Duplicati — Free Encrypted Backup to Any Cloud Storage

What Duplicati Does

• Encrypted Backups: AES-256 encryption before data leaves your machine — cloud provider cannot read your data
• Incremental: Only backs up changed files after the first full backup, saving bandwidth and storage
• Deduplication: Block-level deduplication to minimize storage usage across backups
• Compression: Zip or 7z compression to reduce backup size
• Scheduling: Automatic scheduled backups (hourly, daily, weekly, custom cron)
• Versioning: Keep multiple backup versions with configurable retention policies
• Verification: Regular integrity verification to ensure backups are restorable
• Web UI: Browser-based interface for configuration and monitoring
• CLI: Command-line interface for scripting and automation

Supported Storage Backends

Self-Hosting

Docker Compose

services:
  duplicati:
    image: lscr.io/linuxserver/duplicati:latest
    ports:
      - "8200:8200"
    environment:
      PUID: 1000
      PGID: 1000
      TZ: Asia/Shanghai
    volumes:
      - duplicati-config:/config
      - /path/to/backup/source:/source:ro
      - /path/to/local/backups:/backups
    restart: unless-stopped

volumes:
  duplicati-config:

Backup Configuration

Web UI Setup

1. Add Backup → Name your backup job
2. Encryption → Set a strong passphrase (AES-256)
3. Destination → Choose storage backend (S3, Google Drive, etc.)
4. Source → Select folders/files to backup
5. Schedule → Set frequency (daily at 2am recommended)
6. Options → Retention policy, bandwidth limits, file filters

Command Line

# Create backup
duplicati-cli backup 
  "s3://my-bucket/backups?aws-access-key-id=KEY&aws-secret-access-key=SECRET" 
  /path/to/source 
  --passphrase="your-encryption-passphrase" 
  --backup-name="Daily Backup"

# Restore files
duplicati-cli restore 
  "s3://my-bucket/backups?aws-access-key-id=KEY&aws-secret-access-key=SECRET" 
  --restore-path=/path/to/restore 
  --passphrase="your-encryption-passphrase"

# List backup versions
duplicati-cli list 
  "s3://my-bucket/backups?aws-access-key-id=KEY&aws-secret-access-key=SECRET" 
  --passphrase="your-encryption-passphrase"

Retention Policies

Keep all backups for: 7 days
Keep one backup per day for: 30 days
Keep one backup per week for: 12 weeks
Keep one backup per month for: 12 months

Key Features

Block-Level Deduplication

First backup: 100GB data → 100GB uploaded
File changes: 2GB modified → only 2GB uploaded
New files: 5GB added → only 5GB uploaded
Deleted files: 3GB removed → just metadata updated

Total stored after 30 days: ~110GB (not 30 × 100GB)

Encryption Flow

Source files
  → Split into blocks (100KB default)
  → Deduplicate (skip unchanged blocks)
  → Compress (zip/7z)
  → Encrypt (AES-256 with your passphrase)
  → Upload to storage backend

Your passphrase never leaves your machine. Without it, the backup data is unreadable.

Email Notifications

Configure SMTP to receive:
✅ Backup completed successfully
❌ Backup failed with error details
⚠️ Backup completed with warnings
📊 Weekly backup summary report

Duplicati vs Alternatives

FAQ

Q: Is backup encryption secure? A: Yes. Duplicati uses AES-256 encryption — a military-grade standard. Keys are derived from your passphrase and never uploaded to the cloud. Even if the storage provider is breached, your data stays safe. Just make sure to store your passphrase securely — if you lose it, your backups are permanently unrecoverable.

Q: How fast are backups? A: The initial full backup depends on data volume and network bandwidth. Subsequent incremental backups only transfer changed blocks and usually finish within minutes. Run large backups during off-peak hours (e.g., overnight).

Q: Does it support backing up databases? A: Duplicati backs up at the filesystem level. For databases, dump first with pg_dump or mysqldump, then back up the exported files with Duplicati to ensure consistency.

Sources & Credits

• GitHub: duplicati/duplicati — 14.4K+ ⭐
• Website: duplicati.com