Automate Hubitat Backups to a Google Cloud Storage Bucket

So after learning that there is no automated system included in Hubitat to allow for backing up your config to an online service like Dropbox or Google Drive, I decided to do some developing in Google Cloud. I have 2 objectives it must meet, it needs to be automated and it needs to be offsite.

I started a new cloud project and did the following:

  • Setup a Google Cloud Storage Bucket
  • Setup a Google Cloud Function (this function gets executed when you hit it's URL)
  • Setup a Google Cloud Schedule. At 3am of every day it will hit a URL of the Google Cloud Function in the above step
  • Setup DynDNS to point to my home IP address and my home router auto updates it if my IP address changes

The Cloud Function is a Python script that will load a URL dump the file from it and then saves the file in my Google Cloud Storage Bucket. I am currently testing it with a test URL that is public. The script works perfect! I am hoping to use the URL of Hubitat (http://[HubIP]/hub/backupDB?fileName=latest) to get the latest backup file in this script now that it works. This means I will have to open my firewall to Google's Cloud Servers so that it can hit the backup URL, I figured this would be the easiest part! haha stupid....

To do this I need to have a DynDNS URL that points to my IP address at home. This way I can hard code the URL of my home address in the Cloud Function. That's not too hard to setup. The hard part is how do I open my firewall to only allow Google's IP address on port 80 and 443. I don't want the Hubitat's HTTP server exposed to the entire world, I want it exposed only to Google IPs. Does anyone else use Google Cloud Functions and knows how to white list Googles servers? Googles cloud is a beast and moves all around for high availability..

Next to this if the developers of Hubitat are reading this it would be super awesome if you could create a backup feature that you can set to run each night with an HTTP put command (the same as uploading a file using a form) This way you would set the URL that would receive the file each night. It would then not need to expose the Hubitat to the world at all and MUCH MUCH safer and secure!

EDIT: I will make a video that shows what I did for anyone that is interested to do the same once I figure out the last part..

1 Like

Interesting idea...:thinking:

Is there any way you could establish a VPN Client connection from the Google Cloud Server running your application to your home? Obviosuly, you would need a VPN Server running in your home. I have my Asus router handle this portion for me so I can access everything on my home network when on the road.

Hey, that has me thinking of another idea... What type of router are you running at home? If you're running something that allows third party firmware (like my Asus RT-AC86U running AsusWRT Merlin), then you should be able to run some sort of cron job, that could possibly grab the backup from the Hubitat Hub and then push it to your Google Drive.

Just an idea since I saw in the other thread that you're not running a 24x7 computer/server/NAS at home. But your router is a 24x7 computer... :wink:


Great idea I could setup a persistent connection from Google Cloud network to my VPN at home. I have almost the exact same router at home but it's now running stock, I was running Tomato firmware on it at one point.. I could get this to WRT fireware to set this up.. It would work for me but sucks I would like to make a way that anyone could use this that might not have the ability to do this.

My ASUS router allows you to specify an external IP on port forwarding. It would then only respond to something coming from that IP.

How would this be done in the router? I have an ASUS which can run the WRT.

Problem is its Google Cloud.. it never comes form the same IP address ever LOL kind of a problem and a good thing :slight_smile:

You would install the WRT firmware and then setup a VPN server on it so that it can respond to VPN requests

I run AsusWRT Merlin firmware on my router. Merlin does not support every Asus router, but most of the recent mid-to-high end routers are supported.

Both the stock Asus firmware, as well as Merlin's firmware, support running an OpenVPN server directly on the router. Lots of guides out these detailing this process. Getting it running on the router is fairly trivial, especially since Asus supports it natively these days. Getting the OpenVPN client running on your smart phone and/or laptop can be a little more 'fun' :wink:

The stock Asus firmware most likely does not allow you to SSH into the router and set up running custom code. That is where the AsusWRT Merlin firmware comes into play. I am not doing this myself as I do not have a need. However, plenty of other Merlin firmware users are running custom scripts on their routers for a variety of purposes. You could even probably store the Hubitat Hub backups to a USB attached drive on the Asus router itself.

I already have the VPN server set up. I was wondering how to set up the cron or scripting. But when you mentioned SSH my mind clicked in. Just didn't dawn on me before. Thanks.

1 Like

Most universal will be probably possibly uploading backup automatically to some ftp account. Specifically because you can setup some raspberry pi ftp on local network completely bypassing cloud solutions.

That's a good point. You don't really need a "disaster recovery" backup in the cloud do you? If the house burns down, you don't really need the Hubitat config anymore, do you?

haha very true... house burns down! Still a fun project to get going..

Yeah I would agree this would work best as a universal solution! I almost have mine hammered out. Just a few more tweaks.. Now its just a project of "I want to do it more than, I want it"


My backups get saved to my onedrive and are backed up and versioned in the cloud with everything else.

Seems like a lot of extra work if you already have a local platform.

I don't have a machine that is on 24/7 at home is why. Backups don't happen unless they are automated.

1 Like