I have my own server at home and a decent connection. I run Ubuntu server and also have docker running.
I am looking to run my own cloud storage server and then using rclone I wish to connect to it from my friends house, effectively mapping a shared drive for him to my server.
I googled this and came across Minio, They seem to have a docker image I can use but I'm unsure about "existing files". I dont want to setup a blank cloud and load it with files, I want to share an already full file system.

Has anyone setup something like this before? Is there an easier way?

Thanks in advance

rclone can easily serve files using rclone serve

do you plan to expose your server to the open internet, vpn, tailscale or what?

It would be exposed to the internet on the "required" port. This is why I considered running a secure cloud server in a docker container. That way although it would be exposed to the internet it would be secure. Then using rclone to connect to that secure service from my friends.

I did consider a VPN connection between us and then just use samba shares but I didnt think that would be the best.

Take a look at syncthing software. It will do real time file synchronization over the Internet between your house and your friend's house and it will do so without needing to open a port on your router. You can optionally open a port which will increase the performance.

You each run a copy of the software which runs on Windows Mac or Linux and exchange crypto keys so you can share files encrypted over the internet.

Every time you add or remove a file from your machine it will be replicated to the other automatically.

This would be fine but I dont have enough storage to replicate the content at my friends. My server has 100TB of storage.

Have you tested using rclone serve feature? I haven't used it to the scale that you are trying but I have used it many times successfully. You could run in a terminal window and set the port and then open that IP address and port number on the router gateway to the internet.

I haven't. I must admit, I thought rclone was a client for connecting to services, I didn't realise it had a serve feature. I just rechecked the docs.
There are a lot of options. I'll have to do some more googling on what the best options would be and give it a try.

Thanks

Rclone is a Swiss Army knife. It does a lot of things. It's a great tool to have in your tool kit.

I would suggest adding the vfs-cache-mode full flag. It enables smoother sharing of files because it adds caching.

Using serve is very simple. For starters run the command from your server and then connect to it from another machine on your local network for starters. I normally use http and a web browser on the other machine.

It may not be exactly what you're looking for but it should get the job done. Your friend should be able to open a web browser to your external router and port number that you forward to the machine that is running rclone serve on a specific port number.

On another note that is related. Roundsync is rclone on Android. On GitHub. Just today I served a file that is stored on one of my cloud servers to my local network and connected to it from another machine and it worked great. I was able to watch a movie on a computer that did not have the movie on it.

I probably should have added, I'm looking at this to be a permanent connection. I will mount the share at his house on his ubuntu server.
I thought I would need to have a server here (s3 compatible) to do it but if I can use rclone here to serve the drives, then rclone at his to connect them securely then that's what I'll try.

@SpaceBallz

Little bit of trial and error and you should have it working. I did it in a short while and I always recommend using Microsoft Copilot to answer any configuration questions that you might have it's very good at answering what you need and don't need to put on the command line.

Your friend when done should be able to mount your files in a folder/drive and access anything needed.

I found it to be one of the simpler things to do in rclone.

The first step is to get the serve command configured and working so that you can access your files on your local network from another machine and mount them in a remote. Then you'll know what to do with the port forwarding to make it work from your friend's house.

imho, rclone serve should not be exposed to open internet where it will be discovered in short time.
rclone serve lacks the most basic protections and by default, does not encrypt traffic.

simple way

• on the server samba over tailscale.
• on the client, just mount the share using native os tools.
  if you want a local cache, rclone mount --vfs-cache-mode=full

I'm a huge fan and endorser of tailscale. The free version of tail scale allows for three user accounts to work together on the same network so the friend at the other location can run tail scale and the server runs tail scale and as you suggested SMB file sharing. All of the files will be accessible with end-to-end encryption and no open ports on the router and no vulnerabilities with the serve feature.

This would definitely be more secure and safe from hackers.

If you want to serve files with rclone, You can combine that With tail scale Problem and have end-to-end encryption with no open ports on the router And it will be just as secure.

Isn't tailscale just a VPN? I already mentioned, I considered connecting him to my current openvpn server, but then I would need to figure out how to stop him being able to see all of my network. A couple of drives on the server are open for me to access, on my lan but have private files that I wouldn't want sharing. I don't want to alter anything from how I have it set now. All I want to do is share 2-3 drives with him over the internet.

thanks again for all your replies.

My first thought is to only install tail scale on machines that you want your friend to have access to.

I have yet to create a second user in my account so I don't know what options there are to restrict users to particular machines. I will create a second user on my system later and see if there is a way to only permit that user to access one machine and none of the others and then I will post my results here.

In addition to tail scale I also use on all of my PCS and have been for years a regular VPN client that also has a mesh net feature and it does have the ability to restrict people to only one IP address. I will let you know as soon as I know.

NEW INFORMATION:

You CAN restrict your friends access to only one machine, not all of your machines.

They can only access machines that are running the tail scale software so if you don't put the tail scale software on machines that don't need to be accessed nobody can get to them anyway.

Sharing your nodes with other users

Sharing lets you give any Tailscale user on any Tailscale network (known as tailnet), access to a device without exposing the device publicly. This can be helpful for giving contractors private access to a secure server, or sharing a private Minecraft server with friends.

Sharing gives the recipient access to only the shared device in your tailnet, and nothing else. It respects the ACL and MagicDNS settings of both your tailnet and the recipient's tailnet. Sharing strips ACL tags, groups, and subnet information from the recipient tailnet. A shared node is visible only to the individual recipient user—it is not visible to the recipient user's entire tailnet.

Seems like overkill and he can't have access to the "machine" only 3 drives on it.

My original plan was to run an S3 compatible storage server (open source) and point it to my storage folder, then connect the storage using rclone on his side.

I'm probably going to look into Minio more, I just dont want to create a blank cloud space, I want to start with a full filesystem without anything altering it. I'll do some more reading.

Thanks again for your time replying to my post. I will update if I manage to get it working.

You can take of that by adding windows sharing passwords to the SMB file shares on that PC.

In any home or office environment users who have access to a whole computer's IP address can only map a drive or access files to Windows File shares that they have the proper user ID and password for so The Simple Solution is to give him permissions to the SMB file shares for those three drives and none of the other ones. Doesn't seem very complicated to me.

If I gave you access privileges to access the IP address for one of my home computers you would not be able to access any file shares or resources on that computer that your user ID and password that I provide to you doesn't have access to.

Think of it this way to make it simple. Everybody in the company can hit the IP address of a Windows file server but they can only access their home directory on that server because that's all their user ID and password can access. Not very complicated at all. 100 people can have access to the same IP address for a server but not access anybody else's files other than their own.

I run open SSH server on my Windows computers and if I connect with a specific user ID it gets permission to that users home folder and nothing else on the machine. Same thing goes for Windows SMB file shares.

I've been managing shared corporate environment servers for about 35 years now. I have a company that has thousands of employees that technically can ping and access a specific IP address but they can't access any resources on that server that their user ID and password doesn't have permission to.