The 3-2-1 backup rule existed before cloud hosting and still applies: three copies of data, on two different media, with at least one copy offsite. For VPS workloads that translates to a pragmatic three-layer strategy.
Why provider snapshots alone aren't backups
Snapshots are a convenience layer, not a disaster recovery strategy. Failure modes they don't cover:
- Provider-wide outage or data loss (OVH Strasbourg 2021, some Linode / Vultr incidents)
- Account compromise — attacker deletes instances AND snapshots
- Billing issue causing account suspension
- Single-region snapshot lost when the region goes down
- Logical corruption not caught before snapshot cycles out
The three-layer model
| Layer | Tool | Frequency | Retention | Purpose |
|---|---|---|---|---|
| 1. Provider snapshot | Native (DO, Linode, Vultr) | Daily | 7 days | Fast rollback |
| 2. File-level backup | Borg, Restic, Duplicity | Hourly-daily | 30-90 days | Granular restore, encryption |
| 3. Offsite at different provider | rsync + cron, rclone, B2/S3/R2 | Daily-weekly | 90+ days | Provider-independent disaster recovery |
Storage destinations compared
| Destination | Price/TB/month | Egress cost | Notes |
|---|---|---|---|
| Backblaze B2 | $6 | Free up to 3x storage | Industry-standard for backups, S3-compatible API |
| Cloudflare R2 | $15 | $0 egress | No egress fees, S3-compatible |
| AWS S3 Standard | $23 | $0.09/GB | Expensive for backup; use S3 Glacier Deep Archive instead |
| S3 Glacier Deep Archive | $1 | $0.09/GB | Very cheap storage; 12-hour retrieval, use for long-term only |
| Wasabi | $7 | Free (with conditions) | S3-compatible, no egress fees but 90-day minimum retention billing |
| Hetzner Storage Box | ~$4 | Free | Cheapest option; SFTP / Borg / rsync |
| rsync.net | ~$13 | Free | Dedicated ZFS-backed backup host, daily snapshots |
Borg vs Restic vs Duplicity
All three handle encrypted, deduplicated backups. Key differences:
- BorgBackup: Deduplication is legendary; efficient for repeated backups of large file trees. Self-hosted repository required.
- Restic: Similar strengths, but natively supports cloud object storage (S3, B2, Azure, GCS) as backends.
- Duplicity: Older, uses GPG for encryption, less efficient dedup but widely supported.
For most operators in 2026: Restic is the sensible default — one binary, works with any S3-compatible storage, good performance, actively maintained.
A minimal working setup
- Install Restic on the VPS.
- Initialize a repository on Backblaze B2 (or Hetzner Storage Box, or Cloudflare R2).
- Script a daily backup via cron: snapshot /etc, /var/www, /home, database dumps, and any application state directories.
- Dump MySQL/Postgres to a file before backing up (running DB files directly without a dump can produce corrupt backups).
- Run
restic checkmonthly to verify integrity. - Run a trial restore to a scratch VM quarterly.
Database-specific concerns
- MySQL:
mysqldump --single-transaction --routines --triggers - Postgres:
pg_dumpin custom format, orpg_basebackupfor binary-level - Do not back up the raw data directory on a live database — it's a recipe for silent corruption.
- For larger databases, consider point-in-time recovery via WAL archiving (Postgres) or binary logs (MySQL).
Restore testing
Untested backups are a theology, not a strategy. Quarterly drills:
- Spin up a scratch VPS (smallest plan, $4-6).
- Restore from your backup.
- Verify application boots, database queries return expected rows, key URLs load.
- Document the time it took — RTO (recovery time objective) should match your business tolerance.
- Destroy the scratch VPS.
FAQ
How often should I back up? Depends on RPO (recovery point objective — how much data loss is tolerable). Personal blog: daily. E-commerce: hourly or continuous WAL archiving. Internal tool: daily.
How much does a sensible backup setup cost? For a typical 40 GB workload: ~$2-4/month storage + 30 minutes/month of ops time. Tiny relative to the cost of data loss.
Is automated cloud sync enough (Dropbox, Google Drive)? For file backups yes. For databases — no, unless you dump first. Cloud sync tools can't guarantee consistent state of a live DB.