Backup Strategy
Cloud OS provides built-in backup capabilities using restic for encrypted, deduplicated, incremental backups. Backups capture app data, configurations, the system database, and TLS certificates.
Backup Targets
Configure where backups are stored. Cloud OS supports multiple targets for redundancy.
| Type | Description |
|---|---|
| Local | Local filesystem directory (secondary target only) |
| S3 | Amazon S3 or S3-compatible storage (MinIO, Wasabi, Backblaze B2) |
| SFTP | Remote server via SFTP |
Configure backup targets from the Settings > Backups section of the dashboard.
Local-only backups do not protect against server loss. Always configure at least one off-site target (S3, SFTP) for production.
Encryption
Enable encryption on each backup target to encrypt data before it leaves the server. Cloud OS uses AES-256 encryption via restic.
Store encryption passwords securely and separately from the backups. If you lose the password, backups cannot be restored.
Scheduling
Set up automatic backup schedules from the dashboard. Recommended production schedule:
| Frequency | Target | Content |
|---|---|---|
| Every 6 hours | S3 primary | All apps + config |
| Daily | S3 secondary or SFTP | All apps + config |
You can also trigger manual backups at any time for specific apps or the entire instance.
Retention
Configure retention policies per backup target to balance storage costs with recovery needs:
| Period | Suggested Retention |
|---|---|
| Daily backups | 30 days |
| Weekly backups | 12 weeks |
| Monthly backups | 12 months |
Old backups are pruned automatically after each successful backup.
Restoring from Backup
Restore individual apps or the full instance from any available backup through the dashboard or CLI. A full restore overwrites current data, so plan a maintenance window.
Disaster Recovery
If the server is completely lost:
- Provision a new server and install Cloud OS
- Complete the initial setup
- Configure the backup target with the original credentials and encryption password
- Restore the latest backup
- Update DNS records if the server IP changed
- Verify all apps are running
Monitoring Backups
Set up alerts for backup failures using the Cloud OS alert system. Key things to watch:
- Last successful backup age (alert if over 12 hours)
- Backup duration trends (increasing may indicate issues)
- Target storage usage
Tips
- Use S3-compatible storage as your primary backup target.
- Always enable encryption.
- Keep at least one off-site target in a different region.
- Test restores periodically to verify your backups work.