How to backup your YunoHost server on another server

polochon · December 28, 2019, 9:19pm

Finally I came to avoid all the traps and found an (almost) clean and up to date solution to backup Camille’s server on Sam’s server (which is NOT a yunohost machine)

My home setup is:

a Yunohost server (Camille)
a borg backup server (Sam), which is in charge to backup everything on all my devices into encrypted borg repositories. This server is a raspberry pi and is NOT a yunohost machine.
then, after the borg operations all the backups are sent to my personal OVH cloud with https://rclone.org/

On Camille’s server:

follow the instructions on https://github.com/YunoHost-Apps/borg_ynh/blob/master/README.md

Indicate the server where you want put your backups: sam.local
Indicate the ssh user to use to connect on this server: camille
Indicate a strong passphrase, that you will keep preciously if you want to be able to use your backups: N0tAW3akp4ssw0rdYoloMacN!guets
Would you like to backup your YunoHost configuration ? [0 | 1] (default: 1):
Would you like to backup mails and user home directory ? [0 | 1] (default: 1):
Which apps would you backup (list separated by comma or 'all') ? (default: all):
Indicate the backup frequency (see systemd OnCalendar format) (default: Daily):

Print the Alice’s public key with sudo cat /root/.ssh/id_borg_ed25519.pub

Then, on Sam’s server:

adduser camille --quiet --gecos ",,," --shell /bin/bash --disabled-password. Of course, replace camille by the user set previously
Allow Camille to connect on Sam’s server

sudo mkdir /home/camille/.ssh
sudo touch /home/camille/.ssh/authorized_keys
sudo echo "command=\"borg serve --storage-quota <the_quota_you_want> --restrict-to-repository <the_path_you_want>",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc <camille's publickey>" >> /home/camille/.ssh/authorized_keys

And that’s all!
On camille server, you can test the system with the command sudo yunohost backup create -n test --methods borg_app --debug

Now, some tips which could help:

if during the backup a password is requested to connect on Sam’s server, it means there is an issue with the command command in the authorized_keys file. In this case, you can edit the file with sudo nano /home/camille/.ssh/authorized_keys, delete the line and simply put the Camille’s key.
I don’t know why it doesn’t work for me. Even the simplest command available everywhere on internet as an example like command=date [...] fails… If you have an idea please tell me!
By removing the command, you allow Camille to execute any command on Sam’s server, and not only a borg command. It’s safe if both machines are yours, otherwise you have to highly trust your mates
In my case the Camille’s home repository is located on the SD card of my raspberrypi. Because you can’t change the location of the setup when you install borg_ynh, you can do a mount bind in your /etc/fstab or add a symlink on an external usb drive (example: sudo ln -s /media/usbdisk/data/YunohostBackup /home/camille/backup.
In this case you have to be careful about the owner of the backup folder, it must be camille (and not root or someone else) or you will have a backtrace like

47820 ERROR Échec de l’exécution du script : /etc/yunohost/hooks.d/backup_method/05-borg_app
Traceback (most recent call last):
  File "/usr/lib/moulinette/yunohost/hook.py", line 283, in hook_callback
    no_trace=no_trace, raise_on_error=True)[1]
  File "/usr/lib/moulinette/yunohost/hook.py", line 397, in hook_exec
    raise YunohostError('hook_exec_failed', path=path)
YunohostError: Échec de l’exécution du script : /etc/yunohost/hooks.d/backup_method/05-borg_app

Polochon

Jaxom99 · June 16, 2020, 5:02pm

Hi all,

It seems that the .nobackup file trick (to avoid a directory from being backed up by ynh) does not work anymore (on my 3.8 raspian). Any clue from the team ?

I can provide logs as needed.

ImaCrea · November 16, 2020, 8:45pm

Hello all,
thank you for this tutorial and apps which look amazing.

I’m considering following that path but before I’d love to understand how does it compare to scheduling a regular copy of latest local backup to a remote storage (s3) please

rodinux · December 16, 2021, 4:05pm

Bonjour, si j’ai bien compris, je peux sauvegarder avec ce tuttoriel les backups d’un serveur Yunohost hébergé sur un serveur dédié sur un serveur Yunohost hébergé chez moi, les deux serveurs ayant chacun des configurations différentes, c’est bien ça ?

ljf · December 17, 2021, 11:44am

oui, mais il est fortement recommandé d’utiliser les apps borg et borgserver.

tomdereub · September 5, 2022, 9:55pm

Salut,
J’essaie de configurer borg pour backuper un serveur A vers un disque dur externe branché sur le serveur B. Et je bloque sur le choix du repository :

Si je laisse ssh://user@domain.tld:port/~/backup/ -» ça marche, mais ça fait le backup sur le DD interne
J’ai essayé ssh://user@domain.tld:port/mnt/DDexterne/backup -» marche pas, même avec un chown -R user:user /mnt/DDexterne.
J’ai essayé de monter le disque externe directement sur /home/user/backup, mais dans ce cas je voudrais backuper dans un sous-dossier : ssh://user@domain.tld:port/~/backup/borg. C’est pour éviter que le backup ne remplisse mon disque au cas où le disque externe ne serait pas monté. -» ça ne marche pas.
Si j’ai bien compris, l’utilisateur créé par borg server est restreint au dossier /~/backup. Et en même temps, quand on installe borg sur le serveur A, il est bien indiqué :

With borgserver_ynh apps you can’t specify another repo path than ~/backup.

Comment je peux faire ? Est-ce qu’il ne faudrait pas pouvoir indiquer le path à l’installation de borgserver, pour qu’il donne le bon accès à user ?

ljf · September 5, 2022, 10:20pm

Avec borgserver, je pense que tu peux personnaliser ça en utilisant un mount --bind pour monter le dossier de ton dd externe sur le dossier ~/backup de ton dd interne. Il faut aussi l’ajouter dans fstab du coup.

Les autres solutions consiste à ajouter cette fonctionnalités dans borgserver ou coder avec moi ce mois ci sur la PR de backup…

mbro · September 19, 2022, 7:34pm

Is there an English explanation on this that works with nextcloud 24 as currently on yunohost? I understood nextcloud kind of advertises this backing up to another nextcloud as a feature. But how does it work? If I have one nextcloud 24 on a cloud vps with yunohost and one nextcloud 24 in Docker on an rpi at home, could I backup them to each other completely? It’s hundreds of GB.

Mamie · September 19, 2022, 8:07pm

Here, it’s not NextCloud <-> NextCloud, but Borg <-> Borg (using YunoHost’s backup scripts).

I think the tutorial is outdated, maybe the link in the first post is up to date.

Basically, if you have 2 servers, with at least the server you want to backup running YunoHost, and it’s easier if both.

Install borg app on your server
Note everything you define for the installation
Install borg_server on the distant server
Run the first backup, it will be REALLY LONG (can be days, depending on the quantity of data and bandwidth)

Normally, there will be more details in the borg documentation

(Seems outdated too, but it should work, but it seems important to rewrite it so the same questions will not be asked again and again )

mbro · September 19, 2022, 8:18pm

Thanks outdated or not I will have a look into it some of these… Checks calendar… Months, I’m afraid.