Webspace like e.g. provided via Nextcloud can be used to backup files. A good backup stragegy should integrate as good as possible into your daily work, such that the backups can be done hassle-free. This description will show you how to use BorgBackup to first create snapshots of your local data and later send them via Rclone to your webspace.
BorgBackup, or short simply "borg", is a python commandline tool, which lets you create archives of files with the following features:
-
compression: Files can be compressed with different methods if wanted
-
deduplication: If you happen to save one file multiple times into your archive, this data will be deduplicated and only be stored once from borg
-
incremental backups: If you from one backup to the next just change a tiny bit of your data, basically only this tiny bit gets saved. This opens the possiblity to do backups much quicker once you saved them for the first time.
-
encryption: borg is able to encrypt the files stored in its backup archiv thus making it save to store them at an unsafe place - like "the Cloud". Because remember:
To synchronise the archive made by borg to Nextcloud we use Rclone. Rclone is able to commuticate with a lot of storage providing software out there. So you might have a look at the supported providers if you are interested in using this documentation with something other than Nextcloud.
First you have to install borg. As it is available on the repositories of many platforms, it might just be as easy as
sudo apt install borgbackup
or
sudo pacman -S borg
First, create a folder where the backup archive should be stored, e.g. by mkdir borgbackup
. With the following step we setup or initialize a repository, which is encrypted and the encryption file itself is secured by a password
borg init -e keyfile-blake2 borgbackup
Enter new passphrase:
Enter same passphrase again:
Option: Use quota to your repository, e.g. by providing
--storage-quota 2G
Now it is very important to save both keyfile and password. Once you need to access files from another system (e.g. if the backed-up system is dead) you will need both. So
1.) Save your password to your password manager, where a copy hopefully resides on some place other than your main computer
2.) Export your borg keyfile an store it on a safe place. Optionally: Use --paper
, print it out and store it at your parent's place.
borg key export borgbackup keyfile.txt
> Hint: The keyfile is also stored in your home directory at ~/.config/borg/keyfile
Define which files do you want to have in your backup archive. One way of specifying this in a flexible manner is the patternsfile which can be provided to borg.
# example patternsfile
# define root directory:
R /home/username/
- **/.cache
borg create -s --compression auto,lzma --patterns-from borgpatterns --progress borgbackup::everything-{now}
First, install Rclone as well.
sudo apt install rclone
Rclone provides a step-by-step configuration which guides you to all the neccessary things you need to setup to use Rclone with your nextcloud. Simply start by typing rclone config
% rclone config
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> nextcloud-name
Choose webdav
as this is the network protocol used by nextcloud, see here, provide an URL to the webdav endpoint (usually by adding remote.php/webdav
to your base URL) and lateron specify the type of webdav connection - nextcloud
in this case.
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
Storage> webdav
** See help for webdav backend at: https://rclone.org/webdav/ **
URL of http host to connect to
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Connect to example.com
\ "https://example.com"
url>my.nextcloud-instance.com/remote.php/webdav
Choose a number from below, or type in your own value
1 / Nextcloud
\ "nextcloud"
2 / Owncloud
\ "owncloud"
3 / Sharepoint
\ "sharepoint"
4 / Other site/service or software
\ "other"
vendor>nextcloud
Now provide your individual login information.
TIP: It is very handy to generate a login token via the webfrontend of Nextcloud. This way, you can revoke this specific login at a later time without completely resetting your password. The token can be generated in
Settings → Security → Device & session → Create new app password
. This token will look liket7j8o-qpW3H-Wy2BW-XC82X-t5pkM
and will only be showed once to you - so you better copy this token somewhere when you create it inside your Nextcloud))
User name
Enter a string value. Press Enter for the default ("").
user>username
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank (default)
y/g/n>y
Enter the password:
password:ENTER-TOKEN-HERE
Confirm the password:
password:ENTER-TOKEN-HERE
There is no bearer token needed, so you can now simply complete the setup by answering the defaults and finally quitting the rclone configuration with q
:
Bearer token instead of user/pass (e.g. a Macaroon)
Enter a string value. Press Enter for the default ("").
bearer_token>
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Remote config
--------------------
[nextcloud-name]
type = webdav
url = my.nextcloud-instance.com/remote.php/webdav
vendor = nextcloud
user = username
pass = *** ENCRYPTED ***
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:
Name Type
==== ====
nextcloud-name webdav
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q
That's it. Now you can test your connection by typing:
rclone lsd nextcloud-name:/
-1 2020-11-29 23:59:49 -1 Documents
-1 2020-11-29 23:59:49 -1 Photos
-1 2020-11-29 23:59:49 -1 Talk
and a list of directories already existant on your nextcloud should pop up. If this is the case, everything works as it should.
TIP: Use a configuration password to keep your rclone configuration save. Do this by typing
s
torclone config
. This way you have to enter the password before using rclone. This might seem tedious but in this scenario nobody with bare access to your local user can simply alter the contents of your cloud. In a later step of the automatization we can store the password in a environment variableRCLONE_CONFIG_PASS
to provide it behind-the-scenes to rclone.
In the same manner you could add more and different webspace options to your rclone config.