Backup nextcloud to omv server at home

I have nextcloud installed on dedicated server on och last version everything work great I have backup locally and remotely.i have omv in dedicated server on my home as a nas and file server,I want backup the nextcloud instance to my omv or it’s possible to make nextcloud instance on omv and sync the two instance how I can do this backup to omv or other instance or what better solution to backup the next loud instance to home.thank you for help

if you have access via ssh to the server that stores your backup, you could use rsync on omv to pull the files.

Yes I have access ssh it’s my server just if you help and tell me how use it’s i mean I gave ssh to server and to omv such code I can use it?

I’am not an expert on it, but to simply pull a directory from a remote server you would run a commnad like this on your local server:

rsync -aze ssh user@remote-host:/RemoteDirectory /LocalDirectory

-a stands for archive mode which copies files recursively and also preserves symbolic links, file permissions, user & group ownerships and timestamps
-z for compression
-e specifies the remote shell to use

I highly recommend to read up on rsync and all it’s options. there are plenty of guides and examples in the web, and as far as I know OMV also provides a GUI to setup rsync-jobs.

Hey all!

How do I allow the user with which I ssh into the Nextcloud server to read-only the data folder, if the data folder is as recommended “drwxrwx— www-data www-data” and I do not want to add the user to the www-data group as other rights might be inherited by that?

Best regards

Perhaps better root or www-data on you nextcloud server can make the backup to the backup host if this reverse way is possible.

I do exactly that in combination with TrueNAS and a few VPS servers I run. I do not see it as threat, since this dedicated backup user is only allowed to log in with ssh keys, wich are only stored on my local TrueNAS box and nowhere else. You could of course do it more complicated, by creating a backup to a seperate folder on the server first, from wich you then pull the backups with a user, that is not in the www-data group.

Thank you for your Answer!
This is the other option. If this external storage is mounted by NFS is it possible to restrict the Nextcloud server user to only allow writing data once but not modify it - this is because of a possible attack where the attacker deletes/ encrypts all prior backup data.

Thanks. This might also answer my last question. Data inside NFS could be saved to another location by the backup host right after the backup pushed by the nextcloud user.

Perhaps you also can set from 770 to 775

drwxrwxr-x www-data www-data

Normally an attacker attacks the system with the application (apache2/nginx) and therefore with user “www-data”.
“ALL” only can then read and execute and not write. That is no really additional risk if you only have a few users e.g. backup-user. Also you can restrict remote sftp/ssh to users, ssh-certificates.