Backup your Synology DSM 5.1 encrypted to remote server with Duply and Duplicity


I own a Synology DS713+ NAS for my local TimeMachine backups and to store media files like videos, music and photos.

It is a great NAS with an intuitive and clear webinterface. But the NAS is at home. The same place where my Macs are, which backup to the Synology. If I want to have a good backup strategy in case of fire, water or Godzilla, I have to put the data to another place, outsite of my home.

I have a server in a datacenter for some projects, which will be a good target for my remote backup. Synology have some tools in the DSM for remote Backups but just for AmazonS3, Glacier or rsync compatible servers. Sure I could use rsync, but I don’t want to have my private data unencyrypted on remote host.

For the remote server i use duply and duplicity to backup important data to a remote host and i love it. Wouldn’t it be nice to use that tool combination also for Synology backups? Here is the tutorial:

1. Install IPKG

To get the tools running, you need a ssh connection to your NAS and have to install the packetmanager IPKG (Itsy Package Management System).

You will find thousends of tutorials on the web. I don’t want go into detail because it differs on the Synology NAS you own.

You find an english tutorial on synology.com

A german tutorial is online available at synology-wiki.de

 

2. Install duplicity

First check if ipkg is running:

ipkg -version

You should get an output like

ipkg version 0.99.163

Now you have to install some python packages and its dependencies:

ipkg install py26-duplicity py26-paramiko

 

py26-duplicity is the duplicity main package, py26-paramiko is the component to connect via ssh/scp/sftp

You also need the python crypto package (py26-crypto), but there is no prebuild version for python 2.6 on ipkg . I found a solution to build the package on the QNAP-wiki. I replaced wget with wget-ssl to load files via ssl.

ipkg install grep gcc libgmp
ipkg remove wget
ipkg install wget-ssl
cd /tmp
wget --no-check-certificate https://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.1.tar.gz
tar -xvzf pycrypto-2.6.1.tar.gz
cd pycrypto-2.6.1
ac_cv_func_malloc_0_nonnull=yes python2.6 setup.py install

3. Install duply

duply is a frontend for the very complex duplicity. It give you access to the easiest functions for full and incremental backups and of course to restore options.

cd /tmp
wget http://downloads.sourceforge.net/project/ftplicity/duply%20%28simple%20duplicity%29/1.9.x/duply_1.9.1.tgz
tar -xvzf duply_1.9.1.tgz
mv duply_1.9.1/duply /opt/bin/duply
mkdir /etc/duply #for global configs
mkdir -p /volume1/duply/tmp #we need this later
mkdir -p /volume1/duply/cache #we need this later
rm -rf /tmp/duply_1.9.1* #cleanup

duply also needs a bash:

ipkg install bash

4. Encryption

One reason to use duplicity is the encryption. So now we generate a pair of public/private key with GnuPG:

gpg2 --gen-key

This needs some time/entropy on the synology. You can start a download of a big file on the downloadstation if you want to speed up things.

It is important to copy the keys to a safe place after generation and note your passphrase down. Without the keys/passphrase you cannot restore the backup if the synology fails. You will find the keys in /root/.gnupg.

Now you need to take note of key-id (8 chars) you generated (in this case 2B6ZU7H8):

gpg2 --list-keys

/root/.gnupg/pubring.gpg
------------------------
pub   2048R/2B6ZU7H8 2014-11-07
uid   Felix Dittgen <felix@felixdittgen.de>
sub   2048R/DKSJEEEIF 2014-11-07

5. Configure duply

Now you have to create a new duply setup:

duply syno create

syno is the name of the backup set. You can choose whatever you want.

Now go to /etc/duply/syno/conf and choose your matching configuration. Here is as set of the important parts:

GPG_KEY='2B6ZU7H8' #The gpg key-id (8 chars) you generated and noted down.
GPG_PW='efnjewrfg478fbnjklkgrönk42nk32' #The passphrase
TARGET='ssh://syno@example.com/backup' #The target server
SOURCE='/volume1' #Main path for the files to safe
TEMP_DIR=/volume1/duply/tmp #Where to put temp files (a lot of space needed)
ARCH_DIR=/volume1/duply/cache #Some cache/meta files

Thats all. You just have to enable ssh login via certificates, cause you don’t want to write you pass somewhere in clear.

So first check if there is a folder /home/syno/.ssh on the remote server. If not, create it.

ssh-keygen -t rsa
cat ~/.ssh/*.pub | ssh syno@example.com 'umask 077; cat >>.ssh/authorized_keys'

Now you can connect to the remote system without any password.

If you want to create a list of directorys to exclude from backups use the file /etc/duply/syno/exclude

/volume1/Downloads/*
/volume1/Media/*
/volume1/photo/*
/volume1/duply/*
/volume1/Plex/*
/volume1/server/*
/volume1/timemachine/*

6. Some basic commands

#Start Backup
duply syno backup

#Force Full backup
duply syno full

#prints backup sets and chains currently in repository
duply syno status

#Restore
duply syno restore <target_path> [<age>]

#More Info on Usage
duply syno usage

7. Create Crontab

If you want to run your backup periodically, use crontab. Here is an example for a full backup on every first of the month and an incremental backup the other days:

[...]
# incremental backup daily - day 2-31
13      8       2-31    *       *       root    /opt/bin/duply syno purge --force && /opt/bin/duply syno backup --allow-source-mismatch >> /var/log/backup/duply_inc.log
# full backup every 1th of the month
13      8       1       *       *       root    /opt/bin/duply syno purge-full --force && /opt/bin/duply syno full --allow-source-mismatch  >> /var/log/backup/duply_full.log

Restart cron with

restart crond

 8. Conclusion

I hope you like the new backup tool for your synology. Always generate a worst-case scenario and test the restore process of the backup tools you use. You will be thankful if you really need them.


12 Gedanken zu “Backup your Synology DSM 5.1 encrypted to remote server with Duply and Duplicity

  • Andreas

    to backup to Synology I had to use

    –ssh-backend pexpect
    otherwise you get an exception
    Incompatible ssh peer (no acceptable kex algorithm)

    More precisely in Duply conf file:
    DUPL_PARAMS=“$DUPL_PARAMS –ssh-backend pexpect „

  • Alan Ho

    how come I run the incremental statement right after I finished the full backup, and the incremental want to make another full backup of delta? It starts making delta for all my old files even I did not changed anything.

      • Alan Ho

        It said 1 full backup. If I use duply mybackup backup, it will do an incremental for EVERY file.
        if I use duply mybackup incr, it will skip most of the files but still doing some of the untouched file. I have given up already and now looking at attic.

  • Josef K

    Great tutorial, thanks!
    I can get it all running when started from shell but when starting duply from cron I get following the error:
    „duplicity missing. installed und available in path?
    PATH=’/sbin:/bin:/usr/sbin:/usr/bin:/usr/syno/sbin:/usr/syno/bin:/usr/local/sbin:/usr/local/bin'“
    Duplicity is installed under /opt/bin on my system (DSM 5.1) so I added this to PATH=… in crontab but it does not seem to help.
    Any ideas?

  • dexter80

    Hi! Nice tutorial.

    Point 2. 9. ac_cv_func_malloc_0_nonnull=yes python2.6 setup.py install
    gives me:

    running install
    running build
    running build_py
    running build_ext
    running build_configure
    checking for gcc… gcc
    checking whether the C compiler works… no
    configure: error: in `/tmp/pycrypto-2.6.1′:
    configure: error: C compiler cannot create executables
    See `config.log‘ for more details
    Traceback (most recent call last):
    File „setup.py“, line 456, in
    core.setup(**kw)
    File „/opt/lib/python2.6/distutils/core.py“, line 152, in setup
    dist.run_commands()
    File „/opt/lib/python2.6/distutils/dist.py“, line 975, in run_commands
    self.run_command(cmd)
    File „/opt/lib/python2.6/distutils/dist.py“, line 995, in run_command
    cmd_obj.run()
    File „/opt/lib/python2.6/distutils/command/install.py“, line 577, in run
    self.run_command(‚build‘)
    File „/opt/lib/python2.6/distutils/cmd.py“, line 333, in run_command
    self.distribution.run_command(command)
    File „/opt/lib/python2.6/distutils/dist.py“, line 995, in run_command
    cmd_obj.run()
    File „/opt/lib/python2.6/distutils/command/build.py“, line 134, in run
    self.run_command(cmd_name)
    File „/opt/lib/python2.6/distutils/cmd.py“, line 333, in run_command
    self.distribution.run_command(command)
    File „/opt/lib/python2.6/distutils/dist.py“, line 995, in run_command
    cmd_obj.run()
    File „setup.py“, line 251, in run
    self.run_command(cmd_name)
    File „/opt/lib/python2.6/distutils/cmd.py“, line 333, in run_command
    self.distribution.run_command(command)
    File „/opt/lib/python2.6/distutils/dist.py“, line 995, in run_command
    cmd_obj.run()
    File „setup.py“, line 278, in run
    raise RuntimeError(„autoconf error“)
    RuntimeError: autoconf error

    I’m stuck right now.

    • DerNils

      I have the same error here. It seems that some changes from synology led to a situation in which the tutorial is not longer working 🙁

Kommentare sind geschlossen.