Remote Borg backup guide #4391
Replies: 8 comments 9 replies
-
CC @szaimen |
Beta Was this translation helpful? Give feedback.
-
Thanks for this guide! Two questions though: in order to restore a backup with this solution, I would have to restore the borg backup from the remote server which again includes borg backups for Nextcloud AIO, right? Does a borg backup of an encrypted borg backup play nicely concerning deduplication and incremental backup? |
Beta Was this translation helpful? Give feedback.
-
Hi.
|
Beta Was this translation helpful? Give feedback.
-
Hello, I am looking for a solution to use borg backup remote solution over ssh. According to borg, by using SSH:
So my question is: does your solution require to have a local borg backup, or is it a 100% remote solution ? The only solutions mentioned in the AIO readme are solutions to copy the backup once it has been done on a local (or network) filesystem :s this would divide my main storage by 2... |
Beta Was this translation helpful? Give feedback.
-
Anyone interested in writing a similar guide for running your own borgserver in docker and then either borg client or borgmatic client or vorta client to backup to the borgserver. I haven't been able to get it working properly. I've been using this docker - https://hub.docker.com/r/nold360/borgserver Having problems specifying the port (non-standard 2222) and the ssh keys from the client. |
Beta Was this translation helpful? Give feedback.
-
Hello, I used this guide. borgmatic doesn't seem to follow my retention policy - I have at least 15 days of archives even thow I configured 7.
Here is the appropriate part in config.ymal:
|
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
Updated the guide based on feedbacks |
Beta Was this translation helpful? Give feedback.
-
One year ago, we wrote the guide on how to use Rclone to synchronize the Nextcloud backups to a remote server (as a fallback copy).
But after that, we realized that the solution had a big problem: in case of a malware attack, all the backup could be encrypted, and so the remote copies, making those useless.
We thought a bit on what to do, but at the end we decided that Borg itself (the technology behind the Nextcloud backups) could be the perfect solution.
So below there is a guide on how install, configure and use Borg (and Borgmatic) to create remote copies of the backups with the Append-Only feature, so that every day a new version is created (but deduplicated and compressed), and the previous ones are not touched: if your backups get corrupted, you can always use a previous version!
Let's get started!
As an off-site backup solution, in addition to Nextcloud's native backups, Borg backup technology (https://www.borgbackup.org/) was chosen, and as a remote hosting service, BorgBase's service (https://www.borgbase.com/).
BorgBase account creation.
Register at https://www.borgbase.com/ and select a plan from those offered. All of them provide the possibility to exceed the GB provided by paying an additional fee.
SSH key pair creation.
In order to perform any operation on BorgBase remotely, you need to create an SSH key pair.
Follow the official guide: https://docs.borgbase.com/setup/borg/cli#step-3-create-and-assign-ssh-key-for-authentication, or the steps below.
Using a user with root privileges, create the key:
When specifying the key name, it is preferable not to leave the default one, but to change it, defining a unique name, including the path.
However, this implies that every time an SSH connection is defined, it will be necessary to specify the key path (the system will automatically look for the default one: if it has been changed, it will fail, unless the new path is explicitly specified).
Show it in order to copy it (copy the whole string!):
cat ~/.ssh/<name-of-the-key>.pub
Copy it to the appropriate section of BorgBase; if multiple servers connect to the same repository (e.g., because one uploads backups, the other downloads them to do testing), you need to create a key for each:
Create repo on BorgBase
Borg and Borgmatic installation and configuration.
Online guides recommend using pip for installation, which allows for the most up-to-date versions; we used the (older) version found on Ubuntu's apt repositories, for convenience.
Follow the official guide (https://docs.borgbase.com/setup/borg/cli) or the steps below.
Install Borg
apt install borgbackup
To see the installed version:
borg --version
Install Borgmatic
apt install borgmatic
To see the installed version:
borgmatic --version
Initialize remote Borg repository
Copy repository path, from Borgbase, via appropriate icon next to name:
Initialize environment variable, with the path you just copied:
export BORG_REPO=ssh://xxxxx@xxxxx.repo.borgbase.com/./repo
Initialize environment variable, with the path of the ssh key, e.g.:
export BORG_RSH='ssh -i /root/.ssh/nextcloud_borg'
Initialize the repository:
borg init -e repokey-blake2
These command were tested using the Borg version 1.2.0
Configure Borgmatic
Create directory for Borgmatic configuration file:
mkdir -p ~/.config/borgmatic
Create configuration file:
nano ~/.config/borgmatic/config.yaml
and as content, follow the guide: https://torsion.org/borgmatic/docs/reference/configuration/
Depending on the version of Borgmatic installed, the structure of the configuration file changes.
We used this configuration (remember to specify the path to the ssh key!), tested on the Borgmatic version 1.5.20:
Important: Repository disk space is not freed until you run borg compact. On BorgBase it can be automated via GUI:
Creating hook scripts.
Borgmatic allows you to define, via hooks, Shell files to be executed automatically:
This is done by specifying in the config.yaml file the "hooks" section (see above).
Therefore:
on_before_backup.sh
on_after_backup.sh
on_error_backup.sh
check that in the config.yaml file the paths match
in the case of the on_error hook, you can pass parameters in curly brackets to the shell file; refer to the documentation https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/?ref=noted#error-hooks
Initialize Borgmatic repository
borgmatic init --encryption repokey-blake2
Manual import/export.
Import (on BorgBase)
Using Borgmatic:
borgmatic --verbosity 2
Export (on server)
Obviously, the server where you want to download the backup must also have Borg and Borgmatic installed.
Show all versions of backups in the remote archive (BorgBase):
borgmatic --list --info
Download a specific version:
borgmatic extract --archive <full archive name>
Set up crontab
To have backups run periodically automatically, you need to invoke Borgmatic via crontab.
open the cronjob in edit mode: crontab -e
set the desired schedule; for example, if you want to run it every day at 05, run:
0 5 * * * borgmatic
Make sure that the set time does not overlap with the time when backups are created on Nextcloud.
Extra: retention policy
To better understand the retention policy, we suggest visiting the example in https://borgbackup.readthedocs.io/en/stable/usage/prune.html.
We also made a scheme to visualize our current one used to copy the local AIO backup to the remote repository ("keep-within: 1m")
Beta Was this translation helpful? Give feedback.
All reactions