Making backups of your data is important, and the same goes for your Unifi Controller. If an update fails and bricks your controller, you will need to reset every Unifi device to adopt it again. The controller self does make backups, but they are stored on the controller self.
You won’t be able to access your backups if your Cloudkey or Raspberry Pi doesn’t work anymore. So it’s a good idea to store/sync your backups to an offsite location, the cloud. This can be pretty much any cloud provider, more than 40 are supported, among the popular ones like Dropbox, OneDrive, and Amazon S3.
There are two ways to set this up, manually, using Rclone, or through a free service called BackiFi. In this article, we will discuss both solutions. I will walk you through the setup of both options. It will take you around 5 minutes to set up.
Backify vs Rclone
So before we start with the how-to’s, first a quick comparison between the two solutions. With Backify and Rclone you can basically achieve the same result. The advantage of Backify is that it makes it really easy to set up your Unifi Controller Backup. You can simply add one or more cloud storage providers and set up the backup schedule.
But for Backify you need a static IP Address (or you could use a DDNS service) or domain that points to your controller and create an account for them in your controller.
Important! There is one downside that I need to mention first. For BackiFi to work you will need to create a super admin account in your Unifi Controller. Only users with the role of super admin can access the backups in the controller. This comes with a risk, you give someone else basically full access to your network controller. The super admin requirement is by design from Ubiquiti, at this point you simply can’t limit the API access.
They store the login details encrypted in their database, but BackiFi needs to decrypt the password to access your controller to copy the backup out of it. You should always be careful with this because you can’t be 100% sure what they are doing. I have talked to them, they sound legit, but keep this in mind.
BackiFi is a free service, created as a side project by a couple of developers. I really like their solution and good intentions, but always be careful with giving someone access to your network.
Tip: If you manage multiple Unifi network sites then it might be more convient to use a hosted Unifi Controller in the cloud. This way you don’t need to worry about backups and keeping your network up-to-date.
Go straight to the BackiFi review or start with the Rclone method:
How to use Rclone to backup your Unifi Controller
So we start with the manual way to backup our Unifi Controller to the cloud (or other location). Rclone is a command-line program that helps you with managing files in cloud storage locations.
With Rclone we will make the connection to the storage of our choice and set up the sync between the backups created by our Unifi Controller and our cloud storage. Rclone is completely open source and free to use.
This how-to will work for pretty much any Unifi Controller, so it doesn’t matter if you are running it on a Raspberry PI, Cloud key Gen2 of UDM, only the location of the backups can be different.
1. Get SSH access to your Controller
Login to your controller over SSH. You can use either Putty, Windows Terminal, or any other SSH Client for this. Use the IP Address of your controller and the login credentials to connect.
2. Install Rclone
Installing Rclone is pretty simple, just run the following command
1. curl https://rclone.org/install.sh | sudo bash
Wait until you see rclone v1.53.1 has successfully installed.
3. Configure your Cloud Storage
We can now connect our cloud storage in Rclone. I am going to use Dropbox in the example. First, we open the rclone config and then add a new N storage provider
1. # Open the config<font></font> 2. rclone config<font></font> 3. <font></font> 4. # Create a new storage provider<font></font> 5. n<font></font> 6 <font></font> 7. # Give the storage a name<font></font> 8. sdn_dropbox
All supported storage providers are listed. Enter the number of the storage provider you like to add. For Dropbox, it’s 9.
We will need to do the authorization for Dropbox on our computer because we can’t open a web browser from the command line. So leave everything blank and skip the configs.
If you are using another storage provider, then check these manuals for the instructions to authenticate it.
1. # Enter the number for Dropbox<font></font> 2. 9<font></font> 3. <font></font> 4. # Leave the Dropbox App Client Id blank<font></font> 5. ENTER<font></font> 6. <font></font> 7. # Leave the Dropbox App Client Secret also blank<font></font> 8. ENTER<font></font> 9. <font></font> 10.# Skip the advanced config<font></font> 11.N<font></font> 12.<font></font> 13.# Skip the auto-config<font></font> 14.N
Completing authorization
We need to complete the Dropbox authorization on our computer. Download Rclone here for your PC.
Unzip the folder and extract the files. We need to open the directory in CMD or PowerShell, so I have extracted it to c:\temp\rclone.
Open CMD (Windows key + R > CMD) or PowerShell. Navigate to the extracted files. Next, we are going to authorize Dropbox.
1. cd:\temp\rclone<font></font> 2. <font></font> 3. # Authorize Dropbox<font></font> 4. .\rclone authorize dropbox
Your web browser will open to authorize Dropbox.
Click on Sign-in and Allow Rclone to access your files and folders. You will see a success screen, we can close the window and go back to our Rclone config on our computer.
So in our local CMD or PowerShell session, we now have an authorization code. We need to copy this code to our Rclone config on the Unifi Controller.
Highlight the code and right-click to copy it.
Then head back to the SSH session on your Unifi Controller and past the token. To past in SSH, simply right-click again. Press Y to save it.
We can now quit ( q )the configuration of our Dropbox storage.
4. Setting up Dropbox
So before we are going to sync our Unifi Controller backup files, we need to create a folder in Dropbox to store them.
Open your Dropbox and create a new folder backups with a subfolder unifi_sdn.
5. Syncing to Dropbox
We can now start the sync of our backup files. Go back to your SSH session on your Unifi Controller. Run the following command to sync the files.
We are using the sync function from Rclone and not the copy. If you would use copy, then your Dropbox will run full with backups, they will never get deleted.
Sync will also remove old files, it keeps the Dropbox folder in sync with the backups listed in your Unifi Controller. Keep in mind that Dropbox has 30-day file retention, so if something goes wrong you can always restore the files in Dropbox.
If you want to keep the files indefinitely use rclone copy instead of rclone sync.
If you are using a CloudKey Gen2, then use the following path to copy the files from: /srv/unifi/data/backup/autobackup
1. # Replace sdn_dropbox with the storage name that you created in step 3<font></font> 2. # Replace unifi_sdn with the dropbox folder name that you created in step 4<font></font> 3. <font></font> 4. rclone sync /var/lib/unifi/backup/ sdn_dropbox:backups/unifi_sdn<font></font> 5. <font></font> 6. # For a CloudKey Gen2 use the following cmd:<font></font> 7. rclone sync /srv/unifi/data/backup/autobackup/ sdn_dropbox:backups/unifi_sdn
The files should now be synced to your Dropbox folder.
If you get a permission error, that for example can happen on a Raspberry PI, then we need to add your user to the Unifi group.
1. # Replace pi with the username that you are loggedin with.<font></font> 2. sudo usermod -a -G unifi pi
6. Create a scheduled job
We don’t want to run the Rclone command manually every time. So we need to create a Cronjob for this.
1. # Open Crontab - choose Nano (2) if you haven't open crontab before<font></font> 2. # On the Cloudkey Vim will open, press INSERT to edit the file after you opened it.<font></font> 3. crontab -e<font></font> 4. <font></font> 5. # Schedule the job, the same path as in step 5<font></font> 6. # We run it at 3 am, every day.<font></font> 7. 0 3 * * * rclone sync /var/lib/unifi/backup/ sdn_dropbox:backups/unifi_sdn<font></font> 8. <font></font> 9. # Press Ctrl + X to close and choose Y to save.<font></font> 10.# On the CloudKey press Ctrl + C twice and then type :wq to save and close
That is all. Your Unifi Controller backups will now be copied every night to your Dropbox storage. You can always restore your controller from a backup.
Unifi Backup location CloudKey Gen2
The backup files on your CloudKey Gen2 are stored in a different location than in your Docker or on your PI. You can find the backup files in the following folder:
1. /srv/unifi/data/backup/autobackup
Unifi Protect Backup
We can also backup our Unifi Protect configuration. You can pretty much follow the same steps as above, only you need to use a different folder to pull the backups from.
The Unifi Protect Backup files on the CloudKey Gen2 are stored in the following location:
1. /etc/unifi-protect/backups
If you want to sync your Unifi Controller and Unifi Protect then you can simply create two Cronjobs for this. You don’t need to add another cloud storage first, but I would recommend creating a new folder for the backup in your Dropbox.
The default text editor on the CloudKey Gen2 is Vim, so the commands are a little bit different when it comes to editing and closing the file:
1. # Open crontab<font></font> 2. crontab -e<font></font> 3. <font></font> 4. # Scroll down the end of the file with your arrow keys and press INSERT to edit the Cron file<font></font> 5. 0 2 * * * rclone sync /etc/unifi-protect/backups sdn_dropbox:backups/unifi_protect<font></font> 6. <font></font> 7. # Press Ctrl + C twice<font></font> 8. # Type :wq (shorthand for Write and Quit)<font></font>
BackiFi Review
BackiFi makes back-upping to the Cloud a lot easier, but it does require that you have a static IP Address or domain name pointing to your Unifi Controller.
Now, most household internet connections don’t have a static IP, but a dynamic one. That means that your IP address can change after rebooting your router (which sometimes happens in the middle of the night for an update, without you knowing it)
A solution for this is to set up a DDNS record, this is a free domain that automatically updates with your public IP Address. I have written an article on how to set up DDNS, you can find it here.
Also, BackiFi needs a super admin account. I have written my concerns about it at the beginning of this article. To keep things a bit secure, we are going to set up an event notification, so we can keep track of when the account is used to log in (this should always match our backup schedule).
1. Accessing your Unifi Controller from the internet
So before we can start with BackiFi we first need to make sure our Unifi Controller is accessible from the internet. I have written a detailed guide about this before, so if your controller isn’t accessible from the internet, then follow the steps here.
2. Create a super admin account for BackiFi
Open your controller and go to Settings > Admins. Create a new user and make sure you manually set the password and tick the “Require the user to change their password” box.
Setting up Notifications
Every login event is already logged in your Unifi Controller. You can see all the logins under Events > Admins. But you can also set up an email or push notification if you like to keep track of the logins.
- Open Settings > Notifications
- Expand Admin Events
- Enable Email and/or Push
3. Configure BackiFi
Create an account at BackiFi and log in.
- Click on Controllers on the left side
- Add a new controller
- Enter the details and click on save (make sure you add the port number 8443 behind the URL)
- Click on Storage
- elect Dropbox from the dropdown menu and authorize BackiFi to access your Dropbox files and folders
- Make sure you edit the name afterward, otherwise you can’t use it later in the configuration.
- Click on Schedule
- Create a new Schedule
- I have created a nightly schedule that runs at 4 am
So with everything set up, we can now connect it all together. Open the configurations, and select your Controller, Schedule, and Storage.
You can manually run the backup to see if it works. It will take a couple of minutes before you will see the backup file in your Dropbox folder (under Apps > BackiFi).
The difference with the Rclone method is that BackiFi will generate a new backup in your Unifi Controller and copies it to your cloud storage. So it doesn’t sync the backups that are listed in your controller under Settings > Backup.
Wrapping up
Coping the backups of your Unifi Controller to the cloud is pretty easy with both solutions. I like the simplicity of BackiFi, but it would be better if we could create API users in our Unifi Controller with the correct permissions. How BackiFi is set up now they simply have too much access to your controller, they can not only pull the backup out of it but also all the stats, connected clients, etc. I don’t say they do that, we simply don’t know it / can’t see or control it now.
If you have any questions, just drop a comment below.