I own a Synology DS713+ NAS for my local TimeMachine backups and to store media files like videos, music and photos.
It is a great NAS with an intuitive and clear webinterface. But the NAS is at home. The same place where my Macs are, which backup to the Synology. If I want to have a good backup strategy in case of fire, water or Godzilla, I have to put the data to another place, outsite of my home.
I have a server in a datacenter for some projects, which will be a good target for my remote backup. Synology have some tools in the DSM for remote Backups but just for AmazonS3, Glacier or rsync compatible servers. Sure I could use rsync, but I don’t want to have my private data unencyrypted on remote host.
For the remote server i use duply and duplicity to backup important data to a remote host and i love it. Wouldn’t it be nice to use that tool combination also for Synology backups? Here is the tutorial:
1. Install IPKG
To get the tools running, you need a ssh connection to your NAS and have to install the packetmanager IPKG (Itsy Package Management System).
You will find thousends of tutorials on the web. I don’t want go into detail because it differs on the Synology NAS you own.
You find an english tutorial on synology.com
A german tutorial is online available at synology-wiki.de
2. Install duplicity
First check if ipkg is running:
You should get an output like
ipkg version 0.99.163
Now you have to install some python packages and its dependencies:
ipkg install py26-duplicity py26-paramiko
py26-duplicity is the duplicity main package, py26-paramiko is the component to connect via ssh/scp/sftp
You also need the python crypto package (py26-crypto), but there is no prebuild version for python 2.6 on ipkg . I found a solution to build the package on the QNAP-wiki. I replaced wget with wget-ssl to load files via ssl.
ipkg install grep gcc libgmp ipkg remove wget ipkg install wget-ssl cd /tmp wget --no-check-certificate https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.1.tar.gz tar -xvzf pycrypto-2.6.1.tar.gz cd pycrypto-2.6.1 ac_cv_func_malloc_0_nonnull=yes python2.6 setup.py install
3. Install duply
duply is a frontend for the very complex duplicity. It give you access to the easiest functions for full and incremental backups and of course to restore options.
cd /tmp wget http://downloads.sourceforge.net/project/ftplicity/duply%20%28simple%20duplicity%29/1.9.x/duply_1.9.1.tgz tar -xvzf duply_1.9.1.tgz mv duply_1.9.1/duply /opt/bin/duply mkdir /etc/duply #for global configs mkdir -p /volume1/duply/tmp #we need this later mkdir -p /volume1/duply/cache #we need this later rm -rf /tmp/duply_1.9.1* #cleanup
duply also needs a bash:
ipkg install bash
One reason to use duplicity is the encryption. So now we generate a pair of public/private key with GnuPG:
This needs some time/entropy on the synology. You can start a download of a big file on the downloadstation if you want to speed up things.
It is important to copy the keys to a safe place after generation and note your passphrase down. Without the keys/passphrase you cannot restore the backup if the synology fails. You will find the keys in /root/.gnupg.
Now you need to take note of key-id (8 chars) you generated (in this case 2B6ZU7H8):
gpg2 --list-keys /root/.gnupg/pubring.gpg ------------------------ pub 2048R/2B6ZU7H8 2014-11-07 uid Felix Dittgen <firstname.lastname@example.org> sub 2048R/DKSJEEEIF 2014-11-07
5. Configure duply
Now you have to create a new duply setup:
duply syno create
syno is the name of the backup set. You can choose whatever you want.
Now go to /etc/duply/syno/conf and choose your matching configuration. Here is as set of the important parts:
GPG_KEY='2B6ZU7H8' #The gpg key-id (8 chars) you generated and noted down. GPG_PW='efnjewrfg478fbnjklkgrönk42nk32' #The passphrase TARGET='ssh://email@example.com/backup' #The target server SOURCE='/volume1' #Main path for the files to safe TEMP_DIR=/volume1/duply/tmp #Where to put temp files (a lot of space needed) ARCH_DIR=/volume1/duply/cache #Some cache/meta files
Thats all. You just have to enable ssh login via certificates, cause you don’t want to write you pass somewhere in clear.
So first check if there is a folder /home/syno/.ssh on the remote server. If not, create it.
ssh-keygen -t rsa cat ~/.ssh/*.pub | ssh firstname.lastname@example.org 'umask 077; cat >>.ssh/authorized_keys'
Now you can connect to the remote system without any password.
If you want to create a list of directorys to exclude from backups use the file /etc/duply/syno/exclude
/volume1/Downloads/* /volume1/Media/* /volume1/photo/* /volume1/duply/* /volume1/Plex/* /volume1/server/* /volume1/timemachine/*
6. Some basic commands
#Start Backup duply syno backup #Force Full backup duply syno full #prints backup sets and chains currently in repository duply syno status #Restore duply syno restore <target_path> [<age>] #More Info on Usage duply syno usage
7. Create Crontab
If you want to run your backup periodically, use crontab. Here is an example for a full backup on every first of the month and an incremental backup the other days:
[...] # incremental backup daily - day 2-31 13 8 2-31 * * root /opt/bin/duply syno purge --force && /opt/bin/duply syno backup --allow-source-mismatch >> /var/log/backup/duply_inc.log # full backup every 1th of the month 13 8 1 * * root /opt/bin/duply syno purge-full --force && /opt/bin/duply syno full --allow-source-mismatch >> /var/log/backup/duply_full.log
Restart cron with
I hope you like the new backup tool for your synology. Always generate a worst-case scenario and test the restore process of the backup tools you use. You will be thankful if you really need them.