FileDrop: A Self-Hosted File Transfer Tool on Cloudflare

If you’ve ever needed to send someone a large file, or get one from them, and didn’t want to rely on a commercial file-sharing service (with its account limits, file size caps, or “sign up to download” prompts), FileDrop is a small project I built to solve exactly that.

FileDrop is a self-hosted, serverless file-transfer application that runs entirely on Cloudflare’s free tier, so there are no servers to patch, no monthly hosting bill, and your files never touch a third party’s storage.

The code is open source: github.com/nathanoldfield/FileDrop

What it does

• Email one-time-passcode login for you, gated by Cloudflare Access, so there are no passwords to manage
• Time-limited share links (4 hours by default, configurable) that work for sending or receiving
• No login required for the other person. They just open the link to upload or download
• Streaming uploads straight into Cloudflare R2, so the Worker never buffers the whole file in memory
• Automatic cleanup via an hourly cron job that removes expired links and their files
• Runs entirely on Cloudflare’s free tier (Workers, R2, KV, Access)

Send or receive: the same link works both ways

The key thing to understand is that you’re always the one in control. You log in, generate a link, and send that link to the other person. Because the link allows both uploads and downloads, it works in either direction:

• Sending files out. You upload your file(s) first, then send the link to whoever needs them. They open it and download, no account required.
• Receiving files in. You generate an empty link and send it to the person you need the file(s) from. They open it, upload straight to your storage, and you grab the files from your dashboard. Perfect for collecting documents, photos or logs from a client who shouldn’t have to sign up for anything.

Either way, only you ever log in. The other party just clicks a time-limited link, and once it expires (4 hours by default), the link and any files behind it are cleaned up automatically.

How the data flows

The diagram below shows the moving parts. There are really only two “actors”, the sender (you) and the recipient, plus four Cloudflare building blocks doing the work in between.

1. Sender logs in via Cloudflare Access using an email OTP, so no passwords are stored anywhere.
2. The Worker generates a transfer link and writes its metadata (expiry time, allowed file count, etc.) into KV.
3. Files are streamed directly into R2 as they’re uploaded, so they never sit in the Worker’s memory.
4. The recipient opens the link with no login required. The Worker checks the link is still valid against KV, then lets them upload or download from R2 directly.
5. An hourly cron trigger sweeps KV for expired links and deletes the associated files from R2, keeping storage tidy and links genuinely time-limited.

Why build this instead of using an existing service

Most “send a big file” services either cap file sizes on the free tier, require the recipient to sign up, or (worst case) keep your files on someone else’s storage indefinitely. Since I already run everything else on Cloudflare, wiring up Workers + R2 + KV + Access gave me a private, zero-cost alternative that I fully control, with sensible defaults (4-hour link expiry, automatic cleanup, 500MB file size limit, max 20 files per link).

If you’re comfortable deploying a Cloudflare Worker, the README has everything you need to get your own instance running.