How would or do you backup your home server? I don’t have enough physical storage (for now) at home to store some backups, so I want to upload it to the cloud. Of course I want the backup to be encrypted, but I don’t want to enter the password every time by server does a backup. I am currently using borg on my PC and do it manually. How do I create a encrypted backup without entering the key manually? Do I hardcode it somewhere? Don’t really like that. I am also fine with trying other backup software.
You must log in or register to comment.
I run proxmox, and proxmox backup server in a vm. PBS backup is encrypted locally, and I upload the backup to backblaze b2 using rclone in a cron job. I store the decryption key elsewhere
It has worked ok for me. I also upload a heartbeat file, it is just a empty file with todays date (
touch heartbeat), so that I can easily check when the last upload happenedI use Borgbackup, with borgmatic to configure and periodically run it. I have two storage VPSes “in the cloud”, and back up to both of them. My main storage VPS is a HostHatch one with 10TB space for $10/month. I got it during Black Friday sales in 2021.
If you do back up to multiple destinations, Borgbackup’s devs recommend configuring two separate backups, rather than doing a backup to one server then syncing it to the second one. This is to handle the case where one of the backups becomes corrupted.
Hetzner have decent deals on their “storage boxes”. You don’t get root access, but they support Borgbackup, restic and rclone in addition to the regular protocols (SFTP, FTPS, WebDAV, SMB).
Make sure you configure the SSH key to only allow it to run borgbackup in “append only” mode, so that malware/ransomware on the client system can’t delete the backups. This is a common issue with other backup solutions like rsync - the client has full access to the server, so a malicious user/code could delete the whole backup.
Duplicati, has many cloud providers as destination. Encryption. Basic backup tools functionalities. I use Onedrive family plan which has a total of 6 TB for my backups. Other solid option is rclone , it does the same even more, but is more focused on sync than backup. Also many cloud providers supported. Both are Foss
I had constant problems with duplicati and switched to kopia with backblaze and it has been problem free, so I would tread very carefully with it. The database would work for a while and then get into a state that required a reset and would not have permitted a successful backup to be restored.
I had constant problems with duplicati
Yes i know, i had them too, and serious ones. It needs to always have an eye on it. I choose it because the large amount of cloud storage supported natively, and not have to configure and deal with rclone or even + restic to do a backup in home products like Onedrive. For me that’s more noise and issues.
How many tb? It may be cheaper even within a year to just purchase another hard drive
An extra hard drive doesn’t save you from something like your house burning down. Off-site backups are important!
Send it to your parents and work is what I do :)
In terms of pricing, I find Hetzner is best for under 1TB, Backblaze for over 1TB. Both have great documentation for setting up any number of backup methods (SFTP, SSH, Rsync, Rclone, Borg, etc).
Rsync, Rclone, and Borg are all good options and some may be built into your choice of OS if you use a dedicated NAS system. Choose whatever is easiest for you.
The backups are gonna be encrypted in transit regardless of method, and Im pretty sure most backup providers encrypt data on their servers so you dont have to manage that I dont think.
When you commit to backups, IMO you should do them daily - Most backup clients have options for “sync” options which will ignore unchanged files and only upload changes, so a daily backup is not only more up-to-date but also more efficient once the first backup completes.
most backup providers encrypt data on their servers so you dont have to manage that I dont think.
That’s something you should manage yourself, so the provider isn’t the one with the keys, by encrypting the backup locally before sending it. Most solutions you mention let you do that.
Good point!
