Backup & Recovery (GDPR)

This guide explains backup and recovery in plain language, based on the deployment stack (docker-compose.yml + mgob service).

Use this page to set up automatic backups, verify restore readiness, and document GDPR-relevant operational controls.

What Is Backed Up

1) MongoDB data (automatic, via mgob -> S3)

• The mgob service performs scheduled MongoDB backups.
• Backups are uploaded to an S3-compatible bucket (MGOB_S3_BUCKET).
• Retention is controlled by MGOB_RETENTION.

In docker-compose.yml, this is configured through environment variables such as:

• MGOB_CRON
• MGOB_RETENTION
• MGOB_S3_URL
• MGOB_S3_API
• MGOB_S3_BUCKET

2) Invoice PDFs (separate storage path)

• PDF files are generated by the worker service.
• Temporary cache is local and cleaned automatically.
• For durable retention, configure PDF Storage per organization in: Organization Settings -> Invoicing -> PDF Storage.
• Production best practice: store PDFs in a dedicated S3 bucket (or Azure/GCS) with your own retention policy.

MongoDB backups and PDF file storage are separate concerns. You should configure both.

How Automatic Backup Works

mgob runs as a dedicated backup container and executes this flow:

1. Triggers backup on the cron schedule from MGOB_CRON.
2. Creates a MongoDB archive for the configured target database.
3. Uploads backup artifacts to your S3-compatible storage.
4. Applies retention cleanup based on MGOB_RETENTION.
5. Exposes backup status/history through its local HTTP endpoints.

If MGOB_S3_* settings are not configured correctly, backups may still run locally but will not be stored in your remote bucket.

Required Backup Configuration

Set and verify these values before going live:

Also confirm:

• MongoDB TLS is enabled (MONGO_TLS_ENABLED=true).
• S3 credentials are provided through your secret mechanism.
• Bucket policies deny public access and enforce least privilege.
• Lifecycle/retention policy in object storage aligns with legal policy.

Suggested S3-Compatible Providers

Common choices:

• AWS S3
• Cloudflare R2
• Backblaze B2 (S3-compatible API)
• DigitalOcean Spaces
• MinIO (self-hosted, S3-compatible)

Use separate buckets (or strict prefix isolation) for:

• MongoDB backups
• Invoice/PDF object storage

GDPR Coverage and Limits

For most operators, GDPR backup readiness means these technical controls are in place:

• Availability: you can restore operational data after incidents.
• Integrity: backups are consistent and restorable.
• Confidentiality: backups are stored securely (S3 access controls + TLS).
• Data lifecycle control: retention and deletion are clearly defined.
• Resilience testing: restore drills are executed and documented.

[!IMPORTANT] This runbook helps implement key GDPR-relevant technical controls (for example, Article 32). Full GDPR compliance also requires legal, process, and organizational measures in your company (records of processing, legal basis, data subject workflows, contracts, and internal policies).

Recommended Configuration Checklist

1. Enable MongoDB TLS (MONGO_TLS_ENABLED=true, default in current deploy config).
2. Configure MGOB_S3_* variables and verify uploads succeed.
3. Set MGOB_CRON and MGOB_RETENTION to your policy requirements.
4. Configure per-organization PDF storage bucket in the Admin panel.
5. Run and verify one manual backup.
6. Test one restore in a non-production environment.
7. Run periodic restore drills and keep audit evidence (date, result, operator).

Manual Backup (On Demand)

From payment-gateway-deploy/docker-compose:

# Trigger backup immediately
docker compose exec mgob curl -sX POST http://localhost:8090/backup/backup

Check status:

docker compose exec mgob curl -s http://localhost:8090/status/backup

Inspect storage index:

docker compose exec mgob curl -s http://localhost:8090/storage

Check logs:

docker compose logs -f mgob

Manual Recovery (Beginner Runbook)

This runbook restores MongoDB from a backup archive.

Step 1: Put application in maintenance window

Stop write-heavy services first:

docker compose stop payment-gateway-admin-backend payment-gateway-main-backend payment-gateway-main-worker

You may also stop frontends/reverseproxy if you want a full outage window.

Step 2: Prepare backup archive locally

Download the archive from your S3 backup bucket to the host, for example:

/tmp/backup-2026-03-06.gz

Step 3: Copy archive into MongoDB container

docker compose cp /tmp/backup-2026-03-06.gz mongo:/tmp/restore.gz

Step 4: Run mongorestore

Load secrets in shell first:

set -a
source ../.env.secrets
set +a

PowerShell alternative:

Get-Content ../.env.secrets | ForEach-Object {
  if ($_ -match '^\s*([^#][^=]*)=(.*)$') {
    [System.Environment]::SetEnvironmentVariable($matches[1], $matches[2])
  }
}

Restore command:

docker compose exec mongo sh -lc 'mongorestore \
  --host localhost \
  --port 27017 \
  --username "$MONGO_INITDB_ROOT_USERNAME" \
  --password "$MONGO_INITDB_ROOT_PASSWORD" \
  --authenticationDatabase admin \
  --archive=/tmp/restore.gz \
  --gzip \
  --drop'

If MongoDB TLS is enabled in your deployment, add:

--tls --tlsCAFile /etc/ssl/mongodb/ca-cert.pem

Step 5: Start services again

docker compose start payment-gateway-admin-backend payment-gateway-main-backend payment-gateway-main-worker

Step 6: Verify

• Check health/status with docker compose ps.
• Verify login, transaction lookup, and invoice access in UI.
• Check backend logs for DB connection and query errors.

Operations Note

Managed/internal automation uses the same concepts (backup, list, restore), but customer-facing operations should rely on the public payment-gateway-deploy repository commands and runbooks.

Related Page

For data categories, encryption scope, and KMS support, see:

• Data Processing & Encryption