Overview
This post will show you how to backup your Nextcloud to Google Drive using rclone
Install rclone
My Nextcloud server runs on CentOS 7. The rclone version in EPEL 7 repository is 1.55 which is no longer able to connect to Google Drive API since early 2022 due to a security update by Google.
To get a more recent and Google API compatible version I installed rclone 1.60 using the information provided here: https://rclone.org/downloads/
# wget https://rclone.org/install.sh
# chmod +x install.sh
# ./install.sh
# rclone version
rclone v1.60.1
- os/version: centos 7.9.2009 (64 bit)
- os/kernel: 3.10.0-1160.80.1.el7.x86_64 (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.19.3
- go/linking: static
- go/tags: noneEnable Google Drive API
Login with your Google Cloud account to configure and enable the API: https://console.cloud.google.com
Navigate to ‘APIs & Services’ and then ‘Library’. Search for ‘Google Drive API’.
Choose ‘Create Credentials’ and continue to the next section for configuring Oauth Consent Screen.
Now create Google Drive API credentials for rclone. From the left hand pane of the cloud console, choose ‘Oauth consent screen’ and perform the configuration using the following values.
- User Type: External -> Create
- Application name: rclone
- Support email: enter your google account email
- Add scopes: ‘Google Drive API’ -> ‘…/auth/drive’
- From the left hand pane, choose ‘Create credentials’
Click on the menu ‘Create credentials’ and select ‘Oauth client ID’
- Application type: Desktop app
- Name: rclone
- Click ‘Create’
- A Client ID & Client secret will be generated. Make a note of these as they are required during the rclone configuration process
OAuth consent screen
- Publish to production
- Ignore Verification Status as it is not required for the scope of this work
Reference Documentation
https://medium.com/swlh/using-rclone-on-linux-to-automate-backups-to-google-drive-d599b49c42e8
rclone Configuration
My Nextcloud server is headless so I need to use the browser on my workstation as some of the configurations involving oauth2 require an Internet connected web browser. We will use an SSH tunnel for this purpose.
### on your workstation ssh to your server
$ ssh -L localhost:53682:localhost:53682 [email protected]
### you are now connected to your server
$ su -
# rclone config
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> gdrive
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
...
18 / Google Drive
\ "drive"
...
Storage> 18
** See help for drive backend at: https://rclone.org/drive/ **
### $clientid & $clientsecret can be downloaded
### from Google Cloud > Credentials pane
Google Application Client Id
client_id> $clientid.apps.googleusercontent.com
client_secret> $clientsecret
Scope that rclone should use when requesting access from drive.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Full access all files, excluding Application Data Folder.
\ "drive"
...
scope> 1
service_account_file>
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes (default)
n) No
y/n> y
2022/11/22 01:29:35 NOTICE: Make sure your Redirect URL is set to "http://127.0.0.1:53682/" in your custom config.
2022/11/22 01:29:35 NOTICE: If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=xxxxxxxx
2022/11/22 01:29:35 NOTICE: Log in and authorize rclone for access
2022/11/22 01:29:35 NOTICE: Waiting for code...
### at this point open the browser on your workstation
### and browse to http://127.0.0.1:53682/auth?state=xxxxxxxx
### complete the steps in the browser to validate
2022/11/22 01:30:14 NOTICE: Got code
channel 4: open failed: connect failed: Connection refused
Configure this as a Shared Drive (Team Drive)?
y) Yes
n) No (default)
y/n> n
Configuration complete.
Options:
- type: drive
- client_id: $clientid.apps.googleusercontent.com
- client_secret: $clientsecret
- scope: drive
- token: {"access_token":"xxxx","token_type":"Bearer","refresh_token":"xxxxx","expiry":"2022-11-22T02:30:13.673372503Z"}
- team_drive:
Keep this "gdrive" remote?
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:
Name Type
==== ====
gdrive drive
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> qReference Documentation
https://rclone.org/remote_setup/
rclone Usage
### list your google drive
# rclone ls gdrive:/
### use in a script that is called by cron
### assumes vps folder exists in Google Drive
# rclone sync --create-empty-src-dirs --stats-log-level NOTICE /backup/ gdrive:/vps/Nextcloud Backup Commands
Below are some script snippets I use to backup Nextcloud.
I don’t backup the ‘data’ directory. In a server restore scenario I will simply resync data from my workstation. Adjust accordingly for your scope.
Enable maintenance mode:
su apache -s /bin/bash -c '/opt/remi/php81/root/bin/php /domains/cloud.example.com/occ maintenance:mode --on'
sleep 200Backup Nextcloud folder:
/bin/tar cjvf /backup/nextcloud-folder.tar.bz2 --exclude=/domains/cloud.example.com/data /domains/cloud.example.comBackup Nextcloud database (my database name is owncloud):
/usr/bin/mysqldump --default-character-set=utf8mb4 --lock-tables --user=root --password=password --databases owncloud > /backup/nextcloud.sqlMaintenance mode off:
su apache -s /bin/bash -c '/opt/remi/php81/root/bin/php /domains/cloud.example.com/occ maintenance:mode --off'Conclusion
Thank you to the writers of the referenced articles. I have sourced the majority of the content of this post from your work but updated it and massaged it for my own setup.
Let us know how it goes for you and comment below with any feedback.