🚀 devops

Server Backup Strategies: Comprehensive Data Protection Guide

Implement robust server backup strategies for Linux servers. Learn backup tools, retention policies, offsite storage, and disaster recovery procedures for production environments.

Published:
Author: ServerHi Editorial Team
Backup strategy visualization showing local, cloud, and hybrid storage approaches

Introduction

Data protection requires systematic backup strategies matching recovery requirements. Backups protect against hardware failure, human error, ransomware, and natural disasters. This guide covers backup methodologies, tool selection, retention policies, and disaster recovery planning for production Linux servers.

Backup strategies balance data protection against storage costs and operational complexity. Regular testing validates backup integrity and recovery procedures. Recovery time and recovery point objectives guide appropriate backup frequency and retention.

Backup architectures range from simple single-server scripts to distributed multi-site solutions. Evaluate requirements before selecting tools and strategies. Over-engineered backup systems introduce maintenance burdens while under-engineered systems risk data loss.

Backup Fundamentals

Learn backup types and strategies to guide appropriate implementation.

Backup Types

Full backups copy all data, providing complete recovery points but consuming significant storage and time. Incremental backups copy only changes since last backup, enabling frequent backups with minimal overhead. Differential backups copy changes since last full backup, simplifying recovery at the cost of increasing backup sizes.

# Full backup example
tar -czvf /backup/full-$(date +%Y%m%d).tar.gz -C / data/

# Incremental backup (requires prior full)
tar -czvf /backup/incr-$(date +%Y%m%d).tar.gz \
  -g /backup/snapshot.snar -C / data/

# Differential backup
tar -czvf /backup/diff-$(date +%Y%m%d).tar.gz \
  -N /backup/full-$(date -d '1 week ago' +%Y%m%d).tar.gz -C / data/

Tar with snapshot files implements simple incremental backups. Modern backup tools automate incremental chains with better deduplication.

Recovery Objectives

Recovery Time Objective (RTO) defines maximum acceptable downtime. Recovery Point Objective (RPO) defines maximum acceptable data loss. These objectives drive backup frequency and architecture decisions:

# High availability (RTO < 1 hour, RPO < 5 minutes)
# Continuous replication + frequent incremental backups

# Standard protection (RTO < 4 hours, RPO < 24 hours)
# Daily full + hourly incremental

# Basic protection (RTO < 24 hours, RPO < 1 week)
# Weekly full + daily incremental

Match backup strategies to business requirements. Critical systems require aggressive RTO/RPO while archival systems tolerate extended recovery times.

Backup Tools and Techniques

Linux provides diverse backup tools suiting different requirements.

rsync for File Backups

rsync excels at efficient file synchronization with bandwidth optimization:

# Basic rsync backup
rsync -avz /source/ /backup/

# Delete files not in source
rsync -avz --delete /source/ /backup/

# Exclude patterns
rsync -avz --exclude='*.tmp' --exclude='cache/*' /source/ /backup/

# Show progress
rsync -avz --progress /source/ /backup/

# Hard links for space-efficient snapshots
rsync -avz --link-dest=/backup/daily.1 /source/ /backup/daily.0/

The --link-dest option creates space-efficient snapshots. Unchanged files hard-link to previous backups, reducing storage while maintaining point-in-time recovery.

rsnapshot for Snapshots

rsnapshot automates rsync-based snapshot rotation:

# Install rsnapshot
sudo apt install rsnapshot

# Configuration /etc/rsnapshot.conf
# snapshot_root /backup/snapshots/
# cmd_cp /bin/cp
# rsync_numtries 3
# retain hourly 24
# retain daily 7
# retain weekly 4
# retain monthly 6
# backup /home/ localhost/
# backup /etc/ localhost/
# backup /var/www/ localhost/

# Test configuration
rsnapshot configtest

# Create hourly snapshot
rsnapshot hourly

# List snapshots
ls -la /backup/snapshots/hourly.0/

# Rotation commands
rsnapshot daily
rsnapshot weekly
rsnapshot monthly

rsnapshot manages snapshot rotation automatically. Hourly, daily, weekly, and monthly retention provides multiple recovery points.

BorgBackup for Deduplication

BorgBackup provides deduplication and compression for efficient storage:

# Install BorgBackup
sudo apt install borgbackup

# Initialize repository (encrypted)
borg init --encryption=repokey /backup/borg-repo

# Create backup
borg create /backup/borg-repo::backup-{now} \
  /home/user/data \
  --exclude '*.tmp' \
  --compression lz4 \
  --progress

# List backups
borg list /backup/borg-repo

# Show backup info
borg info /backup/borg-repo::backup-2026-02-08

# Mount backup for browsing
borg mount /backup/borg-repo::backup-2026-02-08 /mnt/backup/

# Extract specific file
borg extract /backup/borg-repo::backup-2026-02-08 \
  path/to/file.txt

# Prune old backups (keep 7 daily, 4 weekly, 6 monthly)
borg prune --keep-daily 7 --keep-weekly 4 --keep-monthly 6

Deduplication reduces storage dramatically for systems with repeated data. Encryption protects backup data at rest.

Database-Specific Backups

Database backups require specialized tools for consistent snapshots:

# PostgreSQL logical backup
pg_dump -U postgres -Fc mydb > mydb-$(date +%Y%m%d).dump

# PostgreSQL physical backup (requires special configuration)
pg_basebackup -D /backup/pg_basebackup -Fp -Xs -P -R

# MySQL backup
mysqldump -u root -p --single-transaction \
  --quick --lock-tables=false \
  mydb > mydb-$(date +%Y%m%d).sql

# MySQL with compression
mysqldump -u root -p mydb | gzip > mydb-$(date +%Y%m%d).sql.gz

# MongoDB backup
mongodump --out /backup/mongodb/$(date +%Y%m%d)/
mongodump --out - | gzip > mongodump-$(date +%Y%m%d).gz

# Redis backup (BGSAVE)
docker exec redis-server redis-cli BGSAVE
docker cp redis-server:/data/dump.rdb redis-$(date +%Y%m%d).rdb

Database consistency requires either logical backups capturing transaction snapshots or point-in-time recovery configurations.

Cloud Backup Strategies

Cloud storage provides offsite protection against local disasters.

AWS S3 Backups

# Configure AWS CLI
aws configure

# Sync to S3
aws s3 sync /backup/ s3://mybucket/backups/ \
  --storage-class STANDARD_IA \
  --sse AES256

# Lifecycle policy (from AWS console or Terraform)
# Transition to Glacier after 90 days
# Delete after 7 years

# S3 versioning for protection against ransomware
aws s3api put-bucket-versioning \
  --bucket mybucket \
  --versioning-configuration Status=Enabled

S3 provides durable, scalable storage with lifecycle management. Versioning protects against accidental deletion or ransomware encryption.

Rclone for Multi-Cloud Sync

# Install rclone
curl https://rclone.org/install.sh | sudo bash

# Configure cloud storage
rclone config

# Sync to cloud (demonstrates S3)
rclone sync /backup/data s3:mybucket/backups \
  --s3-storage-class STANDARD_IA \
  --transfers 4 \
  --checkers 8 \
  --bwlimit 50M \
  --verbose

# List remote files
rclone ls s3:mybucket/backups

# Check remote size
rclone size s3:mybucket/backups

# Sync with deletion (use with caution)
rclone sync /backup/data s3:mybucket/backups --delete-during

Rclone supports numerous cloud providers with consistent command syntax. Parallel transfers optimize bandwidth utilization.

Encrypted Cloud Backups

Encrypt backups before cloud storage:

# Encrypt with GPG
gpg --symmetric --cipher-algo AES256 sensitive-data.tar.gz
gpg --decrypt sensitive-data.tar.gz.gpg | tar xz

# Encrypt with openssl
openssl enc -aes-256-cbc -salt \
  -in sensitive-data.tar.gz \
  -out sensitive-data.tar.gz.enc
openssl enc -d -aes-256-cbc \
  -in sensitive-data.tar.gz.enc | tar xz

#borg with encryption (preferred)
borg init --encryption=repokey /backup/borg-repo
borg create /backup/borg-repo::backup-{now} /data

Client-side encryption ensures cloud providers never access plaintext data. Key management requires careful planning.

Backup Automation

Automate backup execution and verification.

Cron Scheduling

# /etc/cron.d/backup-schedule
# Daily full backup at 2 AM
0 2 * * * root /usr/local/bin/backup-full.sh

# Hourly incremental at minute 0
0 * * * * root /usr/local/bin/backup-incremental.sh

# Weekly database backup Sunday 3 AM
0 3 * * 0 root /usr/local/bin/backup-db.sh

# Monthly cleanup first day 4 AM
0 4 1 * * root /usr/local/bin/backup-cleanup.sh

Cron provides reliable scheduling for backup automation. Multiple schedules suit different backup types.

Backup Scripts

#!/bin/bash
# backup-full.sh - Daily full backup script

set -euo pipefail

# Configuration
BACKUP_DIR="/backup/daily"
DATE=$(date +%Y%m%d)
LOG_FILE="/var/log/backup-full.log"
RETENTION_DAYS=30

# Start logging
exec > >(tee -a "$LOG_FILE") 2>&1
echo "=== Backup started at $(date) ==="

# Create backup directory
mkdir -p "$BACKUP_DIR"

# Database backup
echo "Backing up databases..."
docker exec postgres-server \
  pg_dump -U appuser appdb | gzip > "$BACKUP_DIR/db-$DATE.sql.gz"

# File backup
echo "Backing up files..."
rsync -avz --delete \
  --exclude='*.tmp' \
  --exclude='.cache/*' \
  /data/ "$BACKUP_DIR/data/"

# Upload to cloud
echo "Uploading to cloud..."
rclone sync "$BACKUP_DIR" cloud:backups/daily/ \
  --quiet || echo "Cloud upload failed"

# Cleanup old backups
echo "Cleaning up old backups..."
find "$BACKUP_DIR" -name "*gz" -mtime +$RETENTION_DAYS -delete

# Verify backup
echo "Verifying backup..."
rclone check "$BACKUP_DIR" cloud:backups/daily/ || echo "Verification warning"

echo "=== Backup completed at $(date) ==="

Backup scripts encapsulate configuration, execution, and verification. Logging provides audit trails for compliance.

Backup Verification

#!/bin/bash
# verify-backups.sh - Test backup restoration

BACKUP_FILE="$1"
EXTRACT_DIR="/tmp/verify-$$"

if [ -z "$BACKUP_FILE" ]; then
    echo "Usage: $0 <backup-file>"
    exit 1
fi

echo "Verifying $BACKUP_FILE..."

# Create extraction directory
mkdir -p "$EXTRACT_DIR"

# Extract to verification directory
case "$BACKUP_FILE" in
    *.tar.gz|*.tgz)
        tar -xzf "$BACKUP_FILE" -C "$EXTRACT_DIR" || exit 1
        ;;
    *.zip)
        unzip -q "$BACKUP_FILE" -d "$EXTRACT_DIR" || exit 1
        ;;
    *.sql.gz)
        gzip -dc "$BACKUP_FILE" > /dev/null || exit 1
        ;;
    *)
        echo "Unknown format"
        exit 1
        ;;
esac

# Verify expected content exists
if [ -d "$EXTRACT_DIR/data" ]; then
    FILE_COUNT=$(find "$EXTRACT_DIR/data" -type f | wc -l)
    echo "Extracted $FILE_COUNT files"
fi

# Check database backup
if [[ "$BACKUP_FILE" == *.sql.gz ]]; then
    if gzip -dc "$BACKUP_FILE" | head -c 100 | grep -q "PostgreSQL"; then
        echo "Database backup verified"
    fi
fi

# Cleanup
rm -rf "$EXTRACT_DIR"

echo "Verification complete"

Regular verification ensures backups restore correctly before emergencies require them.

Disaster Recovery Planning

Recovery procedures require documentation and regular testing.

Recovery Documentation

Document recovery procedures for various scenarios:

## Database Recovery Procedure

### Prerequisites
- Access to backup storage (cloud or local)
- Database server running
- Sufficient disk space

### Recovery Steps

1. Stop application
   systemctl stop application

2. Identify backup
   rclone ls cloud:backups/daily/
   # Note: backup-20260208.sql.gz

3. Create temporary directory
   mkdir -p /tmp/restore
   cd /tmp/restore

4. Download backup
   rclone copy cloud:backups/daily/backup-20260208.sql.gz /tmp/restore/

5. Restore database
   gunzip -c backup-20260208.sql.gz | psql -U postgres -d appdb

6. Verify restoration
   psql -U postgres -d appdb -c "SELECT COUNT(*) FROM users;"

7. Restart application
   systemctl start application

### Rollback Procedure
If issues occur:
1. Stop application
2. Restore previous backup (backup-20260207.sql.gz)
3. Restart application

Documentation ensures consistent recovery across team members. Test procedures regularly to verify accuracy.

Recovery Testing

#!/bin/bash
# test-recovery.sh - Automated recovery testing

TEST_ENV="recovery-test-$(date +%s)"
BACKUP_SOURCE="/backup/daily/latest"

echo "Starting recovery test..."

# Create isolated test environment
docker run -d --name "$TEST_ENV" -e POSTGRES_PASSWORD=test \
  postgres:15

# Wait for database
sleep 10

# Restore test
docker exec -i "$TEST_ENV" psql -U postgres \
  -c "CREATE DATABASE test_restore;"
  
gunzip -c "$BACKUP_SOURCE/db-*.sql.gz" | \
  docker exec -i "$TEST_ENV" psql -U postgres -d test_restore

# Verify
TABLE_COUNT=$(docker exec "$TEST_ENV" psql -U postgres \
  -d test_restore -t -c "SELECT COUNT(*) FROM information_schema.tables;")

if [ "$TABLE_COUNT" -gt 0 ]; then
    echo "Recovery test PASSED: $TABLE_COUNT tables restored"
else
    echo "Recovery test FAILED"
    exit 1
fi

# Cleanup
docker stop "$TEST_ENV"
docker rm "$TEST_ENV"

echo "Recovery test complete"

Automated testing validates recovery procedures without affecting production. Schedule regular tests to maintain confidence.

Backup Monitoring

Monitor backup success and storage consumption.

Backup Status Monitoring

#!/bin/bash
# check-backups.sh - Backup health monitoring

ERRORS=0

# Check last backup age
LAST_BACKUP=$(stat -c %Y /backup/daily/data/. 2>/dev/null || echo 0)
NOW=$(date +%s)
AGE=$((NOW - LAST_BACKUP))

if [ $AGE -gt 86400 ]; then
    echo "WARNING: Last backup is ${AGE} seconds old (> 86400)"
    ERRORS=$((ERRORS + 1))
fi

# Check backup file size
SIZE=$(du -sm /backup/daily/ 2>/dev/null | cut -f1)
if [ $SIZE -lt 100 ]; then
    echo "WARNING: Backup size ${SIZE}MB seems small"
    ERRORS=$((ERRORS + 1))
fi

# Check cloud sync
rclone check /backup/daily/ cloud:backups/daily/ --quiet
if [ $? -ne 0 ]; then
    echo "WARNING: Cloud sync verification failed"
    ERRORS=$((ERRORS + 1))
fi

# Exit with status
if [ $ERRORS -gt 0 ]; then
    echo "Backup check FAILED with $ERRORS issues"
    exit 1
else
    echo "Backup check PASSED"
    exit 0
fi

Monitoring catches backup problems before emergencies. Integrate with alerting systems for proactive notification.

Storage Reporting

#!/bin/bash
# storage-report.sh - Backup storage usage report

echo "=== Backup Storage Report ==="
echo "Generated: $(date)"
echo ""

echo "Local backup storage:"
du -sh /backup/*/ 2>/dev/null

echo ""
echo "Cloud storage usage:"
rclone about cloud:backups/ 2>/dev/null || echo "Cloud info unavailable"

echo ""
echo "Old backup cleanup candidates:"
find /backup -name "*.tar.gz" -mtime +90 -exec ls -lh {} \; 2>/dev/null

echo ""
echo "Database backup sizes:"
du -sh /backup/*db*.gz 2>/dev/null

Regular storage reports inform capacity planning and cleanup decisions.

Conclusion

Backup strategies require systematic planning matching business recovery requirements. Appropriate tool selection balances complexity against capability needs. Regular testing validates backup integrity and recovery procedures.

Automation ensures consistent backup execution while monitoring catches problems before emergencies. Documentation enables recovery under pressure while regular practice builds team confidence.

Review and update backup strategies as systems evolve. Annual disaster recovery exercises validate procedures against current infrastructure. Maintain backup procedures for infrastructure-as-code alongside application data.

Related Posts:

Tags

#backup #recovery #Linux #disaster recovery #data protection

Related Tutorials