Decentralised open-source self-hosted encrypted cloud services
A number of years ago, after reflecting on how dependent I was on Google's cloud services, I began to migrate to open-source self-hosted solutions, primarily through ownCloud. After a recent server outage left me without service for a substantial period, however, I began the search for more robust decentralised services.
In terms of file storage, Pydio (which I find to be better than ownCloud) works, and offers a web interface, but its file versioning is simplistic, and it is not decentralised. Syncthing is an open-source decentralised file synchronisation tool with more advanced file versioning, but does not provide a web interface for uploading or downloading files: a bit of a bummer.
A combination of the two, however, works well. Use Syncthing to share a folder between several devices, utilising its file versioning, then on one server (or more), install Pydio and point it at the shared folder, using it only for uploading and downloading files through the web interface. When using SQLite, Syncthing can also manage the synchronisation of Pydio databases between the servers!
What about encryption, though? Pydio offers server-side encryption, but giving the server access to the encryption keys defeats the purpose of having encryption in the first place. The solution is again to combine tools. In order to preserve Pydio's web functionality, the encryption software used needs to be on a per-file basis, and have the option of preserving filenames and directory structures to easily locate the relevant files. I settled on encfs, which in advanced mode had an option to disable encryption of filenames (‘Null’ encryption mode). Synchronising the encfs-encrypted data using Syncthing accomplishes the goals.
What about decrypting files on-the-go, though? Encfs provides a tool called encfsctl
, which has a cat
option, capable of decrypting individual files. Encfs doesn't provide a portable version, but encfsctl
can be used portably on its own. For example, on Windows, extract the encfs and Dokan installers, and copy the encfsctl.exe binary, encfs libraries and Dokan library into a folder.
Tada! Decentralised open-source self-hosted encrypted cloud storage, accessible over any web browser!