Server-Backup¶
This is how to setup a backup client on a server. For a how-to to backup your personal desktop computer or notebook see desktop backup.
Backups will be stored in a repository provided by a Borg Storage Server. See Borg Backup Server on how to setup your own.
Borg¶
BorgBackup (short: Borg) is a deduplicating backup program. Optionally, it supports compression and authenticated encryption.
The main goal of Borg is to provide an efficient and secure way to backup data. The data deduplication technique used makes Borg suitable for daily backups since only changes are stored. The authenticated encryption technique makes it suitable for backups to not fully trusted targets.
Borgmatic¶
borgmatic is a simple, configuration-driven frontend to automate borg backup on servers and workstations. Protect your files with client-side encryption. Backup your databases too. Monitor it all with integrated third-party services.
Considerations¶
Files and Directories¶
The following :
/etc- System configuration
/home- Users home directories
/root- Systemd administrators home directory
/usr/local- Locally installed software and scripts
/var- Data
All MariaDB (MySQL) Databases.
A list of installed packages and software.
Excluded Files and Directories¶
The following files and directories are excluded from backups:
**/.aMule
**/.beagle
**/.cache
**/Trash
**/.thumbnails
**/.Trash
**/downloads
**/Downloads
**/gtk-gnutella-downloads
**/cache
/var/lib/bitcoind
/var/lib/deluge/downloads
/var/lib/lxcfs
/var/lib/mysql
/var/lib/sks
/var/lib/sks*
/var/lib/transmission-daemon
/var/www/mirrors
/var/lib/clamav
MariaDB Database Backups¶
For database servers like MariaDB, its not possible to just copy the files out of the data directory of the database sever.
MariaDB physical backups are created in the /var/backups/mariadb/
directory, as described in Database Backup.
Make sure that the /var/backups/mariadb/ directory is
included and the /var/lib/mysql/ directory is excluded in our
Borgmatic configuration.
Installed Packages¶
Information about installed software packages:
aptsoftware package sources.Trusted software publishers public keys.
List of installed packages.
List of
pipinstalled Python packages.
Scheduling¶
Backups are made every six hours (four times a day).
Scheduling is done by systemd-timers, which has more flexiblity then classic cron-jobs.
Retention¶
For how long is are backup archives stored?
All backups of the last 24 hours
Last backup of the day for 7 days
Last backup of the week for 4 weeks
Last backup of the month for 6 months
Last backup of the year for 2 years
Encryption¶
Backup data is client-side encrypted and uses two-factor authentication.
This ensures that …
Backup data can be moved and stored anywhere (i.e on untrusted cloud storage);
In order to access the backup data, a user must know the password AND needs to have the key-file in his possession;
On modern 64-bit CPUs BLAKE2b-256 is recommended over SHA-256.
Prerequisites¶
Its assumed a working Borg Backup Server has been prepared to receive the backup data.
The server is setup to send out mails on its own.
Installation¶
Ubuntu 20.04 (focal) or later¶
As of the time of this writing (May 2020), Ubuntu 20.04 LTS has both packages in fairly up-to-date versions:
Borgbackup version 1.1.11 (latest)
Borgmatic version 1.5.1 (latest is 1.5.4)
To install using Ubuntu package manager:
$ sudo apt install borgbackup borgmatic
Ubuntu 19.10 (eoan) or earlier¶
Older versions of Ubuntu either don’t have these packages in their repository, or they are hopelessly outdated.
Borgbackup (xenial 1.0.2, 1.0.12), (bionic 1.1.5), (eoan 1.1.10)
Borgmatic (since Ubuntu 19.10, version 1.2.11)
You can use this also on newer systems if you want to make sure to have the latest and greatest version. But remember that with this method, updates will not be installed automatically.
Use Python PIP:
$ sudo pip3 install --upgrade borgbackup borgmatic
This installs as a systemwide usable software in to /usr/local/bin/,
usable by the system (root, systemd, cron etc.) and users alike.
To install updates just repeat the installation command above.