Rclone UIDocs

GitHubrclone/rclone

54.7K

Rclone CLIRclone UIChangelog
Commands

Serve

Guide to using rclone serve - turn cloud storage into various servers

rclone serve

The server commands - turn your cloud storage into a web server, FTP server, SFTP server, WebDAV, and more!

Quick start

# Serve files over HTTP
rclone serve http remote:path

# Serve with WebDAV
rclone serve webdav remote:path

# Serve as SFTP
rclone serve sftp remote:path

# Serve as FTP
rclone serve ftp remote:path

Your cloud storage is now accessible via standard protocols!

Available servers

HTTP Server

# Basic HTTP server
rclone serve http remote:path --addr :8080

# With authentication
rclone serve http remote:path \
  --addr :8080 \
  --user myuser \
  --pass mypassword

# With custom template
rclone serve http remote:path \
  --template index.html

Access at: http://localhost:8080

WebDAV Server

# WebDAV for file managers
rclone serve webdav remote:path \
  --addr :8081 \
  --user webdav \
  --pass secret

# Read-only WebDAV
rclone serve webdav remote:path \
  --read-only \
  --addr :8081

Mount in file managers using: http://localhost:8081

SFTP Server

# SFTP server (requires SSH key)
rclone serve sftp remote:path \
  --addr :2022 \
  --user sftpuser \
  --pass sftppass

# With key authentication
rclone serve sftp remote:path \
  --addr :2022 \
  --authorized-keys ~/.ssh/authorized_keys

Connect with: sftp -P 2022 sftpuser@localhost

FTP Server

# FTP server
rclone serve ftp remote:path \
  --addr :2121 \
  --user ftpuser \
  --pass ftppass

# Passive mode for firewalls
rclone serve ftp remote:path \
  --addr :2121 \
  --passive-port 30000-30100

Connect with: ftp localhost 2121

DLNA Server

# Stream media to smart TVs
rclone serve dlna remote:media \
  --addr :7879 \
  --name "My Media Server"

# With transcoding
rclone serve dlna remote:media \
  --addr :7879 \
  --vfs-cache-mode full

Your media appears on DLNA-compatible devices!

Restic Backup Server

# Serve as restic repository
rclone serve restic remote:backup \
  --addr :8000 \
  --user backup \
  --pass secret

# Client usage:
# restic -r rest:http://backup:secret@server:8000 init

S3 Compatible Server

# Serve as S3
rclone serve s3 remote: \
  --addr :4443 \
  --cert cert.pem \
  --key key.pem

# Access with S3 clients
# Endpoint: https://localhost:4443

Security

Authentication

# Basic authentication
rclone serve http remote: \
  --addr :8080 \
  --user admin \
  --pass secret123

# Multiple users (htpasswd file)
rclone serve http remote: \
  --addr :8080 \
  --htpasswd /path/to/.htpasswd

# Client certificates
rclone serve http remote: \
  --addr :8443 \
  --cert server.crt \
  --key server.key \
  --client-ca client-ca.crt

HTTPS/TLS

# Serve over HTTPS
rclone serve webdav remote: \
  --addr :443 \
  --cert /path/to/cert.pem \
  --key /path/to/key.pem

# Self-signed certificate (testing only)
openssl req -x509 -newkey rsa:4096 \
  -keyout key.pem -out cert.pem \
  -days 365 -nodes

rclone serve http remote: \
  --addr :8443 \
  --cert cert.pem \
  --key key.pem

Access Control

# Read-only access
rclone serve webdav remote: \
  --read-only \
  --addr :8081

# Restrict to localhost
rclone serve http remote: \
  --addr 127.0.0.1:8080

IP Whitelisting

Restrict access to your rclone server by allowing only specific IP addresses through your firewall.

Using UFW (Uncomplicated Firewall)

# Allow a specific IP to access port 8080
sudo ufw allow from 192.168.1.100 to any port 8080

# Allow a subnet
sudo ufw allow from 192.168.1.0/24 to any port 8080

# Allow multiple specific IPs
sudo ufw allow from 10.0.0.50 to any port 8080
sudo ufw allow from 10.0.0.51 to any port 8080

# Block all other access to the port (deny is default, but explicit is clearer)
sudo ufw deny 8080

# Check rules
sudo ufw status numbered

Using iptables

# Allow specific IP
sudo iptables -A INPUT -p tcp -s 192.168.1.100 --dport 8080 -j ACCEPT

# Allow a subnet
sudo iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 8080 -j ACCEPT

# Drop all other connections to the port
sudo iptables -A INPUT -p tcp --dport 8080 -j DROP

# View current rules
sudo iptables -L INPUT -n --line-numbers

# Save rules (Debian/Ubuntu)
sudo iptables-save > /etc/iptables/rules.v4

# Save rules (RHEL/CentOS)
sudo service iptables save

Using firewalld (RHEL/CentOS/Fedora)

# Create a new zone for rclone
sudo firewall-cmd --permanent --new-zone=rclone

# Add allowed IPs to the zone
sudo firewall-cmd --permanent --zone=rclone --add-source=192.168.1.100
sudo firewall-cmd --permanent --zone=rclone --add-source=192.168.1.101

# Open the port in that zone
sudo firewall-cmd --permanent --zone=rclone --add-port=8080/tcp

# Reload to apply
sudo firewall-cmd --reload

# Verify
sudo firewall-cmd --zone=rclone --list-all

Remember to place ACCEPT rules before any DROP rules. Firewall rules are processed in order, and the first match wins.

Service installation

Linux (systemd)

# /etc/systemd/system/rclone-serve.service
[Unit]
Description=RClone Serve
After=network-online.target

[Service]
Type=simple
User=rclone
Group=rclone
ExecStart=/usr/bin/rclone serve webdav remote: \
  --addr :8081 \
  --config /etc/rclone/rclone.conf \
  --user webdav \
  --pass secret \
  --vfs-cache-mode full
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

Enable:

sudo systemctl enable rclone-serve
sudo systemctl start rclone-serve

Docker

# Dockerfile
FROM rclone/rclone:latest
EXPOSE 8080
CMD ["serve", "http", "remote:", "--addr", ":8080"]

Run:

docker run -d \
  -p 8080:8080 \
  -v ~/.config/rclone:/config/rclone \
  rclone-serve

Troubleshooting

Port Already in Use

# Check what's using port
lsof -i :8080
# or
netstat -tulpn | grep 8080

# Use different port
rclone serve http remote: --addr :8888

Can't Access from Other Devices

# Bind to all interfaces (not just localhost)
rclone serve http remote: --addr :8080
# Not --addr localhost:8080

# Check firewall
sudo ufw allow 8080

Performance

# Enable caching
--vfs-cache-mode full
--vfs-cache-max-size 100G

# Increase buffers
--buffer-size 256M
--vfs-read-chunk-size 128M
For Many Users
rclone serve webdav remote: \
  --addr :8081 \
  --vfs-cache-mode full \
  --vfs-cache-max-size 500G \
  --buffer-size 256M \
  --transfers 32
For Large Files
rclone serve http remote: \
  --addr :8080 \
  --vfs-read-chunk-size 128M \
  --vfs-read-chunk-size-limit off \
  --buffer-size 1G
For Streaming
rclone serve dlna remote: \
  --addr :7879 \
  --vfs-cache-mode full \
  --vfs-read-ahead 512M \
  --vfs-cache-max-age 24h

You can check ready-made templates here.

Remember: Serve commands turn your cloud storage into a server.

The official documentation provides more info on the benefits and different ways to use the serve command.

Great for sharing, streaming, and remote access - but always consider security!

How is this guide?

Purge

The most dangerous command in rclone, the nuclear option.

Sync

Guide to using rclone sync - make destinations match source exactly

On this page

rclone serve
Quick start
Available servers
HTTP Server
WebDAV Server
SFTP Server
FTP Server
DLNA Server
Restic Backup Server
S3 Compatible Server
Security
Authentication
HTTPS/TLS
Access Control
IP Whitelisting
Service installation
Linux (systemd)
Docker
Troubleshooting
Port Already in Use
Can't Access from Other Devices
Performance
For Many Users
For Large Files
For Streaming