CottonComparison
Comparison

Cotton vs Cloudreve: an owned storage engine versus a switchboard.

Cloudreve is a unified front-end over storage you bring - local disk, S3, OneDrive, OSS and more. Cotton owns its bytes end to end: chunking, dedup, encryption, and previews in one engine. This is not a scoreboard with fake certainty; it is a product-fit comparison for self-hosted file cloud decisions.

Cloudreve alternativeSelf-hosted file cloudStorage engineDocker deployment

Encryption you have to remember to switch on

Cloudreve's at-rest encryption is opt-in per storage policy, uses AES-256-CTR, and is never end-to-end - its own docs say every download is relayed and decrypted by the server, and that the master key and per-blob keys sit in the same database by default - its own docs warn they could be leaked together in a security incident. Cotton encrypts every chunk with streaming AES-GCM by default, plus optional client-side E2E folders the server cannot read.

A switchboard, not an engine

Cloudreve's job is to front-end backends you already have, so there is no documented content-addressed or deduplicated storage model of its own. If you already pay for OneDrive or S3, you are wrapping storage you already rent. That is the opposite philosophy from Cotton, which owns a chunked, content-addressed engine and treats dedup, versions, and snapshots as in-engine behavior.

Cross-platform sync and SSO are paywalled

Cloudreve's official desktop sync client is Windows-only and requires the paid Pro server; everyone else falls back to WebDAV, and OIDC SSO is also Pro-gated. Cotton's WebDAV rides the same chunk pipeline and accounts ship with passkeys and TOTP in the box.

Pro, or read-only

Cloudreve v4 added a paid Pro edition; per its docs a Pro instance with an expired license becomes read-only and blocks file modifications (the open-source Community edition is unaffected). Cotton is MIT-licensed with no paywalled core.

Pick the engine, or pick the aggregator

Pick Cloudreve to put one interface over storage you already own across many providers. Pick Cotton when you want a single engine that owns the bytes, encrypts them by default, deduplicates them, and previews them properly.

Decision matrix

Where the tradeoff actually sits.

Cotton does not need to beat every long-established ecosystem on every surface. The useful comparison is narrower: storage behavior, privacy posture, recovery model, deployment shape, and product focus.

Area
Cotton
Cloudreve
Storage model
Owned content-addressed chunked engine with dedup.
A front-end over storage you bring (local, S3, OneDrive, OSS).
Encryption
On by default, AES-GCM, plus client-side E2E folders.
Opt-in AES-256-CTR, server-relayed, keys in the same database.
Sync and SSO
WebDAV on the same pipeline; passkeys and TOTP included.
Desktop sync is Windows-only and Pro; OIDC SSO is Pro-gated.
Best at
Owning and previewing your bytes end to end.
Aggregating multiple storage providers behind one UI.

Content addressing

Cotton stores file content as chunks and manifests, so deduplication, verification, versions, snapshots, and cleanup share one mental model.

Streaming safety path

Compression and AES-GCM encryption sit in the normal storage path; the site does not sell isolated crypto speed as user-visible ingest speed.

Recovery by references

Snapshots, versions, trash, and reclaim are positioned as ordinary file-cloud workflows, not emergency-only backend chores.

Focused runtime

Cotton deliberately stays narrower than broad collaboration suites: files, previews, sharing, WebDAV, recovery, and operator visibility.

Cotton lane

Pick Cotton for a storage-first file cloud.

Cotton is the cleaner story when files, previews, shares, snapshots, versions, WebDAV, passkeys, admin diagnostics, and a compact Docker/Postgres deployment are the main problem.

Cloudreve lane

Pick Cloudreve when its broader lane is the point.

Operators who want one UI over existing S3/OneDrive/OSS storage rather than an owned engine.

Choose Cotton when

You want a focused self-hosted file cloud with content-addressed storage, streaming crypto, snapshots, previews, WebDAV, sharing, passkeys, and a compact Docker deployment.

Choose Cloudreve when

You need a unified front-end over many storage providers you already pay for, plus OnlyOffice editing more than the Cotton storage-engine and recovery-model strengths.

Positioning

Cotton is not trying to be a bigger suite than Cloudreve. It is trying to be the sharper file cloud when the file engine itself is the product decision.

Still choose carefully

If you want one engine that owns the bytes, encrypts by default, and deduplicates, Cotton is the cleaner lane.

Last reviewed June 2026. Every line below links to its receipt - the actual issue, doc, or commit it came from. Competitors move fast; if a link goes stale, open an issue and we fix it.

Receipts

FAQ

Direct answers

Is Cotton a drop-in replacement for Cloudreve?

Not always. Cotton is a focused file cloud, not a clone of every app and integration in the older ecosystems. It fits best when file storage, previews, sharing, snapshots, WebDAV, security, and deployment simplicity are the main problem.

Why compare Cotton to established products?

Because people searching for a self-hosted file cloud often start with the familiar names. The comparison makes the tradeoff explicit instead of pretending every product has the same goal.

When should I still choose Cloudreve?

If you want a single front-end over multiple storage providers you already pay for - local, S3, OneDrive, OSS - Cloudreve is built for that, and it adds collaborative Office editing through OnlyOffice. Cotton owns its storage instead of aggregating yours.