Introduction
This tutorial will guide you through setting up a fully automated, secure, and incremental backup system using BorgBackup on a sperate Server. By the end, you will have a reliable system to protect your data.
It is best to rent this server from a different provider or have it at home. In any case, it should be at a different physical location.
Prerequisites
- 2 servers
- Access to the root user or a user with sudo permissions
- This tutorial was tested on Ubuntu 24.04
Step 1 - Prepare the Source Server
To start, configure the Source server that will be backed up:
-
Switch to the root user and create an SSH key:
sudo -i cd && ssh-keygen -t rsa -b 4096 cat ~/.ssh/id_rsa.pub -
Install the required tools:
apt update && apt install borgbackup ncdu -y
Step 2 - Configure the Backup Server
Now, configure the Backup Server where backups will be stored:
-
Create a new user and install BorgBackup:
sudo adduser serverbackup sudo apt update && sudo apt install borgbackup -y- Important: Do not give this user
sudoprivileges.
- Important: Do not give this user
-
Set up SSH access:
su serverbackup mkdir ~/.ssh nano ~/.ssh/authorized_keys- Paste the public key from the source server (
~/.ssh/id_rsa.pub) here. - Prepend the following command to the key:
command="borg serve --restrict-to-path /home/serverbackup/backups --append-only"
- Paste the public key from the source server (
-
Create a repository:
mkdir -p ~/backups/Server1 borg init --encryption=repokey ~/backups/Server1 -
Export the repository key and store it securely:
borg key export ~/backups/Server1 ~/key-export cat ~/key-export # Ensure you delete the key file from the server after storing it securely rm ~/key-export
Step 3 - Automate Backups on the Source Server
Create and schedule automated backups on the Source server:
-
Create a backup script:
nano ~/backup.shContent of
backup.sh:Replace
<BACKUP_SERVER_IP>andYourSecurePassphrasewith your actual information.#!/bin/bash DATE=$(date +"%Y-%m-%d") REPOSITORY="ssh://serverbackup@<BACKUP_SERVER_IP>:22/~/backups/Server1" export BORG_PASSPHRASE="YourSecurePassphrase" echo "Starting backup..." borg create --exclude-caches $REPOSITORY::$DATE / \ -e /dev -e /proc -e /sys -e /tmp -e /run -e /media -e /mnt -e /var/log echo "Pruning old backups..." borg prune -v $REPOSITORY \ --keep-daily=14 \ --keep-weekly=12 \ --keep-monthly=24 -
Make the script executable and test it:
chmod +x ~/backup.sh ./backup.sh -
Schedule the script to run daily:
crontab -eAdd the following line to schedule the backup at 2:00 AM:
0 2 * * * /home/<user>/backup.sh
Step 4 - Backup to Hetzner Storage Box (Optional)
To back up to a Hetzner Storage Box:
-
Copy your SSH key to the Hetzner server:
ssh-copy-id -i ~/.ssh/id_rsa -p 23 YourUsername@YourUsername.your-storagebox.de -
Initialize a Borg repository on the Hetzner server:
borg init --encryption=repokey ssh://YourUsername@YourUsername.your-storagebox.de:23/./Backup/SERVERNAME -
Export and securely save the repository key:
borg key export ssh://YourUsername@YourUsername.your-storagebox.de:23/./Backup/SERVERNAME ~/hetzner-key
Notes:
- Use a strong password WITHOUT special characters and save it safe!
- Save the repository key securely; both the key and passphrase are required to restore backups.
Conclusion
You should now have daily backups of your server's root directory.