I thought this might be useful for anyone that would like to copy their nightly backups off their Unifi OS system. I just upgraded to a new UDMP from a USG so I had to move to this. Anyways it works so if your interested keep reading.
Note: you can just created an executable shell script rather than use a Synology
Enable SSH on your Synology as it is disabled by default
control Panel > terminal & SNMP > enable SSH service
Login via SSH to your Synology system and generate SSH keys by typing in the following:
ssh-keygen
id_rsa_unifi
empty for no passphrase
same again e.g empty for no passphrase
Note: this creates two new files id_rsa_unifi and id_rsa_unifi.pub
cat id_rsa_unifi.pub
copy all the way from ssh-rsa through the end (username@whateverNAS)
While still logged into the Synology SSH type it the following:
ssh [email protected] -i id_rsa_unifi
Note: if successful everything has worked
Configure a Synology Scheduled Task by completing the following:
login to your Synology DSM portal
open Task Scheduler
give the task a name
execute as the you (not root!)
make sure enabled is checked
schedule “daily”
frequency “everyday”
time set what you would like
task settings type in: “scp -p -i id_rsa_unifi [email protected]:/data/unifi/data/backup/autobackup/* /INSERTYOURSYNOLOGYBACKUPLOCATION”
Note: my Synology backup location is /volume1/Backup/Unifi
Configure another Synology Scheduled Task to clean-up older than files by following:
open Task Scheduler
give the task a name
execute as the you (not root!)
make sure enabled is checked
schedule “daily”
frequency “everyday”
time set what you would like
task settings type in: "find /INSERTYOURSYNOLOGYBACKUPLOCATION/ -mtime +5 -delete
Note: my Synology backup location is /volume1/Backup/Unifi
Note: configure the max files kept to your choosing
In addition, you’ll want UDM/UDMP to have persistence SSH keys so when you generate one above that it’s copied back because every time the system is rebooted since the /root/.ssh/authorized_keys overwrites every boot:
Very nice, I’ll have to try this out with my cloud key. Do you think it could be modified to backup via FTP, and is it secure? Might be a great ‘service’ to provide some of my deployments on top of local backups.
Thanks. Previously I was using the Cloudkey with CRON job to copy and unmount to Synology. This was all done directly on the Cloudkey and the Synology just received the copy. I had to change this up though as UniFi OS does not allow apt-get. I did this using these instructions here and look for @kubotronix response using NFS.
You could also use LFTP I don’t have a script for that but you should install using apt-get and Synology has it already (or install to a Linux based system). In relation to being secure it can be when modified to use FTPS (explicit and implicit) and HTTPS.
In any case if you do get this working another way please post about it, I am sure others may be chasing the same
This is brilliant thanks for sharing, I’m always looking for reasons/ways to keep my UDM Pro in the network. There’s so many reasons why I’d like to just rip it out and put my untangle VMware back in place. Now that I’m using the UDM Pro for part of my presence detection and it also seems to do a good job with MDNS I think I’ll keep it in place. Now if I could just get WireGuard running on the UDM Pro I’d probably be happy with the purchase.
Your welcome mate. This is working great but your right it should be easier
I considerd that and Unifi OS does run docker locally but I have a docker server anyways so I just deployed it there and left the UDMP alone. If running wireguard in docker interests you check it out here it works really well and has not skipped a beat.
If you plan to use Wireguard both remotely and locally, say on your mobile phone, you will need to consider routing. Most firewalls will not route ports forwarded on your WAN interface correctly to the LAN out of the box. This means that when you return home, even though you can see the Wireguard server, the return packets will probably get lost.
I wish I would came across this little bit of valuable info a few months back. I’m going to give this a go. See if I can get it working. Thanks again.
I turn wireguard on or off based on presence. The home automation platform sends a silent pushover notification to my phone to turn on and off. I have tasker installed on my phone handling the phone side.