BorgBackup creates fast incremental backups over SSH that save space by removing duplicate data. In this guide, you will learn the complete setup process for backing up your production server to a High Storage VPS using BorgBackup to a Storage VPS.

By the end of this guide, you will have a complete backup system that runs automatically every day, keeps your data safe on a remote server, and uses minimal storage thanks to deduplication and incremental backups.

Prerequisites To Back up Your Server Using BorgBackup to a Storage VPS

To follow this guide, you will need the following setup:

You will need two Linux servers, one to back up, which is your source server, and one to store the data, which is your Storage VPS. If you need a high-storage VPS, you can check PerLod Hosting, providing flexible and reliable options.

Also, you must have administrative access to both machines to run the necessary commands.

Install BorgBackup on Both Servers

You must install the BorgBackup package on both the Source server and the Storage VPS, which allows the two servers to communicate and manage your backup data efficiently.

Based on your Linux OS, you can use the commands below to install BorgBackup:

On Ubuntu and Debian:

sudo apt update
sudo apt install borgbackup -y

On RHEL, AlmaLinux, and Rocky Linux:

sudo dnf update -y
sudo dnf install epel-release -y
sudo dnf install borgbackup -y

Configure SSH Key Authentication

To enable automated backups without manual password entry, you need to set up SSH key authentication. This secure method allows your Source server to log in to the Storage VPS automatically while restricting access to only backup commands.

Generate an SSH key pair on the source server with the command below:

sudo ssh-keygen -t ed25519 -f /root/.ssh/borgbackup_key -N ""

To display the public key, run the command below:

sudo cat /root/.ssh/borgbackup_key.pub

Now you must create a dedicated user for backups on the Storage VPS with the commands below:

sudo adduser --disabled-password borgbackup
sudo su - borgbackup
mkdir -p ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

You must add the public key from the source server to the storage VPS with restricted access. Open the following file:

nano ~/.ssh/authorized_keys

Add the following line with your actual public key:

command="borg serve --restrict-to-path /home/borgbackup/backups",restrict YOUR_PUBLIC_KEY

The “command=” setting locks this key so it can only run backups and cannot be used to control your server or run other commands. The restrict option adds an extra layer of safety by blocking all other unnecessary SSH features.

Once you are done, create the backup directory on the storage VPS with the command below:

mkdir -p /home/borgbackup/backups
exit

At this point, you can test the SSH connection from the source server with the following command:

sudo ssh -i /root/.ssh/borgbackup_key borgbackup@storage-vps-ip

You should see a message about restricted access, not a shell prompt.

Initialize the Borg Repository

Now that the servers are connected, you need to set up the storage space for your backups. You can initialize a new and encrypted repository on the storage VPS where all your future backup data will be securely stored.

To initialize a new Borg repository, run the commands below from the source server:

export BORG_RSH='ssh -i /root/.ssh/borgbackup_key'
borg init --encryption=repokey-blake2 borgbackup@storage-vps-ip:/home/borgbackup/backups/server1

Note: The –encryption=repokey-blake2 setting encrypts your backups using a key stored directly inside the repository. You will be asked to create a password for this key, save it carefully, because if you lose it, you will lose access to all your backups forever.

Save the passphrase as an environment variable for automated backups with the command below:

export BORG_PASSPHRASE='your-secure-passphrase'

Create First Backup with BorgBackup to a Storage VPS

Once your repository is ready, you can run your first backup. The following command will securely copy your chosen files from the source server to the storage VPS:

export BORG_RSH='ssh -i /root/.ssh/borgbackup_key'
export BORG_PASSPHRASE='your-secure-passphrase'

borg create --stats --progress --compression lz4 \
  borgbackup@storage-vps-ip:/home/borgbackup/backups/server1::{hostname}-{now:%Y-%m-%d-%H%M%S} \
  /etc /var/www /home --exclude '*.tmp' --exclude '/home/*/.cache'

Command parameters:

• --stats: Shows backup size statistics after completion.
• --progress: Displays real-time backup progress.
• --compression lz4: Uses fast LZ4 compression.
• {hostname}-{now:%Y-%m-%d-%H%M%S}: Creates an archive name with hostname and timestamp.
• /etc /var/www /home: Directories to back up.
• --exclude: Files or folders to skip.

To view all archives in your repository, you can use the command below:

borg list borgbackup@storage-vps-ip:/home/borgbackup/backups/server1

List files in a specific archive with the following command:

borg list borgbackup@storage-vps-ip:/home/borgbackup/backups/server1::archive-name

To extract an entire archive, you can use:

borg extract borgbackup@storage-vps-ip:/home/borgbackup/backups/server1::archive-name

Extract specific files or directories with:

borg extract borgbackup@storage-vps-ip:/home/borgbackup/backups/server1::archive-name /etc/nginx

Also, you can remove old archives according to retention policies:

borg prune --list --keep-daily=7 --keep-weekly=4 --keep-monthly=6 \
borgbackup@storage-vps-ip:/home/borgbackup/backups/server1

Note: Pruning marks archives for deletion, but doesn’t free disk space until you run compact.

Free disk space after pruning with the command below:

borg compact borgbackup@storage-vps-ip:/home/borgbackup/backups/server1

Automate Borg Backups with Cron

Running backups manually for production environments isn’t efficient. To ensure consistent data protection, you should automate the backup process using cron, which will execute your backups on a scheduled basis without any manual steps.

Create a backup script with the command below:

sudo nano /usr/local/bin/borgbackup.sh

Add the following content to the file:

#!/bin/bash

export BORG_RSH='ssh -i /root/.ssh/borgbackup_key'
export BORG_PASSPHRASE='your-secure-passphrase'
export BORG_REPO='borgbackup@storage-vps-ip:/home/borgbackup/backups/server1'

borg create --stats --compression lz4 \
  $BORG_REPO::{hostname}-{now:%Y-%m-%d-%H%M%S} \
  /etc /var/www /home \
  --exclude '*.tmp' \
  --exclude '/home/*/.cache'

borg prune --keep-daily=7 --keep-weekly=4 --keep-monthly=6 $BORG_REPO

borg compact $BORG_REPO

Make the script executable with the command below:

sudo chmod +x /usr/local/bin/borgbackup.sh

Add a cron job to run daily, for example, at 2 AM:

sudo crontab -e

Add the following line to the file:

0 2 * * * /usr/local/bin/borgbackup.sh >> /var/log/borgbackup.log 2>&1

To verify backup integrity, you can run the command below:

borg check --verify-data borgbackup@storage-vps-ip:/home/borgbackup/backups/server1

The –verify-data flag performs a deep check, reading the actual backup data to make sure no files are corrupted.

To view the repository statistics, you can use:

borg info borgbackup@storage-vps-ip:/home/borgbackup/backups/server1

This displays total repository size, number of archives, and deduplication statistics.

FAQs

Conclusion

At this point, you have a complete BorgBackup to a Storage VPS setup that automatically protects your data with encrypted backups. The system automatically compresses your data to save space and runs without manual work.

To stay safe, test restoring your files regularly to make sure your backups work, and keep your encryption password stored securely offline. For critical servers, consider setting up email alerts for backup failures.

We hope you enjoy this guide. Subscribe to our X and Facebook channels to get the latest articles.