I would like to migrate from my Synology to NextCloud and have a couple of questions about backups left.
I read a lot about backups on NextCloud and I also tested a bit to get familiar with it. It seems it is not well integrated for easy usage but via scripts there is a lot possible. In the end I want automated, incremental, (client side) encrypted backups on an external drive as well as on a remote server (e.g. WebDAV)
My storage capacities are:
internal NAS: 4TB (RAID)
external usb drive: 4TB
remote drive: 4TB
(not all internal data needs a backup)
Is it possible to exclude data from “data folder” backup (e.g. from specific users or shared folders)?
I could just delete the according folders under data/ within the backup but would I get sideeffects in case of restoring (apart from missing data that was not in the backup)?
Is there a better way?
Do I need the ‘maintenance:mode --on’ for backing up only “data folder”?
The official doc does the backup via rysnc. As far as I understand its not encrypted nor incremental. And for me it is a kind of useless copy in between. Is it possible to avoid this step in order to do the backup via Duplicity/Borg/Duplicati directly on the NextCloud “data folder”?
Your best bet is to use a dedicated tool since you know about Borg and the others. Set one of those up to create the automated, incremental, client side encrypted backups you are looking for. Lots of tutorials online if you search for them.
If you run into any mounting difficulty you can use rclone to access the remote webdav server, etc.
Everything I read is, it does the normal NextCloud backup and then backup is backed up but then I would have useless copy somewhere in between.
So my question is, can I run a backup via Borg/duplicati/duplicity/… directly on the Nextcloud “data folder” without putting NextCloud in maintenance mode; and is it also fine to backup only specific userfolders/groupfolders (in case of restore, are there any sideeffects)?
No. You don’t need it for backing up the database either actually. It just guarantees that the database is in a completely stable state.
rsync is usually run over SSH, which is an encrypted protocol. If you want the backups themselves to be encrypted, you just store them to an encrypted location.
As for being incremental, the whole point of rsync is that it is incremental. Its not going to run a 4TB transfer every time it runs. It will run the 4TB transfer the first time, but if you only change 5MB between then and the next run, it will only run a 5MB transfer next time. While it won’t keep an infinite number of prior “versions”, it can be configured to keep the prior version of any files that changed (or were deleted) between runs.
Not really any doubts. Just remember that you can have small losses related to data that is in flight during the backup, but this would be the case for data that is changed after the last backup and before the failure anyway. Nothing is absolutely 100%.