{"id":2413,"date":"2018-10-18T17:40:59","date_gmt":"2018-10-18T17:40:59","guid":{"rendered":"https:\/\/owncloud.com\/?p=2413"},"modified":"2020-07-07T17:23:55","modified_gmt":"2020-07-07T17:23:55","slug":"docker-series-pt-3-automatically-backup-and-restore-a-dockerized-owncloud","status":"publish","type":"post","link":"https:\/\/owncloud.com\/de\/blogs\/docker-series-pt-3-automatically-backup-and-restore-a-dockerized-owncloud\/","title":{"rendered":"Automatically Backup and Restore a Dockerized ownCloud"},"content":{"rendered":"<p>After this blog covered the installation of\u00a0<a href=\"https:\/\/owncloud.org\/news\/how-to-set-up-an-owncloud-in-3-minutes\/\" target=\"_blank\" rel=\"noopener\">ownCloud with docker-compose<\/a>, and the use of\u00a0<a href=\"https:\/\/owncloud.org\/news\/docker-owncloud-traefik-reverse-proxy-lets-encrypt-ssl\/\" target=\"_blank\" rel=\"noopener\">Traefik as a reverse proxy<\/a>, you asked for a\u00a0<a href=\"https:\/\/twitter.com\/ownCloud\/status\/1049666671928115201\" target=\"_blank\" rel=\"noopener noreferrer\">how-to about backup &amp; restore strategies<\/a>.<\/p>\n<p>This was tested with Linux only \u2013 if you run docker on a\u00a0<a href=\"https:\/\/forums.docker.com\/t\/host-path-of-volume\/12277\/6\" target=\"_blank\" rel=\"noopener noreferrer\">Mac<\/a>\u00a0or\u00a0<a href=\"https:\/\/blog.sixeyed.com\/docker-volumes-on-windows-the-case-of-the-g-drive\/\" target=\"_blank\" rel=\"noopener noreferrer\">Windows<\/a>\u00a0machine, you may have to adjust the volume paths. But in principle it works the same way.<\/p>\n<h2>Backup the Necessary Data<\/h2>\n<p>To begin,\u00a0<strong>shut down your container<\/strong>. The documentation recommends to enable the maintenance mode and stop the web server \u2013 but in this guide it\u2019s not necessary. With docker it makes sense to just shut down the container.<\/p>\n<pre>docker-compose stop<\/pre>\n<p>Now you can copy the files and database to a secure location. You can do this by\u00a0<strong>copying the docker volumes<\/strong>. In the default case this should be owncloud_files and owncloud_mysql. The other 2 docker volumes can be left out, they only carry temporary data.<\/p>\n<p>This example uses a folder on the docker host itself; in production, you should save the files somewhere else. Otherwise, if the disk gets corrupted, the backup would be affected, too.<\/p>\n<pre>sudo rsync -r \/var\/lib\/docker\/volumes\/owncloud_files ..\/owncloud_backup\/\r\nsudo rsync -r \/var\/lib\/docker\/volumes\/owncloud_mysql ..\/owncloud_backup\/<\/pre>\n<p>You should also\u00a0<strong>copy the docker-compose file and .env<\/strong>\u00a0to your secure location. They can not only be important for restoring, it is always good to document how you set up the service.<\/p>\n<p>As they don\u2019t change often, you don\u2019t have to backup them every time \u2013 it suffices to backup them when you edit them.<\/p>\n<pre>sudo rsync .env ..\/owncloud_backup\/\r\nsudo rsync docker-compose.yml ..\/owncloud_backup\/<\/pre>\n<p>Finally, you can\u00a0<strong>restart the container<\/strong>:<\/p>\n<pre>docker-compose start<\/pre>\n<h3>Using a Dedicated Backup Tool<\/h3>\n<p>Instead of rsync, you can also use your favorite backup tool, like\u00a0<a href=\"https:\/\/www.borgbackup.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">BorgBackup<\/a>\u00a0or\u00a0<a href=\"https:\/\/www.duplicati.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Duplicati<\/a>\u00a0\u2013 the principle is the same. You just need to copy the two docker volumes to a secure location.<\/p>\n<p>Dedicated backup tools usually have the option to encrypt the files. This reduces the attack surface drastically. If you have a\u00a0<strong>symmetric <\/strong>passphrase\u00a0for the backups, an attacker doesn\u2019t get control over your data by gaining access to your backup server. But the passphrase needs to be on the docker host, when you want your machine to make automated backups.<\/p>\n<p>Asymmetric encryption\u00a0is even more powerful; when you only have the public key on your docker host, your backups are protected even if an attacker gains access to your docker host machine. You can store the private key offline, you only need it for restore operations.<\/p>\n<p>You should run a backup regularly. Most backup tools enable you to save only incremental changes, so you don\u2019t have to copy over terabytes of data every time you want a snapshot. This way you can run the backup\u00a0cronjob every night, to keep the downtime short and your backups recent.<\/p>\n<p>Even with a recent backup, you will lose the newest files if something goes wrong. The more recent, the less data loss your instance suffers. That\u2019s why backup tools are so useful.<\/p>\n<h2>Restore Your ownCloud Instance<\/h2>\n<p>These restore steps work both for undoing regretted changes, or for restoring your instance from zero, e.g. when the server was destroyed by a data center fire or disk corruption. In that case you can be lucky if you also backed up your docker-compose and .env files.<\/p>\n<p>If it isn\u2019t this bad and you still have a running container,\u00a0shut it down:<\/p>\n<pre>docker-compose stop<\/pre>\n<p>Now you can\u00a0restore the files and database\u00a0back from your backup location to your docker volume directory:<\/p>\n<pre>sudo rsync -r ..\/owncloud_backup\/owncloud_files \/var\/lib\/docker\/volumes\/\r\nsudo rsync -r ..\/owncloud_backup\/owncloud_mysql \/var\/lib\/docker\/volumes\/<\/pre>\n<p>Then\u00a0start the container again, or create it, if you don\u2019t have created it yet:<\/p>\n<pre># restart your container:\r\ndocker-compose start\r\n\r\n# OR create it first:\r\ndocker-compose up -d<\/pre>\n<h2>Always keep your user\u2019s data safe!<\/h2>\n<p>Backups are very important to ensure that your users don\u2019t lose data. How can you guarantee that their data is safe with you if your ownCloud isn\u2019t resilient against common problems?<\/p>\n<p>Emergencies can always happen. But if you have a recent backup, you are better prepared and are more likely able to fix it.<\/p>\n<p>If you make changes to your server, it can also be very useful to have a recent backup. ownCloud is a very complex platform; installing a new ownCloud app or upgrading your server can go wrong. Restoring the latest backup allows you to try things, if you don\u2019t have a mirrored test instance for this.<\/p>\n<p>Consider announcing downtime for backups to your users, and doing it at night. They will be grateful to know in advance when their data is not available. Transparency makes you a more reliable admin.<\/p>\n<h2>Wait, I need twice the storage now?<\/h2>\n<p>Storage is expensive, and ownCloud needs a lot of storage. Well, to backup an ownCloud you need nearly the same amount of storage again, depending on which compression algorithm your backup tool uses.<\/p>\n<p>It can seem expensive that you have to double the space you are already using. But it\u2019s worth it. Especially when you have the responsibility for the data of others, you should take the necessary steps to protect it.<\/p>\n<p>Do you know good providers for reliable, cheap, convenient, secure storage with good customer support? Discuss your favorite provider in the comments!<\/p>\n<p>Did you like this how-to? Share it on social media or leave a comment below. If you want to learn more about docker, stay tuned! This is the third part of a series about docker. Click here for <a href=\"https:\/\/owncloud.com\/docker-series-pt-1-how-to-set-up-an-owncloud-in-3-minutes\/\">part one<\/a> and here for <a href=\"https:\/\/owncloud.com\/docker-series-pt-2-set-up-owncloud-traefik-as-a-reverse-proxy-with-lets-encrypt-ssl\/\">part two<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Docker Series Pt.3: What to do in an emergency? Good backup strategies are important, so your users don\u2019t lose data. This how-to shows easy ways of keeping your ownCloud instance safe.<\/p>\n","protected":false},"author":7,"featured_media":5091,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[43],"tags":[],"class_list":["post-2413","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"acf":[],"_links":{"self":[{"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/posts\/2413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/comments?post=2413"}],"version-history":[{"count":0,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/posts\/2413\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/media\/5091"}],"wp:attachment":[{"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/media?parent=2413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/categories?post=2413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/tags?post=2413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}