What you are actually installing
Cotton is the application people open in the browser. PostgreSQL stores the file tree, accounts, shares, settings, and metadata. The real file bytes live in Cotton's chunk storage on a filesystem path or an S3-compatible backend.
- The application container serves the web UI and API.
- PostgreSQL keeps structured metadata and should be backed up.
- Chunk storage keeps the encrypted file content and needs persistent capacity.
The pieces you need before the first command
A clean install starts with choosing where Cotton will live and how people will reach it. The same idea works on a home server, mini PC, NAS-like box, or VPS, but public installs need more discipline around HTTPS and backups.
- A server that stays online and has enough disk for the files you expect.
- Docker and Docker Compose to run the Cotton and PostgreSQL containers.
- A persistent folder or S3-compatible bucket for Cotton file chunks.
- A domain name and HTTPS endpoint if the instance is reachable from the internet.
Docker in plain language
Docker is the packaging and launch format. Instead of installing runtime pieces by hand on the host, Docker starts Cotton from an image with the expected application environment. Compose is the recipe that says which containers run together and which folders survive restarts.
- You do not need to write application code to use Docker.
- You do need to understand which folders are persistent.
- Deleting the wrong database or storage volume is still data loss.
Choose where Cotton will live
For testing, a local machine is fine. For real use, pick a host that can stay online and be backed up. A laptop that sleeps is a bad server; a small home server or VPS is usually a better starting point.
- Home server: good for private LAN-first storage and full hardware control.
- VPS: easier public access, easier DNS and HTTPS, but less physical control.
- NAS-like host: good when storage capacity matters more than public reach.
Decide where file bytes will live
Cotton can store chunks on a filesystem path or use S3-compatible storage. Filesystem storage is the simplest path when the server owns the disk. S3-compatible storage is useful when capacity, durability, or separate storage operations matter more.
Domain and HTTPS
If Cotton is public, put it behind a reverse proxy and serve it over HTTPS. DNS points a name to the server, the reverse proxy receives web traffic, and TLS keeps browser traffic encrypted in transit.
- Local-only installs can start without a public domain.
- Public installs should use HTTPS from the beginning.
- The reverse proxy is also where you normally handle ports 80 and 443.
First run happens in the browser
After the containers are running, Cotton's setup wizard handles the product decisions: admin account, storage choice, email mode, timezone, telemetry preference, and key mode. That keeps the first install understandable instead of hiding everything in environment variables.
After installation
The install is not finished just because the login page loads. Enable strong admin authentication, check the admin security diagnostics, confirm backups, and make sure you know how to update the containers without losing the database or chunk storage.
- Enable passkeys or TOTP for the admin account.
- Verify database and chunk-storage backups outside the server.
- Run the admin security checkup before exposing the instance widely.
What a good install leaves behind
A good Cotton install leaves you with a reachable HTTPS site, a known PostgreSQL database, a known persistent chunk store, an admin account protected by stronger auth, a backup path, and a clear update routine.
Install the system, not just the container
The practical goal is not to make Docker print a success line. The goal is a file cloud you can reach, update, back up, secure, and explain later when something has to move or be restored.
What not to skip
Do not skip backups, key custody, HTTPS, or persistent storage just because the first container start worked. Those are not advanced extras; they are the line between a demo and a file cloud you can trust.