I own a Synology DS713+ NAS for my local TimeMachine backups and to store media files like videos, music and photos.

It is a great NAS with an intuitive and clear webinterface. But the NAS is at home. The same place where my Macs are, which backup to the Synology. If I want to have a good backup strategy in case of fire, water or Godzilla, I have to put the data to another place, outsite of my home.

I have a server in a datacenter for some projects, which will be a good target for my remote backup. Synology have some tools in the DSM for remote Backups but just for AmazonS3, Glacier or rsync compatible servers. Sure I could use rsync, but I don’t want to have my private data unencyrypted on remote host.

For the remote server i use duply and duplicity to backup important data to a remote host and i love it. Wouldn’t it be nice to use that tool combination also for Synology backups? Here is the tutorial:

1. Install IPKG

To get the tools running, you need a ssh connection to your NAS and have to install the packetmanager IPKG (Itsy Package Management System).

You will find thousends of tutorials on the web. I don’t want go into detail because it differs on the Synology NAS you own.

You find an english tutorial on synology.com

A german tutorial is online available at synology-wiki.de

2. Install duplicity

First check if ipkg is running:

ipkg -version

You should get an output like

ipkg version 0.99.163

Now you have to install some python packages and its dependencies:

ipkg install py26-duplicity py26-paramiko

py26-duplicity is the duplicity main package, py26-paramiko is the component to connect via ssh/scp/sftp

You also need the python crypto package (py26-crypto), but there is no prebuild version for python 2.6 on ipkg . I found a solution to build the package on the QNAP-wiki. I replaced wget with wget-ssl to load files via ssl.

ipkg install grep gcc libgmp
ipkg remove wget
ipkg install wget-ssl
cd /tmp
wget --no-check-certificate https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.1.tar.gz
tar -xvzf pycrypto-2.6.1.tar.gz
cd pycrypto-2.6.1
ac_cv_func_malloc_0_nonnull=yes python2.6 setup.py install

3. Install duply

duply is a frontend for the very complex duplicity. It give you access to the easiest functions for full and incremental backups and of course to restore options.

cd /tmp
wget http://downloads.sourceforge.net/project/ftplicity/duply%20%28simple%20duplicity%29/1.9.x/duply_1.9.1.tgz
tar -xvzf duply_1.9.1.tgz
mv duply_1.9.1/duply /opt/bin/duply
mkdir /etc/duply #for global configs
mkdir -p /volume1/duply/tmp #we need this later
mkdir -p /volume1/duply/cache #we need this later
rm -rf /tmp/duply_1.9.1* #cleanup

duply also needs a bash:

ipkg install bash

4. Encryption

One reason to use duplicity is the encryption. So now we generate a pair of public/private key with GnuPG:

gpg2 --gen-key

This needs some time/entropy on the synology. You can start a download of a big file on the downloadstation if you want to speed up things.

It is important to copy the keys to a safe place after generation and note your passphrase down. Without the keys/passphrase you cannot restore the backup if the synology fails. You will find the keys in /root/.gnupg.

Now you need to take note of key-id (8 chars) you generated (in this case 2B6ZU7H8):

gpg2 --list-keys

/root/.gnupg/pubring.gpg
------------------------
pub   2048R/2B6ZU7H8 2014-11-07
uid   Felix Dittgen <felix@felixdittgen.de>
sub   2048R/DKSJEEEIF 2014-11-07

5. Configure duply

Now you have to create a new duply setup:

duply syno create

syno is the name of the backup set. You can choose whatever you want.

Now go to /etc/duply/syno/conf and choose your matching configuration. Here is as set of the important parts:

GPG_KEY='2B6ZU7H8' #The gpg key-id (8 chars) you generated and noted down.
GPG_PW='efnjewrfg478fbnjklkgrönk42nk32' #The passphrase
TARGET='ssh://syno@example.com/backup' #The target server
SOURCE='/volume1' #Main path for the files to safe
TEMP_DIR=/volume1/duply/tmp #Where to put temp files (a lot of space needed)
ARCH_DIR=/volume1/duply/cache #Some cache/meta files

Thats all. You just have to enable ssh login via certificates, cause you don’t want to write you pass somewhere in clear.

So first check if there is a folder /home/syno/.ssh on the remote server. If not, create it.

ssh-keygen -t rsa
cat ~/.ssh/*.pub | ssh syno@example.com 'umask 077; cat >>.ssh/authorized_keys'

Now you can connect to the remote system without any password.

If you want to create a list of directorys to exclude from backups use the file /etc/duply/syno/exclude

/volume1/Downloads/*
/volume1/Media/*
/volume1/photo/*
/volume1/duply/*
/volume1/Plex/*
/volume1/server/*
/volume1/timemachine/*

6. Some basic commands

#Start Backup
duply syno backup

#Force Full backup
duply syno full

#prints backup sets and chains currently in repository
duply syno status

#Restore
duply syno restore <target_path> [<age>]

#More Info on Usage
duply syno usage

7. Create Crontab

If you want to run your backup periodically, use crontab. Here is an example for a full backup on every first of the month and an incremental backup the other days:

[...]
# incremental backup daily - day 2-31
13      8       2-31    *       *       root    /opt/bin/duply syno purge --force && /opt/bin/duply syno backup --allow-source-mismatch >> /var/log/backup/duply_inc.log
# full backup every 1th of the month
13      8       1       *       *       root    /opt/bin/duply syno purge-full --force && /opt/bin/duply syno full --allow-source-mismatch  >> /var/log/backup/duply_full.log

Restart cron with

restart crond

 8. Conclusion

I hope you like the new backup tool for your synology. Always generate a worst-case scenario and test the restore process of the backup tools you use. You will be thankful if you really need them.