Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Encrypted backups offsite with VM

Featured Replies

Hey guys,

So it's been a about ayear since my last post when I was figuring out a backup strategy for an offsite unraid server. I orignally decided after much research of going with rsync and SSH to remotely turn on/off the box, but now that I am ready to implement, I want to encrypt and obfuscate the filenames, which rsync won't do. Soo the new plan is to just keep the remote box always on.  I will set up minio as others have done on unraid, and have  openvpn running on an rpi (already set the vpn up works well). Now here is my issue:

 

I would like to use Veeam and it only runs on windows (I looked at cloudberry for linux, however, while encrypting the files, it does not obfuscate the file names).

 

So... I am thinking that on the main unraid box, to always have a windows 10 vm running with veeam running on that. And to somehow pass through (not sure if I'm using correct terms as I have 0 experience with VMs) the unraid shares to the windows 10 VM, and have then Veeam that's running on the windows 10VM will just backup the shares (which will correspond to the unraid shares) to the minio S3 instance running on the remote unraid.

 

What do you guys think of this? Would the windows VM be stable enough to continously be running in the background without any issues? This will be its sole purpose. The main unraid box is an i5-8400 processor with 16 gigs of RAM. 

 

Thanks so much!

  • Author

Seems like Veeam free version does not allow S3 backup, so will have to go with the Cloudberry docker and just live with the non-obfuscated filenames and hope they add it in the future. Windows version of cloudberry is $300 so will go with the docker available here.

 

*EDIT*

ahh, I just realized. It’s about 70tb let’s say. 
Cloudberry allows for incremental backups after running the full one. 
But it’s recommended not to have the chain be too long. So after say 30 days, I would need to create another “full” backup??

that would be crazy to keep having to transfer everything all over again every 30 days especially as data continues to grow!

 

Am I missing something? Why is this so difficult? lol. 
 Sucks that rsync won’t allow any encryption!

 

*EDIT 2*

HMM, I wonder if it is possible to use RCLONE like people do when they upload to gdrive, but instead of the gdrive, I would do it to my own minio S3 instance. I think that would pretty much be exactly what I want/need by basically creating my own cloud, and rclone supports encryption and obfuscation which is what people usually use for their gdrive backups.

 

Anyone know if it could be implemented with What I need? I would use the copy command not sync. 
 

Only issue is If there’s a ransom we’re infection on the main server. How would I remember which are the good versions of the files to restore?

Edited by maxse

 

On 11/17/2019 at 1:40 AM, maxse said:

*EDIT 2*

HMM, I wonder if it is possible to use RCLONE like people do when they upload to gdrive, but instead of the gdrive, I would do it to my own minio S3 instance.

I'm just a home user, but I use borg backup to back up locally and then sync my local backup off-site using rclone. I'm using a modified version of this script to achieve what I want. You could also check out restic which can backup to a minio server or use rclone as backup target for other services.

 

I have not tried or tested restic myself so your mileage may vary.

 

In the pruning part of the script, you can see that 7 daily, 4 weekly and 6 monthly backups are kept. If I experienced a ransomware attack and needed to restore a file I would mount my borg backup archive, search for the filename of the affected file and see when it was changed/overwritten by comparing modification date and/or file size. Borg backup uses deduplication to save on storage space so there would be multiple instances of the same file in the different repositories.

 

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.