "files sitting in a folder anyone can open".

Streaming AES-GCM with per-chunk auth tags. Wrapped per-file keys. Selected folders go full client-side E2E with a vault key the server never sees. You don't toggle a setting to get security.

Dedup

Same file from ten people = one slot on disk.

Content-addressed chunks (SHA-256). Each user still gets their own file, versions, shares, permissions -- but the storage cost is paid once. Dedup is the engine, not a plugin you install.

Integrity

If a disk drops a chunk, Cotton Cloud makes noise.

Background jobs randomly re-hash stored chunks and compare against the manifest. Silent disk corruption gets caught before users notice. Most self-hosted clouds learn about a dying disk from a bug report -- this one tells you first.

Paranoia by default

Signed rows. Memory-only key. Admin checkup, scored 0-10.

The master key never has to live in env vars -- unlock through the browser, key stays in process memory only. Sensitive database rows carry signatures derived from that key, so tampered users, tokens, or manifests get flagged on read. Admin Security Checkup reads 15+ container hardening signals (.NET diagnostics, seccomp, ptrace, dumpability, AppArmor) and gives you a score, not a 'skill issue'.

Simple to run

One container. Postgres next to it. That's it.

No Redis to keep alive, no plugin marketplace to babysit, no extra worker fleet. One Docker image runs the web UI, API, background jobs, previews, and storage pipeline. Start it behind your normal TLS edge, back it up, and leave the app shape boring.

Built for self

Written by someone who had to use it daily.

Every detail you'll bump into -- restore UX, share lifecycle, mobile PDF, audio waveform, 3D preview, integrity signatures -- exists because the author got annoyed once and fixed it. Not because a roadmap PM scored it for backlog.

Polish

Small things you only notice when they're missing.

Product details that usually become roadmap tickets, plugins, or hidden admin chores. Cotton Cloud keeps them in the file workflow.

  • Passkeys + WebAuthn + TOTPModern auth, not just a password field.
  • File versionsVersions dialog, restore previous, retention policy.
  • Expiring share linksSingle-use tokens, auto-cleanup, share pages with previews.
  • Realtime syncChanges in one tab appear in another instantly. SignalR built in.
  • Audio lyrics + cover artLRC sidecar, embedded cover, waveform fallback.
  • HEIC, SVG, code highlightOpen in browser. No download, no plugin.
  • ZIP downloads (ZIP64, UTF-8)Real archive with content-length, not a streaming guess.
  • UI in EN / RUShared dictionaries keep localized pages on the same routes and components.
Vadim Belov
Who made this

I'm Vadim. I built Cotton because every self-hosted cloud I tried annoyed me.

Every feature exists because I got frustrated once and fixed it. No roadmap PM scored "audio waveform" or "STL viewer" for the backlog - I added them because I needed them. The git log is public. Issues get answered. The demo above is the same instance I use daily.

Compare

Pick by job. Not by logo.

Three places where Cotton bites hardest. Twelve honest comparisons on the full table.

Area
Cotton
Most self-hosted clouds
Large file uploads
Chunked upload path. Missing chunks retry. No "finalizing" freeze.
Often starts fast, then stalls or recomputes after the transfer.
Video seek on encrypted storage
Native - assembles the byte range through the cipher.
Decrypts the whole file to a temp folder first.
WebDAV speed
Same chunked pipeline as the native client.
Often a separate slow path.
Quickstart

30 seconds to a running instance.

Generate a password. Paste it once. Mount a volume. That's it.

docker-compose.yml
services:
  postgres:
    image: postgres:18
    environment:
      POSTGRES_DB: cotton
      POSTGRES_USER: cotton
      POSTGRES_PASSWORD: "replace with output of: openssl rand -base64 32"

  cotton:
    image: bvdcode/cotton:latest
    security_opt:
      - no-new-privileges:true
    ports:
      - "8080:8080"
    volumes:
      - /data/cotton:/app/files
    environment:
      COTTON_PG_HOST: postgres
      COTTON_PG_DATABASE: cotton
      COTTON_PG_USERNAME: cotton
      COTTON_PG_PASSWORD: "same value as POSTGRES_PASSWORD"

      # Optional unattended restarts; otherwise unlock in browser:
      # COTTON_MASTER_KEY: "replace with output of: openssl rand -base64 24"
FAQ

Quick answers before you dive into the docs.

Short, direct answers. The long version lives in the docs and in the deep-dive pages.

Is Cotton Cloud self-hosted cloud storage?

Yes. Cotton Cloud is self-hosted cloud storage for files, media, backups, sharing, WebDAV clients, snapshots, previews, and encrypted storage. You run it on infrastructure you control with Docker and Postgres.

Is Cotton end-to-end encrypted?

Two layers. Storage chunks are encrypted with AES-GCM by default -- that's the standard. Selected folders can also use client-side encryption with a vault key that never leaves your browser. We don't call the whole thing "E2E" because that would be marketing fiction -- only the client-side folders are.

Which self-hosted cloud storage should I pick -- Cotton Cloud or the one I already use?

Different products. Most "personal cloud" platforms are kitchen-sink suites: calendar, contacts, chat, office, federation, 200+ apps. Cotton Cloud is a file cloud -- focused on storing, previewing, sharing, and recovering files at scale. If you live inside a suite, stay there. If files are the main job, switch.

Can I try it without creating an account?

Yes. Open the live demo -- it generates per-browser credentials and seeds a fresh account with default content. It's the real Cotton. Every click hits a real instance.

What are Cotton's current limits?

Named up front: client-side E2E is capped at 512 MB per file today (browser Blob pipeline), and the benchmarks are machine-mode baselines rather than live upload math. The storage crypto is by-the-book AES-GCM with no third-party audit yet.

Spin up the demo. Click anywhere. It's real.

Or run it yourself: docker compose up -d. Full source on GitHub, MIT-licensed. No signup, no upsell.