BiologyDropOut

How to set up a private cloud


This tutorial has been created with the assumption you will run both machines on linux, and use them in command lines. However in the part where you synchronize the machines you can use on the client end the web interface of syncthing. Cryptomator is used with a graphical interface of your linux distro. Of course your systems needs to be updated.

Why Create Your Own Cloud?

The advantages are numerous:

  • Full control over your data
  • Privacy guaranteed by encryption
  • No storage limits (except your disk space)
  • Free and open source
  • Peer-to-peer synchronization without a central server

Tools Used

Syncthing

Syncthing is a decentralized file synchronization tool. Unlike traditional cloud solutions, your data moves directly between your devices without going through a third-party server. It’s fast, secure, and very easy to configure via command line.

Cryptomator

Cryptomator adds an encryption layer to your files. It creates a virtual « vault » where all your data is automatically encrypted. Even if someone accesses your synchronized folder, they’ll only see unintelligible files.

Installation and Configuration

Step 1: Install Syncthing

On Debian/Ubuntu:

sudo apt install syncthing

On Fedora:

sudo dnf install syncthing

Step 2: Generate Initial Configuration

On each machine, run this command to create the configuration files:

syncthing generate

This command automatically creates a default folder and generates a unique identifier for your device.

Step 3: Start Syncthing

Launch Syncthing in command-line mode (without web interface):

syncthing --no-browser

To start Syncthing automatically at system boot, you can use systemd:

systemctl enable syncthing@YOURUSER
systemctl start syncthing@YOURUSER

Step 4: Retrieve Device IDs

On each machine, retrieve the unique identifier:

syncthing --device-id

Note these identifiers, you’ll need them to connect your machines together.

Step 5: Connect the Machines

Let’s say you have two machines: Machine A (your main PC) and Machine B (a server or another computer).

On Machine A, add Machine B:

syncthing cli config devices add --device-id DEVICE_ID_B

On Machine B, add Machine A:

syncthing cli config devices add --device-id DEVICE_ID_A

Replace DEVICE_ID_A and DEVICE_ID_B with the actual identifiers you noted.

Step 6: Share a Folder

On Machine A, share the default folder with Machine B:

syncthing cli config folders FOLDER_ID devices add --device-id DEVICE_ID_B

The FOLDER_ID is the identifier of the folder you want to synchronize. To find the ID of your default folder, you can use:

syncthing cli config folders list

Step 7: Accept the Share

On Machine B, you can configure automatic folder acceptance:

syncthing cli config devices DEVICE_ID_A auto-accept-folders set true

If you prefer to keep control, you can also manually create the same folder with the same FOLDER_ID on Machine B, then add Machine A as an authorized device for that folder. Both requests will automatically synchronize.

To disable automatic acceptance later:

syncthing cli config devices DEVICE_ID_A auto-accept-folders set false

Cryptomator Configuration

Now that your files are synchronized between your machines, let’s add a security layer with Cryptomator.

Installation

Download and install Cryptomator from the official website: cryptomator.org

Create an Encrypted Vault

  1. Open Cryptomator
  2. Click the « + » button at the bottom left
  3. Choose « Create new vault »
  4. Select the folder synchronized by Syncthing as the location
  5. Give your vault a name
  6. Create a strong password (keep it safe!)

Daily Usage

Once the vault is created:

  1. In Cryptomator, click on your vault and « Unlock »
  2. A virtual drive opens (like a USB stick)
  3. Place your files in this virtual drive
  4. All files are automatically encrypted in the Syncthing folder
  5. Syncthing synchronizes the encrypted files between your machines

Important Points to Remember

⚠️ Never directly modify files in the Syncthing folder where the Cryptomator vault is located. Always work through the unlocked virtual drive.

💡 Tip: If you check the contents of the Syncthing folder, you’ll see that the filenames and their content are completely unreadable. This is normal, it’s proof that everything is properly encrypted!

Final Architecture

Here’s how your personal cloud works:

  1. You → Work in the Cryptomator virtual drive
  2. Cryptomator → Automatically encrypts your files
  3. Syncthing → Synchronizes encrypted files between machines
  4. Remote machine → Receives encrypted files
  5. Cryptomator (remote machine) → Decrypts with the same password

Advantages of This Solution

  • Maximum security: end-to-end encryption
  • No dependency on cloud providers
  • Automatic synchronization in real-time
  • Works even without internet (if machines are on the same local network)
  • Command-line configuration ideal for headless servers

Practical Use Cases

This solution is perfect for:

  • Synchronizing your documents between your PC and Raspberry Pi
  • Creating automatic backups on a personal server
  • Sharing files with trusted collaborators
  • Keeping your development projects synchronized across machines

Conclusion

By combining Syncthing and Cryptomator, I created my own secure cloud infrastructure entirely under my control. This solution is particularly suitable for a Linux environment and can run entirely via command line, which is ideal for headless machines like a Raspberry Pi.

Everything is free, open source, and completely respects my privacy.

sources:

to set up syncthing
https://gist.github.com/Jonny-exe/9bad76c3adc6e916434005755ea70389

to set up cryptomator
https://community.cryptomator.org/t/how-do-i-set-up-cryptomator/26

In