Automatic Nextcloud Backup Strategy on VPS with Encryption and Offsite Storage

Learn how to automatically back up your Nextcloud data on a VPS, encrypt it, and transfer it to an external storage location – step by step.

Why an automated backup strategy for Nextcloud?

Nextcloud is a powerful platform for file synchronization and sharing. But without regular backups, you risk data loss due to hardware failure, accidental deletion, or cyberattacks. An automated backup strategy with encryption and offsite storage ensures that your data can be restored at any time – even if your VPS fails.

Prerequisites

  • A running VPS with Nextcloud installation (e.g., via our VPS servers)
  • SSH access with root privileges
  • An external storage location (e.g., S3-compatible storage, another server, or a cloud service)
  • Basic command line knowledge

Step 1: Create a backup script

Create a script that backs up the Nextcloud database and files. Connect via SSH to your VPS and create a file /usr/local/bin/nextcloud-backup.sh:

#!/bin/bash
# Variables
BACKUP_DIR="/var/backups/nextcloud"
NEXTCLOUD_DIR="/var/www/nextcloud"
DB_NAME="nextcloud"
DB_USER="nextcloud_user"
DB_PASS="your_password"
DATE=$(date +%Y-%m-%d_%H-%M-%S)

# Create directory
mkdir -p $BACKUP_DIR/$DATE

# Backup database
mysqldump --single-transaction -u $DB_USER -p$DB_PASS $DB_NAME > $BACKUP_DIR/$DATE/db.sql

# Backup files (excluding cache)
rsync -av --exclude='data/*/files_trashbin' --exclude='data/*/cache' $NEXTCLOUD_DIR/data $BACKUP_DIR/$DATE/

# Backup Nextcloud configuration
cp $NEXTCLOUD_DIR/config/config.php $BACKUP_DIR/$DATE/

Don't forget to make the file executable: chmod +x /usr/local/bin/nextcloud-backup.sh.

Step 2: Encrypt the backups

Use GPG to encrypt the backups. Create a GPG key (if not already present) and adapt the script:

# Encryption with GPG
GPG_RECIPIENT="your-email@example.com"
gpg --encrypt --recipient $GPG_RECIPIENT $BACKUP_DIR/$DATE/db.sql
gpg --encrypt --recipient $GPG_RECIPIENT $BACKUP_DIR/$DATE/config.php
# For files: create archive and encrypt
tar czf $BACKUP_DIR/$DATE/data.tar.gz -C $NEXTCLOUD_DIR data
gpg --encrypt --recipient $GPG_RECIPIENT $BACKUP_DIR/$DATE/data.tar.gz

After encryption, delete the unencrypted files.

Step 3: Set up offsite storage

Install rclone for transfer to an external storage (e.g., S3, Google Drive, SFTP). Configure rclone:

rclone config
# Choose the storage type and follow the instructions

Add the upload to the backup script:

# Upload to offsite storage
rclone copy $BACKUP_DIR/$DATE remote:nextcloud-backups/

Replace remote: with the name of your rclone remote.

Step 4: Automate with Cron

Set up a cron job that runs the script daily. Open the crontab with crontab -e and add:

0 2 * * * /usr/local/bin/nextcloud-backup.sh

The backup will then run daily at 2 AM.

Step 5: Test restoration

A backup is only as good as its restorability. Create a separate restoration script and run it in a test environment. This ensures everything works in an emergency.

Additional tips

  • Monitor backups with a monitoring tool or get notified by email on errors.
  • Keep multiple backup versions (e.g., daily, weekly, monthly).
  • Use a dedicated backup VPS or Virtual Server for offsite storage.

With this strategy, you ensure your Nextcloud data is secure, encrypted, and restorable at any time. If you don't have a VPS yet, check out our web hosting packages – ideal for Nextcloud and other applications.