A docker container to automate restic backups
This container runs restic backups in regular intervals.
- Easy setup and maintanance
- Support for different targets (currently: Local, NFS, SFTP)
- Support
restic mount
inside the container to browse the backup files
Container: Cobrijani/restic-backup
Latest (experimental)
docker pull cobrijani/restic-backup
Latest rclone support (experimental)
docker pull cobrijani/restic-backup:rclone-latest
Please don't hesitate to report any issue you find. Thanks.
Clone this repository
git clone https://github.com/Cobrijani/restic-backup-docker.git
cd restic-backup-docker
Build the container. The container is named backup-test
./build.sh
Run the container.
./run.sh
This will run the container backup-test
with the name backup-test
. Existing containers with that names are completly removed automatically.
The container will backup ~/test-data
to a repository with password test
at ~/test-repo
every minute. The repository is initialized automatically by the container.
To enter your container execute
docker exec -ti backup-test /bin/sh
Now you can use restic as documented, e.g. try to run restic snapshots
to list all your snapshots.
Logfiles are inside the container. If needed you can create volumes for them.
docker logs
Shows /var/log/cron.log
Additionally you can see the the full log, including restic output, of the last execution in /var/log/backup-last.log
. When the backup fails the log is copied to /var/log/restic-error-last.log
.
The container is setup by setting environment variables and volumes.
RESTIC_REPOSITORY
- the location of the restic repository. Default/mnt/restic
. For S3:s3:https://s3.amazonaws.com/BUCKET_NAME
RESTIC_PASSWORD
- the password for the restic repository. Will also be used for restic init during first start when the repository is not initialized.RESTIC_TAG
- Optional. To tag the images created by the container.NFS_TARGET
- Optional. If set the given NFS is mounted, i.e.mount -o nolock -v ${NFS_TARGET} /mnt/restic
.RESTIC_REPOSITORY
must remain it's default value!BACKUP_CRON
- A cron expression to run the backup. Note: cron daemon uses UTC time zone. Default:0 */6 * * *
aka every 6 hours.RESTIC_FORGET_ARGS
- Optional. Only if specifiedrestic forget
is run with the given arguments after each backup. Example value:-e "RESTIC_FORGET_ARGS=--prune --keep-last 10 --keep-hourly 24 --keep-daily 7 --keep-weekly 52 --keep-monthly 120 --keep-yearly 100"
RESTIC_JOB_ARGS
- Optional. Allows to specify extra arguments to the back up job such as limiting bandwith with--limit-upload
or excluding file masks with--exclude
.AWS_ACCESS_KEY_ID
- Optional. When using restic with AWS S3 storage.AWS_SECRET_ACCESS_KEY
- Optional. When using restic with AWS S3 storage.
/data
- This is the data that gets backed up. Just mount it to wherever you want.
Since restic saves the hostname with each snapshot and the hostname of a docker container is it's id you might want to customize this by setting the hostname of the container to another value.
Either by setting the environment variable HOSTNAME
or with --hostname
in the network settings
Since restic needs a password less login to the SFTP server make sure you can do sftp user@host
from inside the container. If you can do so from your host system, the easiest way is to just mount your .ssh
folder conaining the authorized cert into the container by specifying -v ~/.ssh:/root/.ssh
as argument for docker run
.
Now you can simply specify the restic repository to be an SFTP repository.
-e "RESTIC_REPOSITORY=sftp:user@host:/tmp/backup"
Versioning follows Semantic versioning