Docs / Backup & Recovery / BorgBase Managed Borg Hosting for Server Backups

BorgBase Managed Borg Hosting for Server Backups

By Admin · Mar 15, 2026 · Updated Apr 23, 2026 · 276 views · 3 min read

What is BorgBase?

BorgBase is a managed hosting service for BorgBackup repositories providing secure, append-only storage without the overhead of maintaining your own backup server. With EU and US data centers, BorgBase offers reliable off-site backup with monitoring, alerting, and sub-accounts.

Why BorgBase + Borg?

  • Deduplication — Identifies duplicate chunks across all backups, reducing storage dramatically
  • Encryption — Client-side encryption means BorgBase never sees your data
  • Compression — Multiple algorithms (zstd, lz4, lzma) reduce size further
  • Append-only mode — Compromised servers cannot delete old backups
  • Managed infrastructure — No backup server to maintain

Setup

# Install BorgBackup
sudo apt update && sudo apt install -y borgbackup

# Generate dedicated backup SSH key
ssh-keygen -t ed25519 -f /root/.ssh/borgbase_key -N "" -C "backup@$(hostname)"
cat /root/.ssh/borgbase_key.pub
# Add this key to your BorgBase account

cat >> /root/.ssh/config << EOF
Host *.repo.borgbase.com
    IdentityFile /root/.ssh/borgbase_key
    ServerAliveInterval 10
    ServerAliveCountMax 30
EOF

Initialize Repository

export BORG_REPO="ssh://xxxxx@xxxxx.repo.borgbase.com/./repo"

borg init --encryption=repokey-blake2 "$BORG_REPO"

# CRITICAL: Save the encryption key externally
borg key export "$BORG_REPO" /root/borgbase-key-backup.txt

echo "your-borg-passphrase" > /root/.borg-passphrase
chmod 600 /root/.borg-passphrase

Backup Script

#!/bin/bash
# /usr/local/bin/borgbase-backup.sh
set -euo pipefail

export BORG_REPO="ssh://xxxxx@xxxxx.repo.borgbase.com/./repo"
export BORG_PASSCOMMAND="cat /root/.borg-passphrase"
export BORG_RSH="ssh -i /root/.ssh/borgbase_key"

HOSTNAME=$(hostname -s)
DATE=$(date +%Y-%m-%d_%H-%M)

# Pre-backup database dump
mysqldump --all-databases --single-transaction > /tmp/mysql-dump.sql 2>/dev/null || true

borg create --verbose --filter AME --list --stats --show-rc \
    --compression zstd,6 --exclude-caches \
    --exclude "*.pyc" --exclude "node_modules" --exclude ".git" \
    "${BORG_REPO}::${HOSTNAME}-${DATE}" \
    /etc /home /var/www /opt /root /tmp/mysql-dump.sql

borg prune --list --show-rc \
    --keep-daily 7 --keep-weekly 4 --keep-monthly 12 "$BORG_REPO"

borg compact "$BORG_REPO"
rm -f /tmp/mysql-dump.sql
curl -fsS "https://hc-ping.com/YOUR-UUID" > /dev/null 2>&1

Schedule and Restore

# Schedule daily at 3 AM
echo "0 3 * * * root /usr/local/bin/borgbase-backup.sh" > /etc/cron.d/borgbase

# List archives
borg list "$BORG_REPO"

# Restore specific files
cd /tmp && borg extract "${BORG_REPO}::myserver-2026-03-15_03-00" var/www/html/config.php

# Mount for browsing
mkdir /mnt/borg
borg mount "${BORG_REPO}::myserver-2026-03-15_03-00" /mnt/borg
ls /mnt/borg/
borg umount /mnt/borg

Security Best Practices

  • Always use repokey-blake2 encryption for client-side protection
  • Enable append-only mode in BorgBase to prevent deletion from compromised servers
  • Store encryption keys in a separate secure location (password manager)
  • Use dedicated SSH keys with restricted permissions
  • Periodically verify backups by testing extraction
  • Rotate BorgBase SSH keys annually

Was this article helpful?

Related Articles