HOW TO: Switch from encfs to rclone crypt

No iam copying it directly from my download machine, I use scaleway VPS to make a copy of amazon drive to google drive.

ENCFS
Total objects: 39751
Total size: 38283.864 GBytes (41106985941130 Bytes)
CRYPT
Total objects: 7732
Total size: 6224.845 GBytes (6683876377301 Bytes)

Getting there slowly, just yesterday got again tons of requests eg close to 1TB lol so hopfully I will get there within next 10 days or so.

There are a couple of things which are pain points with crypt

  • no support for hashes (MD5 or SHA1)
  • limitations on file name length

And a cryptographic weakness - the fact that crypt preserves the directory structure and the same named file encrypts always encrypts to the same name would allow some sort of analysis on your crypted data. It wouldn’t expose any of the data though, it just might give an adversary some idea as to what class of data it is.

The high security mode will fix all of the above, but it will come with a cost - more metadata, more complexity and more points where things can go wrong!

@Ajki

I never had a real implementaiton of EncFS. I tested it here and there, but never really used it to any degree.

I find direct crypt mount to Amazon to be much slower than what I’m currently using now.

Here is how I mount my Crypt-encrypted Amazon Media drive to expose to Plex:

  1. Mount the encrypted Amazon using acd_cli to ~/.media/acd-encrypted
  2. Mount with rclone via a local crypt config the ~/.media/acd-encrypted to a decrypted folder: ~/.media/acd-decrypted
  3. Use UnionFS to mount ~/.media/acd-decrypted and ~/.media/local (this local is where all new media goes before it’s uplaoded to Amazon once a day).

Using the local rclone mount and acd_cli gives me 2-3 second Plex start times and much better performance compared to mounting ACD directly via Rclone.

I suspect there are optimizations still left with Crypt/ACD/Mount. The fact that I get 2-3 second start times with Crypt+acd_cli makes me think it’s not so much crypt, but something else when going direct without acd_cli… Maybe @ncw has an idea.

@Stokkes I had quite bad experience with acd_cli once my library got over 25TB.

My setup is 1x server that downloads/uploads new media files and 1x Plex server.

acd_cli is beyond allergic having multiple mountpoints and changing content one one side.

The biggest problem I had was database corruption and inability to preform full sync in one iteration eg if I deleted corrupted sqlite db I needed to run sync at least 3 to 5 times before it was done and for each sync i needed to wait 5 minutes in between. That meant that mount would be disconnected during all that time and that made it completely unusable as it would mean on db corruption i would be without mount in average 15 to 20 minutes.

According to acd_cli docs when any changes happen on acd the remount and sync should be done.
At the end I had like 100 lines bash script that was checking if acd is still connected making a copy of current sqldb if sync error occurred ( and it was happening quite often,especially if I added 100+ files ) so i could restore the previous db etc…

I think the only advantage acd_cli have atm is local cache of file/folder structure ( ncw is already working/planing on it for clone ) and with that you can shave off 3 to 5 seconds that rclone needs.

Keep in mind there is still “missing files” problem with acd_cli where some of the files wont be shown at all ( it should work with previous 31 version )

p.s. Rclone had major issue with seek in crypt mounted files that were fixed so you could test it again with latest version.

@Ajki

I’m using the latest version of rclone and my start times when starting a new video in Plex are between 10-20 seconds for a tv show and 30+ seconds for a 20GB movie. With my current setup, it’s 3 seconds for a tv show (40-60 minutes) and about 5-6 seconds for a movie.

I’ve been running my current setup for about two months now without any issue. It should be noted that NOTHING gets modified via acd_cli. Both acd_cli and rclone mount are mounted via read-only. I also have a cron job that runs every 15 minutes and does a simple acd_cli sync. I do extensive logging and have yet to see any errors coming from acd_cli in the times I’ve used it.

Let me see if I can find some time to put up my mount / checker scripts in a github gist so you can see how I do it. I just find it so much more reliable than a pure rclone mount with crypt (without crypt it’s much faster, just fyi).

Edit: I should note my library is 31TB.

My current loading times with rclone mount with encfs are 3 to 5 seconds for 9GB movie and more or less the same for TV shows.

I just did the test with 22GB movie. check timeline + seek test by jumping at the end of the movie.

p.s. Dont get me wrong sometimes acd can be a bit funky and it can take 15 seconds and it could be with 600MB file, but that should be solved with rclones local file/folder cache ( that should include all file stats )

Have you tested pure rclone crypt over an acd mount to see how long it takes to start a video?

Edit: also, same, don’t get me wrong, I’d love to remove acd_cli as I find more pieces to the puzzle means more chance for something to go wrong. But I just received too many complaints from family/etc that rclone crypt directly was unreliable, so I moved it to my hybrid solution and it’s been rock solid since.

Still reencrypting, but what i did test at home is playing directly with Windows Media Player over rclone encfs mount and over crypt mount on more or less it was same, ( sometimes encfs was 2, 3 seconds faster and sometimes crypt )

Once iam done with reencrypting all library i will switch Plex to rclone crypt mount.

I had an issue with 20, 30 seconds loading few times and it was some old 600MB series, but that is more the likely peering problem with acd.

p.s. What I find more annoying is that with rclone mount it can take 3 to 5 seconds to open movie page ( not play ) as Plex is always checking if file is present when you do. So when you are listing trough series omfg the waste of time. ( hopefully that local cache solution will be available soon )

How are we on this? Currently have a encfs setup with acd_cli however its dropping the mount and driving me mad as I have to rescan sonarr / plex to pickup the changes again!

Drop acd_cli and just mount with rclone your amazon drive and keep using encfs you have now.
Iam using rclone for around 70 days so far and not once I needed to remount, with acd_cli i usually needed to remount and resync everything on any change/upload I did.

rclone mount
–read-only
–allow-non-empty
–allow-other
–max-read-ahead 14G
–acd-templink-threshold 0
–checkers 16
–quiet
–stats 0
acd:/ /storage/.acd/ &
exit

2 Likes

Ajki…
Thanks for the reply. I am re-writing my scripts which I will share to be oriented for rclone mount with encfs. I’ve found the following on github; Would you recommend I use yours or continue with the below?

$rclone mount
–read-only
–allow-non-empty
–dir-cache-time 1m
–max-read-ahead 2G
–acd-templink-threshold 0
–bwlimit 0
–checkers 32
–contimeout 15s
–low-level-retries 1
–no-check-certificate
–quiet
–retries 3
–stats 0
–timeout 30s \

The one you linked I posted a while ago but there was no advanteges with it so I just stick with the few flags that i felt had the difference.

–no-check-certificate, retries, timeouts did nothing, bwlimit 0 is already default, dir-cache up to you default is 5 minutes ( so if you want possible rclone uploads to show sooner then you can have it at 1 min wont be any change ), checkers 32, i saw no speed up compared to 16 ( and during that time i was testing with 15+ concurrent streams )

The max readaheaed is more then likley 128M max so regardless what we set max would be used - maybe we could recompile fuse to allow for more.

2 Likes

Nice one, less deviation from defaults the better :slight_smile:

Those who use -acd-templink-threshold notice that it makes any difference?

@Ajki

I hope for your case that this prove fruitful. I’m just convinced there is an issue with rclone + crypt + acd that is causing intermittent Plex performance. I know Amazon can be picky at times and nothing can be done for that, but as a test, I setup a new dedicated box on Hetzner, did some tests (was able to hit 100MB/s to ACD US), but I’m having the same issues as my OVH dedibox.

I think the combination of rclone, crypt, acd, Plex creates these perfect storm type situations that make the whole thing unreliable. Sometimes it’s rock solid, other times I"m lucky if I can stream anything. I have a bunch of family members who use my Plex and they’re seeing it too - lots of buffering, very slow starts, media that fails to start and goes back to the Plex screen.

I work in IT for a living and overall this just doesn’t seem production ready.

Iam in process of buying a dedicated Plex server and for few weeks plan to run both so the existing one with rclone + encfs and the new one with rclone + crypt.

Atm Iam also fiddeling with idea of implementing nginx with http2 support to behave as plex reverse proxy and as well free Cloudflare to utilize the best possible peering between client and server.

@Ajki

Have you seen these errors while trying to transfer?
Failed to copy: Post https://content-eu.drive.amazonaws.com/cdproxy/nodes?suppress=deduplication: remote error: bad record MAC

I think i had few of those but it was sorted out. Before I switched libs I did SYNC and CHECK and both where without errors.

I didn’t have a few =)
I’ll try again tonight. Did get a scaleway server btw, do you have your mount set differently? I just took my mount from my Hetzner machine (which is the same you’re using) and mounted it the same way.

My current Plex mount is just
rclone mount
–read-only
–allow-non-empty
–allow-other
–acd-templink-threshold 0
–checkers 16
–quiet
–stats 0
acdcrypt: /storage/acdcrypt/ &

Removed all other flags as there was no difference in performance eg defaults are good.