💡 Like BikeGremlin? Support me on Patreon or buy me a coffee
Search...

Rclone installation and configuration step-by-step

by
Rclone installation and configuration step-by-step tutorial
📢
More from BikeGremlin: YouTube | Forum | HUB
Google Add BikeGremlin as a preferred source on Google

Here is a step-by-step tutorial on how to install and configure Rclone to encrypt your files to a cloud storage and to browse and download them “normally.” This is mainly for my and my friends’ reference (and anyone who asks for my help) – no more, no less (“works on my computers” LOL 🙂 ). English is not my native, and brevity is not my virtue, but I did my best. 🙂
This should work with many, but not all, cloud storage providers.

Overview

My goal:

  • Easily copy and update files from my local backup HDD to my Hetzner Storage Box (or any other cloud storage).
  • Make sure the copied files are stored encrypted on the cloud.
  • Be able to conveniently browse the uploaded encrypted files and download the ones I need when I need them – in a readable (decrypted) form – preferably using my file manager.

After a lot of head-bashing and testing, I managed to do it with the Rclone software.

Rclone is a free, open-source tool for managing and syncing files between your computer and cloud storage services. It works from the command line and supports a wide range of providers: from Google Drive, Mega.nz and Dropbox to self-hosted storage like Hetzner Storage Box. Think of it as a “Swiss Army knife” for cloud storage: you can copy, move, sync, or mount remote files just as if they were on your local drive, with options for encryption, compression, and detailed automation. It’s fast, scriptable, and OK for people who want control over how their data is transferred and stored.

Here is the basic logic of what I did:

My files (local storage on my PC)

rclone crypt (encrypt/decrypt – “hetzner_crypt” in this example)

rclone webdav (communicate with Hetzner – “hetznerbox” in this example)

Hetzner Storage Box (remote storage)

Preparation and software

I need:

  • Source storage – directory to back up from (all that’s “under” it).
  • Destination (cloud) storage – place where I’ll be uploading and syncing to.
  • Rclone software and what’s needed for it to run.

Make a Hetzner subaccount with a limited access to a set directory/path (and nothing “above” it – just in case):
u123456-sub2

Windows installation

Make a “C:\rclone” directory and copy the extracted files there. Add it to path for simpler command typing in the future (without the “C:\rclone\” before each command):

WIN + R -> type “sysdm.cpl”
Advanced -> Environment Variables -> User variables for user BikeGremlin -> Path -> Edit -> New
C:\rclone

To confirm rclone works, in command prompt, type:

rclone version

Configure WebDAV connection (hetznerbox)

Command prompt, type:

rclone config

Depending on the Rclone version, the exact numbers (x) in each option may differ!

  • n -> create new remote
  • Name: “hetznerbox
  • Storage (type): “WebDAV” (58)
  • URL: https://u123456-sub2.your-storagebox.de
  • Vendor: other (8)
  • user: u123456-sub2
  • Option pass: y -> password for the u123456-sub2
  • bearer_token: blank (enter)
  • Edit advanced config: n
  • Keep this “hetznerbox” remote: y
  • Now quit: q

Confirm it works:

rclone ls hetznerbox:

Configure encryption (hetzner_crypt)

Command prompt, type:

rclone config

Depending on the Rclone version, the exact numbers (x) in each option may differ!

  • n -> create new remote
  • Name: “hetzner_crypt
  • Storage (type): crypt (15)
  • remote: “hetznerbox:/encrypted
    (to store it all in “encrypted” directory inside the pre-defined “hetznerbox”)
  • filename_encryption: standard (1)
  • directory_name_encryption: false (2)
    I want to browse directories via normal FTP if needed – you may encrypt
  • Option password: y
    type in your rclone encryption password
  • Password2 (salt): y
    type in your rclone password salt (different from your password)
  • Edit advanced config: n
  • Keep this “hetzner_crypt” remote: y
  • Quit: q

SECURITY / PRIVACY TRADE-OFF:
I chose not to encrypt directory names so I can still recognise the structure when browsing via FTP or similar. If you have directories like “Taxes-2025”, “Medical_Records”, “Client-X-Project”, that information is completely visible, so it’s your call how paranoid you wish to be.

Confirm it works – make a “test” directory:

rclone mkdir hetzner_crypt:testCode language: CSS (css)

Since no directory encryption was chosen, the two commands below will both list the “test” directory:

rclone lsd hetznerbox:/encrypted
rclone lsd hetzner_crypt:

Mount the encrypted drive

rclone mount hetzner_crypt: Q: --vfs-cache-mode full

Read-only mount:

rclone mount hetzner_crypt: Q: --vfs-cache-mode full --read-only

Error below is a warning about Windows’ not handling Unix-style symlinks, but rclone has started (I can safely ignore the “symlinks not supported” warning since I don’t actually use symbolic links):

2025/10/28 19:40:20 ERROR : symlinks not supported without the --links flag: /
The service rclone has been started.

I should now be able to copy a file here, and when I use a FTP client, the file will show as nonsense (this setup keeps the directory names intact).

Unmount – in the window where the mount was run:
CTRL + C

Upload/sync backups (files and directories)

This command encrypts and uploads only new or changed files. Deletes from remote what I deleted locally (mirrors the source):

rclone sync "D:\BACKUP-DATA" hetzner_crypt: --progress --transfers=4 --checkers=8 --fast-listCode language: PHP (php)

Add this to the end of the command above for a log (make sure it is outside the synced directory):

Make the directories if they don't exist:

mkdir "D:\LOGS\rclone"

Then you can add this at the end of the sync command:

 --log-file="D:\LOGS\rclone\rclone-sync.log" --log-level=INFO


Be careful with rclone sync – it will delete remote files that no longer exist locally. If unsure, use rclone copy instead. In other words, to just copy new files, without removing the remotely stored (Hetzner) files whose “originals” are gone at the source (PC), this does the job (note, this will upload any new files, but will not re-upload the files that haven’t changed):

rclone copy "D:\BACKUP-DATA" hetzner_crypt: --progress --transfers=4 --checkers=8 --fast-listCode language: PHP (php)

Download files to another PC

To download files, I do the same thing again, but I don’t run the upload/sync command.

I only mount the drive – and then copy files using my favourite file manager (Double Commander).

NUANCES! (gotchas)

Since rclone only lists directories and files, it all works pretty fast, as if it were a local drive – using my file manager. Of course, if I need to edit a file, it is best and recommended to download it locally.

Important

If I run a sync from my home PC, in order to update a “cloud” file, I must get it to that PC (if I wish to keep running sync, which is convenient for allowing me to automatically remove and rename in the cloud when I remove or rename files on my PC).

So I can’t just upload a file from a different PC and expect it to be pulled to the home PC or even remain in the “cloud”. I must remember to copy the new file from the cloud to my home PC (just mounting the drive and using a file manager, before running the sync command).

In other words:
This setup works best when my main PC is the “source of truth.” The rclone sync command will make the remote storage (Hetzner) an exact mirror of my local source directory.

If I add or change a file on the cloud from a different PC, I must manually copy it back to my main PC before running rclone sync again. Otherwise, the next sync from my main PC will see that the file is missing locally and delete it from the cloud.

Out of the Box alternative

Pun intended. 🙂

Another option (less error prone) is to use the likes of Filen.io or Pcloud to make a temporary encrypted copy (those platforms can encrypt) and then download it to my home PC, which syncs to the Hetzner storage (main one).

One at a time!

Do not run mount and sync (or copy) at the same time. Run mount only when the sync/copy has finished (and vice-versa).

Fast FTP rename/move – unencrypted directories

A practical thing about my setap with leaving the directory names unencrypted (encrypting only files) is that I can simply and quickly do move and directory rename. What do I mean? Here’s a practical example:

My English Youtube video backup directory has around 300 video files ~ around 350 GB in size. I wanted to rename it from just “videos” to “2015-2025” (and store newer videos in a separate directory). I would do that on my local source-of-truth PC, that’s fast an easy (rename and move don’t copy files and take no time locally). What happens with Rclone sync?

If I just did Rclone sync alone, Rclone would delete all those videos on the remote storage server, create the “2015-2025” directory, and then re-upload the videos (this would happen even if I tried to “move/rename” a rclone mounted volume on my PC).

However, with unencrypted directory names, I could use a normal FTP(S) cliend and get the job done on the remote server – running on the server as quickly as my local PC rename/move runs. Then, when I run the Rsync, it does nothing because as far as it can see, my source is the same as the remote destination.

Linux Ubuntu and Mint installation

Similarly to the Windows install procedure, I must install Rclone, define my storage, and then run the mounting or copy/sync commands. I will be using the repository, so not the latest and greatest Rclone version, but hopefully a stable and tested one. 🙂

Update, install rclone, and confirm it works – command prompt:

sudo apt update && sudo apt upgrade
sudo apt install -y rclone
rclone version

Configure WebDAV connection (hetznerbox) – Linux

Command prompt, type:

rclone config

Depending on the Rclone version, the exact numbers (x) in each option may differ!

  • n -> create new remote
  • Name: “hetznerbox
  • Storage (type): “WebDAV” (42)
  • URL: https://u123456-sub2.your-storagebox.de
  • Vendor: other (5)
  • user name: u123456-sub2
  • Option pass: y -> password for the u123456-sub2
  • bearer_token: blank (enter)
  • Edit advanced config: n
  • Keep this “hetznerbox” remote: y
  • Now quit: q

Configure encryption (hetzner_crypt)

Command prompt, type:

rclone config

Depending on the Rclone version, the exact numbers (x) in each option may differ!

  • n -> create new remote
  • Name: “hetzner_crypt
  • Storage (type): crypt (14)
  • remote: “hetznerbox:/encrypted
    (to store it all in “encrypted” directory inside the pre-defined “hetznerbox”)
  • filename_encryption: standard (1)
  • directory_name_encryption: false (2)
    I want to browse directories via normal FTP if needed – you may encrypt
  • Option password: y
    type in your rclone encryption password
  • Password2 (salt): y
    type in your rclone password salt (different from your password)
  • Edit advanced config: n
  • Keep this “hetzner_crypt” remote: y
  • Quit: q

SECURITY / PRIVACY TRADE-OFF:
I chose not to encrypt directory names so I can still recognise the structure when browsing via FTP or similar. If you have directories like “Taxes-2025”, “Medical_Records”, “Client-X-Project”, that information is completely visible, so it’s your call how paranoid you wish to be.

Mount the encrypted drive

Create a local mount directory:

mkdir -p ~/hetzner_crypt

FUSE dependencies install (on modern Ubuntu/Mint, fuse is often a dependency of rclone and installed by default – this doesn’t hurt, but it might not be necessary):

sudo apt install -y fuse3

Mount the encrypted drive:

rclone mount hetzner_crypt: ~/hetzner_crypt --vfs-cache-mode full

Read-only mount:

rclone mount hetzner_crypt: ~/hetzner_crypt --vfs-cache-mode full --read-only

Unmount:

fusermount -u ~/hetzner_crypt

Sync of copy backups

rclone sync ~/BACKUP-DATA hetzner_crypt: --progress --transfers=4 --checkers=8 --fast-listCode language: PHP (php)

Add this to the end of the command above for a log (make sure it is outside the synced directory):

Make the directories first if they don't exist:

mkdir -p ~/LOGS/rclone

Then you can add this at the end of the sync command:

 --log-file="~/LOGS/rclone/rclone-sync.log" --log-level=INFO

Copy:

rclone copy ~/BACKUP-DATA hetzner_crypt: --progress --transfers=4 --checkers=8 --fast-listCode language: PHP (php)

Restore

Almost forgot – and I think it is worth mentioning. To restore, just swap (reverse) the source and destination – so “hetzner_crypt:” goes first, before the drive. Examples for Windows and Linux (I changed the destination directory to “BACKUP-DATA-NEW” – to not overwrite the original source directory by mistake):

Windows:

rclone sync hetzner_crypt: "D:\BACKUP-DATA-NEW" --progress --transfers=4 --checkers=8 --fast-list

Linux:

rclone sync hetzner_crypt: ~/BACKUP-DATA-NEW --progress --transfers=4 --checkers=8 --fast-listCode language: PHP (php)

Rclone update

See the installed version:
rclone version

Update:
rclone selfupdate

Conclusion – how it works in practice

So far so good. 🙂

<iframe src="https://giphy.com/embed/3osxYdWVNeMVIXCJcA" width="480" height="262" style="" frameBorder="0" class="giphy-embed" allowFullScreen></iframe><p><a href="https://giphy.com/gifs/fandor-eyes-criterion-collection-la-haine-3osxYdWVNeMVIXCJcA">via GIPHY</a></p>Code language: HTML, XML (xml)

I must have at least one off-site backup copy (in addition to any local backups): in case of theft, fires, etc (backups 101). When the spare HDD at work suddenly died, I had to make an offsite copy of my personal data ASAP. Hetzner storage is affordable and it seems to work well with FTP and Rclone – for now at least (I’ve been using it for web server backups for years).

Having my files encrypted is a good idea – it makes my life easier because I don’t have to think “hey, does this backup upload have any client files I should be keeping private?” and similar. This way I know it is all encrypted (the same goes for full drive encryption with both Windows and Linux – my broken drive could just be sent for warranty replacement with no worries about data privacy).

This does make things a bit more complicated to set up. At the time of writing, my son is not big enough to get this done by himself, for example. Nothing is perfect.

With some directories moved, some files and directories deleted and few added, this is what a typical result looks like (it takes longer on the first run):

C:\Users\mywinuser>rclone sync "D:\BACKUP-DATA" hetzner_crypt: --progress --transfers=4 --checkers=8 --fast-list
Transferred:       29.496 MiB / 29.496 MiB, 100%, 273.294 KiB/s, ETA 0s
Checks:            456305 / 456305, 100%, Listed 962496
Deleted:            29930 (files), 2012 (dirs), 852.497 GiB (freed)
Transferred:         8641 / 8641, 100%
Elapsed time:     18m22.7sCode language: PHP (php)

Yes, I did consider a NAS, but with modern HDD quality going down the drain, and Serbian market availability being always awful, cloud it is – with all its pros and cons.

(Re)sources

Last updated:

Originally published:

Author

Relja Novović

Relja is an avid cyclist, a pretty good bike mechanic, and a professional computer systems administrator – with decades of experience in both those fields (computers and bikes 🙂 ). Relja Novović’s credentials and a short biography


Please use the BikeGremlin.net forum for any comments or questions.

If you've found any errors or lacking information in the article(s) - please let me know by commenting on the BikeGremlin forum or by sending a message via the forum's contact form.
You can comment anonymously (by registering with any name/nickname), but I think it is good to publicly document all the article additions (and especially corrections) - even if their author chooses to remain anonymous.

Tools and other products that I use (and can recommend)