SpencerJ Posted October 9, 2020 Share Posted October 9, 2020 This blog is a guide on how to securely back up one Unraid server to another geographically separated Unraid server using rsync and Wireguard by @spx404. If you have questions, comments or just want to say hey, post them here! https://unraid.net/blog/unraid-server-to-server-backups-with-rsync-and-wireguard 3 2 Quote Link to comment
172pilot Posted October 11, 2020 Share Posted October 11, 2020 One thing I think is missing - Unless I missed it while reading, is... I would LOVE a way to have the data encrypted at the far end automatically.. In otherwords, I've got a friend with an Unraid server, and we'd both like to be the offsite backup for each other, but I think we'd want on-disk encryption at each other's remote sites. Is there something on UnRaid that would let this happen yet? I've never seen this option.. Quote Link to comment
invalid Posted October 11, 2020 Share Posted October 11, 2020 It doesn't really seem like a safe solution. you connect to your backup with full access, in case of ransomware or hack you are done. What I think is better is create a docker with ssh and Rsync. Mount folders that you want to backup read-only to the docker. Use a DDNS instead of IP Running the connection over Wireguard. Let the Backup server make the connection and the backup, close the connection after making the backup. Set up the backup server in such a way that it can only be written once and cannot be deleted / modified. Perhaps a Snapshot on the backup server as extra security. And never make one server accessible through another, if you get hacked or hit with ransomware you have 1 big clusterf*ck Quote Link to comment
spxlabs Posted October 19, 2020 Share Posted October 19, 2020 On 10/11/2020 at 11:04 AM, 172pilot said: One thing I think is missing - Unless I missed it while reading, is... I would LOVE a way to have the data encrypted at the far end automatically.. In otherwords, I've got a friend with an Unraid server, and we'd both like to be the offsite backup for each other, but I think we'd want on-disk encryption at each other's remote sites. Is there something on UnRaid that would let this happen yet? I've never seen this option.. Are you thinking of using something different from LUKS? LUKS is how Unraid naturally provides disk encryption. Quote Link to comment
172pilot Posted November 1, 2020 Share Posted November 1, 2020 On 10/19/2020 at 9:26 AM, spx404 said: Are you thinking of using something different from LUKS? LUKS is how Unraid naturally provides disk encryption. Interesting - I wasn't aware of LUKS.. I'll have to do more reading on it, but my impression so far is that it is for security on the volume, but once mounted, it's available to anyone (root). Since I'm talking about streaming backup files to a remote UnRaid that I dont own, I'd want to encrypt the data before it leaves, rather than rely on an encryption that is managed by the remote system. Maybe LUKS has a mode to do this.. I haven't read much yet, and will do so. Thanks for pointing out this functionality I didn't know about! Quote Link to comment
spxlabs Posted November 4, 2020 Share Posted November 4, 2020 (edited) On 11/1/2020 at 9:52 AM, 172pilot said: Interesting - I wasn't aware of LUKS.. I'll have to do more reading on it, but my impression so far is that it is for security on the volume, but once mounted, it's available to anyone (root). Since I'm talking about streaming backup files to a remote UnRaid that I dont own, I'd want to encrypt the data before it leaves, rather than rely on an encryption that is managed by the remote system. Maybe LUKS has a mode to do this.. I haven't read much yet, and will do so. Thanks for pointing out this functionality I didn't know about! Ahh okay. I believe, LUKS encrypts the entire drive, so on each boot you have to enter a password to unlock the drive before any shares or data become visible. So I don't think that is what you want. Well, maybe you do but LUKS isn't what you are looking for. I'm no expert and am not sure what the best procedure or way to do what you want is BUUUUTTTTTTT..... I think what I would do is something like this. From Windows 10 access the share with subfolders/files that you want to encrypt ---> right click and click properties on the folder/file and you should be presented with an option for encryption. Encrypt the folder or file, then use rsync to copy over the encrypted folder/file to the other server. I would not do this to a shared folder. I would only do this to a subfolder or file. I'm sure linux/macos have similar methods to Windows for encrypting a specific folder/file. There are probably plugins that will allow for encrypting and decrypting mounted shares "on the fly" but unfortunately that isn't an area of familiarity for me. Hopefully at a minimum, I've given you enough bread crumbs to figure something out. Edited November 4, 2020 by spx404 Quote Link to comment
thymon Posted March 4, 2021 Share Posted March 4, 2021 (edited) Hello there I have a local server and backup server in another site. I follow this tutorial worked well so far. Last week, my backup server was off for several days (power supply problem). The backup server is now on. And the sync no longer works with this error in the script logs : rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: unexplained error (code 255) at io.c(228) [sender=3.2.3] Thanks in advance @SpencerJ Edited March 5, 2021 by thymon Quote Link to comment
skinsvpn Posted May 22, 2021 Share Posted May 22, 2021 The link appears to be broken Quote Link to comment
SpencerJ Posted May 22, 2021 Author Share Posted May 22, 2021 On 5/21/2021 at 5:25 PM, skinsvpn said: The link appears to be broken Sorry, need to redirect after a website change. Here you go: https://unraid.net/blog/unraid-server-to-server-backups-with-rsync-and-wireguard Quote Link to comment
orlando500 Posted December 14, 2021 Share Posted December 14, 2021 On 5/22/2021 at 3:01 AM, SpencerJ said: Sorry, need to redirect after a website change. Here you go: https://unraid.net/blog/unraid-server-to-server-backups-with-rsync-and-wireguard broken again Quote Link to comment
ChatNoir Posted December 15, 2021 Share Posted December 15, 2021 9 hours ago, orlando500 said: broken again https://unraid.net/blog/unraid-server-to-server-backups-with-rsync-and-wireguard Quote Link to comment
ChatNoir Posted December 15, 2021 Share Posted December 15, 2021 That's weird, Spencer's link does not work for me either but the link that works for me looks the same. 🤪 Edit : while Spencer's text seems to be to .../blog/... it really links to .../news/... Quote Link to comment
SpencerJ Posted December 16, 2021 Author Share Posted December 16, 2021 On 12/15/2021 at 1:06 AM, ChatNoir said: That's weird, Spencer's link does not work for me either but the link that works for me looks the same. 🤪 Edit : while Spencer's text seems to be to .../blog/... it really links to .../news/... Should be fixed.... not sure wth is going on lol. https://unraid.net/blog/unraid-server-to-server-backups-with-rsync-and-wireguard 1 Quote Link to comment
spxlabs Posted December 16, 2021 Share Posted December 16, 2021 (edited) On 3/4/2021 at 2:51 AM, thymon said: Hello there I have a local server and backup server in another site. I follow this tutorial worked well so far. Last week, my backup server was off for several days (power supply problem). The backup server is now on. And the sync no longer works with this error in the script logs : rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: unexplained error (code 255) at io.c(228) [sender=3.2.3] Thanks in advance @thymon Did you ever get this working? Just a guess but perhaps the keys in /boot/config/.ssh did not get copied over during boot up on your remote system. Double check the "go" script. Edited December 16, 2021 by spxlabs Quote Link to comment
Howard Callender Posted December 19, 2021 Share Posted December 19, 2021 (edited) On 12/16/2021 at 5:04 PM, spxlabs said: @thymon Did you ever get this working? Just a guess but perhaps the keys in /boot/config/.ssh did not get copied over during boot up on your remote system. Double check the "go" script. Hello, as I don't have access to my router, maybe zerotier may help like this there is no need to transfer keys or port forwarding. I hope it helps. Edited December 19, 2021 by Howard Callender Misspelled word Quote Link to comment
SpencerJ Posted January 13, 2022 Author Share Posted January 13, 2022 If you have trouble with this method or are curious of other back up solutions, please see here: https://unraid.net/blog/unraid-server-backups-with-luckybackup Quote Link to comment
TallMan206 Posted September 2 Share Posted September 2 If I try to run the user script, is ask me for a root password (just as in the terminal when setting up the ssh copy For example: Example 2 This command copies files from SiteB to SiteA, both have matching share names rsync -avz -e "ssh -i /root/.ssh/siteA-rsync-key" [email protected]:/mnt/user/homework/isos/ /mnt/user/homework/isos/ this requires me to type in a root password (from my main server) I did NOT use a password while setting up site A Setting up Site A Let's start by opening an Unraid Terminal window. In the top right corner of the Unraid WebUI press the Icon that looks like this >_ Now, we need to execute a few commands. First, we need to generate a public/private key pair to allow an SSH connection to work without a password and manual intervention. To do this simply do the following command on Site A. ssh-keygen -t rsa -b 2048 -f /root/.ssh/siteA-rsync-key You will be prompted to “Enter a Passphrase”. Hit the ‘Enter’ key twice. Deep breath. Should I use a password? Quote Link to comment
ich777 Posted September 4 Share Posted September 4 On 9/2/2024 at 11:51 AM, TallMan206 said: Should I use a password? You can also follow this where everything is described step by step: Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.