Mount Google Drive into NextCloud Using Rclone - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Saturday, December 19, 2020

Mount Google Drive into NextCloud Using Rclone

This post is to record the steps how I mounted my Google Drive into NextCloud running in Docker environment.

My environment is Ubuntu 18.04 and Docker / Portainer has been installed. NextCloud Docker has been deployed by Portainer in my previous post:




Tried App - External Storage Support for Google Drive

Frist thing I tried is to use External Storage Support for Google Drive app in NextCloud Apps page. You will need to search Google Drive to find it out. It is not tested app.

There is untested app in NextCloud which I installed and tested but does not work for me. 


I have tried to get Google Drive client id and secret to put into settings, but could not save it. 

Eventually, I thought I might be able to try use rclone to mount Google drive into local and map it into NextCloud docker to add as local. 


Install rclone into Ubuntu 18.04

1  There are two methods to install rclone:

  • wget https://gwliang.com/rclone_debian.sh && bash rclone_debian.sh
  • apt install rclone

Either way works.

2  rclone config

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> gd
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / 1Fichier
\ "fichier"
2 / Alias for an existing remote
\ "alias"
3 / Amazon Drive
\ "amazon cloud drive"
4 / Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, etc)
\ "s3"
5 / Backblaze B2
\ "b2"
6 / Box
\ "box"
7 / Cache a remote
\ "cache"
8 / Dropbox
\ "dropbox"
9 / Encrypt/Decrypt a remote
\ "crypt"
10 / FTP Connection
\ "ftp"
11 / Google Cloud Storage (this is not Google Drive)
\ "google cloud storage"
12 / Google Drive
\ "drive"
13 / Google Photos
\ "google photos"
14 / Hubic
\ "hubic"
15 / JottaCloud
\ "jottacloud"
16 / Koofr
\ "koofr"
17 / Local Disk
\ "local"
18 / Mega
\ "mega"
19 / Microsoft Azure Blob Storage
\ "azureblob"
20 / Microsoft OneDrive
\ "onedrive"
21 / OpenDrive
\ "opendrive"
22 / Openstack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
\ "swift"
23 / Pcloud
\ "pcloud"
24 / Put.io
\ "putio"
25 / QingCloud Object Storage
\ "qingstor"
26 / SSH/SFTP Connection
\ "sftp"
27 / Union merges the contents of several remotes
\ "union"
28 / Webdav
\ "webdav"
29 / Yandex Disk
\ "yandex"
30 / http Connection
\ "http"
31 / premiumize.me
\ "premiumizeme"
Storage> 12 # it might change to other numbers. Please make sure it is Google Drive.
Google Application Client Id - leave blank normally.
client_id> #blank
Google Application Client Secret - leave blank normally.
client_secret> #blank
Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login.
service_account_file> #blank
Choose a number from below, or type in your own value
1 / Full access all files, excluding Application Data Folder.
\ "drive"
2 / Read-only access to file metadata and file contents.
\ "drive.readonly"
/ Access to files created by rclone only.
3 | These are visible in the drive website.
| File authorization is revoked when the user deauthorizes the app.
\ "drive.file"
/ Allows read and write access to the Application Data folder.
4 | This is not visible in the drive website.
\ "drive.appfolder"
/ Allows read-only access to file metadata but
5 | does not allow any access to read or download file content.
\ "drive.metadata.readonly"
scope> 1
ID of the root folder
Leave blank normally.
Fill in to access "Computers" folders. (see docs).
Enter a string value. Press Enter for the default ("").
root_folder_id>
Service Account Credentials JSON file path
Leave blank normally.
Needed only if you want use SA instead of interactive login.
Enter a string value. Press Enter for the default ("").
service_account_file>
Edit advanced config? (y/n)
y) Yes
n) No
y/n> n #enter n
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> n #entter n
If your browser doesn''t open automatically go to the following link: https://accounts.google.com/o/
#use browser to open that link and get authentication code
Log in and authorize rclone for access
Enter verification code>hjdd #paste the authentication code
Configure this as a team drive?
y) Yes
n) No
y/n> n #enter n
--------------------
[gd]
type = drive
client_id = 85142871
client_secret = D82gPc
scope = drive
token = {"access_token":"y102Z"}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y #enter y
Current remotes:

Name Type
==== ====
gd drive

e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q #enter q save and quit

It might be a little different from above steps to configure rclone. But you should be able to use your browser to get authentication code as below and paste into configuration:


3  Mount rclone configured Google Drive gd to local folder 

mkdir /home/gdrive

rclone mount gd: /home/gdrive --copy-links --no-gzip-encoding --no-check-certificate --allow-other --allow-non-empty --umask 000


It might show following error message while you do rclone mount. It is because the folder was used before and was not unmount it properly. 
  • mount helper error: fusermount: failed to access mountpoint /home/gd: Transport endpoint is not connected
This is the command can fix this error:
  • fusermount -u /path/which/you/want/to/mount
  • fusemound -qzu /home/gdrive




4  Verify


root@ip-172-31-23-61:~# df -h
df: /home/gdrive: Transport endpoint is not connected
Filesystem      Size  Used Avail Use% Mounted on
udev            463M     0  463M   0% /dev
tmpfs            96M  1.1M   95M   2% /run
/dev/nvme0n1p1   20G  9.4G   10G  49% /
tmpfs           477M     0  477M   0% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           477M     0  477M   0% /sys/fs/cgroup
/dev/loop0       29M   29M     0 100% /snap/amazon-ssm-agent/2333
/dev/loop2       56M   56M     0 100% /snap/core18/1932
/dev/loop1       98M   98M     0 100% /snap/core/10577
/dev/loop3       98M   98M     0 100% /snap/core/10444
/dev/loop4       56M   56M     0 100% /snap/core18/1944
/dev/loop5       33M   33M     0 100% /snap/amazon-ssm-agent/2996
overlay          20G  9.4G   10G  49% /var/lib/docker/overlay2/32dfdf96190490a5908f84d12cdfd60d35f2b8be171c91a487670ce4cb34d2c0/merged
overlay          20G  9.4G   10G  49% /var/lib/docker/overlay2/4aa862e6130c577d029ea5605d7b4b23cd02490a4a0115c15b80aca04e5642d8/merged
overlay          20G  9.4G   10G  49% /var/lib/docker/overlay2/ff4fbaeb15ec362463e5d5e6b1d9be6fe68133a381221af96c5c0f17a66355bb/merged
overlay          20G  9.4G   10G  49% /var/lib/docker/overlay2/4fd85ac15711898db3ecf7886c6f69b5bbf1e2fbccda9826f8ed874ad88ad6e2/merged
tmpfs            96M     0   96M   0% /run/user/1000
overlay          20G  9.4G   10G  49% /var/lib/docker/overlay2/b9e5ef0ed3c26fa23927412e3a0f1c2cecb2a5c65e50aad3ff627c697d28c0d2/merged
gd:             1.0P     0  1.0P   0% /home/gd
5  Configure Rclone Service
Rclone Mount command will be stopped once you closed your session or press ctrl+c. We will have to configure it as a service

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

command="mount gd: /home/gdrive --copy-links --no-gzip-encoding --no-check-certificate --allow-other --allow-non-empty --umask 000"

cat > /etc/systemd/system/rclone.service <<EOF
[Unit]
Description=Rclone
After=network-online.target

[Service]
Type=simple
ExecStart=$(command -v rclone) ${command}
Restart=on-abort
User=root

[Install]
WantedBy=default.target
EOF

Start Service:

1
systemctl start rclone

Enable Service once system started:

1
systemctl enable rclone

Map /home/gdrive into Docker local folder

Duplicate / Edit NextCloud docker settings. Map additional volume as show below.



You might need to change folder permission to www-data
  • chown -R www-data:www-data /home/gdrive
  • chmod 755 /home/gdrive


Install Smbclient into Docker


root@2cc6c10ad138:/var/www/html# apt update

root@2cc6c10ad138:/var/www/html# apt install smbclient
We will have local option to add storage:


Mount local drive 



If there is a exclamation mark showing up during save the configuration, you might need to restart your NextCloud container to fix it. 

Verify from files external storage folders:



References






 







3 comments:

  1. Hello! I can't write anythig on this folder... how to fix it ?

    ReplyDelete
  2. Make sure you mount the remote with the correct uid and gid for your web server user. In my case, www-data is UID and GID 33, so I mount with a --uid 33 --gid 33. There's no need to chown -R (and in fact you shouldn't with an rclone mount). Or specify a --umask with the correct permissions.

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete