Nightly backup for Unifi OS to Synology

Hi All,

I thought this might be useful for anyone that would like to copy their nightly backups off their Unifi OS system. I just upgraded to a new UDMP from a USG so I had to move to this. Anyways it works so if your interested keep reading.

Note: you can just created an executable shell script rather than use a Synology

Enable SSH on your Synology as it is disabled by default

  1. control Panel > terminal & SNMP > enable SSH service

Login via SSH to your Synology system and generate SSH keys by typing in the following:

  1. ssh-keygen
  2. id_rsa_unifi
  3. empty for no passphrase
  4. same again e.g empty for no passphrase
    Note: this creates two new files id_rsa_unifi and
  5. cat
  6. copy all the way from ssh-rsa through the end ([email protected])

While still logged into the Synology SSH type it the following:

  1. ssh [email protected]
    Note: this IP is your UniFi Controller
  2. vi /root/.ssh/authorized_keys
  3. i
  4. PgDwn
  5. Enter
  6. copy and paste the ssh-rsa key you copied earlier
  7. when finished hit esc key
  8. :wq
    Note: this will save and close out of vi
  9. Type exit to go back to Synology SSH

Verify SSH login with RSA key works

  1. ssh [email protected] -i id_rsa_unifi
    Note: if successful everything has worked

Configure a Synology Scheduled Task by completing the following:

  1. login to your Synology DSM portal
  2. open Task Scheduler
  3. give the task a name
  4. execute as the you (not root!)
  5. make sure enabled is checked
  6. schedule “daily”
  7. frequency “everyday”
  8. time set what you would like
  9. task settings type in: “scp -p -i id_rsa_unifi [email protected]:/data/unifi/data/backup/autobackup/* /INSERTYOURSYNOLOGYBACKUPLOCATION”
    Note: my Synology backup location is /volume1/Backup/Unifi

Configure another Synology Scheduled Task to clean-up older than files by following:

  1. open Task Scheduler
  2. give the task a name
  3. execute as the you (not root!)
  4. make sure enabled is checked
  5. schedule “daily”
  6. frequency “everyday”
  7. time set what you would like
  8. task settings type in: "find /INSERTYOURSYNOLOGYBACKUPLOCATION/ -mtime +5 -delete
    Note: my Synology backup location is /volume1/Backup/Unifi
    Note: configure the max files kept to your choosing

In addition, you’ll want UDM/UDMP to have persistence SSH keys so when you generate one above that it’s copied back because every time the system is rebooted since the /root/.ssh/authorized_keys overwrites every boot:

  1. Login to your UDM/UDMP using your root account
  2. Run this command: curl -fsL “” | /bin/sh
  3. Run this command: curl | sh
  4. vi /mnt/data/ssh/authorized_keys
  5. i
  6. PgDwn
  7. Enter
  8. copy and paste the ssh-rsa key you generated earlier in this post
    9 when finished hit esc key
  9. :wq

Very nice, I’ll have to try this out with my cloud key. Do you think it could be modified to backup via FTP, and is it secure? Might be a great ‘service’ to provide some of my deployments on top of local backups.

Thanks. Previously I was using the Cloudkey with CRON job to copy and unmount to Synology. This was all done directly on the Cloudkey and the Synology just received the copy. I had to change this up though as UniFi OS does not allow apt-get. I did this using these instructions here and look for @kubotronix response using NFS.

You could also use LFTP I don’t have a script for that but you should install using apt-get and Synology has it already (or install to a Linux based system). In relation to being secure it can be when modified to use FTPS (explicit and implicit) and HTTPS.

In any case if you do get this working another way please post about it, I am sure others may be chasing the same :slight_smile:

This is brilliant thanks for sharing, I’m always looking for reasons/ways to keep my UDM Pro in the network. There’s so many reasons why I’d like to just rip it out and put my untangle VMware back in place. Now that I’m using the UDM Pro for part of my presence detection and it also seems to do a good job with MDNS I think I’ll keep it in place. Now if I could just get WireGuard running on the UDM Pro I’d probably be happy with the purchase.

1 Like

Your welcome mate. This is working great but your right it should be easier :stuck_out_tongue:

I considerd that and Unifi OS does run docker locally but I have a docker server anyways so I just deployed it there and left the UDMP alone. If running wireguard in docker interests you check it out here it works really well and has not skipped a beat.

1 Like

Road warriors, roaming and returning home

If you plan to use Wireguard both remotely and locally, say on your mobile phone, you will need to consider routing. Most firewalls will not route ports forwarded on your WAN interface correctly to the LAN out of the box. This means that when you return home, even though you can see the Wireguard server, the return packets will probably get lost.

I wish I would came across this little bit of valuable info a few months back. I’m going to give this a go. See if I can get it working. Thanks again.

I turn wireguard on or off based on presence. The home automation platform sends a silent pushover notification to my phone to turn on and off. I have tasker installed on my phone handling the phone side.

1 Like