this post was submitted on 10 May 2025
178 points (99.4% liked)

Selfhosted

46654 readers
614 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
178
3-2-1 Backups: How do you do the 1 offsite backup? (lemmy.blahaj.zone)
submitted 6 days ago* (last edited 6 days ago) by CatLikeLemming@lemmy.blahaj.zone to c/selfhosted@lemmy.world
123 comments fedilink hide all child comments
 

I'm planning on setting up a nas/home server (primarily storage with some jellyfin and nextcloud and such mixed in) and since it is primarily for data storage I'd like to follow the data preservation rules of 3-2-1 backups. 3 copies on 2 mediums with 1 offsite - well actually I'm more trying to go for a 2-1 with 2 copies and one offsite, but that's besides the point. Now I'm wondering how to do the offsite backup properly.

My main goal would be to have an automatic system that does full system backups at a reasonable rate (I assume daily would be a bit much considering it's gonna be a few TB worth of HDDs which aren't exactly fast, but maybe weekly?) and then have 2-3 of those backups offsite at once as a sort of version control, if possible.

This has two components, the local upload system and the offsite storage provider. First the local system:

What is good software to encrypt the data before/while it's uploaded?

While I'd preferably upload the data to a provider I trust, accidents happen, and since they don't need to access the data, I'd prefer them not being able to, maliciously or not, so what is a good way to encrypt the data before it leaves my system?

What is a good way to upload the data?

After it has been encrypted, it needs to be sent. Is there any good software that can upload backups automatically on regular intervals? Maybe something that also handles the encryption part on the way?

Then there's the offsite storage provider. Personally I'd appreciate as many suggestions as possible, as there is of course no one size fits all, so if you've got good experiences with any, please do send their names. I'm basically just looking for network attached drives. I send my data to them, I leave it there and trust it stays there, and in case too many drives in my system fail for RAID-Z to handle, so 2, I'd like to be able to get the data off there after I've replaced my drives. That's all I really need from them.

For reference, this is gonna be my first NAS/Server/Anything of this sort. I realize it's mostly a regular computer and am familiar enough with Linux, so I can handle that basic stuff, but for the things you wouldn't do with a normal computer I am quite unfamiliar, so if any questions here seem dumb, I apologize. Thank you in advance for any information!

(page 2) 50 comments
sorted by: hot top controversial new old
[–] glizzyguzzler@lemmy.blahaj.zone 2 points 5 days ago* (last edited 5 days ago)

I got my parents to get a NAS box, stuck it in their basement. They need to back up their stuff anyway. I put in 2 18 TB drives (mirrored BTRFS raid1) from server part deals (peeps have said that site has jacked their prices, look for alts). They only need like 4 TB at most. I made a backup samba share for myself. It’s the cheapest symbology box possible, their software to make a samba share with a quota.

I then set up a wireguard connection on an RPi, taped that to the NAS, and wireguard to the local network with a batch script. Mount the samba share and then use restic to back up my data. It works great. Restic is encrypted, I don’t have to pay for storage monthly, their electricity is cheap af, they have backups, I keep tabs on it, everyone wins.

Next step is to go the opposite way for them, but no rush on that goal, I don’t think their basement would get totaled in a fire and I don’t think their house (other than the basement) would get totaled in a flood.

If you don’t have a friend or relative to do a box-at-their-house (peeps might be enticed with reciprocal backups), restic still fits the bill. Destination is encrypted, has simple commands to check data for validity.

Rclone crypt is not good enough. Too many issues (path length limits, password “obscured” but otherwise there, file structure preserved even if names are encrypted). On a VPS I use rclone to be a pass-through for restic to backup a small amount of data to a goog drive. Works great. Just don’t fuck with the rclone crypt for major stuff.

Lastly I do use rclone crypt to upload a copy of the restic binary to the destination, as the crypt means the binary can’t be fucked with and the binary there means that is all you need to recover the data (in addition to the restic password you stored safely!).

[–] Jimmycakes@lemmy.world 4 points 6 days ago* (last edited 6 days ago)

I use asustor Nas, one at my house south east US, one at my sister's house northeast us. The asus os takes care of the backup every night. It's not cheap but if you want it done right.

Both run 4 drives in raid 5. Pictures backup to the hdd and a raid 1 set of nvme in the nas. The rest is just movies and TV shows for plex so I don't really care about those. The pictures are the main thing. I feel like that's as safe I can be.

[–] kebab@endlesstalk.org 4 points 6 days ago

I rent a cheap 4.5 TB, 60€/year VPS. Encryption synchronization is handled by Proxmox as I have Proxmox Backup Server installed on it. I am planning to change it and just buy a miniPC with a cheap HDD that I’ll place at my family’s place to save money

[–] ryannathans@aussie.zone 4 points 6 days ago (4 children)

I use syncthing to push data offsite encrypted and with staggered versioning, to a tiny ITX box I run at family member's house

load more comments (4 replies)
[–] toe@lemmy.world 1 points 5 days ago

LTO8 in box elsewhere

The price per terabyte became viable when a drive was on sale for half off at a local retailer.

Works well and it was a fun learning experience.

[–] randombullet@programming.dev 1 points 5 days ago

My friend has 1G/1G Internet. I have a rsync cron job backing up there 2 times a week.

It has a 8TB NVMe drive that I use bulk data backup and a 2TB os drive for VM stuff.

[–] hperrin@lemmy.ca 3 points 6 days ago* (last edited 6 days ago)

I just rsync it once in a while to a home server running in my dad’s house. I want it done manually in a “pull” direction rather than a “push” in case I ever get hit with ransomware.

[–] d00phy@lemmy.world 3 points 6 days ago

My dad and I each have Synology NAS. We do a hyper sync backup from one to the other. I back up to his and vice versa. I also use syncthing to backup my plex media so he can mount it locally on his plex server.

[–] gamermanh@lemmy.dbzer0.com 3 points 6 days ago (1 children)

Put brand new drive into system, begin clone

When clone is done, pull drive out and place in a cardboard box

Take that box to my off-site storage (neighbors house) and bury it

(In truth I couldn't afford to get to the 1 off-site in time and have potentially tragically lost almost 4TB of data that, while replacable, will take time because I don't fucking remember what I even had lol. Gonna take the drives to a specialist tho cuz I think the plates are fine and it's the actual reading mechanism that's busted)

[–] treeofnik@discuss.online 2 points 6 days ago* (last edited 6 days ago)

For this I use a python script run via cron to output an html directory file that lists all the folder contents and pushes it to my cloud storage. This way if I ever have a critical failure of replaceable media, I can just refer to my latest directory file.

[–] 7rokhym@lemmy.ca 2 points 5 days ago

I use Linux, so encryption is easy with LUKS, and Free File Sync to drives that rotate to a safety deposit box at the bank for catastrophic event, such as a house fire. Usually anything from the last few months are still on my mobile devices.

[–] amorpheus@lemmy.world 3 points 6 days ago (2 children)

External drives that I keep in my office at work. Also cloud storage.

load more comments (2 replies)
[–] bandwidthcrisis@lemmy.world 3 points 6 days ago

I use rsync.net

It's not the lowest price, but I like the flexibility of access.

For instance, I was able to run rclone on their servers to do a direct copy from OneDrive to rsync.net, 400Gb without having to go through my connection.

I can mount backups with sshfs if I want to, including the daily zfs snapshots.

[–] cron@feddit.org 3 points 6 days ago (1 children)

RClone to a cloud storage (hetzner in my case). Rclone is easy to configure and offers full encryption, even for the file names.

As the data is only uploaded once, a daily backup uploads only the added or changed files.

Just as a side note: make sure you can retrieve your data even in case your main system fails. Make sure you have all the passwords/crypto keys available.

load more comments (1 replies)
[–] tuhriel@infosec.pub 3 points 6 days ago* (last edited 6 days ago)

I have a rpi4 awith an external hdd at my parents house, which I connect via a wireguard vpn, mount and decrypt the external hdd and then it triggers a restic backup to a restic-rest server as append only.

The whole thing is done via a python script

I chose the rest-server because it allows "append only", so the data can't be deleted easily from my side of the vpn.

[–] neidu3@sh.itjust.works 3 points 6 days ago* (last edited 6 days ago)

A huge tape archive in a mountain. It's pretty standard for geophysical data. I have some (encrypted) personal stuff on a few tapes there.

[–] SpatchyIsOnline@lemmy.world 1 points 5 days ago

I built a near identical server for my parents and just sync my nextcloud folder to theirs using syncthing

[–] frozencow@lemmy.world 1 points 5 days ago

I also had been contenplating this for a while. The solution I implemented recently is:

The system itself is a RPI on NixOS. The system can be reproduced from the NixOS configuration. The NixOS configuration is stored on GitHub. Since I can reproduce the sdcard image (and full system) from the configuration I opted to not do any backup of the sdcard/system itself.

I've also opted to not use raid, as I can replace/add a RPI without too much hassle.

The real backups for me are for photos. Those are stored on a M.2 storage. A second (similar) RPI is placed at my dad's place. The rpis run tailscale and syncthing. Syncthing syncs using staggered mode (stores 1 version for the last day/week/year) and the RPI at my dad is untrusted, so the backup files are sent/stored encrypted there.

This setup hasn't run very long yet, so I won't recommend it, but it seems to check quite a lot of boxes for me. Maybe it gives some ideas. I'm also interested what alternative solutions others came up with.

[–] surewhynotlem@lemmy.world 2 points 6 days ago (1 children)

Idrive has built in local encryption you can enable.

load more comments (1 replies)
[–] palarith@aussie.zone 2 points 6 days ago

Rclone to dropbox. ( was cheapest for 2tb at the time )

[–] harsh3466@lemmy.ml 2 points 6 days ago

Right now I sneaker net it. I stash a luks encrypted drive in my locker at work and bring it home once a week or so to update the backup.

At some point I'm going to set up a RPI at a friend's house, but that's down the road a bit.

load more comments
view more: ‹ prev next ›