Unraid Server to Server Backups


Recommended Posts

One thing I think is missing - Unless I missed it while reading, is...  I would LOVE a way to have the data encrypted at the far end automatically..  In otherwords, I've got a friend with an Unraid server, and we'd both like to be the offsite backup for each other, but I think we'd want on-disk encryption at each other's remote sites.  Is there something on UnRaid that would let this happen yet?  I've never seen this option..

Link to comment

It doesn't really seem like a safe solution.
you connect to your backup with full access, in case of ransomware or hack you are done.

What I think is better is create a docker with ssh and Rsync.
Mount folders that you want to backup read-only to the docker.

Use a DDNS instead of IP
Running the connection over Wireguard.
Let the Backup server make the connection and the backup, close the connection after making the backup.

Set up the backup server in such a way that it can only be written once and cannot be deleted / modified.
Perhaps a Snapshot on the backup server as extra security.

And never make one server accessible through another, if you get hacked or hit with ransomware you have 1 big clusterf*ck

Link to comment
On 10/11/2020 at 11:04 AM, 172pilot said:

One thing I think is missing - Unless I missed it while reading, is...  I would LOVE a way to have the data encrypted at the far end automatically..  In otherwords, I've got a friend with an Unraid server, and we'd both like to be the offsite backup for each other, but I think we'd want on-disk encryption at each other's remote sites.  Is there something on UnRaid that would let this happen yet?  I've never seen this option..

Are you thinking of using something different from LUKS?  LUKS is how Unraid naturally provides disk encryption.

Link to comment
  • 2 weeks later...
On 10/19/2020 at 9:26 AM, spx404 said:

Are you thinking of using something different from LUKS?  LUKS is how Unraid naturally provides disk encryption.

Interesting - I wasn't aware of LUKS..  I'll have to do more reading on it, but my impression so far is that it is for security on the volume, but once mounted, it's available to anyone (root).  Since I'm talking about streaming backup files to a remote UnRaid that I dont own, I'd want to encrypt the data before it leaves, rather than rely on an encryption that is managed by the remote system.   Maybe LUKS has a mode to do this..  I haven't read much yet, and will do so.  Thanks for pointing out this functionality I didn't know about!

 

Link to comment
On 11/1/2020 at 9:52 AM, 172pilot said:

Interesting - I wasn't aware of LUKS..  I'll have to do more reading on it, but my impression so far is that it is for security on the volume, but once mounted, it's available to anyone (root).  Since I'm talking about streaming backup files to a remote UnRaid that I dont own, I'd want to encrypt the data before it leaves, rather than rely on an encryption that is managed by the remote system.   Maybe LUKS has a mode to do this..  I haven't read much yet, and will do so.  Thanks for pointing out this functionality I didn't know about!

 

Ahh okay.

 

I believe, LUKS encrypts the entire drive, so on each boot you have to enter a password to unlock the drive before any shares or data become visible.  So I don't think that is what you want.  Well, maybe you do but LUKS isn't what you are looking for.

 

I'm no expert and am not sure what the best procedure or way to do what you want is BUUUUTTTTTTT..... I think what I would do is something like this.

 

From Windows 10 access the share with subfolders/files that you want to encrypt ---> right click and click properties on the folder/file and you should be presented with an option for encryption.  Encrypt the folder or file, then use rsync to copy over the encrypted folder/file to the other server.  I would not do this to a shared folder.  I would only do this to a subfolder or file.

 

I'm sure linux/macos have similar methods to Windows for encrypting a specific folder/file.  There are probably plugins that will allow for encrypting and decrypting mounted shares "on the fly" but unfortunately that isn't an area of familiarity for me.  Hopefully at a minimum, I've given you enough bread crumbs to figure something out.

Edited by spx404
Link to comment
  • 3 months later...

Hello there

I have a local server and backup server in another site.

I follow this tutorial

worked well so far.

Last week, my backup server was off for several days (power supply problem).

The backup server is now on. And the sync no longer works with this error in the script logs :

rsync: connection unexpectedly closed (0 bytes received so far) [sender]

rsync error: unexplained error (code 255) at io.c(228) [sender=3.2.3]

 

Thanks in advance  @SpencerJ

Edited by thymon
Link to comment
  • 2 months later...
  • 5 months later...
On 12/15/2021 at 1:06 AM, ChatNoir said:

That's weird, Spencer's link does not work for me either but the link that works for me looks the same. 🤪

Edit : while Spencer's text seems to be to .../blog/... it really links to .../news/...

 

Should be fixed.... not sure wth is going on lol.

 

https://unraid.net/blog/unraid-server-to-server-backups-with-rsync-and-wireguard

 

 

 

 

  • Like 1
Link to comment
On 3/4/2021 at 2:51 AM, thymon said:

Hello there

I have a local server and backup server in another site.

I follow this tutorial

worked well so far.

Last week, my backup server was off for several days (power supply problem).

The backup server is now on. And the sync no longer works with this error in the script logs :

rsync: connection unexpectedly closed (0 bytes received so far) [sender]

rsync error: unexplained error (code 255) at io.c(228) [sender=3.2.3]

 

Thanks in advance

@thymon Did you ever get this working?

 

Just a guess but perhaps the keys in /boot/config/.ssh did not get copied over during boot up on your remote system.  Double check the "go" script.

Edited by spxlabs
Link to comment
On 12/16/2021 at 5:04 PM, spxlabs said:

@thymon Did you ever get this working?

 

Just a guess but perhaps the keys in /boot/config/.ssh did not get copied over during boot up on your remote system.  Double check the "go" script.

Hello, as I don't have access to my router, maybe zerotier may help like this there is no need to transfer keys or port forwarding. I hope it helps.

Edited by Howard Callender
Misspelled word
Link to comment
  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.