All posts

Self-Hosting Nextcloud vs a Managed Zero-Knowledge Provider: The Honest Cost-and-Effort Breakdown

A small VPS costs a few euros a month. The real Nextcloud bill is your time, your backups, and your 2 a.m. on-call. A fair look at DIY sovereignty versus letting someone run the server while you keep the keys.

The real question isn't "which is cheaper"

Self-hosting Nextcloud puts the keys, the data, and the server in your hands. A managed zero-knowledge provider puts the keys in your hands and the server in someone else's. Both can give you privacy the host genuinely cannot break. What differs is who carries the operational weight — patching, backups, uptime, your own threat model — and whether you actually want that job. This is a comparison, not a takedown. Self-hosting is a legitimate, respectable choice. So is paying someone to run the boring parts. The mistake is picking one without counting what it really costs.

What you're actually running when you self-host Nextcloud

A Nextcloud instance is not one program. It's a PHP application sitting on a web server, a PHP runtime, a database (usually PostgreSQL or MariaDB), often a Redis cache, and an operating system underneath all of it. Every layer gets installed, configured, and kept current — by you.

Nextcloud ships a major release every four months, supported for a year by monthly maintenance updates. Those updates land on the app. The OS packages, the PHP version, the database, and the TLS certificates underneath are still yours to track. Miss a security patch on any one of them and the exposure is yours alone. There's no provider on the hook.

The hardware is genuinely cheap. A small VPS with 2 vCPU and 4 GB of RAM costs a few euros a month and comfortably serves one to five users. Bolt on bulk storage at roughly €3–4 per TB per month and the headline number looks unbeatable. But the headline number is precisely the part that doesn't bill you in money.

The costs the per-month VPS price hides

Three line items never show up on the invoice:

  • Your time. Initial setup is an evening if it goes well, a weekend if it doesn't. Then comes the steady drip: an update that breaks a config, a PHP bump that needs a code change, a disk filling up at 2 a.m. For a hobbyist, that drip is the fun part. For a business with no sysadmin, it's productive hours bleeding out of something else.
  • Backups, done properly. One server is one point of failure. A serious setup means automated, tested, off-site backups — database dump plus file tree — to a second location. Off-site object storage runs around €5–6 per TB per month, and a backup you've never restored is a backup you don't have. Restore drills are part of the job, not an optional extra.
  • Uptime and recovery. When the box dies, and a single box eventually does, you are the on-call engineer. No failover, no second node, no support line. You rebuild from your backups, on your weekend.

None of this argues against self-hosting. It's the honest spec sheet. If you'd enjoy owning all of it, the math works out beautifully. If you'd resent it, one of two things happens: you skip the hard parts — no off-site backups, no patching cadence — and quietly degrade your own security, or you burn time you valued more than the money you saved.

The encryption nuance most "self-host for privacy" guides skip

If your reason for self-hosting is privacy and not just control, this is the part that matters. Nextcloud has two different things both called "encryption," and they defend against very different threats.

Server-side encryption — the one most people enable — encrypts files after they reach the server, with keys the server manages. It protects the storage backend if a disk walks out the door. It does not protect you from a compromised server or a malicious admin, because the server can decrypt anything it holds. If you're the admin and the box is in your own closet, that may be exactly the model you want. If it's a rented VPS, "the server can decrypt your files" is a live entry on your threat model.

End-to-end encryption is the genuinely zero-knowledge option. Files are encrypted on your device before upload; the server only ever holds ciphertext and brokers key exchange without seeing the keys. It's real, and it's a strong design. It also comes with hard limits worth knowing before you commit:

  • It's folder-level — applied to specific folders you mark, not your whole instance.
  • There's no web access to E2EE folders. A browser would have to receive decryption code from the server, which breaks the trust model, so the desktop or mobile sync client becomes mandatory.
  • Server-side search, previews, and Online Office collaboration stop working on encrypted content, because the server can't read it.
  • There is no server-side recovery. Lose your mnemonic recovery phrase and the data is gone, by design.

That last point is the honest tradeoff of any true zero-knowledge system, and it's worth sitting with: real privacy means real responsibility for your own keys. A managed zero-knowledge provider runs into the exact same physics. What differs is who maintains the machinery around it.

What you hand off to a managed zero-knowledge provider

A managed provider built on client-side encryption gives you the same "the host can't read my files" guarantee without the server being your problem. In how Beebeeb derives and protects your keys, your passphrase never leaves your device, files are encrypted with AES-256-GCM before they reach us, keys are wrapped with X25519 and zeroized from memory after use, and login runs over OPAQUE so your password is never transmitted. The server in Falkenstein, Germany holds ciphertext and nothing else.

What you stop doing: patching the OS, bumping PHP, rotating certificates, configuring Redis, running and testing off-site backups, being the 2 a.m. on-call engineer. What you give up: root on the box, and the specific satisfaction of having built it yourself. For some people that satisfaction is the entire point, and for them self-hosting is the right answer.

Unlike folder-level E2EE bolted onto a sync-only client, zero-knowledge here isn't an opt-in mode riddled with feature holes. It's the default on every plan, no exceptions. Encrypted sharing with expiring, revocable links, file versioning with configurable retention, file requests, 2FA, and passkeys work as standard product features rather than things that break the moment encryption is on. Native mobile and desktop apps, plus Google Drive and Dropbox import, are coming.

How to actually choose

Lean toward self-hosting Nextcloud if you genuinely enjoy server administration, want root and total control, run it for yourself or a small trusted group, and will commit to the patching and backup discipline that privacy actually demands. Done well, it's cheap, and it's yours.

Lean toward a managed zero-knowledge provider if you want the host-can't-read-it guarantee without operating the host: when your time is worth more than the VPS savings, when you need reliable web access and sharing alongside encryption, or when you're a business that can't afford to be its own on-call SRE. Beebeeb runs a 14-day free trial into Starter at €1.99/mo for 100 GB, Basic at €3.99/mo for 200 GB, and Pro at €10.99/mo for 1 TB, scaling to 99 TB self-serve at +€10.99 per extra TB and a custom quote beyond that. Flat per-TB, no egress or API surprises.

One thing both options share: an independent security audit is planned, and the findings will be published, because with zero-knowledge the only proof that holds up is checkable. The product clients — web app, CLI, mobile, desktop, and the core crypto library — are open source for the same reason. You can read exactly what touches your keys, whether you run the server or we do.

Files only you can read

Beebeeb is end-to-end encrypted, zero-knowledge cloud storage — stored in Falkenstein, Germany, open source, with a 14-day free trial on every plan. Encryption happens on your device; we only ever hold ciphertext we can’t read.

Join the waitlist See pricing How the encryption works