Backup your website databases to your NAS with Laravel Forge
If you use Laravel Forge to manage your website, you have the option to make database backup to the cloud. But what if you don't want to send them to a cloud provider or send it locally to our head quarters?
This tutorial covers the use of Minio with Synology NAS. It doesn't cover a reliable and secure beackup strategy for your data. That an entire topic by itself.
- Prepare a volume to store the data
- Install Minio with Docker on your NAS
- Open port on your firewall
- Create a bucket and access keys
- Test the connection
- Configure Forge backups
Before we start, you do need a domain name configured on your NAS. If you do not have a fixed IP, you should start by configure a DynDNS for your NAS. But I suppose you already have, with a nice Let's Encrypt SSL.
Another prerequist is to have Docker installed on your Synology, every model is not supported. I have a DS418play and it's not on the list but there is a workaround if your model has a compatible CPU.
Prepare a volume to store the data
I'm trying to keep this article short so I won't go into the detail. Just some notes.
- Versionning is not necessary since Minio can handle that per bucket.
- I actived Compression because I know I would only store cold data.
- Restricted the access to only admin acount
- Doesn't show up on network shares
- Added a quota of 1 To to the volume, to be safe with other applications on my NAS. You can also but a per bucket quota with Minio if you prefer. I wanted both.
Install Minio with Docker on your NAS
Go to Docker app -> Register -> Search for minio/minio and download the latest. Then go to Docker -> Image -> Double click on minio to configure a new instance. Each step represent a page of the UI configurator:
- Network => bridge mode (should be the default)
- Next choose a name (it can be anything) and check automatic restart. Then click on Advanced settings
- In Environment tab add two new variables :
MINIO_ROOT_PASSWORD. They are self explanatory, so choose a user and password.
- In Command execution tab set the command to
minio server /data --console-address ":9090"
- In Environment tab add two new variables :
- In the next step, you need two ports 9000 => 9000 and 9090 => 9090. Both in TCP.
- Now we have to choose volumes for your docker image.
- One for the data /minio (the volume we have created just before) => /data (the directory we put on the command to execute)
- The other one for the configuration /docker/minio (I put all my docker configurations on a docker volume, put them where you want) => /root/.minio
Open port on your firewall
I assume you already know how to do that:
- 9000 is the S3 compatible storage port, should be open.
- 9090 is your configuration console for Minio and should not be accessible from outside.
If like me, you are doing this outside of your lan network, see my other article to create a secure ssh tunnel through your NAS and access lan ip:port.
Create a bucket and access keys
Depends on your usage, but I think you should create a new user first.
Then create a bucket, the UI is really easy and you have hints just next to every options. I activated versioning. I don't recommend object locking since Forge will need to delete older backups.
And finally create an access keys for your user or the one you just created and save them for the rest of the tutorial. If you created another user, make sure he has access to the bucket you created.
Test the connection
To test the configuration I use
awscli tool provided by Amazon.
You can install it easily with Homebrew
brew install awscli
Then configure it with the access key created in Minio
List the buckets
aws s3 ls --endpoint-url http://urlofyournas:9000
You should see the bucket you created here.
If you are int the same network as your NAS, don't forget to switch to 4G/5G connexion or something. To be sure you can access from outside. While you are here, check that the console one 9090 is not accessible.
Configure Forge backups
Go to your server on Forge => Backups.
Add a new backup configuration with
- Provider: Custom (S3 Compatible)
- Region: not important. I always put eu-west-3 but really its ignored in our case
- Bucket: name of the bucket you created
- Endpoint: http://yournasdomain:9000
- Storage directory: I put the name of my server here. Ideally, create a bucket per server to be even safer.
- Then your keys
- And it's up to you for the frequency and the retention.
Now, every night a backup of the database is sended to my home! From there you can backup them to an USB drive. You can also create a replication strategy with Synology.
And that's it! If you have a little time, I'm curious about your backup strategy and if you used this tutorial at some point.
Syntax highlighting provided by torchlight.dev