I am looking to make a backup of my public_html dirs and mysql files, encrypt them, and rsync them to storage/backup site. ETA: By pulling from the backup server.
So far using duplicity and then rsync is the best option I have found … any thoughts of a better option?
Thanks!
Duplicati is really good for that kind of things. For my private cloud we are using it with 2 unlimitied gdrive and we encrypt our data and send it there.
If you are still intressted in another solution maybe look at syncthing isn’t exactly that but it worked really well for me too for syncing things around… syncthing XD
If there’s one thing I could suggest, it would be to never rsync from your main to your backup, but the other way around: have your backup server fetch (rsync) the files from the main server.
This way if your main server is ever compromised, the attackers can’t also compromise/access your backup server as well.
As for software that works exactly like this I could suggest R1Soft or Acronis.
This is how all mine are setup - the backup servers pull from the live server. It still means that if someone gains access to the backup server, they can gain possibly gain access to the live server, but not the other backup servers. The other way round could potentially mean someone has access to ALL backup servers.
That’s technically true, but you should be able to secure the backup server much more tightly, for instance it won’t be running possible exploit points as your main server would, such as a web server or sql, etc.
Yeah, my OP was badly worded … I do this method - the backup location pulls from the local location.
Someone elsewhere mentioned Borg … looking closer at that at the moment.
I have used borg in the past it worked pretty nicely but i was using it on the hetzner platform and not for huge amounts of data so can’t confirm it’s awesome.
I am looking at about 30gb total from 4 different sources … not sure if that qualifies as ‘huge amount of data’ or not.
30gb is ridiculously small, just grab a lowend VPS.
Right, that is the intention … actually already done - but the question is what is the best way to get the data encrypted and transferred to the vps with the least amount of effort. 
Restic is another option, works good for me for the past couple years.
In my book, it’s awesome. It’s my main tool for off-site backups pretty much everywhere and I had no nasty surprises for quite a few years.
I am using Veeam Backup & Replication for this purpose. You can get an NFR license for free and set up a Scale-Out Repository to automatically push completed backups to the cloud. It’s great!
NFR expires after 1 year. listed prices are so high. looks like their target audience are high profile customers only.
I wonder if you can switch to the community edition after that 1 year.
OP I personally use Borgbackup for Linux to do both block images and normal file/incremental backups.
I use duplicity on Windows machines for compatibility
NFR licenses can be renewed indefinitely.
If your license expires, the installation will automatically be switched to the Community Edition (which also works quite well, but does not support Scale-Out Repositories).
Finally, the upfront cost of Veeam may seem high, but I think $400/year is quite cheap, compared to the cost of a catastrophic data loss incident - especially as a hosting provider.
After many years of using borg(backup) I’ve been switching to restic, for a reliable all-in-on solution that is great.
We are the Borg. Restic is futile! … 
The first thing with borg is that it’s python. The good thing is, it’s a single binary cython, but restic is a single binary go; I’ve found python software more iffy in general.
Then, restic supports a huge amount of backends out-of-the-box.
And restic encrypts by default (though borg can also do encrypted).
Restic is dope
