I wrote up my entire backup strategy for my across FreeBSD and Linux:
-
I wrote up my entire backup strategy for my servers across FreeBSD and Linux:
- ZFS snapshots with sanoid
- Off-site replication via syncoid to rsync.net (encrypted at rest)
- Proxmox Backup Server fronting Backblaze B2 for VMs
- A Podman trick for backing up RHEL hosts without native packages
- Dead man's switch monitoring
- Quarterly restore tests recorded with asciinemaReal configs included.
My Multi-Stage Backup Strategy: ZFS, Proxmox, and Paranoia
Backups are the thing everyone knows they should do and nobody does well enough. Here’s my multi-stage strategy for keeping about a dozen servers safe: ZFS s...
Larvitz Blog (blog.hofstede.it)
-
R relay@relay.infosec.exchange shared this topic
-
I wrote up my entire backup strategy for my servers across FreeBSD and Linux:
- ZFS snapshots with sanoid
- Off-site replication via syncoid to rsync.net (encrypted at rest)
- Proxmox Backup Server fronting Backblaze B2 for VMs
- A Podman trick for backing up RHEL hosts without native packages
- Dead man's switch monitoring
- Quarterly restore tests recorded with asciinemaReal configs included.
My Multi-Stage Backup Strategy: ZFS, Proxmox, and Paranoia
Backups are the thing everyone knows they should do and nobody does well enough. Here’s my multi-stage strategy for keeping about a dozen servers safe: ZFS s...
Larvitz Blog (blog.hofstede.it)
@Larvitz this is great, thank you.
-
I wrote up my entire backup strategy for my servers across FreeBSD and Linux:
- ZFS snapshots with sanoid
- Off-site replication via syncoid to rsync.net (encrypted at rest)
- Proxmox Backup Server fronting Backblaze B2 for VMs
- A Podman trick for backing up RHEL hosts without native packages
- Dead man's switch monitoring
- Quarterly restore tests recorded with asciinemaReal configs included.
My Multi-Stage Backup Strategy: ZFS, Proxmox, and Paranoia
Backups are the thing everyone knows they should do and nobody does well enough. Here’s my multi-stage strategy for keeping about a dozen servers safe: ZFS s...
Larvitz Blog (blog.hofstede.it)
@Larvitz Could you share some insights in how you configured PBS to use B2 over Cloudflare?
-
@Larvitz Could you share some insights in how you configured PBS to use B2 over Cloudflare?
https://www.cloudflare.com/de-de/partners/technology-partners/scaleway/
Traffic between Scaleway and Cloudflare isn't metered (also Backblaze isn't counting traffic towards CF!).
If you want to avoid B2 egress fees on your Scaleway server, you'll need to route the traffic through Cloudflare (e.g., using Cloudflare Workers or fetching via a Cloudflare-proxied domain) rather than hitting the B2 S3 API directly.
I use a cloudflare protected (sub)domain in front of my public bucket URL to ensure, that the traffic is goung through CF, and therefore is not metered at Backblaze ...
Scaleway → Cloudflare (free, Bandwidth Alliance) → Backblaze B2 (free, Bandwidth Alliance)
Just mind, that Cloudflare ToS doesn't actually allow that ... ( Section 2.8 of their self-serve terms)...
-
https://www.cloudflare.com/de-de/partners/technology-partners/scaleway/
Traffic between Scaleway and Cloudflare isn't metered (also Backblaze isn't counting traffic towards CF!).
If you want to avoid B2 egress fees on your Scaleway server, you'll need to route the traffic through Cloudflare (e.g., using Cloudflare Workers or fetching via a Cloudflare-proxied domain) rather than hitting the B2 S3 API directly.
I use a cloudflare protected (sub)domain in front of my public bucket URL to ensure, that the traffic is goung through CF, and therefore is not metered at Backblaze ...
Scaleway → Cloudflare (free, Bandwidth Alliance) → Backblaze B2 (free, Bandwidth Alliance)
Just mind, that Cloudflare ToS doesn't actually allow that ... ( Section 2.8 of their self-serve terms)...
@Larvitz That seems to have moved a bit, but I think it still is a violation of the ToS
-
@Larvitz That seems to have moved a bit, but I think it still is a violation of the ToS
@jan Yeah.. For my relatively small PBS server, I just "risk it" atm ...
-
@jan Yeah.. For my relatively small PBS server, I just "risk it" atm ...
@Larvitz Thanks for the article. Food for thought.
I'm currently doing backups offsite towards jottacloud (I send a nightly snapshot) but I'd be interested in a more integrated solution than my combination of scripts
-
@Larvitz Thanks for the article. Food for thought.
I'm currently doing backups offsite towards jottacloud (I send a nightly snapshot) but I'd be interested in a more integrated solution than my combination of scripts
@jan My primary production backps are FreeBSD systems with sanoid/syncoid, just doing zfs send/recv via SSH. The Proxmox-PBS to B2 route is only for a small handful of Proxmox systems, I still run.. Just the stuff, that I can't run on FreeBSD (like Kubernetes, OCI containers, FreeIPA, Ansible Automation Platform, Red Hat Satellite, etc.)
