v1.45

rclone rcd

Run rclone listening to remote control commands only.

Synopsis

This runs rclone so that it only listens to remote control commands.

This is useful if you are controlling rclone via the rc API.

If you pass in a path to a directory, rclone will serve that directory for GET requests on the URL passed in. It will also open the URL in the browser when rclone is run.

See the rc documentation for more info on the rc flags.

Server options

Use --rc-addr to specify which IP address and port the server should listen on, eg --rc-addr 1.2.3.4:8000 or --rc-addr :8080 to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.

If you set --rc-addr to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.

You can use a unix socket by setting the url to unix:///path/to/socket or just by using an absolute path name.

--rc-addr may be repeated to listen on multiple IPs/ports/sockets. Socket activation, described further below, can also be used to accomplish the same.

--rc-server-read-timeout and --rc-server-write-timeout can be used to control the timeouts on the server. Note that this is the total time for a transfer.

--rc-max-header-bytes controls the maximum number of bytes the server will accept in the HTTP header.

--rc-baseurl controls the URL prefix that rclone serves from. By default rclone will serve from the root. If you used --rc-baseurl "/rclone" then rclone would serve from a URL starting with “/rclone/“. This is useful if you wish to proxy rclone serve. Rclone automatically inserts leading and trailing “/“ on --rc-baseurl, so --rc-baseurl "rclone", --rc-baseurl "/rclone" and --rc-baseurl "/rclone/" are all treated identically.

TLS (SSL)

By default this will serve over http. If you want you can serve over https. You will need to supply the --rc-cert and --rc-key flags. If you wish to do client side certificate validation then you will need to supply --rc-client-ca also.

--rc-cert must be set to the path of a file containing either a PEM encoded certificate, or a concatenation of that with the CA certificate. --rc-key must be set to the path of a file with the PEM encoded private key. If setting --rc-client-ca, it should be set to the path of a file with PEM encoded client certificate authority certificates.

--rc-min-tls-version is minimum TLS version that is acceptable. Valid values are “tls1.0”, “tls1.1”, “tls1.2” and “tls1.3” (default “tls1.0”).

Socket activation

Instead of the listening addresses specified above, rclone will listen to all FDs passed by the service manager, if any (and ignore any arguments passed by --rc-addr).

This allows rclone to be a socket-activated service. It can be configured with .socket and .service unit files as described in https://www.freedesktop.org/software/systemd/man/latest/systemd.socket.html

Socket activation can be tested ad-hoc with the systemd-socket-activatecommand

  1. systemd-socket-activate -l 8000 -- rclone serve

This will socket-activate rclone on the first connection to port 8000 over TCP.

Template

--rc-template allows a user to specify a custom markup template for HTTP and WebDAV serve functions. The server exports the following markup to be used within the template to server pages:

ParameterDescription
.NameThe full path of a file/directory.
.TitleDirectory listing of .Name
.SortThe current sort used. This is changeable via ?sort= parameter
Sort Options: namedirfirst,name,size,time (default namedirfirst)
.OrderThe current ordering used. This is changeable via ?order= parameter
Order Options: asc,desc (default asc)
.QueryCurrently unused.
.BreadcrumbAllows for creating a relative navigation
— .LinkThe relative to the root link of the Text.
— .TextThe Name of the directory.
.EntriesInformation about a specific file/directory.
— .URLThe ‘url’ of an entry.
— .LeafCurrently same as ‘URL’ but intended to be ‘just’ the name.
— .IsDirBoolean for if an entry is a directory or not.
— .SizeSize in Bytes of the entry.
— .ModTimeThe UTC timestamp of an entry.

The server also makes the following functions available so that they can be used within the template. These functions help extend the options for dynamic rendering of HTML. They can be used to render HTML based on specific conditions.

FunctionDescription
afterEpochReturns the time since the epoch for the given time.
containsChecks whether a given substring is present or not in a given string.
hasPrefixChecks whether the given string begins with the specified prefix.
hasSuffixChecks whether the given string end with the specified suffix.

Authentication

By default this will serve files without needing a login.

You can either use an htpasswd file which can take lots of users, or set a single username and password with the --rc-user and --rc-pass flags.

If no static users are configured by either of the above methods, and client certificates are required by the --client-ca flag passed to the server, the client certificate common name will be considered as the username.

Use --rc-htpasswd /path/to/htpasswd to provide an htpasswd file. This is in standard apache format and supports MD5, SHA1 and BCrypt for basic authentication. Bcrypt is recommended.

To create an htpasswd file:

  1. touch htpasswd
  2. htpasswd -B htpasswd user
  3. htpasswd -B htpasswd anotherUser

The password file can be updated while rclone is running.

Use --rc-realm to set the authentication realm.

Use --rc-salt to change the password hashing salt from the default.

  1. rclone rcd <path to files to serve>* [flags]

Options

  1. -h, --help help for rcd

Options shared with other commands are described next. See the global flags page for global options not listed here.

RC Options

Flags to control the Remote Control API

  1. --rc Enable the remote control server
  2. --rc-addr stringArray IPaddress:Port or :Port to bind server to (default localhost:5572)
  3. --rc-allow-origin string Origin which cross-domain request (CORS) can be executed from
  4. --rc-baseurl string Prefix for URLs - leave blank for root
  5. --rc-cert string TLS PEM key (concatenation of certificate and CA certificate)
  6. --rc-client-ca string Client certificate authority to verify clients with
  7. --rc-enable-metrics Enable the Prometheus metrics path at the remote control server
  8. --rc-files string Path to local files to serve on the HTTP server
  9. --rc-htpasswd string A htpasswd file - if not provided no authentication is done
  10. --rc-job-expire-duration Duration Expire finished async jobs older than this value (default 1m0s)
  11. --rc-job-expire-interval Duration Interval to check for expired async jobs (default 10s)
  12. --rc-key string TLS PEM Private key
  13. --rc-max-header-bytes int Maximum size of request header (default 4096)
  14. --rc-min-tls-version string Minimum TLS version that is acceptable (default "tls1.0")
  15. --rc-no-auth Don't require auth for certain methods
  16. --rc-pass string Password for authentication
  17. --rc-realm string Realm for authentication
  18. --rc-salt string Password hashing salt (default "dlPL2MqE")
  19. --rc-serve Enable the serving of remote objects
  20. --rc-serve-no-modtime Don't read the modification time (can speed things up)
  21. --rc-server-read-timeout Duration Timeout for server reading data (default 1h0m0s)
  22. --rc-server-write-timeout Duration Timeout for server writing data (default 1h0m0s)
  23. --rc-template string User-specified template
  24. --rc-user string User name for authentication
  25. --rc-web-fetch-url string URL to fetch the releases for webgui (default "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest")
  26. --rc-web-gui Launch WebGUI on localhost
  27. --rc-web-gui-force-update Force update to latest version of web gui
  28. --rc-web-gui-no-open-browser Don't open the browser automatically
  29. --rc-web-gui-update Check and update to latest version of web gui

See Also

  • rclone - Show help for rclone commands, flags and backends.