I’m planning on setting up a nas/home server (primarily storage with some jellyfin and nextcloud and such mixed in) and since it is primarily for data storage I’d like to follow the data preservation rules of 3-2-1 backups. 3 copies on 2 mediums with 1 offsite - well actually I’m more trying to go for a 2-1 with 2 copies and one offsite, but that’s besides the point. Now I’m wondering how to do the offsite backup properly.
My main goal would be to have an automatic system that does full system backups at a reasonable rate (I assume daily would be a bit much considering it’s gonna be a few TB worth of HDDs which aren’t exactly fast, but maybe weekly?) and then have 2-3 of those backups offsite at once as a sort of version control, if possible.
This has two components, the local upload system and the offsite storage provider. First the local system:
What is good software to encrypt the data before/while it’s uploaded?
While I’d preferably upload the data to a provider I trust, accidents happen, and since they don’t need to access the data, I’d prefer them not being able to, maliciously or not, so what is a good way to encrypt the data before it leaves my system?
What is a good way to upload the data?
After it has been encrypted, it needs to be sent. Is there any good software that can upload backups automatically on regular intervals? Maybe something that also handles the encryption part on the way?
Then there’s the offsite storage provider. Personally I’d appreciate as many suggestions as possible, as there is of course no one size fits all, so if you’ve got good experiences with any, please do send their names. I’m basically just looking for network attached drives. I send my data to them, I leave it there and trust it stays there, and in case too many drives in my system fail for RAID-Z to handle, so 2, I’d like to be able to get the data off there after I’ve replaced my drives. That’s all I really need from them.
For reference, this is gonna be my first NAS/Server/Anything of this sort. I realize it’s mostly a regular computer and am familiar enough with Linux, so I can handle that basic stuff, but for the things you wouldn’t do with a normal computer I am quite unfamiliar, so if any questions here seem dumb, I apologize. Thank you in advance for any information!
I have an external storage unit a couple kilometers away and two 8TB hard drives with luks+btrfs. One of them is always in the box and after taking backups, when I feel like it, I detach the drive and bike to the box to switch. I’m currently researching btrbk for updating the backup drive on my pc automatically, it’s pretty manual atm. For most scenarios the automatic btrfs snapshots on my main disks are going to be enough anyway.
I tend to just store all my backups off-site in multiple geographically distant locations, seems to work well
So, you’re geocaching a bunch of USB drives then?
I’ve got a box of 800 flash drives I’ve picked up while hiking in the garage, I was wondering who’s they were.
/s, I cant afford a garage)
Next to paying for cloud storage, I know people who store an external hdd at their parent’s or with friends. I don’t do the whole backup thing for all the recorded TV shows and ripped bluerays… If my house burns down, they’re gone. But that makes the amount of data a bit more manageable. And I can replace those. I currently don’t have a good strategy. My data is somewhat scattered between my laptop, the NAS, an external hdd which is in a different room but not off-site, one cheap virtual server I pay for and critical things like the password manager are synced to the phone as well. Main thing I’m worried about is one of the mobile devices getting stolen so I focus on having that backed up to the NAS or synced to Nextcloud. But I should work on a solid strategy in case something happens to the NAS.
I don’t think the software is a big issue. We got several good backup tools which can do incremental or full backups, schedules, encryption and whatever someone might need for backups.
It really depends on what your data is and how hard it would be to recreate. I keep a spare HD in a $40/year bank box & rotate it every 3 months. Most of the content is media - pictures, movies, music. Financial records would be annoying to recreate, but if there’s a big enough disaster to force me to go to the off-site backups, I think that’ll be the least of my troubles. Some data logging has a replica database on a VPS.
My upload speed is terrible, so I don’t want to put a media library in the cloud. If I did any important daily content creation, I’d probably keep that mirrored offsite with rsync, but I feel like the spirit of an offsite backup is offline and asynchronous, so things like ransomware don’t destroy your backups, too.
Sure. With data that might be skipped, I meant something like the Jellyfin server, which probably consists of pirated TV and music or movie rips. Those tend to be huge in size and easy to recreate. With personal content, pictures and videos there is no chance of getting it back. And I’d argue with a lot of documents and data it’s not even worth the hassle to decide which might be stored somewhere else, maybe in paper form… Just back them up, storage is cheap and most people don’t generate gigabytes worth of content each month. For large data that doesn’t change a lot, something like one or two rotated external disks might do it. And for smaller documents and current projects which see a lot of changes, we have things like Nextcloud, Syncthing and a $80 a year VPS or other cloud storage solutions.
Yeah me too, photos and videos I’ve recorded are the only things I’m bothered about. Backing up off-site all my arrrrr booty is redundant since I’ve shared it to a 2.1 ratio already and hopefully can download it again from people with larger storage than my family member has.
It’s how I handle backing up those photos / videos thou. I bought them a 512GB card and shoved that in a GLi AP they have down there which I sync my DCIM folder to (app was removed from Play Store since it didn’t need updating but Googles stupid policies meant it went RIP…), and I also backup that to the old Synology NAS I handed down to them. I suppose I could use Syncthing but I like that old app since the adage if it’s not broke don’t fix it applies.
Along with them having Tailscale on a Pi4 (on a UPS and is their/my backup TVHeadend server) and their little N100 media box I don’t even bother them with my meager photo collection and works good.
I also had been contenplating this for a while. The solution I implemented recently is:
The system itself is a RPI on NixOS. The system can be reproduced from the NixOS configuration. The NixOS configuration is stored on GitHub. Since I can reproduce the sdcard image (and full system) from the configuration I opted to not do any backup of the sdcard/system itself.
I’ve also opted to not use raid, as I can replace/add a RPI without too much hassle.
The real backups for me are for photos. Those are stored on a M.2 storage. A second (similar) RPI is placed at my dad’s place. The rpis run tailscale and syncthing. Syncthing syncs using staggered mode (stores 1 version for the last day/week/year) and the RPI at my dad is untrusted, so the backup files are sent/stored encrypted there.
This setup hasn’t run very long yet, so I won’t recommend it, but it seems to check quite a lot of boxes for me. Maybe it gives some ideas. I’m also interested what alternative solutions others came up with.
Most of my work is with Macs, and even one server is running macOS, so for those who don’t know how it works ‘over there’, one runs Time Machine which is a versioning system keeping hourlies for a day, dailies for a week, then just weeklies after that. It accommodates using multiple disks, so I have a networked drive that services all the mac computers, and each computer also has a USB drive it connects to. Each drive usually services a couple of computers.
Backups happen automatically without interruption or drama.
I just rotate the USB drives out of the building into a storage unit once a month or so and bring the offsite drives back in to circulation. The timemachine system nags you for missing backup drives if it’s been too long, which is great.
It’s not perfect but very reliable and I wish everyone had access to a similar system, it’s very easy, apple got this one thing right.
I don’t 🙃
If you use ZFS this becomes easy, because you can do incremental backups at the block level.
I have my home lab server and do snapshots and sends to a server at my fathers house. Then I also have an external drive that I snapshot to as well.
My friend has 1G/1G Internet. I have a rsync cron job backing up there 2 times a week.
It has a 8TB NVMe drive that I use bulk data backup and a 2TB os drive for VM stuff.
My automated workflow is to package up backup sources into tars (uncompressed), and encrypt with gpg, then ship the tar.gpg off to backblaze b2 and S3 with rclone. I don’t trust cloud providers so I use two just in case. I’ve not really been in the need for full system backups going off site, rather just the things I’d be severely hurting for if my home exploded.
But to your main questions, I like gpg because you have good options for encrypting things safely within bash/ash/sh scripting, and the encryption itself is considered strong.
And, I really like rclone because it covers the main cloud providers and wrangles everything down to an rsync-like experience which also pretty tidy for shell scripting.
I use asustor Nas, one at my house south east US, one at my sister’s house northeast us. The asus os takes care of the backup every night. It’s not cheap but if you want it done right.
Both run 4 drives in raid 5. Pictures backup to the hdd and a raid 1 set of nvme in the nas. The rest is just movies and TV shows for plex so I don’t really care about those. The pictures are the main thing. I feel like that’s as safe I can be.
There’s some really good options in this thread, just remember that whatever you pick. Unless you test your backups, they are as good as not existing.
How does one realistically test their backups, if they are doing the 3-2-1 backup plan?
I validate (or whatever the term used is) my backups, once a month, and trust that it means something 😰
Untill you test a backup it’s not complete, how you test it is up to you.
If you upload to a remote location, pull it down and unpack it. Check that you can open import files, if you can’t open it then the backup is not worth the dick space
Heh
Deploy the backup (or some part of it) to a test system. If it can boot or you can get the files back, they work.
For context, I have a single Synology NAS, so recovering and testing the entire backup set would not be practical in my case.
I have been able to test single files or entire folders and they work fine, but obviously I’d have no way of testing the entire backup set due to the above consideration. It is my understanding that the verify feature that Synology uses is to ensure that there’s no bit rot and that the file integrity is intact. My hope is that because of how many isolated backups I do keep, the chance of not being able to recover is slim to none.
Is there some good automated way of doing that? What would it look like, something that compares hashes?
I don’t trust automation for restoring from backup, so I keep the restoration process extremely simple:
- automate recreating services - have my podman files in a repository
- manually download and extract data to a standard location
- restart everything and verify that each service works properly
Do that once/year in a VM or something and you should be good. If things are simple enough, it shouldn’t take long (well under an hour).
That very much depends on your backup of choice, that’s also the point. How do you recover your backup?
Start with a manual recover a backup and unpack it, check import files open. Write down all the steps you did, how do you automate them.
External drives that I keep in my office at work. Also cloud storage.
Same here. luks encrypted drive in my work locker.
Same I just throw it in a desk at work. It’s encrypted anyway.
RClone to a cloud storage (hetzner in my case). Rclone is easy to configure and offers full encryption, even for the file names.
As the data is only uploaded once, a daily backup uploads only the added or changed files.
Just as a side note: make sure you can retrieve your data even in case your main system fails. Make sure you have all the passwords/crypto keys available.
I do the same using rclone, partly encrypted partly just dump.
I use batch scripts ln cron_daily to start this
I bring 1 of my backup disks to my inlaws. I go there regularly so it’s a matter of swapping them when I’m there.
I just use
restic.I’m pretty sure it uses checksums to verify data on the backup target, so it doesn’t need to copy all of the data there.
