For a long time I had been using Google Drive to store all my important documents. It worked extremely well - always accessible no matter where I was, synced across all my devices, and never had to worry about my files being unavailable or deleted. Ultimately though, it didn’t feel like it was mine, and I didn’t like the idea of depending on Google.

When searching for an alternative, I considered full-blown cloud solutions like Nextcloud/ownCloud, but they seemed overly complex to me. Also, I didn’t like the idea of being locked to their product, despite it being open-source. I wanted something simpler. So I thought: how about plain old S3? It’s simple, easy to integrate, works everywhere, and I don’t even need to host anything - so it won’t consume any resources. My main concern about this plan was that the files wouldn’t be encrypted - if someone gained access to my S3 drive they’d get access to my files, and that would be bad.

So that’s when I came across Rclone. Rclone is a command-line interface to cloud storage, and it supports not just S3-compatible services but pretty much every host you can think of! And the key feature for me is built-in support for encryption, meaning even the cloud provider can’t read the original files. I decided to set it up on my DigitalOcean Spaces account, and I’ve been using it happily for about a year so far.

Setup

The first step was to create a Space on DigitalOcean, setting the permissions to private. There are many S3-compatible hosts out there so you can use whatever and it should work the same.

Once that’s done, follow the instructions to install Rclone. It doesn’t matter what platform you use for the initial setup, as you can copy the config to your other devices later. I used Windows.

With Rclone installed, simply run rclone config. This is an interactive wizard that prompts you for your configuration. In my case, it was like this:

1
2
3
4
5
6
7
8
9

Storage> s3
env_auth> 1
access_key_id> YOUR_ACCESS_KEY
secret_access_key> YOUR_SECRET_KEY
region>
endpoint> sgp1.digitaloceanspaces.com
location_constraint>
acl>
storage_class>

Note that it’s not encrypted at this point, but that’s OK - just don’t upload any files to it yet.

Next, run rclone config again, but this time choose the crypt option and follow the instructions. The remote should be the one from the previous set up. Once this is done, the crypt remote should be used instead, and any files will automatically be encrypted/decrypted seamlessly.

Using the drive

The drive can be easily mounted on various platforms using the rclone mount command. On Windows, the main difficulty was getting the drive to mount automatically.

I ended up creating a Windows service using NSSM (the Non-Sucking Service Manager, great name!), with the following arguments:

1

rclone mount secret:bucket/ S: --vfs-cache-mode full --config  "C:\Path\to\rclone.conf" --volname "Cloud"

On Linux it can be mounted via /etc/fstab, but be sure to specify the allow_other option so that file permissions work properly.

Mobile Apps

While the above steps work great for desktop, mobile is where it starts to show some slight flaws. On Android, there’s only an unofficial app for rclone called rcx. This works, and it’s what I used, but I was slightly uncomfortable having the config to my drive on my mobile. Also, it had some compatibility issues - most apps wouldn’t allow editing the files directly, and even opening files on rcx from other apps didn’t always work.

On iOS, there isn’t an rclone app that I could find. However, that forced me to take a step back and find an alternative which I think is actually better: rather than mount the drive directly from mobile, mount it on a cloud server and use a generic SFTP-compatible app to access it (such as FE File Explorer Pro). This solves most of the compatibility issues while also being more secure, so I think it’s a preferable option overall.

Other Uses

Backing up to a second drive

Besides the above, I’ve also setup another drive (on Amazon S3) in the same way, and I use it as a weekly backup of my main drive. That way, if something bad happens to my main drive, then I have another copy I can revert to even if I don’t notice it immediately.

The Amazon S3 drive in encrypted in exactly the same way as mentioned above, and I sync the two using a cron entry with the rclone sync command.

Syncing with iCloud

Although rclone doesn’t seem to support iCloud natively, a workaround is to use a device where your iCloud drive is synced and set up a cron to keep the two in sync. In my case, I’m using my Windows desktop and a cron running inside WSL (Windows Subsystem for Linux) to sync a specific folder from iCloud using rclone bisync

Backup scripts

Finally, besides mounting the drive and manually working with it, I like to use it for automated backups of other things, such as the database backups for my self-hosted services. It’s not necessary to moutn the drive at all for this, since you can use rclone copy to upload the local backup file directly to the cloud drive.

How it’s going

With all of the above in place, I’m pretty happy with my Rclone-based cloud drive. I’m somewhat tempted by the idea of running a NAS at home, but in my experience I don’t have the time to maintain sufficiently high reliability of services running from my home server. Just today my 2yo daughter flipped a switch and powered off my server before I could stop here. The main advantage of a cloud drive is being able to access it on-the-go, but that means if something ever does go wrong, I won’t be able to fix it in those cases because I won’t be at home! That’s too big of a risk for me - I’d rather rely on the cloud for now.