Borgmatic-Borg deduplicated encrypted backup for cPanel

Autom8n uses borgmatic to provide an alternative cPanel backup that is

  1. deduplicated (faster incremental backups, low network usage, low disk usage on storage)
  2. incremental
  3. encrypted ( GDPR Compliance , Data safety)
  4. Enable hourly,daily,monthly,weekly retention

The setup is straightforward and the only thing that needs to be filled is the backup repository and retention

Install borg and borgmatic

/opt/nDeploy/scripts/easy_borg_setup.sh

Configure repository

You can use a local directory or a remote server for the repository.

For remote server , borg support the SSH transport and it is required that the borg software is installed on the remote backup server and available in the path To install borg on a centOS7 server you can do

yum -y install epel-release
yum --enablerepo=epel -y install borgbackup

If you have a network file system like NFS/CIFS mounted in a local path or if you have a separate drive mounted as a local drive, borg can backup to this too

Once your repository is finalized you must add the repository details in

borg repository settings

repositories and encryption_passphrase must be filled in along with BACKUP RETENTION numbers

Initialize borg repository

If this is a fresh uninitialized repo, we need to init the repo now

borgmatic --init --encryption repokey-blake2
# assuming the repo name is [email protected]:/mnt/auto4
borg key export root@auto3.autom8n.com:/mnt/auto4 keyfile
# Please keep the contents of keyfile and the encryption passphrase secure outside the server
# losing the encryption passphrase means you will not be able to access backups!

Do the first backups

Perform the initial backup now. Since it can take a lot of time depending on your disk size it is best to do run the command below in a screen session

borgmatic --stats
# stats will give you a picture of how how the deduplication worked

Decide the backup frequency and add it to /etc/crontab

Now you need to decide the frequency in which you need to run the backup. This can be once per day for big disks or once every hour for a small disk with few accounts

cat /etc/crontab
  SHELL=/bin/bash
  PATH=/sbin:/bin:/usr/sbin:/usr/bin
  MAILTO=root

  # For details see man 4 crontabs

  # Example of job definition:
  # .---------------- minute (0 - 59)
  # |  .------------- hour (0 - 23)
  # |  |  .---------- day of month (1 - 31)
  # |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
  # |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
  # |  |  |  |  |
  # *  *  *  *  * user-name  command to be executed
  # Borg backup every hour
  1 * * * * root /usr/local/bin/borgmatic

Supported borg backup services

You can backup to any server/ backup service supporting the borg 1.1 version.

HetzNer

You can either mount the hetzner storage box via CIFS and set the borg repository to the mount point or you can directly backup to the storage box after enabling ssh in the storage box option

https://wiki.hetzner.de/index.php/BorgBackup/en

https://wiki.hetzner.de/index.php/Backup/en

https://wiki.hetzner.de/index.php/Backup_Space_SSH_Keys/en

BorgBase

Signup at https://www.borgbase.com/ . Create your repository and once done copy the repository path

borgbase settings

The above path must be entered in the repositories: field in Autom8n Borg settings