A Borg implementation to backup a YunoHost server. This is the Borg Backup App to be installed on a server to backup. It works together with a Borg Server App installed on a host server.
You want to backup a critical "guest" Server A onto a remote "host" Server B, you need:
- Domain name of server B:
host.serverb
- Name of the server B SSH user (to be created by
borgserver
) for connection from Server A:borgservera
- Strong passphrase to encrypt your backups on host Server B. And to restore your backups!!
- IDs of YunoHost apps you want to backup
- Regular time schedule for your backups, see below
- Install Borg Backup App (
borg
) on guest Server A - Install Borg Server App (
borgserver
) on host Server B - Save the passphrase in another place than your server. Without the passphrase, you won't be able to restore data.
You should received an email after the first backup succeeded.
Firstly, set up the Borg Backup App (borg
) on the guest Server A you want to backup:
$ yunohost app install borg
Indicate the domain name of server B where to upload backups: host.serverb
Indicate the ssh user to use to connect on this server: servera
Indicate a strong passphrase, that you will keep preciously if you want to be able to use your backups: N0tAW3akp4ssw0rdYoloMacN!guets
Would you like to backup your YunoHost configuration ? [0 | 1] (default: 1):
Would you like to backup mails and user home directory ? [0 | 1] (default: 1):
Which apps would you backup (list separated by comma or 'all') ? (default: all):
Indicate the backup frequency (see systemd OnCalendar format) (default: Daily):
You can schedule regular backups at specific time. Only one regular time schedule is possible for one borg
instance, see below for workaround. Some examples:
- Monthly :
- Weekly :
- Daily : Daily at midnight
- Hourly : Hourly o Clock
- Sat --1..7 18:00:00 : The first saturday of every month at 18:00
- 4:00 : Every day at 4 AM
- 5,17:00 : Every day at 5 AM and at 5 PM See here for more info : https://wiki.archlinux.org/index.php/Systemd/Timers#Realtime_timer
At the end of the installation, the Borg Backup App (borg
) displays the SSH public key and the SSH user to give to the person who has access to the host Server B and will set up Borg Server App.
You should now install the "Borg Server" app on host.serverb and fill questions like this:
User: servera
Public key: ssh-ed25519 AAAA[...] root@guest.servera
This information is also sent by email to the admin of guest Server A. If you don't find the email and you don't see the message in the log bar you can find the SSH public key with this command:
$ cat /root/.ssh/id_borg_ed25519.pub
ssh-ed25519 AAAA[...] root@guest.servera
Secondly, set up the Borg Server App (borgserver
) on the host Server B that will store your backups:
$ yunohost app install borgserver
Indicate the ssh user to create: servera
Indicate the public key given by Borg Backup app (borg) setup: ssh-ed25519 AAAA[...] root@guest.servera
Indicate the storage quota: 5G
At this step your backup should run at the scheduled time. Note that the first backup can take very long, as much data has to be copied through ssh. Following backups are incremental: only newly generated data since last backup will be copied.
If you want to test correct Borg Apps setup before scheduled time, you can start a backup manually on guest Server A:
$ systemctl start borg
Next you can check presence of your backup repository on host Server B:
$ BORG_RSH="ssh -i /root/.ssh/id_borg_ed25519 -oStrictHostKeyChecking=yes " borg list servera@host.serverb:~/backup
You will need the passphrase to run borg
commands on the backup repository created on the host Server B.
If you want to be sure to be able to restore your server, you should try to restore regularly the archives. But this process is quite time consumming.
You should at least:
- Keep your apps up to date (if apps are too old, they could be difficult to restore on a more recent recent version)
- Check regularly the presence of
info.json
anddb.sql
ordump.sql
in your apps archives
borg list ./::ARCHIVE_NAME | grep info.json
borg list ./::ARCHIVE_NAME | grep db.sql
borg list ./::ARCHIVE_NAME | grep dump.sql
- Be sure to have your passphrase available even if your server is completely broken
For infos on restoring process, check this yunohost forum thread and that one, also using Borg with sshkeys, the borg extract
documentation, and this general tutorial on Borg Backup.
In the following explanations:
- the server to backup/restore will be called:
yuno
- the remote server that receives and store the back will be called:
rem
rem
is accessible at the domainrem.tld
- the remote user on
rem
which owns the Borg backups will be calledyurem
- backup files will be stored in
rem
in the directory:/home/yurem/backup
The idea here, if you need to restore a whole yunohost system is:
- Install a new Debian VM
- Install YunoHost in it the usual way
- Go through YunoHost postinstall (parameters you will supply are not crucial, as they will be replaced by the restore)
- Install Borg
- Setup
rem
to accept ssh connections fromyuno
- Use Borg to import backups from
rem
toyuno
- Restore Borg backups with the
yunohost backup restore
command, first config, then data, then each app one at a time - Remove the Borg app and restore it
At this stage, we will assume that yuno
is a freshly installed YunoHost (based on Buster in my case). You should also have performed the YunoHost postinstall.
If you don't want to restore the whole system, just some apps, you can skip some of the steps below.
The idea here is just to install Borg, not in order to create backups, but only to use Borg commands to import remote backups.
So for example, you can install it doing the following:
sudo yunohost app install borg -a "server=rem.tld&ssh_user=yurem&conf=0&data=0&apps=hextris&on_calendar=2:30"
In yuno
you will need to get the ssh key that borg just created while installing: sudo cat /root/.ssh/id_borg_ed25519.pub
, copy it to clipboard.
Connect via ssh to rem
, go to /home/yurem/.ssh/authorized_keys
, and past the Borg public key you got at previous step.
Now to make sure this worked, you can try to SSH from yuno
to rem
.
In yuno
: ssh -i /root/.ssh/id_borg_ed25519 yurem@rem.tld
. If you can get into rem
, without it prompting for a password, then you're good to continue :)
yuno
(you can become root running sudo su
).
In yuno
now, you should be able to list backups in rem
with the following command:
SRV=yurem@rem.tld:/home/yurem/backup
BORG_RSH="ssh -i /root/.ssh/id_borg_ed25519 -oStrictHostKeyChecking=yes " borg list $SRV
You can then reimport one to yuno
with:
BORG_RSH="ssh -i /root/.ssh/id_borg_ed25519 -oStrictHostKeyChecking=yes " borg export-tar $SRV::auto_BACKUP_NAME /home/yunohost.backup/archives/auto_BACKUP_NAME.tar.gz
And then restore the archive in yuno
with:
yunohost backup restore auto_BACKUP_NAME --system # for config and data backups
yunohost backup restore auto_BACKUP_NAME --apps # for other backups (=apps)
For Nextcloud, the best is probably to reimport the backup without the data. And to import the data manually.
For that, you can do the following (as root):
SRV=yurem@rem.tld:/home/yurem/backup
# export the app without data
BORG_RSH="ssh -i /root/.ssh/id_borg_ed25519 -oStrictHostKeyChecking=yes " borg export-tar -e apps/nextcloud/backup/home/yunohost.app $SRV::auto_nextcloud_XX_XX_XX_XX:XX /home/yunohost.backup/archives/auto_nextcloud_XX_XX_XX_XX:XX.tar.gz
# extract the data from the backup to the nextcloud folder
cd /home/yunohost.app/nextcloud
BORG_RSH="ssh -i /root/.ssh/id_borg_ed25519 -oStrictHostKeyChecking=yes " borg extract $SRV::auto_nextcloud_XX_XX_XX_XX:XX apps/nextcloud/backup/home/yunohost.app/nextcloud/
mv apps/nextcloud/backup/home/yunohost.app/nextcloud/data data
rm -r apps
# now you can simply restore nextcloud app
yunohost backup restore auto_nextcloud_XX_XX_XX_XX:XX --apps
Once you've restored the whole system, you will probably want to restore the Borg app as well.
For that, remove the "dummy" Borg you installed to do the restoration, and restore Borg the same ways as for other apps:
sudo yunohost app remove borg
sudo yunohost backup restore auto_borg_XX_XX_XX_XX:XX --apps
yunohost app setting borg apps -v "nextcloud,wordpress"
Get the storage space used by the backup repository on the host server
borg info /home/servera/backup
If you want to backup your guest server:
- with different YunoHost apps
- at different regular time schedule
- on different host servers
Then you can set up multiple instances of the Borg Apps on same servers. For instance:
- Borg Backup instance
borg
: backup nextcloud daily on host Server B - Borg Backup instance
borg__2
: backup all other YunoHost apps weekly on host Server C