File Synchronization with rclone: Cloud Backup and Sync Complete Guide
Introduction
Rclone is a powerful command-line program for managing files on cloud storage, often described as "rsync for cloud storage." With support for over 40 cloud storage providers including Amazon S3, Google Drive, Dropbox, Microsoft OneDrive, Backblaze B2, and many others, rclone has become the de facto standard tool for cloud backup and synchronization in Linux environments. Its versatility, performance, and extensive feature set make it ideal for implementing the offsite component of the 3-2-1 backup rule.
Unlike traditional backup tools limited to local or SSH-based storage, rclone provides a unified interface for interacting with diverse cloud storage backends. Whether you're synchronizing files to S3-compatible object storage, backing up to Google Drive, or implementing multi-cloud disaster recovery strategies, rclone handles the complexity of different APIs, authentication methods, and storage peculiarities behind a consistent command-line interface.
This comprehensive guide explores rclone from installation through production implementations, covering configuration, synchronization strategies, cloud provider integration, automation, encryption, bandwidth management, and real-world scenarios for cloud-based backup and disaster recovery.
Understanding rclone
What is rclone?
Rclone is an open-source command-line program for managing files on cloud storage. It provides commands similar to rsync (sync, copy, move) but works seamlessly with cloud storage providers.
Key capabilities:
- Sync files bidirectionally or one-way
- Copy, move, check, and manage cloud files
- Mount cloud storage as local filesystem
- Encrypt/decrypt files client-side
- Bandwidth limiting and transfer optimization
- Resume interrupted transfers
- Check file integrity with checksums
Supported Cloud Providers
Rclone supports 40+ backends including:
Object Storage:
- Amazon S3
- Google Cloud Storage
- Microsoft Azure Blob Storage
- Backblaze B2
- Wasabi
- MinIO
- DigitalOcean Spaces
Consumer Cloud Storage:
- Google Drive
- Microsoft OneDrive
- Dropbox
- Box
- pCloud
File Protocols:
- SFTP
- FTP
- WebDAV
- HTTP
And many more: check rclone config for full list
rclone vs Alternative Tools
rclone vs rsync:
- Rsync: Local and SSH sync only
- Rclone: 40+ cloud providers
- Rsync: No cloud-native features
- Rclone: Cloud-optimized (multipart uploads, API-aware)
rclone vs cloud provider CLIs (aws-cli, gsutil):
- Provider CLIs: Specific to one provider
- Rclone: Unified interface across all providers
- Provider CLIs: Different syntax per provider
- Rclone: Consistent commands everywhere
rclone vs GUI sync tools:
- GUI tools: Limited automation
- Rclone: Full scriptability and automation
- GUI tools: Consumer-focused
- Rclone: Enterprise-capable with advanced features
Installation
Installing rclone
Official script (recommended):
# Download and install latest version
curl https://rclone.org/install.sh | sudo bash
# Verify installation
rclone version
Package managers:
Ubuntu/Debian:
sudo apt update
sudo apt install rclone
CentOS/RHEL:
sudo yum install rclone
# or
sudo dnf install rclone
Manual installation:
# Download binary
cd /tmp
wget https://downloads.rclone.org/rclone-current-linux-amd64.zip
unzip rclone-current-linux-amd64.zip
cd rclone-*-linux-amd64
# Install
sudo cp rclone /usr/local/bin/
sudo chown root:root /usr/local/bin/rclone
sudo chmod 755 /usr/local/bin/rclone
# Verify
rclone version
Expected output:
rclone v1.65.0
- os/version: ubuntu 22.04 (64 bit)
- os/kernel: 5.15.0-91-generic (x86_64)
- os/type: linux
- go/version: go1.21.5
Configuration
Interactive Configuration
Start interactive configuration wizard:
rclone config
This launches an interactive wizard for configuring cloud providers.
Example: Amazon S3 Configuration
rclone config
# Select: n) New remote
# Name: s3-backup
# Storage: 4 (Amazon S3)
# Provider: 1 (AWS)
# Access Key ID: your-access-key
# Secret Access Key: your-secret-key
# Region: us-east-1
# Endpoint: (leave blank for AWS)
# Location constraint: (leave blank)
# ACL: private
# Storage class: STANDARD_IA
# Confirm: Yes
# Quit: q
Example: Google Drive Configuration
rclone config
# Select: n) New remote
# Name: gdrive-backup
# Storage: 13 (Google Drive)
# Client ID: (optional, leave blank)
# Client Secret: (optional, leave blank)
# Scope: 1 (Full access)
# Root folder ID: (leave blank)
# Service account file: (leave blank)
# Edit advanced config: n
# Use auto config: y
# Opens browser for Google authentication
# Confirm: Yes
Example: Backblaze B2 Configuration
rclone config
# Select: n) New remote
# Name: b2-backup
# Storage: 3 (Backblaze B2)
# Account ID: your-account-id
# Application Key: your-application-key
# Endpoint: (leave blank)
# Confirm: Yes
Example: SFTP Configuration
rclone config
# Select: n) New remote
# Name: sftp-backup
# Storage: 29 (SFTP)
# Host: backup-server.example.com
# User: backup-user
# Port: 22
# Password: (optional, use key instead)
# Key file: /root/.ssh/id_rsa
# Use sudo: n
# Path: /backups/
# Confirm: Yes
Non-Interactive Configuration
For automation, configure via environment variables or config file:
Environment variables:
# S3 example
export RCLONE_CONFIG_S3_TYPE=s3
export RCLONE_CONFIG_S3_PROVIDER=AWS
export RCLONE_CONFIG_S3_ACCESS_KEY_ID=your-key
export RCLONE_CONFIG_S3_SECRET_ACCESS_KEY=your-secret
export RCLONE_CONFIG_S3_REGION=us-east-1
# Use in commands
rclone ls s3-backup:bucket-name
Config file (~/.config/rclone/rclone.conf):
[s3-backup]
type = s3
provider = AWS
access_key_id = your-access-key
secret_access_key = your-secret-key
region = us-east-1
storage_class = STANDARD_IA
[b2-backup]
type = b2
account = your-account-id
key = your-application-key
[gdrive-backup]
type = drive
scope = drive
token = {"access_token":"...","token_type":"Bearer",...}
List Configured Remotes
# List all remotes
rclone listremotes
# Show configuration
rclone config show
# Show specific remote
rclone config show s3-backup
Basic rclone Operations
Listing Files
# List directories in remote
rclone lsd remote:bucket-name
# List all files
rclone ls remote:bucket-name
# List with sizes and modification times
rclone lsl remote:bucket-name
# List directory tree
rclone tree remote:bucket-name
# Count files and calculate total size
rclone size remote:bucket-name
Copying Files
# Copy file to remote
rclone copy /local/file.txt remote:bucket-name/
# Copy directory to remote
rclone copy /local/dir/ remote:bucket-name/backup/
# Copy from remote to local
rclone copy remote:bucket-name/backup/ /local/restore/
# Copy with progress
rclone copy -P /local/dir/ remote:bucket-name/backup/
# Copy only new/changed files
rclone copy --update /local/dir/ remote:bucket-name/backup/
Synchronizing Directories
# Sync local to remote (make remote match local)
rclone sync /local/dir/ remote:bucket-name/backup/
# Sync remote to local
rclone sync remote:bucket-name/backup/ /local/restore/
# Bidirectional sync (use bisync, experimental)
rclone bisync /local/dir/ remote:bucket-name/backup/
# Dry run (test without making changes)
rclone sync --dry-run /local/dir/ remote:bucket-name/backup/
Important: sync makes destination identical to source, deleting files that don't exist in source. Use with caution!
Moving Files
# Move files to remote (delete after copy)
rclone move /local/dir/ remote:bucket-name/archive/
# Move between remotes
rclone move remote1:bucket1/ remote2:bucket2/
Deleting Files
# Delete file
rclone delete remote:bucket-name/old-file.txt
# Delete empty directories
rclone rmdirs remote:bucket-name/old-dir/
# Delete directory and contents
rclone purge remote:bucket-name/old-dir/
# Delete files older than 30 days
rclone delete --min-age 30d remote:bucket-name/logs/
Advanced Features
Filtering
Include/exclude patterns:
# Exclude files
rclone sync /local/ remote:backup/ \
--exclude='*.tmp' \
--exclude='*.log' \
--exclude='cache/**'
# Include only specific files
rclone sync /local/ remote:backup/ \
--include='*.conf' \
--include='*.{jpg,png,gif}'
# Exclude from file
echo "*.tmp" > /etc/rclone-exclude.txt
echo "*.log" >> /etc/rclone-exclude.txt
rclone sync /local/ remote:backup/ --exclude-from=/etc/rclone-exclude.txt
# Filter by size
rclone sync /local/ remote:backup/ \
--max-size 100M \
--min-size 1K
# Filter by age
rclone sync /local/ remote:backup/ \
--max-age 30d \
--min-age 1d
Bandwidth Limiting
# Limit bandwidth to 10 MB/s
rclone sync /local/ remote:backup/ --bwlimit 10M
# Different limits for upload/download
rclone sync /local/ remote:backup/ --bwlimit 10M:5M
# Scheduled bandwidth limits
rclone sync /local/ remote:backup/ --bwlimit "08:00,512k 12:00,10M 13:00,512k 18:00,30M 23:00,off"
Encryption
Encrypt files before uploading to cloud:
Configure crypt remote:
rclone config
# New remote
# Name: encrypted-backup
# Storage: crypt
# Remote: s3-backup:bucket-name/encrypted/
# Filename encryption: standard
# Directory encryption: true
# Password: enter-strong-password
# Salt password: enter-second-password
Use encrypted remote:
# Copy to encrypted remote
rclone copy /local/sensitive/ encrypted-backup:
# Files are encrypted before upload
# Filenames are also obscured
Transfer Optimization
# Parallel transfers (4 concurrent)
rclone sync /local/ remote:backup/ --transfers 4
# Checkers for faster listing (8 parallel)
rclone sync /local/ remote:backup/ --checkers 8
# Large file optimization
rclone sync /local/ remote:backup/ \
--transfers 4 \
--checkers 8 \
--buffer-size 16M
# Use server-side copy when possible
rclone copy remote1:bucket1/ remote2:bucket2/ --s3-upload-cutoff 200M
Mounting Cloud Storage
Mount remote storage as local filesystem:
# Create mount point
mkdir -p /mnt/cloud-backup
# Mount remote
rclone mount remote:bucket-name /mnt/cloud-backup --daemon
# Mount with options
rclone mount remote:bucket-name /mnt/cloud-backup \
--daemon \
--allow-other \
--vfs-cache-mode writes \
--vfs-cache-max-size 10G
# Unmount
fusermount -u /mnt/cloud-backup
# or
umount /mnt/cloud-backup
Mount on boot (systemd):
/etc/systemd/system/rclone-mount.service:
[Unit]
Description=Rclone Mount
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/rclone mount remote:bucket-name /mnt/cloud-backup \
--config=/root/.config/rclone/rclone.conf \
--allow-other \
--vfs-cache-mode writes \
--vfs-cache-max-size 10G
ExecStop=/bin/fusermount -u /mnt/cloud-backup
Restart=on-failure
[Install]
WantedBy=multi-user.target
Enable:
sudo systemctl enable --now rclone-mount.service
Production Backup Scripts
Comprehensive Backup Script
#!/bin/bash
# /usr/local/bin/rclone-backup.sh
# Production backup to cloud with rclone
set -euo pipefail
# Configuration
BACKUP_SOURCE="/var/www /etc /home"
RCLONE_REMOTE="s3-backup:company-backups"
RCLONE_PATH="$(hostname)/backup-$(date +%Y%m%d-%H%M%S)"
LOG_FILE="/var/log/rclone-backup.log"
ADMIN_EMAIL="[email protected]"
EXCLUDE_FILE="/etc/rclone-exclude.txt"
RETENTION_DAYS=90
# Logging
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOG_FILE"
}
error_exit() {
log "ERROR: $1"
echo "Rclone backup failed: $1" | mail -s "Backup FAILED - $(hostname)" "$ADMIN_EMAIL"
exit 1
}
log "Starting rclone backup to $RCLONE_REMOTE/$RCLONE_PATH"
# Create exclude file if doesn't exist
if [ ! -f "$EXCLUDE_FILE" ]; then
cat > "$EXCLUDE_FILE" << 'EOF'
*.log
*.tmp
.cache/
cache/
tmp/
node_modules/
vendor/
__pycache__/
*.swp
lost+found/
EOF
fi
# Pre-backup: Database dumps
log "Creating database dumps"
DB_DUMP_DIR="/var/backups/db-dumps"
mkdir -p "$DB_DUMP_DIR"
if command -v mysqldump &> /dev/null; then
mysqldump --all-databases --single-transaction | \
gzip > "$DB_DUMP_DIR/mysql-all.sql.gz"
fi
if command -v pg_dumpall &> /dev/null; then
sudo -u postgres pg_dumpall | \
gzip > "$DB_DUMP_DIR/postgresql-all.sql.gz"
fi
# Sync to cloud
log "Syncing to cloud storage"
rclone sync \
$BACKUP_SOURCE \
"$DB_DUMP_DIR" \
"$RCLONE_REMOTE/$RCLONE_PATH/" \
--exclude-from="$EXCLUDE_FILE" \
--transfers 4 \
--checkers 8 \
--stats 1m \
--stats-log-level INFO \
--log-file="$LOG_FILE" \
--log-level INFO
if [ $? -ne 0 ]; then
error_exit "Rclone sync failed"
fi
# Verify upload
log "Verifying uploaded files"
UPLOADED_COUNT=$(rclone ls "$RCLONE_REMOTE/$RCLONE_PATH/" | wc -l)
if [ "$UPLOADED_COUNT" -lt 10 ]; then
log "WARNING: Uploaded file count seems low: $UPLOADED_COUNT"
fi
# Create manifest
log "Creating manifest"
rclone size "$RCLONE_REMOTE/$RCLONE_PATH/" > /tmp/backup-manifest.txt
echo "Backup completed: $(date)" >> /tmp/backup-manifest.txt
rclone copy /tmp/backup-manifest.txt "$RCLONE_REMOTE/$RCLONE_PATH/"
rm /tmp/backup-manifest.txt
# Cleanup old backups
log "Cleaning up old backups (>$RETENTION_DAYS days)"
rclone delete "$RCLONE_REMOTE/$(hostname)/" \
--min-age ${RETENTION_DAYS}d \
--rmdirs
# Cleanup local database dumps
find "$DB_DUMP_DIR" -name "*.sql.gz" -mtime +3 -delete
log "Backup completed successfully"
# Success notification
{
echo "Cloud backup completed successfully"
echo "Remote: $RCLONE_REMOTE/$RCLONE_PATH"
echo "Files uploaded: $UPLOADED_COUNT"
} | mail -s "Backup Success - $(hostname)" "$ADMIN_EMAIL"
exit 0
Make executable:
sudo chmod +x /usr/local/bin/rclone-backup.sh
Multi-Cloud Backup Script
Implement redundancy across multiple cloud providers:
#!/bin/bash
# /usr/local/bin/rclone-multi-cloud.sh
# Backup to multiple cloud providers for redundancy
set -euo pipefail
BACKUP_SOURCE="/var/www"
DATE=$(date +%Y%m%d)
# Cloud remotes
REMOTES=(
"s3-backup:primary-backups"
"b2-backup:secondary-backups"
"gdrive-backup:tertiary-backups"
)
LOG_FILE="/var/log/multi-cloud-backup.log"
log() {
echo "[$(date)] $*" | tee -a "$LOG_FILE"
}
# Backup to each remote
for remote in "${REMOTES[@]}"; do
log "Backing up to $remote"
rclone sync "$BACKUP_SOURCE" "$remote/$(hostname)/$DATE/" \
--exclude='*.log' \
--exclude='cache/**' \
--transfers 4 \
--log-file="$LOG_FILE" \
--log-level INFO
if [ $? -eq 0 ]; then
log "SUCCESS: $remote"
else
log "FAILED: $remote"
fi
done
log "Multi-cloud backup completed"
Automation and Scheduling
Systemd Timer
Service file (/etc/systemd/system/rclone-backup.service):
[Unit]
Description=Rclone Cloud Backup Service
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/rclone-backup.sh
User=root
Nice=19
IOSchedulingClass=2
IOSchedulingPriority=7
[Install]
WantedBy=multi-user.target
Timer file (/etc/systemd/system/rclone-backup.timer):
[Unit]
Description=Daily Rclone Backup
Requires=rclone-backup.service
[Timer]
OnCalendar=daily
OnCalendar=*-*-* 03:00:00
Persistent=true
[Install]
WantedBy=timers.target
Enable:
sudo systemctl daemon-reload
sudo systemctl enable --now rclone-backup.timer
Cron Scheduling
# /etc/cron.d/rclone-backup
# Daily backup at 3 AM
0 3 * * * root /usr/local/bin/rclone-backup.sh >> /var/log/rclone-cron.log 2>&1
# Hourly incremental sync
0 * * * * root rclone sync /var/www s3-backup:backups/www/ >> /var/log/rclone-hourly.log 2>&1
Monitoring and Verification
Backup Verification Script
#!/bin/bash
# /usr/local/bin/verify-rclone-backup.sh
REMOTE="s3-backup:company-backups/$(hostname)"
MAX_AGE_HOURS=26
ADMIN_EMAIL="[email protected]"
# Find latest backup
LATEST=$(rclone lsf "$REMOTE" | grep "backup-" | sort -r | head -1)
if [ -z "$LATEST" ]; then
echo "ERROR: No backups found" | \
mail -s "Backup Verification FAILED" "$ADMIN_EMAIL"
exit 1
fi
# Check backup age (using modification time isn't reliable for cloud)
# Instead, parse date from backup name
# backup-20260111-143000
BACKUP_DATE=$(echo "$LATEST" | grep -oP '\d{8}-\d{6}')
BACKUP_EPOCH=$(date -d "${BACKUP_DATE:0:8} ${BACKUP_DATE:9:2}:${BACKUP_DATE:11:2}:${BACKUP_DATE:13:2}" +%s)
CURRENT_EPOCH=$(date +%s)
AGE_HOURS=$(( (CURRENT_EPOCH - BACKUP_EPOCH) / 3600 ))
if [ $AGE_HOURS -gt $MAX_AGE_HOURS ]; then
echo "WARNING: Latest backup is $AGE_HOURS hours old" | \
mail -s "Backup Age Alert" "$ADMIN_EMAIL"
exit 1
else
echo "OK: Latest backup is $AGE_HOURS hours old"
exit 0
fi
Real-World Scenarios
Scenario 1: WordPress Site to S3
#!/bin/bash
# WordPress backup to S3
# Database dump
wp db export /tmp/wordpress-db.sql --path=/var/www/wordpress
# Sync to S3
rclone sync /var/www/wordpress s3-backup:wordpress-backups/$(date +%Y%m%d)/ \
--exclude='wp-content/cache/**' \
--exclude='*.log'
rclone copy /tmp/wordpress-db.sql s3-backup:wordpress-backups/$(date +%Y%m%d)/
# Cleanup
rm /tmp/wordpress-db.sql
# Keep 30 days
rclone delete s3-backup:wordpress-backups/ --min-age 30d --rmdirs
Scenario 2: Media Files to Multiple Clouds
#!/bin/bash
# Large media files to B2 and Google Drive
MEDIA_DIR="/var/media"
# Primary: Backblaze B2 (cost-effective)
rclone sync "$MEDIA_DIR" b2-backup:media-archive/ \
--transfers 8 \
--bwlimit 20M
# Secondary: Google Drive (redundancy)
rclone sync "$MEDIA_DIR" gdrive-backup:media-backup/ \
--transfers 4 \
--drive-chunk-size 64M
Conclusion
Rclone provides a powerful, flexible solution for cloud backup and synchronization, enabling organizations to implement robust offsite backup strategies as part of the 3-2-1 backup rule. Its support for 40+ cloud providers, encryption capabilities, and extensive feature set make it ideal for production environments.
Key takeaways:
- Configure securely: Protect credentials, use encryption for sensitive data
- Choose providers wisely: Balance cost, performance, and reliability
- Implement filtering: Exclude unnecessary files to reduce costs
- Optimize transfers: Use bandwidth limits and parallel transfers appropriately
- Automate consistently: Schedule regular cloud syncs
- Monitor actively: Verify backups complete successfully
- Test restoration: Practice cloud restoration procedures
- Consider multi-cloud: Redundancy across providers enhances disaster recovery
Combined with local and remote backups, rclone-based cloud backup strategies provide comprehensive data protection aligned with industry best practices.