How to implement remote backup

I am trying to implement an automatic remote backup strategy of the Nextcloud data. For other systems I just use rsync to sync relevant content via SSH onto the backup destination. However, the Nextbox setup does not make this too easy.

Since Nextcloud is set up in a Docker environment, with the data directory in a Docker volume, the physical place of the relevant data is at /srv/docker/volumes/nextbox-compose_nextcloud/_data/data. The files and directories in there are owned by www-data:www-data, so the default user account nextuser is not able to read these files per default.

Adding nextuser to the www-data group will not help, because the directories above the actual Nextcloud data belong to root since this is all managed by Docker. So I would have to give nextuser permissions to read root data, which really should not be the case from a security point of view.

Going back to what’s actually available, I mounted the home directories of all the Nextcloud users using the WebDAV protocol and davfs2 on the remote machine and now I try to rsync from there to the actual backup directory. This turns out to be really very slow, because the Nextbox and the backup machine are not in a LAN but connected via Cable/DSL.

So I wonder whether there is something else here to do backups than just attaching another drive to the Nextbox via USB, something that works with a remote backup destination. Any ideas?

1 Like

Hey @mcnesium

yes, (periodic) remote backup is a pending feature that is on the list.
Nextcloud by itself is not really charming to backup and restore as it consists of at least the data (btw. all nextcloud (file) data can be found in /srv/nextcloud) and a database dump. Essentially the Nextcloud documented approach is used: Backup — Nextcloud latest Administration Manual latest documentation

But with lots of tweaks and safety nets to handle corner cases, but generally you will need to be root for these operations, mainly due to the dockerized approach which is used.

best

Thanks for the reply @daringer

By now I realized that it actually does work using SSH. I figured that since nextuser can do sudo without a password anyway I can make use of the command line option --rsync-path of rsync. When I do --rsync-path="sudo rsync" on the destination machine, the remote nextuser runs the remote rsync command using root permissions and thus is able to read the docker volume directories.

So up until there is a dedicated feature to do periodic remote backups, this seems like a valid workaround.

Nextcloud Backup app to the rescue! (via)

Looks like this does all I wanted, plus it sort of obsoletes the backup feature of the Nextbox app.

mmh, initially this didn’t look too good, but today it has evolved alot, maybe this might really be a chance to deprecate the NextBox Backup functionality in favor of this Nextcloud app…

are you using it? did you have good experience with it?

Not yet, and I don’t think I would want to use it for my other NC instances, since there are other Backup strategies in place. But it seems just right for the Nextbox.

1 Like

@mcnesium are you doing a “remote” backup via internet, or only in the internal network? if internet, this always means there will be at least one router that opens port 22, to the backup machine, or to the nextbox, right?

still wondering what the best option will be for me…as automated as possible, as secure as possible.

@benzkji yes I do the backup via internet and have set up port forwarding in the router. It’s not port 22 though, I changed it in /etc/ssh/sshd_config on the Nextbox.

The best option seems to be the official Nextcloud Backup app. We need v23 for that though…

1 Like