Creating Encrypted FTP Backups With duplicity And ftplicity On Debian Lenny
Author: Falko Timme
Follow me on Twitter
Last edited 03/30/2010
When you rent a dedicated server nowadays, almost all providers give you FTP backup space for your server on one of the provider's backup systems. This tutorial shows how you can use duplicity and ftplicity to create encrypted (so that nobody with access to the backup server can read sensitive data in your backups) backups on the provider's remote backup server over FTP. ftplicity is a duplicity wrapper script (provided by the German computer magazine c't) that allows us to use duplicity without interaction (i.e., you do not have to type in any passwords).
I do not issue any guarantee that this will work for you!
1 Preliminary Note
In this tutorial I call the backup server backup.example.com where I have an FTP account with the username backupuser and the password secret. On my own server, I want to backup the directory /home/exampleuser.
2 Installing duplicity
First we make sure our system is up-to-date:
Then we install duplicity as follows:
aptitude install duplicity ncftp
3 Our First Backup
Now let's do our first backup:
FTP_PASSWORD=secret duplicity /home/exampleuser ftp://email@example.com/
server2:/home/exampleuser# FTP_PASSWORD=secret duplicity /home/exampleuser ftp://firstname.lastname@example.org/
Retype to confirm:
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1269961692.60 (Tue Mar 30 17:08:12 2010)
EndTime 1269961692.85 (Tue Mar 30 17:08:12 2010)
ElapsedTime 0.24 (0.24 seconds)
SourceFileSize 1576302 (1.50 MB)
NewFileSize 1576302 (1.50 MB)
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
RawDeltaSize 727995 (711 KB)
TotalDestinationSizeChange 204486 (200 KB)
As you see you will be asked for a GnuPG passphrase. You can type in any password you like; this has to be done everytime you run duplicity. The backup will be encrypted with the help of GnuPG. Permissions and ownerships will be preserved in the backup.
To create the backup in a subdirectory on the backup server, you'd modify the command as follows:
FTP_PASSWORD=secret duplicity /home/exampleuser ftp://email@example.com/subdirectory
When you run duplicity for the first time, it will create a full backup; afterwards, it creates incremental backups. To force the creation of a full backup again, you can use the full switch:
FTP_PASSWORD=secret duplicity full /home/exampleuser ftp://firstname.lastname@example.org/
To exclude a directory from the backup, e.g. /home/exampleuser/tmp, you can use the --exclude switch:
FTP_PASSWORD=secret duplicity --exclude /home/exampleuser/tmp /home/exampleuser ftp://email@example.com/
If you are backing up the root directory /, remember to --exclude /proc, or else duplicity will probably crash.
To learn more about the available duplicity options, take a look at
4 Restore A Backup
Now let's assume we have deleted everything in /home/exampleuser and want to restore it from our FTP backup. This is how it's done:
FTP_PASSWORD=secret duplicity ftp://firstname.lastname@example.org/ /home/exampleuser
Please note that in this case the remote location comes before to local folder!