Nextcloud backup and restore


Backup Nextcloud

The backup example can be downloaded here: github/criegerde

Ensure to have regulary backups from _0 (Sunday) to _6 (Saturday) of your Nextcloud, including at least:
– the webfolder: /var/www/nextcloud
– the datafolder: /var/nc_data/appdata_<id>
– and the database: nextcloud.

Please substitute ubuntuusername and the database password nextcloud with yours. Switch into sudo mode:

sudo -s

1. Turn maintenance mode on:

sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on

2. Backup the webfolder:

tar -cpzf /home/ubuntuusername/ncserver_`date +"%w"`.tar.gz -C /var/www/nextcloud .

3. Backup the datafolder:

tar -cpzf /home/ubuntuusername/ncdata_`date +"%w"`.tar.gz -C /var/nc_data .

4. Backup the database:

mysqldump --single-transaction -h localhost -unextcloud -pnextcloud nextcloud > /home/ubuntuusername/ncdb_`date +"%w"`.sql

5. Turn maintenance mode off:

sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off

Done.

6. A Nextcloud backup example (backup.sh):

It won’t backup your personal (user) data, but you will be able to restore the entire Nextcloud instance.
Please don’t forget to backup your personal (user) data either!

#!/bin/bash
# enbale Maintenance Mode to prevent users from working with Nextcloud
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
# create directory first: mkdir /backup -p
BACKUP_STORE=/backup
# create directory first: mkdir /backup-repository -p
ARCHIVE_STORE=/backup-repository
# declare dateformat and numbering of backups
CURRENT_TIME_FORMAT="%w"
# print start date/time 
echo "START: $(date)"
# list of folders to be backed up, feel free to add/remove directories
FOLDERS_TO_BACKUP=(
"/root/"
"/etc/fail2ban/"
"/etc/letsencrypt/"
"/etc/mysql/"
"/etc/nginx/"
"/etc/php/"
"/etc/ssh/"
"/etc/pam.d/"
"/etc/ssl/"
"/var/www/"
"/var/nc_data/rainloop-storage/"
)
# declare the backup filename
ARCHIVE_FILE="$ARCHIVE_STORE/nc_backup_$(date +$CURRENT_TIME_FORMAT).tar.gz"
# change directory
cd $BACKUP_STORE
# start rsync to back up the folders
for FOLDER in ${FOLDERS_TO_BACKUP[@]}
do
	if [ -d "$FOLDER" ];
	then
		echo "Copying $FOLDER..."
		rsync -AaRx --delete $FOLDER $BACKUP_STORE
	else
		echo "Skipping $FOLDER (does not exist!)"
	fi
done
# copy the fstab
[ -f /etc/fstab ] && cp /etc/fstab $BACKUP_STORE/etc/
# copy the mail configuration
[ -f /etc/msmtprc ] && cp /etc/msmtprc $BACKUP_STORE/etc/
# create a database back up
mysqldump --single-transaction -h localhost -unextcloud -pnextcloud nextcloud > $BACKUP_STORE/ncdb_`date +"%w"`.sql
# print the database backup size
mysql -hlocalhost -unextcloud -pnextcloud -e "SELECT table_schema 'DB',round(sum(data_length+index_length)/1024/1024,1) 'Size (MB)' from information_schema.tables WHERE table_schema = 'nextcloud';"
# create the directories
mkdir -p $(dirname $ARCHIVE_FILE)
# compress all data
tar -cpzf $ARCHIVE_FILE .
# print back up size
echo "nc_backup size: $(stat --printf='%s' $ARCHIVE_FILE | numfmt --to=iec)"
# stop all services
/usr/sbin/service nginx stop
/usr/sbin/service mysql stop
/usr/sbin/service redis-server stop
/usr/sbin/service php7.3-fpm stop
# remove copied files 
[ -f $BACKUP_STORE/ncdb_`date +"%w"`.sql ] && rm -f $BACKUP_STORE/ncdb_`date +"%w"`.sql
[ -f /etc/msmtprc ] && rm -f $BACKUP_STORE/etc/msmtprc
[ -f /etc/fstab ] && rm -f $BACKUP_STORE/etc/fstab
# if ModSecurity is enabled remove the '#'
#echo "+---------+-------+--------------+"
#echo "|   ModeSec Access denied        |"
#echo "+---------+-------+--------------+"
#/bin/cat /var/log/nginx/error.log /var/log/nginx/error.log.1  | egrep -i "access denied" | egrep -i "id \"[0-9]{6}\"" -o | sort | uniq -c | sort -nr
#echo "+---------+-------+--------------+"
#echo "|   ModeSec Warnings             |"
#echo "+---------+-------+--------------+"
#/bin/cat /var/log/modsec_audit.log | egrep -i "warning\." | egrep -i "id \"[0-9]{6}\"" -o | sort | uniq -c | sort -nr
#echo "+---------+-------+--------------+"
# restart all services
/usr/sbin/service nginx stop
/usr/sbin/service mysql restart
/usr/sbin/service redis-server restart
# enable if Collabora and/or OnlyOffice are used
#/usr/bin/docker restart COLLABORAOFFICE
#/usr/bin/docker restart ONLYOFFICE
/usr/sbin/service php7.3-fpm restart
/usr/sbin/service nginx restart
# disable maintanance mode
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
# Nextcloud optimizations
/usr/bin/redis-cli -s /var/run/redis/redis-server.sock <<EOF
FLUSHALL
quit
EOF
sudo -u www-data php /var/www/nextcloud/occ files:scan --all
sudo -u www-data php /var/www/nextcloud/occ files:scan-app-data
# check for Nextcloud updates
echo "Nextcloud apps are checked for updates..."
sudo -u www-data php /var/www/nextcloud/occ app:update --all
# print end date/time
echo "END: $(date)"
# substitute your.name@dedyn.io properly to send backup status mails and enable it
#mail -s "Backup - $(date +$CURRENT_TIME_FORMAT)" -a "FROM: Your Name <your.name@dedyn.io>" your.name@dedyn.io < /path/to/your/logfile
exit 0


Restore Nextcloud according to the chapters before

A restore of your Nextcloud even consists of
– the webfolder: /var/www/nextcloud
– the datafolder: /var/nc_data/appdata_<id>
– the database: nextcloud.

We demonstrate a restore exemplarily from a Monday backup (_1) what have to be substituted properly. Switch into sudo mode:

sudo -s

1. Turn maintenance mode on:

sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on

2. Stop services:

/usr/sbin/service nginx stop
/usr/sbin/service php7.3-fpm stop

3. Delete the old directories:

rm -r /var/www/nextcloud/
rm -r /var/nc_data/

4. Create the directories new again:

mkdir -p /var/www/nextcloud/
mkdir -p /var/nc_data/
tar -xpzf /home/ubuntuusername/ncserver_1.tar.gz -C /var/www/nextcloud/
tar -xpzf /home/ubuntuusername/ncdata_1.tar.gz -C /var/nc_data/

5. Apply the permissions:

chown -R www-data:www-data /var/nc_data /var/www

6. Restore the database:

– Delete the old database

mysql -h localhost -uroot -pnextcloud -e "DROP DATABASE nextcloud"

– Create an empty one

mysql -h localhost -uroot -pnextcloud -e "CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci"

– Grant access

mysql -h localhost -uroot -pnextcloud -e "GRANT ALL PRIVILEGES on nextcloud.* to nextcloud@localhost"

– Restore the database

mysql -h localhost -unextcloud -pnextcloud nextcloud < /home/ubuntuusername/ncdb_1.sql

7. Restart services:

/usr/sbin/service php7.3-fpm start
/usr/sbin/service nginx start

8. Fingerprint:

After restoring a backup of your data directory or the database, you should always call maintenance:data-fingerprint once. This changes the ETag for all files in the communication with sync clients, allowing them to realize a file was modified.

sudo -u www-data php /var/www/nextcloud/occ maintenance:data-fingerprint

9. Turn maintenance mode off:

sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off

Done.



Carsten Rieger

Carsten Rieger

Carsten Rieger is a senior system engineer in full-time and also working as an IT freelancer. He is working with linux environments for more than 15 years, an Open Source enthusiast and highly motivated on linux installation and troubleshooting. Mostly working with Debian/Ubuntu Linux, Nginx and Apache web server, MariaDB/MySQL/PostgreSQL, PHP, Cloud infrastructure (e.g. Nextcloud) and other open source projects (e.g. Roundcube) and in voluntary work for the Dr. Michael & Angela Jacobi Stiftung for more than 7 years.