Automating the Inevitable: Bulletproof Backup Strategies for Linux Systems
There are two types of system administrators: those who have lost data, and those who are about to. If you are relying on hardware redundancy to save you, you are playing a dangerous game. I learned this the hard way in 2008 when a RAID controller decided to write garbage data across a mirrored array. The redundancy worked perfectly: it corrupted both disks simultaneously.
In the Norwegian hosting market, where we pride ourselves on stability and adherence to the Personal Data Act (Personopplysningsloven), losing customer data isn't just a technical failure; it’s a legal nightmare involving the Datatilsynet. Whether you are running a high-traffic e-commerce site on Magento or a critical email server, automation is your only safety net.
The Lie of Hardware Redundancy
Let’s get this out of the way: RAID is not a backup. RAID 10, which we standardise on at CoolVDS using 15k RPM SAS drives for maximum I/O, protects you from physical drive failure. It does not protect you from:
- Accidental
rm -rf /(we've all been there) - File system corruption (ext3/ext4 journaling helps, but it’s not magic)
- Malicious intrusions or SQL injection attacks
If your backup strategy requires you to manually log in via SSH and run a tar command, you don't have a backup strategy. You have a hobby.
The "3-2-1" Rule applied to VPS
The gold standard right now is the 3-2-1 rule. Keep 3 copies of your data, on 2 different media types, with 1 copy off-site.
For a VPS environment, "media types" is abstract, so we translate this to: Production Server (Copy 1), Local Backup Directory (Copy 2), and Remote Storage (Copy 3). With the bandwidth costs dropping in Europe, pushing encrypted archives to a remote server is finally feasible for small-to-medium businesses.
The Tools: rsync and mysqldump
Forget expensive enterprise bloatware. The most robust tools are already installed on your CentOS or Debian system. We rely on rsync for files and mysqldump for databases.
1. Handling the Database (MySQL 5.x)
You cannot simply copy the /var/lib/mysql directory while the server is running. You will end up with corrupted tables. You need a consistent dump.
Here is a snippet from a production script I use for a client in Oslo. It loops through all databases and dumps them individually, which makes restoration significantly faster than dealing with one massive SQL file.
#!/bin/bash
# /root/scripts/db_backup.sh
TIMESTAMP=$(date +"%F")
BACKUP_DIR="/backup/mysql/$TIMESTAMP"
MYSQL_USER="root"
MYSQL_PASSWORD="YourSecurePassword"
mkdir -p "$BACKUP_DIR"
databases=`mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -e "SHOW DATABASES;" | grep -Ev "(Database|information_schema|performance_schema)"`
for db in $databases; do
echo "Dumping database: $db"
mysqldump -u $MYSQL_USER -p$MYSQL_PASSWORD --single-transaction --quick --lock-tables=false $db | gzip > "$BACKUP_DIR/$db.sql.gz"
done
Pro Tip: Notice the --single-transaction flag. If you are using InnoDB tables (which you should be, over MyISAM), this allows you to back up without locking the entire database and halting your website. If you are still on MyISAM, you're stuck with table locking—schedule this for 3:00 AM.
2. The Off-Site Push
Once your database is dumped and your web files are tarred, get them off the server. If the datacenter catches fire, your local backup burns with it.
We use rsync over SSH keys. It creates an incremental mirror, only transferring the bits that changed. This saves massive amounts of bandwidth and time.
rsync -avz -e "ssh -p 22" /backup/ [email protected]:/home/remote_user/backups/Latency and Location Matter
Why does location matter for backups? Restoration time (RTO). If your backup server is in the US and your production server is in Norway, pulling down 500GB of data during a disaster recovery scenario will take hours due to latency and TCP windowing limits.
At CoolVDS, our infrastructure is peered directly at NIX (Norwegian Internet Exchange). If you host your primary VPS with us, and your backup storage is also within the Nordic region, the transfer speeds are near-LAN quality. You can restore a crashed server in minutes, not hours.
Legal Compliance (Datatilsynet)
Under the EU Data Protection Directive and Norwegian law, you are responsible for where your user data lives. If you are backing up customer data to a cheap storage service in a jurisdiction with weak privacy laws, you are liable. By keeping your primary hosting and your backup targets within EEA-compliant datacenters, you satisfy the requirements of the Personal Data Act.
Implementation Checklist
- Verify Disk Space: Ensure your CoolVDS instance has enough local space to hold the compressed dumps before transfer.
- Automate with Cron: Add your script to
/etc/crontab.0 3 * * * root /root/scripts/full_backup.shruns it every day at 3 AM. - Test Your Restores: A backup is untested until you have successfully restored from it. dedicating a small KVM slice on CoolVDS just to test restoration scripts is a cheap insurance policy.
Don't wait for the inevitable disk failure or human error. Script your survival today.