Backup of Nextcloud to Remote Borg Repository
There are missing steps to getting Borg Backup to work on a new Nextcloud install
The steps to get Nextcloud AIO setup are straightforward and, at least in my experience, accurate. I ran into problems when attempting to get backup jobs setup with the included Borg Backup container and I wanted to capture what I did while it was fresh in my mind.
Let’s assume you’re working with two servers. Your primary Nextcloud server has an IP address of 10.200.10.10 and your remote server that you’re using to capture your backups is 10.200.10.20. For ease of use we’ll have both running Ubuntu but the steps to install the Borg binary is accurate in the docs, so this assumption is largely just so you’re working with complete instructions.
On your remote system, install Borg, create a user for borg backups (root is not recommended), and generate an SSH key.
1
2
3
4
5
6
sudo apt-get update && sudo apt-get install borgbackup
sudo useradd -c "Borg Backups" -m -s /bin/bash borg
sudo su borg -
ssh-keygen -o -a 100 -t ed25519
cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
chmod 0600 ~/.ssh/authorized_keys
On your local system you likely already have an SSH key but if you don’t, you’ll need to create one. Copy the contents of the public key into the authorized_keys file you created above. Once that’s done, you’re going to install Borg Backup on your local machine and initialize the repository on the remote host. Let’s assume your backup directory for your files is in /mnt/backup/borg on your remote.
1
2
3
4
5
sudo apt-get update && sudo apt-get install borgbackup
export BORG_REPO=ssh://borg@10.200.10.20/mnt/backup/borg
export BORG_PASSPHRASE=a complex password of some kind or see below for other options
borg init -e repokey-blake2
borg key export borg@10.200.10.20/mnt/backup/borg encrypted-key-backup
Now, connect to your Nextcloud management interface at https://10.200.10.10:8080/containers and stop all the containers. Set the backup target to ssh://borg@10.200.10.20/mnt/backup/borg and start the backup job. This first job will fail, which believe it or not is OK. The UI will display a public key that you need to add to the remote so add a new line to the authorized_keys file on your remote server and paste the public key. It will also show a password to use for encryption which I ended up using as the password for my Borg Backups but I’m honestly not sure if this is required or not. Either way, while you’re on the remote server you’re also going to need to grab a copy of the Borg config file
1
cat /mnt/backup/borg
Take the contenets of the above text and copy it into a new file on your Nextcloud server located at /var/lib/docker/volumes/nextcloud_aio_mastercontainer/_data/data/borg.config. Lastly you’ll want to set the privs on that file appropriately:
1
2
chown www-data:www-data /var/lib/docker/volumes/nextcloud_aio_mastercontainer/_data/data/borg.config
chmod 0770 /var/lib/docker/volumes/nextcloud_aio_mastercontainer/_data/data/borg.config
Now that this is all done, the backups should work and you’re all good to go. You only have to do this for the first backup job and afterwards the scheduled cron jobs should take care of things for you. I hope this helps someone else as I banged my head against this for ages.