23
submitted 2 months ago* (last edited 2 months ago) by CatLikeLemming@lemmy.blahaj.zone to c/selfhosted@lemmy.world

I'm planning on setting up a nas/home server (primarily storage with some jellyfin and nextcloud and such mixed in) and since it is primarily for data storage I'd like to follow the data preservation rules of 3-2-1 backups. 3 copies on 2 mediums with 1 offsite - well actually I'm more trying to go for a 2-1 with 2 copies and one offsite, but that's besides the point. Now I'm wondering how to do the offsite backup properly.

My main goal would be to have an automatic system that does full system backups at a reasonable rate (I assume daily would be a bit much considering it's gonna be a few TB worth of HDDs which aren't exactly fast, but maybe weekly?) and then have 2-3 of those backups offsite at once as a sort of version control, if possible.

This has two components, the local upload system and the offsite storage provider. First the local system:

What is good software to encrypt the data before/while it's uploaded?

While I'd preferably upload the data to a provider I trust, accidents happen, and since they don't need to access the data, I'd prefer them not being able to, maliciously or not, so what is a good way to encrypt the data before it leaves my system?

What is a good way to upload the data?

After it has been encrypted, it needs to be sent. Is there any good software that can upload backups automatically on regular intervals? Maybe something that also handles the encryption part on the way?

Then there's the offsite storage provider. Personally I'd appreciate as many suggestions as possible, as there is of course no one size fits all, so if you've got good experiences with any, please do send their names. I'm basically just looking for network attached drives. I send my data to them, I leave it there and trust it stays there, and in case too many drives in my system fail for RAID-Z to handle, so 2, I'd like to be able to get the data off there after I've replaced my drives. That's all I really need from them.

For reference, this is gonna be my first NAS/Server/Anything of this sort. I realize it's mostly a regular computer and am familiar enough with Linux, so I can handle that basic stuff, but for the things you wouldn't do with a normal computer I am quite unfamiliar, so if any questions here seem dumb, I apologize. Thank you in advance for any information!

top 50 comments
sorted by: hot top controversial new old
[-] Bassman1805@lemmy.world 8 points 2 months ago

The easiest offsite backup would be any cloud platform. Downside is that you aren't gonna own your own data like if you deployed your own system.

Next option is an external SSD that you leave at your work desk and take home once a week or so to update.

The most robust solution would be to find a friend or relative willing to let you set up a server in their house. Might need to cover part of their electric bill if your machine is hungry.

[-] mhzawadi@lemmy.horwood.cloud 6 points 2 months ago

There's some really good options in this thread, just remember that whatever you pick. Unless you test your backups, they are as good as not existing.

[-] redbr64@lemmy.world 1 points 2 months ago

Is there some good automated way of doing that? What would it look like, something that compares hashes?

[-] mhzawadi@lemmy.horwood.cloud 3 points 2 months ago

That very much depends on your backup of choice, that's also the point. How do you recover your backup?

Start with a manual recover a backup and unpack it, check import files open. Write down all the steps you did, how do you automate them.

[-] sugar_in_your_tea@sh.itjust.works 1 points 2 months ago* (last edited 2 months ago)

I don't trust automation for restoring from backup, so I keep the restoration process extremely simple:

  1. automate recreating services - have my podman files in a repository
  2. manually download and extract data to a standard location
  3. restart everything and verify that each service works properly

Do that once/year in a VM or something and you should be good. If things are simple enough, it shouldn't take long (well under an hour).

load more comments (2 replies)
[-] huquad@lemmy.ml 5 points 2 months ago

Syncthing to a pi at my parents place.

[-] AtariDump@lemmy.world 4 points 2 months ago

But doesn’t that sync in real-time? Making it not a true backup?

[-] huquad@lemmy.ml 3 points 2 months ago

Agreed. I have it configured on a delay and with multiple file versions. I also have another pi running rsnapshot (rsync tool).

[-] AtariDump@lemmy.world 1 points 2 months ago
[-] huquad@lemmy.ml 4 points 2 months ago

For the delay, I just reduce how often it checks for new files instead of instantaneously.

[-] rumba@lemmy.zip 1 points 2 months ago

Edit the share, enable file versioning, choose which flavor.

[-] Malatesta@lemmy.world 2 points 2 months ago

Low power server in a friends basement running syncthing

[-] SorteKanin@feddit.dk 1 points 2 months ago

A pi with multiple terabytes of storage?

[-] huquad@lemmy.ml 2 points 2 months ago* (last edited 2 months ago)

My most critical data is only ~2-3TB, including backups of all my documents and family photos, so I have a 4TB ssd attached which the pi also boots from. I have ~40TB of other Linux isos that have 2-drive redundancy, but no backups. If I lose those, i can always redownload.

[-] dave@lemmy.wtf 1 points 2 months ago

using a meshVPN like tailscale or netbird would another option as well. it would allow you to use proper backup software like restic or whatever, and with tailscale on both devices, it would allow restic to be able to find the pi device even if the other person moved to a new house. (although a pi with ethernet would be preferable so all they have to do is plug it in to their new network and everything would be good. if it was a pi zero then someone would have to update the wifi password)

[-] huquad@lemmy.ml 1 points 2 months ago

Funny you mention it. This is exactly what I do. Don't use the relay servers for syncthing, just my tailnet for device to device networking.

[-] pHr34kY@lemmy.world 5 points 2 months ago* (last edited 2 months ago)

I have a job, and the office is 35km away. I get a locker in my office.

I have two backup drives, and every month or so, I will rotate them by taking one into the office and bringing the other home. I do this immediately after running a backup.

The drives are LUKS encrypted btrfs. Btrfs allows snapshots and compression. LUKS enables me to securely password protect the drive. My backup job is just a btrfs snapshot followed by an rsync command.

I don't trust cloud backups. There was an event at work where Google Cloud accidentally deleted an entire company just as I was about to start a project there.

[-] Matriks404@lemmy.world 3 points 2 months ago

I don't 🙃

[-] TrumpetX@programming.dev 2 points 2 months ago

Look into storj and tardigrade. It's a crypto thing, but don't get scared. You back up to S3 compatible endpoints and it's super cheap (and pay with USD credit card)

[-] dieTasse@feddit.org 2 points 2 months ago

If you are gonna go for TrueNAS, try Storj with TrueNAS Cloud task. TrueNAS made a partnership with Storj and the price is very good. https://www.truenas.com/truecloud-backup/

TlDr; The data is encrypted with restic and sent to Storj S3 storage that is further fragmenting it (and encrypting it too - so double encryption) into multiple pieces (with redundancy) and storing on other peoples TrueNASes (you can also provide your unused space btw and gain some small money back).

I am in process of setting this up (already run a working test backup) and I didn't find anything that's better than this integrated solution. Very cool!

[-] AustralianSimon@lemmy.world 2 points 2 months ago* (last edited 2 months ago)

I have two large (8 Bay) Synology NAS. They backup certain data between each other and replicate internally and push to Back blaze. $6/mo.

[-] fmstrat@lemmy.nowsci.com 2 points 2 months ago

If you use ZFS this becomes easy, because you can do incremental backups at the block level.

I have my home lab server and do snapshots and sends to a server at my fathers house. Then I also have an external drive that I snapshot to as well.

[-] rutrum@programming.dev 2 points 2 months ago

I use borg backup. It, and another tool called restic, are meant for creating encrypted backups. Further, it can create backups regularly and only backup differences. This means you could take a daily backup without making new copies of your entire library. They also allow you to, as part of compressing and encrypting, make a backup to a remote machine over ssh. I think you should start with either of those.

One provider thats built for being a cloud backup is borgbase. It can be a location you backup a borg (or restic I think) repository. There are others that are made to be easily accessed with these backup tools.

Lastly, I'll mention that borg handles making a backup, but doesn't handle the scheduling. Borgmatic is another tool that, given a yml configuration file, will perform the borgbackup commands on a schedule with the defined arguments. You could also use something like systemd/cron to run a schedule.

Personally, I use borgbackup configured in NixOS (which makes the systemd units for making daily backups) and I back up to a different computer in my house and to borgbase. I have 3 copies, 1 cloud and 2 in my home.

[-] glizzyguzzler@lemmy.blahaj.zone 2 points 2 months ago* (last edited 2 months ago)

I got my parents to get a NAS box, stuck it in their basement. They need to back up their stuff anyway. I put in 2 18 TB drives (mirrored BTRFS raid1) from server part deals (peeps have said that site has jacked their prices, look for alts). They only need like 4 TB at most. I made a backup samba share for myself. It’s the cheapest symbology box possible, their software to make a samba share with a quota.

I then set up a wireguard connection on an RPi, taped that to the NAS, and wireguard to the local network with a batch script. Mount the samba share and then use restic to back up my data. It works great. Restic is encrypted, I don’t have to pay for storage monthly, their electricity is cheap af, they have backups, I keep tabs on it, everyone wins.

Next step is to go the opposite way for them, but no rush on that goal, I don’t think their basement would get totaled in a fire and I don’t think their house (other than the basement) would get totaled in a flood.

If you don’t have a friend or relative to do a box-at-their-house (peeps might be enticed with reciprocal backups), restic still fits the bill. Destination is encrypted, has simple commands to check data for validity.

Rclone crypt is not good enough. Too many issues (path length limits, password “obscured” but otherwise there, file structure preserved even if names are encrypted). On a VPS I use rclone to be a pass-through for restic to backup a small amount of data to a goog drive. Works great. Just don’t fuck with the rclone crypt for major stuff.

Lastly I do use rclone crypt to upload a copy of the restic binary to the destination, as the crypt means the binary can’t be fucked with and the binary there means that is all you need to recover the data (in addition to the restic password you stored safely!).

[-] toe@lemmy.world 1 points 2 months ago

LTO8 in box elsewhere

The price per terabyte became viable when a drive was on sale for half off at a local retailer.

Works well and it was a fun learning experience.

[-] doodledup@lemmy.world 1 points 2 months ago

I'm just skipping that. How am I going to backup 48TB on an off-site backup?!

load more comments (7 replies)
[-] merthyr1831@lemmy.ml 1 points 2 months ago

Rsync to a Hetzner storage box. I dont do ALL my data, just the nextcloud data. The rest is...linux ISOs... so I can redownload at my convenience.

[-] thecoffeehobbit@sopuli.xyz 1 points 2 months ago

I have an external storage unit a couple kilometers away and two 8TB hard drives with luks+btrfs. One of them is always in the box and after taking backups, when I feel like it, I detach the drive and bike to the box to switch. I'm currently researching btrbk for updating the backup drive on my pc automatically, it's pretty manual atm. For most scenarios the automatic btrfs snapshots on my main disks are going to be enough anyway.

[-] randombullet@programming.dev 1 points 2 months ago

My friend has 1G/1G Internet. I have a rsync cron job backing up there 2 times a week.

It has a 8TB NVMe drive that I use bulk data backup and a 2TB os drive for VM stuff.

[-] Onomatopoeia@lemmy.cafe 1 points 2 months ago* (last edited 2 months ago)

As others have said, use tools like borg and restic.

Shop around for cloud storage with good pricing for your use-case. Many charge for different usage patterns, like restoring data or uploading.

Check out storj.io, I like their pricing - they charge for downloading/restore (IIRC), and I figure that's a cost I can live with if I need to restore.

Otherwise I keep 3 local copies of data:

1 is live, and backed up to storj.io

2 is mirrored from 1 every other week

3 is mirrored from 1 every other week, opposite 2

This works for my use-case, where I'm concerned about local failures and mistakes (and don't trust my local stores enough to use a backup tool), but my data doesn't change a lot in a week. If I were to lose 1 week of changes, it would be a minor issue. And I'm trusting my cloud backup to be good (I do test it quarterly, and do a single file restore test monthly).

This isn't an ideal (or even recommended approach), just works with the storages I currently have, and my level of trust of them.

[-] sxan@midwest.social 1 points 2 months ago

I used to say restic and b2; lately, the b2 part has become more iffy, because of scuttlebutt, but for now it's still my offsite and will remain so until and unless the situation resolves unfavorably.

Restic is the core. It supports multiple cloud providers, making configuration and use trivial. It encrypts before sending, so the destination never has access to unencrypted blobs. It does incremental backups, and supports FUSE vfs mounting of backups, making accessing historical versions of individual files extremely easy. It's OSS, and a single binary executable; IMHO it's at the top of its class, commercial or OSS.

B2 has been very good to me, and is a clear winner for this is case: writes and space are pennies a month, and it only gets more expensive if you're doing a lot of reads. The UI is straightforward and easy to use, the API is good; if it weren't for their recent legal and financial drama, I'd still unreservedly recommend them. As it is, you'd have you evaluate it yourself.

[-] darkstar@sh.itjust.works 1 points 2 months ago

I have 2x 18TB HDD drives which I sync weekly and store in separate rooms.

I use Backblaze for offsite.

[-] ryannathans@aussie.zone 0 points 2 months ago

I use syncthing to push data offsite encrypted and with staggered versioning, to a tiny ITX box I run at family member's house

[-] rumba@lemmy.zip 1 points 2 months ago

The best part about sync thing is that you can set it to untrusted at the target. The data all gets encrypted and is not accessible whatsoever and the other side.

load more comments (3 replies)
[-] WeirdGoesPro@lemmy.dbzer0.com 0 points 2 months ago

My ratchet way of doing it is Backblaze. There is a docker container that lets you run the unlimited personal plan on Linux by emulating a windows environment. They let you set an encryption key so that they can’t access your data.

I’m sure there are a lot more professional and secure ways to do it, but my way is cheap, easy, and works.

[-] BlueEther@no.lastname.nz 0 points 2 months ago

I use backblaze as well, got an link to the docker container - that may save me a few dollar bucks a week and thus keep SWMBO happier

[-] turmacar@lemmy.world 1 points 2 months ago

Probably a me problem but kept having problems with that docker on unraid, it's just in the community apps 'store'. The vm seemed to just crash randomly.

I switched over to their B2 storage and just use rclone to an encrypted bucket and it's ~<$5/mo which I'm good with. Biggest cost is if I let it run too often and it spends a bunch of their compute time listing files to see if it needs to update them.

load more comments
view more: next ›
this post was submitted on 10 May 2025
23 points (100.0% liked)

Selfhosted

49821 readers
187 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS