I am doing something like that for my Nextcloud…
FreeNAS is the backend holding all the data.
My FreeNAS No1 replicates its content to FreeNAS No2 every 15 minutes, sending the ZFS snapshots over VPN.
FreeNAS No2 being 400 Km away, it will survive any physical damage FreeNAS No1 can suffer.
FreeNAS No3 is on the same site as FreeNAS No1 and is kept down most of the time. Twice a month, I power it up and it syncs with FreeNAS No1 right away. Once sync is done, I turn it back off. That way, no logical incident can affect FreeNAS No3 because it is offline all the time.
Thanks to that mechanic, all the data are very safe.
In a Docker host outside FreeNAS, I mount a few NFS shares. One is the data used by the Nextcloud container. Another is mounted from a standalone VM I use for backup. That standalone VM has read-only access to all Docker volumes mounted by the Nextcloud container. It does its backup this way. It also has MySQL client installed on it and do a complete SQLDump of the database. These files are then encrypted and saved back in FreeNAS to be replicated to all 3 servers.
Thanks to that, every FreeNAS contains 100% of the server-side encrypted data, 100% of manually encrypted Nextcloud Docker volumes and 100% of the manually encrypted SQL Database. Because everything is encrypted, there are no risk if a FreeNAS get compromised or stolen.
To recover, I need to a Docker host with 3 containers :
–First is used to extract and decrypt the backups. I must enter the backup password manually for that.
–Second is an SQL Database to which I restore the complete DB
–Third is the Nextcloud container in which I mount the freshly restored and decrypted volumes.
And Bingo : a brand new Nextcloud server is running with data up-to-date.
Every year, I do a complete restore test to ensure everything recover correctly and that my cloned Nextcloud is functional. Should I fail my annual test, I fix it and re-test it within 6 months. I also have everything written in a document, listing which command should I do, in which order, …
Thanks to that, my private cloud is as strong and safe as possible. The service may go down for a moment, but data will always be recovered.