Backup to Microsoft OneDrive with Synology’s Hyper Backup

With Microsoft offering 1 TB of OneDrive cloud storage in it’s Office 365 subscription, it would be nice if that storage could be used to backup data from a Synology NAS. Unfortunately, Synology’s own backup solution for DSM, Hyper Backup, does not offer to use OneDrive as a backup destination. So here is my solution to this for those who can run Docker on their Synology NAS.

Update: For OneDrive for Business (SharePoint), see Backup to Microsoft OneDrive for Business (SharePoint) with Synology’s Hyper Backup.

tl;dr Run the basic-to-passport-auth-http-proxy Docker image and configure a WebDAV backup destination in Hyper Backup.

While not offering OneDrive as backup destination, Hyper Backup does offer to configure a WebDAV server as backup destination. OneDrive on the other hand can be accessed via WebDAV. The problem is, that the OneDrive WebDAV API requires authentication with the Passport Server Side Include (SSI) Version 1.4 Protocol, while Hyper Backup’s WebDAV client only supports HTTP Basic authentication and NTLM authentication.

One solution to this is to set up a proxy server that translates all authentication related information from Basic authentication to Passport authentication (and vice versa) and forwards all other information unchanged. For this purpose I wrote the basic-to-passport-auth-http-proxy server.

Installing the proxy server

The first step is to install and configure the proxy server. As the communication between Hyper Backup and the proxy server is not encrypted, their connection should run over a trusted network, e.g. the loopback device (localhost) when installed on the same machine. It is not advisable to install the server on a public VPS or similar without additional security measures. The easiest way to run the basic-to-passport-auth-http-proxy server on a Synology NAS is to use the Docker image published on Docker Hub:

  • Make sure the Docker package is installed on the NAS. If not, you can find it in the DSM Package Center. Unfortunately, it is not available for all Synology devices. (*)
  • Open the Docker app in DSM, choose Registry, ensure you have selected Docker Hub in the Registry Settings and search for skleeschulte. Download skleeschulte/basic-to-passport-auth-http-proxy (select the highest version tag when prompted).
  • Navigate to Image and launch the image you just downloaded. In the Advanced Settings, change the following:
    Advanced Settings: Check Enable auto-restart
    Port Settings: Change Local Port to 3000
    Environment: Add a variable named PROXY_TARGET with the value https://d.docs.live.net/
    Then hit Apply and finish the Create Container dialog.
  • Navigate to Container, open the details of the newly created container and check the log. It should show something like proxy:info Proxy server listening: { address: '::', family: 'IPv6', port: 3000 } and no errors.

(*) If your NAS does not allow to run Docker images, you could install Node.js directly on your NAS and run the proxy server there, or you could install it on a different machine, e.g. a Raspberry Pi connected to your local network. Instructions for running the server directly with Node.js can be found in the README file in the GitHub repository.

Getting the OneDrive CID

To connect to OneDrive over WebDAV, in addition to the username and password, a character string called CID is needed. The CID can be obtained in one of the following ways:

  • With your web-browser, navigate to https://www.onedrive.com/ and log in to OneDrive. When the browser has finished loading the OneDrive interface, the address bar should show something like https://onedrive.live.com/?id=root&cid=ABCDEFG123456789. Here, ABCDEFG123456789 is your CID. (It is the part after cid= up to the next & sign, if there is one.)
  • Alternatively, if you have the OneDrive client installed on Windows, you can find the CID in Windows‘ Credential Manager: Under Windows Credentials, locate OneDrive Cached Credential – the username is the CID.

The CID is case-insensitive.

Configuring Hyper Backup

Now that the proxy server is up and running and you know your CID, Hyper Backup can be configured to connect to OneDrive over the proxy server:

  • In Hyper Backup, create a new Data backup task, choose WebDAV as the backup destination and hit Next.
  • Enter the following Backup Destination Settings:
    Server address: localhost:3000/ONEDRIVE_CID (replace ONEDRIVE_CID with your CID)
    Username: your OneDrive username (= email address)
    Password: your OneDrive password (if you have two-step verification enabled for your account, you need to generate an app password and use that instead)
  • When you now open the Folder drop-down, you should be presented with a list of the folders in your OneDrive.
  • The rest of the configuration is up to you.

Data recovery

If one day you need to recover data from your backup without the proxy server, you can do so by accessing the backup files directly with Synology’s Hyper Backup Explorer, e.g. with the Windows OneDrive client or after downloading them from the OneDrive webinterface.

Resource consumption

My NAS model is a DS218+ with an Intel Celeron J3355 (2x 2 GHz) and 2 GB RAM. The Docker container idles around 0.1% CPU usage and 60 MB of RAM. The image takes up 90 MB of storage space.

While a backup is running, CPU Usage of the container stays unchanged while RAM usage goes up to 80 to 130 MB.

Disclaimer

Although successfully completing a number of tests, the basic-to-passport-auth-http-proxy server is not extensively field-tested yet. Use it at your own risk. If you observe any problems, please create a new issue at the GitHub project page. If you run your own tests, please share the results (e.g. comment here or create an issue on GitHub).

Happy backuping!

4 Gedanken zu „Backup to Microsoft OneDrive with Synology’s Hyper Backup

  1. This doesn’t seem to work with some Office 365 subscriptions that have a different onedrive implementation: After signing in on the Web, it takes me to my.sharepoint.com/personal/… and there I have my onedrive space, no CID in the URL. I could get the username from the credential store, but it’s much longer than the CID and when trying to connect with HyperBackup it gives me an Authentication failure.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

 

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.