As the title says, i recently printed a nice case for my RPi3 and HDD that intend to run as an offsite backup machine.
Looking for recommendations on what backup service to run. I want to backup my Nextcloud and a “changes only” backup/cloning solution would be optimal but i have yet to find one.
Check out borgbackup, it stores changes only, snapshots are created for every new backup, encrypts automatically and is pretty straightforward to use.
And if you’re looking for a way to simplify the setup process: borgmatic
Borgbackup is great. It uses block-level dedupe so you can store months of daily backups without using a lot of space, and don’t have to do full backups every so often like with Duplicity.
It has an “append-only” mode that prevents the client system from being able to delete the backups. This means that even if the client gets hacked, the attacker can’t delete the offsite backups. This is a common problem with other backup solutions - the client system has full write access to the backup, so an attacker (or ransomware) can wipe all your remote backups before locking/destroying the local files.
Syncthing! Although I don’t use it to create incremental backups, It just syncs folders between computers (and my phone).
+1 for syncthing
I’ve tried Nextcloud, OpenMediaVault, rsync over SSH and just keep coming back to syncthing.
I recommend Restic. It’s fast, it supports snapshots and compression, written in Go so it’s much quicker than most other solutions I’ve tested. It also supports multiple different backends for transporting and storing the files so you can use one you’ve already got or use the restic-server (which is pretty easy to setup).
Can it run crysis?
I’m interested to know why more people aren’t recommending kopia, it seemed like the obvious choice when I evaluated them but perhaps I was just wrong?
For me it’s Borg backup for Nextcloud an all the other servers
It’s basic, but rsync is a reliable changes-only solution. You can do push or pull on a cronjob.
Rsync has a bunch of downsides though. It only gives you one backup, any corrupted files will be mirrored in their corrupted state with no way to go back to an old version, and if the client system is hacked, the attacker can delete the remote backups. Not ideal.
Something like Borgbackup is much better. It dedupes blocks so storing months of daily backups isn’t an issue, and it has an “append-only” mode that prevents the client from deleting backups. Even if the client system is hacked, the attacker can’t delete the backups.
Duplicity uses rsync internally for efficient transport. I have used that. I’m presently using rdiff-backup, driven by backupninja out of a cron job, to backup to a local hard drive and which does incremental backups (which would address @Nr97JcmjjiXZud’s concern). That also uses rsync. There’s also rsbackup, which also uses rsync and I have not used.
Two caveats I’d note that may or may not be a concern for one’s specific use case (which apply to rdiff-backup, and I believe both also apply to the other two rsync-based solutions above, though it’s been a while since I’ve looked at them, so don’t quote me on that):
-
One property that a backup system can have is to make backups immutable – so that only the backup system has the ability to purge old backups. That could be useful if, for example, the system with the data one is preserving is broken into – you may not want someone compromising the backed up system to be able to wipe the old backups. Rdiff-backup expects to be able to connect to the backup system and write to it. Unless there’s some additional layer of backups that the backup server is doing, that may be a concern for you.
-
Rdiff-backup doesn’t do dedup of data. That is, if you have a 1GB file named “A” and one byte in that file changes, it will only send over a small delta and will efficiently store that delta. But if you have another 1GB file named “B” that is identical to “A” in content, rdiff-backup won’t detect that and only use 1GB of storage – it will require 2GB and store the identical files separately. That’s not a huge concern for me, since I’m backing up a one-user system and I don’t have a lot of duplicate data stored, but for someone else’s use case, that may be important. Possibly more-importantly to OP, since this is offsite and bandwidth may be a constraining factor, the 1GB file will be retransferred. I think that this also applies to renames, though I could be wrong there (i.e. you’d get that for free with dedup; I don’t think that it looks at inode numbers or something to specially try to detect renames).
-
Would rsync corrupt the backup if the main file gets corrupted (seeing as this would be a change) ?
Unless you have some form of versioning, yes.
Does this setup have some sort of versioning or snapshots?
Try rsnapshot, it’s rsync with hard links. Though, is better to use snapshots on filesystem (be it zfs, btrfs, or another one with such a feature… Might be CoW is required, never thought much about it …)
Can you share the link for that case?
I remixed it from another case, ill see if i can upload it somewhere tomorrow.
Rsync paired with ZFS is sufficient for a backup server imo. Configure ZFS to create daily snapshot and now you have versioned backup system. It’s basically what rsync.net sells to their customers.
Thanks! Sounds very solid!
Duplicati docker container works pretty well
Same here, but some guys had corrupted data and unable to restore. Thats why Im using both duplicaty and kopia
not sure how long ago that was but duplicati can now validate backups via checksum every time after writing somewhere
not related to backup solution, but this is a great time to get some home monitoring sorted! put prometheus on it, run prometheus at home too, and have them monitor each other… great way to know why/when things aren’t working in general, but adds another level of confidence that your data are nice and safe