NextCloud: Backup and Restore
Two bash scripts that can be used to back up or restore a NextCloud instance. EncPass is used to hide secrets.
Backup and Restore NextCloud
The two bash scripts in this repository can be used to back up or restore a NextCloud instance. They were inspired by DetaTec. The main differences are the use of EncPass to hide secrets, and the replacement of ls calls by the find command, thus simplifying the code to remove old backups.
The repository is maintained on Codeberg.
The scripts must be configured by defining a few variables in the VARIABLES sections.
NextCloud Directories and Database Type
To back up/restore a NextCloud instance, two directories and a database must be backed up or restored. Those values can be set in the VARIABLES section of the scripts, i.e.
# specify the location of the nextcloud installation directory
nextcloudInstallationDirectory='/var/www/nextcloud'
# specify the location of the nextcloud data directory
nextcloudDataDirectory='/home/nextcloud/data'
# specify the database: can either be mysql, mariadb, postgresql
database='postgresql'
NextCloud Installation Directory
This is the installation directory of NextCloud, which can usually be found within the web directory of a server. The default is set to /var/www/nextcloud.
NextCloud Data Directory
This is the working or data directory of NextCloud. The default is set to /home/nextcloud/data.
NextCloud Database
To dump the NextCloud database, and to import that dump again, later on, the script needs to know which database is used. The default is set to postgresql, i.e. a PostgreSQL database is used.
Warning: The script assumes that the database was created with UTF-8 support.
Secrets and EncPass
To avoid storing secrets in a script, most bell0bytes scripts use EncPass.
The backup and restore scripts require the following information:
- nextcloudDB: the name of the NextCloud database
- nextcloudDBUser: the user to access the database specified above
- nextCloudDBPassword: the password to authenticate the above specified user with
Before starting the scripts, one must thus make sure that those secrets actually exists. A list of secrets for a given bucket can be shown with the list command, as follows:
sudo encpass.sh list nextcloud
If the output looks like this, everything is fine:
db
dbPassword
dbUser
If not, the secrets have to be created:
sudo encpass.sh add nextcloud db
sudo encpass.sh add nextcloud dbUser
sudo encpass.sh add nextcloud dbPassword
Note: Since the backup script must be run as root, the EncPass secrets must also be created for the root user, hence the use of sudo. Make sure that the EncPass scripts are available in the /bin directory.
PostgreSQL Password
When using a PostgreSQL database, the script assumes a .pgpass file to exist in the root home folder, with at least the following information for the database to be backed up, and the user to connect to the database to:
hostname:port:database:username:password
localhost:5432:nextcloud:nextcloud:***
Note: The file must have 0600 permissions.
Further Configuration
The following variables should be set to adapt the script to the environment in question.
| Variable | Description | Default |
|---|---|---|
| backupRoot | the root directory for the backups | /mnt/backup/nextcloud |
| useCompression | true iff compression should be used | false |
| webServerService | the name of the web or proxy server | nginx |
| webServerUser | the web user | www-data |
| nBackupsToKeep | the number of backups to keep | 7 |
| fnBackupInstallationDirectory | the name of the backup file for the installation directory | nextcloud-installation-directory.tar |
| fnBackupDataDirectory | the name of the backup file for the data directory | nextcloud-data-directory.tar |
| fnBackupDB | the name of the backup file for the database dump | nextcloud-db.dump |
NB 1: If useCompression is set to true, .gz will be appended to the file names.
NB 2: If another backup software, such as Borg, is to be used, compression should be disabled.
Automation with Cronjobs
I suggest running the backup script each evening and keeping $7$ backups. To do so, a cronjob must be created for the root user.
sudo crontab -e
0 5 * * * /bin/bash '/home/symplectos/Scripts/Backup/NextCloud/nextcloudBackup.sh'
Note: Make sure the script is executable.
Manual Usage
Backup
Simply run the backup script with superuser do:
sudo ./nextcloudBackup.sh
Restore
To restore a backup, run the script, with superuser do, specifying the desired backup to restore as parameter:
sudo ./nextcloudRestore.sh 20210325_050000
Test Run
Test run with nBackupsToKeep=1 and useCompression=false:
sudo ./nextcloudBackup.sh
Creating a backup of the NextCloud instance ...
Backup Directory: /mnt/backup/nextcloud
Backup Date: 20210328_101838
Maintenance mode enabled
Stopping the web server ... done
Creating backup of the NextCloud installation directory ... done
Creating backup of the NextCloud data directory ... done
Dumping the NextCloud DB (PostgreSQL) ... done
Restarting the web server ... done
Maintenance mode disabled
The Backup of the NextCloud instance was successful!
Created Backup: /mnt/backup/nextcloud/20210328_101838/
This Backup can now be assimilated by the Borg!
To restore this backup, the 20210327_200514 should be given as a parameter to the restore script:
sudo ./nextcloudRestore.sh 20210328_101838
Restoring Backup: /mnt/backup/nextcloud/20210328_101838
Maintenance mode enabled
Stopping the web server ... done
Deleting the old NextCloud installation directory ... done
Deleting the old NextCloud data directory ... done
Restoring the NextCloud installation directory ... done
Restoring the NextCloud data directory ... done
Dropping the old NextCloud DB ...
DROP DATABASE
Done
Creating the new NextCloud DB ...
CREATE DATABASE
Done
Importing the DB dump into the new DB ...
...
Done
Restarting the web server ... done
Chowning the correct directory permissions ... done
Updating the System Data-Fingerprint ...
Nextcloud is in maintenance mode - no apps have been loaded
Done
Maintenance mode disabled
Done: The Backup 20210328_101838 was successfully restored!
