Martynas

Building My Own Private Cloud with Nextcloud, Podman & Tailscale

Overview

I set up my own self-hosted cloud storage system using:

  • Nextcloud (file storage & collaboration)
  • Podman (container runtime)
  • PostgreSQL (database)
  • Tailscale (secure remote access)

The goal of this project:

The goal was to create a private alternative to Google Drive, accessible from anywhere without exposing it to the public internet.

Architecture

The system is built as a simple layered setup:

Device → Tailscale → Nextcloud → PostgreSQL → Storage
  • Tailscale provides secure private access
  • Nextcloud handles users, files, and permissions
  • PostgreSQL stores metadata
  • Volumes store actual files

Deployment

I ran Nextcloud and PostgreSQL as separate containers using Podman, connected via a private network and persistent volumes.

Nextcloud is exposed locally on:

http://localhost:8081

Remote Access (Without Port Forwarding)

Instead of exposing ports, I used Tailscale:

tailscale serve --bg http://localhost:8081

This allows secure access via:

https://<server-name>.ts.net

Only authenticated devices in my Tailscale network can access it.

Key Challenges

1. Different data on different devices

Accessing via IP and domain caused inconsistent behaviour.

Fix:
Set a canonical URL in Nextcloud:

'overwritehost' => '<server-name>.ts.net',
'overwriteprotocol' => 'https',

2. Trusted domain errors

Nextcloud blocked access via new URLs.

Fix:

'trusted_domains' => [
  '192.168.x.x:8081',
  '100.x.x.x',
  '<server-name>.ts.net',
],

3. Reverse proxy warnings

Using Tailscale as a proxy required explicit trust configuration.

Fix:

'trusted_proxies' => ['127.0.0.1'],
'forwarded_for_headers' => ['HTTP_X_FORWARDED_FOR'],

Multi-user Setup

Each user has isolated files but shares the same storage pool.

New users can be created via CLI:

podman exec -it nextcloud php occ user:add <username>

Security Approach

  • No public ports exposed
  • Access restricted to Tailscale network
  • HTTPS handled automatically by Tailscale

Key Takeaways

  • Containers separate concerns cleanly
  • Data must live in volumes, not containers
  • Consistent URLs are critical for web apps
  • Tailscale simplifies secure remote access

Result

A private, secure, and accessible cloud storage system running entirely on my own infrastructure.