A good backup tool ? Duplicity
I’ve tried many tools to backup, from bare rsync to tools such as restic or borg. Although they’re all good solutions, my requirements were never fully met. It’s why I chose to test and use duplicity. In this post I’ll focus on full server backup.
Here are my requirements for a good backup tool:
- compression: I don’t have much to backup but I don’t want to use much either.
- encryption: I only have a basic FTP that I don’t own, there it’s using GnuPG.
- incremental backup: Also to save disk space.
- on a FTP: with restic or borg directly I had lock problems over a curlftpfs mount, any backup would fail, it’s not related to these tools but to my usage.
- easy to use and restore, it keeps ownership and rights.
It’s pretty straightforward, install the duplicity package through your package manager on your server. You may also install ncftp if you want to backup over FTP.
Generate your keys
Let’s generate your GNuPG key pair so we can encrypt our backup. This time, on your own computer, and not on your server, do the following.
Take a 4096 bits length key, most of the default values should be enough.
Now export both the private and public keys, the first one you will keep it safely on a USB drive or anywhere safe, it would be used to decrypt your data, the other one will be required on your server. First find out your key UID.
There the UID is 1A6F2256, you can export the keys.
Import your public key
SSH to your server so you can import your key only, first upload the public key through scp for example.
Your public key being on your server you need to import it to gpg.
You would think it’s over but you have to change the trust of the key, do the following command.
One you have the GNuPG prompt, type trust, select optimal, say yes and you’re done !
First server backup
Duplicity allows you to do full backups or incremental ones. Of course the first one is a full backup. One cool thing is that you don’t have to tell it explicitly to do an incremental one once the first one is made.
I suggest you use that very simple script to do your backup, you can edit it to your needs, mostly the exclude part. It backups fully on Monday, following days of the week are incremental. On Monday it also removes old backups, it’s done this dirty way since you cannot use duplicity’s cleanup function without the private key and the passphrase which I refuse to use online. It keeps two weeks of backup which is enough for me. You need to set an autofs mount to erase old backups since I didn’t script the FTP deletion yet.
Now run it, it may take a while so I recommend that you do that in a screen or tmux.
Rather than doing it manually, don’t forget to set a cron task to backup every night your data.
Restore your data
Obviously if you backup anything, you need to restore it some day soon. This time this operation requires the private key so you can decrypt the data ! Do what’s best for you, but it’s safer to keep your private key on your computer, you have to import your private key in gpg first.
Next step is really simple you have to revert the duplicity command to restore.
Finally rsync your data to your server, I know it looks complicated but it makes sure that your private key is never on your server.
Do not forget to remove your private key from your computer, it’s safer too.
A word of advice if you have several backup chains, for example I backup fully on Monday and do incremental ones for other days and keep two weeks top, duplicity will show you only the last full backup even if you restore stuff before the last full backup. It’s weird, but your restoration would work, it would just display the wrong date. To be sure I check the last mail.log, you might do it as well.
Check that your backups are good quite often. For further details, you can find some more explanations following the Ubuntu documentation.