Backing up your linux Server yourself in a time where no one does that

Recently I was assigned with the task to backup our main server, which is something I have never did, and I was very frustrated by the scarcity of articles/videos/tutorials that actually discuss this relatively easy concept.

First I had to search through tens of backup service providers, which most of them turned out to be either aimed at backing up computers, or providing only backup storage solutions which you then had to integrate with a another service to create the backup itself. After being stuck in this mess I decided to do it manually, which turned out to be very much worth it.

To do this we are going to be using the tar utility, and I’m gonna walk you step by step through creating a compressed and encrypted backup files. Luckily, the tar utility already has a flag that you can use to compress your backup tar file.

So the first thing we need to understand is how to create a compressed backup, while excluding the following directories :

sudo tar -cvpzf backup.tar.gz --exclude=/mnt --exclude=/dev --exclude=/backups --exclude=/proc --exclude=/sys /

Note that the / at the end tells tar to backup the whole system.

Below is what each flag means:

-c create or overwrite backup

-v verbose ( you probably wouldn’t need this )

-p perserving permission

-z compress

• f allow you to give the tar file a name (so you put the name of the output file after it)

If you then want to restore the backup file you use this command:

sudo tar -xvpf backup.tar -C ./recovery

./recovery means you’re going to restore it inside that folder (for testing), if you want to actually restore the whole system, replace it with / , like this:

sudo tar -xvpf backup.tar -C /

same flags as the backing up step, with the only difference being the x flag:

-x extract

Now, to create an encrypted backup we are going to change what we did before a bit, and use openssl to encrypt our backup, also while inputing the encryption password in the same line instead of being prompted to enter a password. (in case you want to automate in a cronjob or something).

tar -cvpzf — — exclude=/mnt — exclude=/dev — exclude=/backups — exclude=/proc — exclude=/sys / | openssl enc -e -aes256 -out /backups/secured.tar.gz -pass pass:somestrongpassword

If you want to name the file after today’s date (which you probably do), then replace secured.tar.gz with secured-`date +%F`.tar.gz

Now you can create a shell file to attach to a cron job that contains the following logic:

1. Create a secured and compressed backup tar file (which we already did)
2. Move the backup to the correct place (preferably a remote storage)

And that’s it 😁