I’ve been using the Strato Hidrive service for a couple of years now to make a remote backup of my local Synology NAS. This is done using Rsync that is available on the Synology and with Hidrive.
Strato Hidrive offers much more than only Rsync, but I just use it for remote backup. Actually I pay almost 140 euro’s a year for 250 Gb of storage. My photo’s are worth the money but then I realised that I can build something myself.
I just want a backup of selected folders from my Synology to a remote location. The Synology itself already has RAID-1 mirroring, data is backupped to external USB drives and so now and then to Blueray disks. All those backups are stored locally and because the drives are connected, one lightning strike is sufficient to destroy all.
The remote location is not that hard to find. You just need a friend or parent house with reasonable internet connection and a power outlet ;-).
I’ve bought a Raspberry Pi Model B with 512 Mb memory, 8 Gb SD Card, Powersupply and case for less than 70 euro’s (that’s half a year of the Hidrive subscription). An external USB harddrive of 2 TB can be bought for about the same amount. I choose the Western Digital Elements Desktop 2 TB with external power supply. The Raspberry Pi cannot power a 2,5 inch USB disk so you would need to buy an additional powered USB hub. Power usage of the desktop version of the WD Elements disk is 12 watt at spin-up, 5 watts while in use and almost nothing in standby. The disk does go to sleep when idle on the Raspberry Pi!
Below is a Step by Step description how to setup the Raspberry Pi and Synology to perform automated backups on the Raspberry Pi. I’m not a Linux expert. In case things do not work, check Google first. Leave a comment if you have improvement suggestions.
NOTE: In this setup you create a sync of folders from the Synology to another location on the Raspberry Pi. If you change the content of a file, that file is overwritten in the destination. So it does not protect you from ‘stupid’ mistakes while editing files. It does protect you from losing your data when your Synology is stolen, explodes or crashes. Continu reading, there is an option to make it a little more a backup.
My first intention was to use the standard Synology Backup Manager to configure a rsync backup to another server. I couldn’t get this working using SSH. Only unencrypted (so insecure) connections worked. Therefore I started to use the ‘Scheduled Task’ function in the Synology to run my own rsync scripts. Actually I’m happy that I did, because I now know better how rsync works and I have setup other backups (i.e. backup another Raspberry Pi to my Synology!)
First make sure you have a running Raspberry Pi with Raspian Linux installed on a SD Card. Connect an external USB harddisk to the Raspberry Pi (I will shorten Raspberry Pi to RPi from now on).
Disk configuration
I finally choose to use EXT4 filesystem instead of NTFS. NTFS has the benefit that you can connect the disk to a Windows or Mac computer to read the data in case of a recovery. It turned out that the ntfs-3g driver for the RPi uses a lot of CPU therefore limiting the write speed. (SSH Secure transfer and Rsync takes CPU resources too). I think on a slow connection (up to 10 Mbit) you can still use NTFS, but in case you also want to use the RPi as a local NAS, don’t use NTFS.
You can connect the USB drive with EXT4 file system to the Synology and read files directly. Also additional software to use it on Mac OS X is available too, so it’s flexible enough for me!
Login to your RPi and execute the next commands:
$ sudo fdisk -l
Your disk will be one of the /dev/sd* disks shown. Check which one is your external disk. If you only have one disk connected, it will be /dev/sda1.
When the USB disk is new, it is most likely formatted in FAT or NTFS. Prepare the drive for Linux:
$ sudo fdisk /dev/sda (sda without a number!)
first delete the current partition by pressing “d”, then create a new (Linux) partition using “n”. Finalize the changes by using “w”. Next format the ext4 filesystem:
$ sudo mkfs.ext4 /dev/sda1 (sda1 with a one!)
Create a mount point for this disk. Use a name you like, I used usbdrive.
$ sudo mkdir /mnt/usbdrive
If you want to auto mount this disk every time, add it to /etc/fstab:
$ sudo nano /etc/fstab
add the following line to /etc/fstab:
/dev/sda1 /mnt/usbdrive ext4 defaults,user 0 0
Maybe you need a restart of the RPi ($ sudo restart), but then you should see your USB drive attached and mounted. Try writing a directory or file to the disk using:
$sudo mkdir /mnt/usbdrive/test
If this works, your disk is mounted correctly.
Setup Linux user accounts:
If you want a more secure RPi, add a new user and remove the user: “pi”. This site tells you how. At least change the standard password for user “pi” by using:
$ passwd
Create a new user “synology” to use for the rsync backup and set a password. Choose a highly secure password when you connect the RPi to the internet.
$ useradd synology -m -G users
$ passwd synology
Samba
We don’t need Samba to rsync files to the RPi. Samba is used for sharing files with Windows and Mac. I.e. when you have the RPi connected to a local network you can access files on the RPi from the Windows browser. Also, let’s say you have this device setup at a remote site (your friends place). Your friend could hook-up a second harddisk and use your RPi to create a simple NAS. Also check this page.
Install Samba:
$ sudo apt-get update
$ sudo apt-get install samba
$ sudo apt-get install samba-common-bin
restart Samba:
$ service samba restart
Configure Samba user:
$ smbpasswd -a username
configure the shared folder(s):
$ sudo nano /etc/samba/smb.conf
uncomment the line:
security = user
Next, at the end of the smb.conf file add a shared folder configuration for the USB drive. Make sure your users are member of the group users when things don’t work!
[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][usbdrive]
comment = external drive
path = /mnt/usbdrive
valid users = @users
force group = users
create mask = 0660
directory mask = 0771
read only = no
(Start reading yourself a little more on this Samba topic. I’m not sure if the settings are perfect, but at least it works for now)
Setup SSH login with SSH keys
When you login using SSH you are asked for a password. When using scripts for the rsync backup on the Synology, you don’t want to enter a password. To solve this you have to generate SSH RSA Keyfiles.
First login to your Synology using SSH (enable SSH on your Synology first). On windows you need Putty, on a Mac or Linux device you can just enter the command below from the terminal.
$ ssh root@IP_OF_YOUR_SYNOLOGY
the root password is your admin password of the Synology.
on the Synology enter the following commands:
$ cd /root/.ssh
$ ssh-keygen
Push enter for each question. At the end there is a private and public key file in /root/.ssh
the default key file names are id-rsa and id-rsa.pub. You can enter another name during ssh-keygen if you like. (The private key = id-rsa, should reside in /root/.ssh and nowhere else. This is important otherwise it does not work! The public key = id-rsa.pub can be copied to the system you want to login to)
Copy the id-rsa.pub to the .ssh folder of the Synology user on your RPi. Enter the following commands on the Synology. This will also add the contents of the file to the authorized_keys file.
cat ~/.ssh/id_rsa.pub | ssh synology@IP_OF-RPI “mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys”
Next, on the RPi:
$ cd /home/synology/.ssh
$ chmod 600 authorized_keys
(The .ssh folder is hidden, that is the point before .ssh. Using „ls -la” you can see the directory contents including hidden files and folders)
Now you should be able to login from the Synology to the RPi without entering a password using:
ssh synology@IP_OF-RPI
You have to make sure this works, otherwise the rsync script will not work!
Rsync configuration
Rsync is installed by default on the RPi. We use Rsync over SSH meaning the login and datatransfer are encrypted. This is secure for transferring data over the internet.
create a folder on your RPi USB disk to store the backup (if you like).
$ mkdir /mnt/usbdrive/MyBackup
I describe my setup, adjust for your situation.
My synology contain one disk with all shared folders like “video”, “homes”, “photo”, etcetera. I don’t want to backup all folders, because some contain very large files which can be replaced easily, like a movie file. There are multiple ways to configure rsync, it took me a while to find the best for my situation.
My disk structure:
/volume1
/volume1/video
/volume1/video/Home Video –> non replaceable, so backup!
/volume1/video/DVD –> replaceable, do not backup!
/volume1/homes/mike –> non replaceable, backup
/volume1/homes/joey –> not important user, do not backup!
/volume1/Scripts –> important, it contains the scripts I use!
I choose to enter /volume1 as source directory and exclude all files and directories that do not need to be processed with rsync. Before, I made the mistake to provide all the folders to be processed as source location. It did work, but it made the script a mess ;-).
The rsync scripts, exclusion files, rsync-log files are stored in a shared folder on the Synology: /volume1/Scripts. Because it is a shared folder I can access it from the Mac or Windows PC.
I now use the following command (simplified):
rsync -avR –exclude-from=/volume1/Scripts/Rsync/Exclude.txt /volume1 synology@IP_OF_RASPBERRY:/mnt/usbdrive/MyBackup >> /volume1/Scripts/logfile.txt
The rsync format is:
rsync options source destination
add “z” to the options to compress the data (-avRz)
add “n” to the options to perform a dry run. (nothing is really copied, but you can see what happens in log files. -avRzn).
add “–delete” (two dashes before delete, so – -delete (without a space) to delete files from destination when they are not on the source anymore.
–exclude and –include are also options. (also two dashes in front of it)
White spaces make it difficult to enter them correctly within a command line (like: /volume1/video/Home Video). Some difficult escape characters are necessary and actually, I couldn’t get it right and found another solution. I use an exclusion file with all files and folders I want to exclude from the backup.
Let’s see what the rsync command above does:
-avRzn are options.
Archive, verbose, Recursive, Compression, DryRun. Remove the “n” option once you are convinced it’s running properly. The compression option “z” is useful for internet transfers, on local networks it takes to much CPU and slows things down!
I suggest to have a look at the “b” option too. The “b” option creates some kind of backup of a changed file. Use Google for this one!
–exclude-from=
This points to a file exclude.txt that is stored on the synology. This file contains all files and paths I want to exclude from the backup. An example is shown below.
–delete
without the –delete option only files will be updated or added on the destination location. No files will be deleted. This means that once you delete a file or directory on your Synology, it will remain on the RPi USB drive. I believe this is handy when you accidentally delete a folder and detect this 3 days later. Downside is that after a while your destination is cluttered with all kind of old folders and files you have already deleted (or moved) on the source location. So once in a while you could modify your script and add the –delete option, run the script once and again remove the –delete option. During this single run all old files and folders are removed. It might be a good idea to first do a dry run using the “n” option too and check your logfile.
/volume1
This is the source directory for the backup. Without the –exclude-from everything would be processed with sync!
synology@IP_OF_RASPBERRY:/mnt/usbdrive/MyBackup
This is the destination to write the backup to. A SSH connection is opened to the RPi for user synology and data is stored in /mnt/usbdrive/MyBackup. This is why we needed the SSH Keys 😉
>> /volume1/Scripts/logfile.txt
Write the output to a file. You can see which directories and files are processed (and therefore also which files are not processed). When using the “n” option you can use this logfile to see what happens, without it really being processed.
exclude.txt example
This file contains all the files and directories we want to exclude from the backup. Remember, we tell rsync to backup: /volume1, so we need to exclude everything we don’t want!
Create a text file with content like:
– @*
– .*
– /volume1/aquota*.*
– /volume1/video/DVD
– /volume1/homes/joey
– $RECYCLE.BIN
– #recycle
As you can see, I exclude all files that start with . and @. Also aquata*.* and the recycle bin’s are excluded. The folders DVD and joey are excluded. This took some trial and error and there you benefit from the “n” option and the logfile! The – in front of the items are necessary in the file. You can also use a + sign, but I have no cue (yet) why use – or +. Google will help you.
Download the rsync-script and exclude file I use. Modify it for your situation. The script also includes Flock. Flock makes sure the script can run only one time. Imagine that you make the initial backup which can run for multiple days. You don’t want this script to start again during this run.
[wpdm_file id=11]
Configure the backup on the Synology
I always use the latest DSM on my Synology. Below screenshot is from DSM 4.3. It does work with 5.x too! I think that the ‘Scheduled task’ option is implemented since DSM 4.x. Otherwise check Google on how to use CRON with the Synology.
Find the Scheduled Task planner (I use a Dutch version, but look at the icon)
Add a new task brings the following screen:
Root is the user (remember that you’ve created a SSH RSA Key in the /root/.ssh folder, that is because the script is started by Root in this task).
enter the path to your script. In my case I’ve created the /volume1/Scripts shared folder where the script is. The tab ‘planning’ is probably ‘schedule’ in English. Here you can determine how often the script should run.
Make it an offsite solution
I suggest to configure and test your setup while the RPi is connected to your local network. Once everything is working, do an initial sync too. The speed on your LAN is better than over the internet.
Once you bring the RPi to the remote location, you have to change your script on the Synology. Instead of the local IP adres you have to add the IP adres or Domain name of the remote location. In the remote location router you have to forward port 22 to the RPi. Port 22 is the SSH port.
Dre commented below (I didn’t try this yet): If you want to use an alternative port btw (security wise), use the “-e ” (minus e) in the OPTIONS:
OPTIONS=”-avRz -e”
And add “ssh -p $PORTNUMBER” to the perform rsync line:
rsync $OPTIONS “ssh -p 12345″ –delete –exclude-from=/volume1/Scripts/Exclude.txt $SRC $DEST >> $LOGFILE
Final security suggestion
SSH is open on port 22 which will be subject to a lot of attacks from the internet. That’s why you have to setup a highly secure password. Maybe you should google a little on Raspberry Pi and security to see what I have missed.
Install Fail2Ban to block connections from IP addresses that have more than x-number of failed login attempts. Check this page for the setup. After install it already works for SSH.[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]
[…] my previous post about Synology and Rsync […]
He, te gek…. ben zelf druk aan het stoeien met hetzelfde idee. Laat wel weten of het lukt.. 🙂
Isn’t it possible to use the ‘backup wizard’ in DSM to map to the drive via raspberry running rsync?
I would say it should be possible, but so far I could not get it working. I know that with Strato Hidrive which uses Rsync, the wizard works. But with the Raspberry Pi it seems that the SSH login does not work with the wizard.
Using Rsync without encryption (without SSH) does work with the Raspberry Pi. Couldn’t find enough info to fix it so created my own script which works fine.
Hi Alexander!
I think I got it working using the synology backup wizard.
The thing is r-synch needs to run as a daemon on the raspberry, I’ve found this manual on how to set this up:
http://www.prodeta.nl/synology-network-backups-to-rsync-compatible-servers/
and FYI I am a TOTAL linux noob, so please don’t ask me for support and expect an answer that cannot be found by google 😉
kind regards,
Dave
P.s. so far I’m running it without using SSH, so over a unencrypted connection.. if anyone can work this out and combine everything into one manual I will be a happy man!
Hi Dave,
Thanks for the feedback. I had it working with the rsync daemon and Synology Backup wizard but I want a secure connection 😉
At the moment I’m fine using it with the task manager in Synology and a handwritten script. It offers all the control I need. Besides it made me understand Rsync so now I have backups of my Raspberry Pi’s, Macbook’s and even Windows using Rsync.
It works! Now finetuning the stuff… thanks a lot! Nice one on the security hints as well…cheers!
Well, excellent work! Got it to work in 1 evening. Had some problems with your “cat” command to get the id_rsa.pub file copied to the raspberry. So I ended up doing copy paste of the file content and that worked also. I am curious to see how this will work on a day to day operation …. 🙂 thanks again for such a nice x-mas present….
Hi Martin,
Thanks for the compliments. Let me know what your experiences are on a day to day operation. It’s running for several weeks now in my setup.
I think the CAT command issue is caused because it tries to append to an existing file. Probably you had no existing file yet.
Merry X-mas to you too.
Hi,
I’ve got it set up now. The backup proces works but it does not delete the files or dirs on the target when I remove files/dirs on the NAS. Or I’m a doing something wrong here?
Any suggestions?
Thanks! 🙂
We solved it via email already. For the other visitors, use the –delete option. (two dashes).
Hi,
I was just figuring out a backup strategy for my synology and was also experimenting with my raspberry pi.
I haven’t figured out what rsync does exactly, but I read that it is sort of syncing your data instead of a real backup? Wouldn’t using “bittorrent sync” be easier to setup? At least, if syncing is your goal?
Hi,
I don’t know bittorrent sync so I can’t judge that. My mean reason to use rsync is the build in support on the synology.
Rsync does indeed sync ONE way. So upload files from NAS to Raspberry Pi. When using the –delete option, it will also delete files on the backup side when you delete files on the source. In that case it won’t offer protection against ‘stupid, I accidentally deleted my files’ actions. It does protect you in case your house burns down including your Synology, then you have al your files on another remote location. Personally I don’t use the delete option, so deleted files are kept at the backup side. (once in a while I do the delete to make a new sync)
There is also a rsync option to keep an archive copy of a deleted or changed file. Actually I think there are better options to protect you from accidentally deleted files.
My main goal is to have all my important files stored on a offsite location. If you own a synology you can use time backup that makes snapshots on i.e. an external USB disk in case of ‘stupid’ actions ;-).
Good luck!
Alex
Great blog, unfortunately I can’t get the ‘SSH login with SSH keys’ step to work. I tried the other way around (Pi -> NAS) and that works fine. But for some reason the NAS keeps asking for a password when connecting to the Raspberry pi. When I use ssh -v pi@nas-ip I can see it tries the public key (no error is displayed) and continues to use the password. I checked file and folder permissions. 600 for the authorized_keys file and 700 for the .ssh folder. I checked the /var/log/auth.log file, but it doesn’t contain any errors containing public key authentication.
Any suggestions?
Hi,
good tutorial.
But I have one question. Will it be possible to crypt the remote HDD? So that the persion where my HDD ist stored, can’t see any data?
I think about iSCSI, mount the remote HDD from the Paspberry Pi at the Synology with iSCSI and crypt them from there. ?
Hi,
Not sure how to do that exactly. Maybe encrypt the data before you sync it when using Rsync (by first zip/encrypt it). Never used the iSCSI before, but it sounds like an interesting option to explore.
Best regards,
Alex
I was wondering about that as well. Make an ecnrypted file(s) on the Synology or let the Pi do the encryption. I was thinking about doing somehting with Tomb (https://www.dyne.org/software/tomb/). But the challenge would be to adjust the script to communicatie the key – so that the tomb is being mounted – copy the files and close the tomb. But how would I know when the process is done so that tomb can be closed. I;ll share my findings with you when I find out 🙂
Duplicity seems worth looking into…
First of all thanks for this great article. It described exactly what I was looking for!!
On the first try I couldn’t log in with the SSH key file too like some guys mentioned in the comments above. I got it working by running the command “ssh-keygen -t rsa” on the Diskstation without entering a pass phrase. After transferring the new key file to the RPi I could successfully log in without prompting for a password.
Hi,
indeed you have to create a key without using a passphrase.
Hi,
thanks for this blogpost.
It seems to work with the -n option, but when I try it “real” (without the -n option) all I get was an empty directory:
d – – – – – – – – – 3 synology synology 4096 May 27 21:20 Ypsilon/
Maybe an issue with the rights, but I can’t find the miskake.
Hi Juergen,
This looks like a rights issue. I’m not very much into the details on rights for linux based systems, but the d ——- synology synology seems to indicate that nothing and nobody has rights on the Ypsilon directory.
Try to do a
chmod 700 Ypsilon
to provide rights on that directory.You can also try to do 755 or 777 (more rights to everybody).
I find this page very useful: Permissions Calculator to determine the exact number you have to use.
Also try to google on ‘chmod’.
changing mode to 777 changes Ypsilon/ to drwxrwxrwx. But after the next execution of the script Ypsilon/ is back to d———.
Scary ^^
Sorry for the late reply. I missed your comment.
Where is Ypsilon located? In my manual I describe to put it on an external drive and expect something like /mnt/usbdrive/Ypsilon or so.
What are the commands in the script you use?
Alexander, an update of the link towards the fail2ban site is needed. It’s found here: http://www.bartbania.com/raspberry_pi/security2/
Thanks, updated the link 😉
If you want to use an alternative port btw (security wise)
use the “-e ” (minus e) in the OPTIONS:
OPTIONS=”-avRz -e”
And ad “ssh -p $PORTNUMBER” to the perform rsync line:
rsync $OPTIONS “ssh -p 12345” –delete –exclude-from=/volume1/Scripts/Exclude.txt $SRC $DEST >> $LOGFILE
Hi,
Using an alternative port is definitely very wise to use. Thanks for this addition to the page!
Alex.
[…] Add SSH Key to enable login without password. You can find more info on SSH keys in one of my previous posts. Read that post before continuing. Goal is to be able to login to your Pi without having to enter a […]
What permissions do you have set on your Synology file share? I think the problem that Juergen had above was that the task was running as “root” but “root” is not defined as having any permissions on the file shares by default, even though it can navigate to them from the CLI. I’m conflicted because I think I can make it work by assigning my shares the read permission to “everyone” but on the other hand that’s a security risk and makes the file shares wide open. I believe if I can get rsync to run as the user “admin” instead of “root”, that it will fix the problem, but DSM does not provide an easy way to do that, it seems. I hope someone who knows more than I do will chime in.
[…] Rsync backup Synology to Raspberry Pi – … – Complete manual to create backup from Synology NAS to a (remote) Raspberry Pi. […]