Google Drive Backup Sync
This page covers the rclone-based layer that uploads local UNIT3D snapshots to Google Drive with transparent encryption. It complements the built-in Laravel backup tool described in Backups, which creates the local snapshots that this sync layer uploads to the cloud.
1. Purpose and architecture
Local snapshots produced by php artisan backup:run accumulate in backups/. The rclone sync layer picks up that directory and mirrors it to a Google Drive crypt remote (gdrive_crypt:), encrypting file names and contents transparently so raw Google Drive access never exposes backup data.
The sync runs as an ephemeral Docker container defined in rclone_gdrive/docker-compose.yml. The container starts, performs the sync, and is destroyed (--rm). No long-running rclone process is kept alive.
backups/ (local snapshots, read-only mount)
└──► rclone_sync container (ephemeral)
└──► gdrive_crypt: remote (Google Drive, encrypted)
2. Prerequisites
- Docker and Docker Compose available on the host (the sync runs inside a container — no host-level rclone installation required).
- A Google Drive OAuth app configured in rclone (
rclone config), producing a remote namedgdrive_cryptof typecryptbacked by a plaingdriveremote. - A completed
rclone_gdrive/config/rclone.conffile containing thegdriveandgdrive_cryptremote definitions.
Important
rclone_gdrive/config/rclone.confis git-ignored. You must generate it manually on each host usingrclone configand place it at that path before running any sync or restore command.
3. Configuration reference
File: rclone_gdrive/docker-compose.yml
| Option | Value | Effect |
|---|---|---|
| Image | rclone/rclone:latest | Official rclone image |
| Source mount | /home/rawserver/UNIT3D_Docker/backups → /data (read-only) | Local snapshots, never modified |
| Config mount | ./config → /config/rclone | Provides rclone.conf to the container |
| Log mount | ./logs → /logs | Persists sync logs on the host |
--drive-chunk-size | 1024M | Large chunks avoid Google Drive upload timeouts on big archives |
--transfers | 4 | Parallel file transfers |
--checkers | 8 | Parallel file-existence checks |
--delete-after | (flag) | Deletes destination files only after all transfers complete successfully |
-v | (flag) | Verbose logging written to --log-file |
| Log file | /logs/sync_execution.log | Mapped to rclone_gdrive/logs/sync_execution.log on the host |
The sync subcommand is used, meaning the destination mirrors the source exactly (files removed locally will eventually be removed from the cloud after --delete-after processing).
4. Running a sync
Use the wrapper script to run a sync:
cd /home/rawserver/UNIT3D_Docker/rclone_gdrive
bash scripts/run_sync.sh
The script:
- Changes into the project directory (
rclone_gdrive/). - Appends a timestamped start entry to
logs/cron_wrapper.log. - Runs
docker compose run --rm rclone_sync(ephemeral — container is destroyed on exit). - Appends a success or error entry to
logs/cron_wrapper.logbased on the exit code. - Exits with the same exit code as the rclone process.
Important
The script must be run from a user that has permission to call
docker compose. Ensure the user is in thedockergroup or usesudo.
5. Cron setup
Add an entry to the crontab of the user that has Docker access. For example, to sync daily at 07:00:
crontab -e
0 7 * * * /home/rawserver/UNIT3D_Docker/rclone_gdrive/scripts/run_sync.sh
The wrapper script writes its own timestamped log to rclone_gdrive/logs/cron_wrapper.log, so cron output redirection is optional. Detailed per-file rclone output goes to rclone_gdrive/logs/sync_execution.log.
6. Restore procedure
Use the restore script to download and decrypt a specific backup from Google Drive:
cd /home/rawserver/UNIT3D_Docker/rclone_gdrive
bash scripts/restore_snapshot.sh
The script runs interactively:
- Lists all top-level directories in
gdrive_crypt:/so you can see what snapshots are available. - Prompts for the exact folder name to restore (example:
snapshot_2026-03-19_0600). - Creates the local destination directory at
/home/rawserver/UNIT3D_Docker/restauracion_emergencia/<TARGET>. - Downloads and decrypts the snapshot using
rclone copy gdrive_crypt:/<TARGET>with--drive-chunk-size 1024M. - Reports completion and lists the restored files with sizes.
Important
The restore destination is
/home/rawserver/UNIT3D_Docker/restauracion_emergencia/. Files are decrypted transparently by rclone using thegdrive_cryptremote definition inrclone.conf. After restore, follow the procedures in Backups — Restoring a backup to apply the snapshot to the running application.
7. Logs
| File | Contents |
|---|---|
rclone_gdrive/logs/cron_wrapper.log | Timestamped start/success/error lines written by run_sync.sh |
rclone_gdrive/logs/sync_execution.log | Verbose per-file rclone output written by the container (-v --log-file) |
To follow a running sync in real time:
tail -f /home/rawserver/UNIT3D_Docker/rclone_gdrive/logs/sync_execution.log
To review the cron history:
cat /home/rawserver/UNIT3D_Docker/rclone_gdrive/logs/cron_wrapper.log