What happend
Nextcloud Hub is the first completely integrated on-premises content collaboration platform on the market, ready for a new generation of users who expect seamless online collaboration capabilities out of the box. NextCloud & BackBlaze B2 secure backup script / howto I wanted to share my backup script with everyone. This is a script that enables maintenance mode, syncs to Backblaze B2 all of your files (encrypted by NextCloud), all of your encryption keys (enclosed in a tarball encrypted by a separate GPG key) and SQL dumps (also encrypted with that GPG.
Backblaze release there cloud storage’s S3 compatible API about 2 week ago. Given that it is more reliable and cheaper, I tried to move my primary s3 backend from self-hosted MinIO to B2 Cloud Storage this morning but failed.
The Web Installer is the easiest way to install Nextcloud on a web space. It checks the dependencies, downloads Nextcloud from the official server, unpacks it with. Cloud Gallery is the app that allows you to browse all the photos stored on your Nextcloud account without having to download them on your smartphone first. You can look at your favorite moments and share them quickly and easily, without taking up space on your smartphone. Functionality:. Simple and intuitive interface. Definitive Guide to using Minio as NextCloud Primary Storage Minio is an on-premises object storage server that can be deployed as a Minio cluster (with local storage) or as a gateway to other object storage services with their own API such as Backblaze B2, Azure Blob Storage, and Google Cloud Storage.
I’m using K3S v17.3 and latest stable/nextcloud chart. After first failed I thought that is a database issue so I change my database backend from mariadb to sqlite but still not work.
Logs
Apache2’s logs said Pod’s livenessProbe checked /status.php
but always got 400:
there is no log from nextcloud, even after set loglevel to debug:
Nextcloud Backblaze
and I don’t know how to get log from php side. Please somebody here told me how to get log from php side.
Possible reason
Since I only modified the S3 configuration file, I can only think that B2’s S3 API does not meet the requirements of nextcloud.
Here’s B2 said what they support or not:
Full S3 API docs see links above.
Conf file
Chart’s values.yaml:
PS. Region us-west-1
works with other apps and nextcloud don’t work with us-west-002
either I checked.
PS. I tried both nc18 and nc17.
What hpappend with B2’s storage
Infact, after the very first pod failed, there is some files in B2’s bucket generated by nextcloud.
I download that urn:oid:5
file from B2’s cloud storage.
Seek for help
Is here anyone use B2’s S3 API as well and how about you?
Recently I’ve started hosting a lot of my own data using Nextcloud. It is anexcellent alternative to likes of Dropbox & Google Drive and provides a lot ofgood features out of the box, e.g. a really great user interface, Calendar andContacts, RSS reader, etc. along with native apps for all the desktop and mobileOSes.
This is a good alternative to other cloud providers because overall it’s prettycheap when there’s a need to scale up, although I had to research and findrelatively cheap infrastructure providers which provided the features that Ineeded, without providing a lot of enterprisey features which a single user likeme won’t need (r/selfhosted really helped me with finding the alternatives). Inthe end, I started with Hetzner for hosting the server and Backblaze B2 forcheap backups. The combination has been working really well for last 4 months orso, without any downtime.
As an aside, Hetzner also provides Nextcloud boxes which are pretty cheap butsince I use my VPS for some other stuff I didn’t pick that option.
In this setup, I assume that you already have a Nextcloud server running on aVPS. I touch upon the details of my setup, but won’t go in-depth. Essentially, Icover how to provision a volume, use that to store NC data, encrypt and backthat up to Backblaze B2 using rclone (and cron).
Setting Up Hetzner (Optional)
First and foremost, one needs to create an account on Hetzner. The procedureover there is quite different as they require copy of the passport to be sentas part of their installation. Someone from their team checks it andactivates your account. They give the option of encrypting the passport copywith their gpg before sending them the passport. This helps in countering thefake accounts that crop up to use their inexpensive VPS solutions.
Changes to Nextcloud to use an External Volume
Once a VPS is procured, take it for a spin and install Nextcloud. As Imentioned, in my setup, I’ve created a volume to store all the nextclouddata.
There are 2 changes that I’ve done in my setup:
Since
apache
runs aswww-data
user, this folder needs to give thepermissions to this user. I’ve also added a group calledcloud
which hasall the users who can read through the data of multiple other servicesrunning on my machine.The config of nextcloud by default uses
datadirectory
as/var/www/nextcloud/data
and I’ve changed it to/mnt/volume-nbg1-1/nextcloud/data
. The file should be available in thenextcloud root directory in theconfig
folder.
Get a Backblaze B2 account.
Unlike Hetzner, these guys just need your email address and credit carddetails. Create an account over there, and then create a bucket. I generallyappend a guid to my bucket name as these have to be globally unique.
Once the bucket is created, create an Application key using the App Keys
menu on the left. Note down the keyId
and applicationKey
.
Setup A User To Backup Data
As mentioned before, and to keep a separation of different users, I created auser which has read access to services running on my machine. Let’s call thatuser syncuser
. This user will be part of the cloud
group and thereforewill read access to the nextcloud data directory. Essentially, you’d need torun these commands.
Setup rclone
rclone is an excellent sync utility with backends for (almost?) all the cloudproviders in existence. It is ultra fast and super simple to set up.
This step of setting rclone contains 2 substeps:
This configuration uses the
keyid
andapplicationKey
which we savedwhile creating app keys for B2. Let’s assume that you named this backendb2
during the rclone configuration, then go ahead and sync acouple of files using the following commands:This should list out
dir1
anddir2
.This backend doesn’t really encrypts the data. We need to setup a cryptbackend for encryption to actually work.
While doing the configuration for crypt, the setup asks for quite a fewthings. Here’s a list of values you might use, based on the steps we’vetaken till now:
New remote -> name ->
b2-crypt
Type of storage -> crypt
Remote to encrypt/decrypt ->
b2-crypt:bucketname
How to encrypt the filename -> “standard”
Encrypt directory names -> “false”
Password -> yes or generate
Salt -> yes or generate
As listed above, the preference is to give it both the backendName
andbucketName
in the form b2-crypt:bucketname
. This makes things easierfor syncing the folders inside the bucket. You can simple encrypt it usingb2-crypt:foldername
instead of the longerb2-crypt:bucketname/foldername
. I find this a bit cleaner as well.
Backing it Up
So far, we’ve setup Nextcloud to use an external volume, created an user forsyncing the data and have created an encrypted backend with which we hope tosync the data to B2. Let’s turn that hope into reality.
The command that we’re going to do the syncing is:
dry-run
and v
are just there for debugging. In case everything runs fine,remove these options.
We are going to setup a cron job with clouduser
to read and sync the datadirectory to the encrypted backend, everyday at 3:05AM.
Run the following command as a sudo
user:
This should open up a cron file in your default editor, add the following toit:
Further
As I mentioned, this post isn’t a complete walkthrough for the setup, butmore like a skeleton. There are a couple of things you should be doing tohave a stable and painless experience in case things go south:
Test the setup
Nextcloud Backblaze Backup
Backup is not there for backing things up, but for restoring the datawhen the luck turns bad. So setup rclone
in your local machine, syncsome data back, and try to decrypt it. It should work, if it doesn’t thensee where it went bad.
Have more than one backup
One problem with encryption is either of bitrot or of lost keys. Since we’restoring our data in someone else’s computer, it might make sense to encryptit. But it’s always a good idea to have a local copy of it. With this setup,you have a (in case of Hetzner) triple replicated volume with non-encrypteddata and another encrypted backup at B2. Make sure you have another localcopy in your machine and/or external hard disk.
This blog post is just half backup
Nextcloud documentation says:
You must have both the database and data directory. You cannot completerestoration unless you have both of these.
So come up with a similar approach of backing up your Nextcloud’sdatabase. The details are in the documentation. In my setup, I have a weeklycron job that backups up my database to B2.