A huge upside to how the UniFi Controller works is that it’s not really dependent on where it runs to operate, it does however require the DNS hostname, some firewall ports and most importantly, the site data.
This results in that there is no real need to perform server level backups, all you need is the site data.
If the server were to break for some reason, spin up a new one, install the Controller software again and import the backup data, the gear will reprovision once but no further action is needed. ofcourse, provided that the gear is set up with a DNS inform-url.
The Controller does provide a way of automating the backups as of version 5.1.0 but the resulting .unf files are stored locally in {data.dir}/backup/autobackup. As in, if the server were to break the backups wouldn’t do us much good.
Solution: Move the backup data off-site.
I’m a big believer in Cloud infrastructure and Backblaze is a service I’m using to backup my local workstation data, when they announced B2 I jumped ship right away.
B2 is for my purposes a Backblaze backed FTP service, in reality though it’s so much more, the beauty of it for this purpose is that the first 10GB are free, seeing as the UniFi backups doesn’t grow too large in my environment I’m left with a free off-site reliable cloud hosted backup location.
What you’ll need
– SSH Access to the Ubuntu/Debian based machine running UniFi Controller
– A Backblaze account
Setup
The setup is split up in a few steps, when complete you’ll end up with an automated solution to move .tar.gz copies of the controllers automated backup files as well as all of the pure site data from local storage to a Backblaze B2 Bucket.
UniFi Controller
First off, enable the automatic backup feature of the UniFi Controller.
Settings – Auto Backup – Enable Auto Backup.
Performing the backup does increase resource usage for a short while, depending on size, and should ideally be done during a maintenance window or off-hours.
Select a time that works for you.
Backblaze
You’ll need to create a Backblaze account aswell as a Bucket. At the time of writing this is completely free.
With the account created, head over to the B2 page and sign up using the same email address. Verify your email, setup your phone number as well as the not needed but highly recommended two-factor authentication option.
When the processing is done you should be able to see “B2 Cloud Storage” in the left hand side menu of Backblazes “My account” section, this however might take a few minutes.
Begin by selecting “Show Account ID and Application Key” followed by “Create Application Key”, note the provided values, as these can’t for all intended purposes be changed later.
While you’re here, go ahead and create a Private Bucket, give it a unique name.
Server
I’ve created and distributed the installation procedure/command reference over on GitHub as well as below.
# Read access to UniFi backup directory
sudo chmod -R 705 /var/lib/unifi/backup/
# Set up rclone for use with Backblaze B2
# https://rclone.org/
# https://www.backblaze.com/b2/cloud-storage.html
cd /tmp
sudo apt-get install unzip -y
curl -O https://downloads.rclone.org/rclone-current-linux-amd64.zip
unzip rclone-current-linux-amd64.zip
cd rclone-*-linux-amd64
# Install rclone
# Binary
sudo cp rclone /usr/sbin/
sudo chown root:root /usr/sbin/rclone
sudo chmod 755 /usr/sbin/rclone
# Manpage
sudo mkdir -p /usr/local/share/man/man1
sudo cp rclone.1 /usr/local/share/man/man1/
sudo mandb
# Configure rclone for use with Backblaze B2
# Use your bucket settings
rclone config
n # New Config
B2_UNIFI.CONTROLLER.NAME # Select a Name
3 # 3 for Backblaze B2
884456abcdef # Provide Accound ID
001b6b8e684f123456abcdef123456abcdef123abc # Provide Application Key
# Blank Endpoint
y # Save
q
# Automate backups with rclone
touch /usr/local/bin/unifi_b2_backup.sh
sudo echo -e '#!/bin/bash\ncd /tmp\n# Backup /var/lib/unifi/backup\nTIMESTMP=$(date +'%Y%m%d_%H%M%S')\ntar -zcvf backup.$TIMESTMP.tar.gz /var/lib/unifi/backup\n/usr/sbin/rclone copy /tmp/backup.$TIMESTMP.tar.gz B2_UNIFI.CONTROLLER.NAME:BUCKETNAME-unifi\nrm backup.$TIMESTMP.tar.gz\n\n# Backup /var/lib/unifi/sites\nTIMESTMP=$(date +'%Y%m%d_%H%M%S')\ntar -zcvf sites.$TIMESTMP.tar.gz /var/lib/unifi/sites\n/usr/sbin/rclone copy /tmp/sites.$TIMESTMP.tar.gz B2_UNIFI.CONTROLLER.NAME:BUCKETNAME-unifi\nrm sites.$TIMESTMP.tar.gz\n\n# Remote Cleanup\n# Only run Cleanup if there are data present in bucket newer than 6 weeks == previous backups successful\nif [[ $(/usr/sbin/rclone ls B2_UNIFI.CONTROLLER.NAME:BUCKETNAME-unifi --max-age 6w) ]]; then\n# Delete everything older than 6 weeks\n/usr/sbin/rclone delete B2_UNIFI.CONTROLLER.NAME:BUCKETNAME-unifi --min-age 6w\n/usr/sbin/rclone cleanup B2_UNIFI.CONTROLLER.NAME:BUCKETNAME-unifi --min-age 8w\nfi' | sudo tee -a /usr/local/bin/unifi_b2_backup.sh
sudo chmod +x /usr/local/bin/unifi_b2_backup.sh
# Schedule Cron Job to run unifi_b2_backup.sh every Sunday, After UniFi Controller Automated Backups
sudo crontab -l | { cat; echo "45 21 * * 0 /usr/local/bin/unifi_b2_backup.sh"; } | crontab -
Make sure that the cronjob runs After the auto backup setup on the Controller, 15 minutes or so should be fine.
Make sure you swap the variables for B2_UNIFI.CONTROLLER.NAME and B2_UNIFI.CONTROLLER.NAME:BUCKETNAME-unifi to match your environment.
This setup will have a retention of 6 weeks in the bucket, to change thing, adjust the --max-age and --min-age values accordingly.
Please use this referral link when signing up for Backblaze to let them know you came from me.