/restic-backup-docker

Primary LanguageMakefileApache License 2.0Apache-2.0

Restic Backup Docker Container

A docker container to automate restic backups

Build Status

This container runs restic backups in regular intervals.

  • Easy setup and maintanance
  • Support for different targets (currently: Local, NFS, SFTP)
  • Support restic mount inside the container to browse the backup files

Container: Cobrijani/restic-backup

Latest (experimental)

docker pull cobrijani/restic-backup

Latest rclone support (experimental)

docker pull cobrijani/restic-backup:rclone-latest

Please don't hesitate to report any issue you find. Thanks.

Test the container

Clone this repository

git clone https://github.com/Cobrijani/restic-backup-docker.git
cd restic-backup-docker

Build the container. The container is named backup-test

./build.sh

Run the container.

./run.sh

This will run the container backup-test with the name backup-test. Existing containers with that names are completly removed automatically.

The container will backup ~/test-data to a repository with password test at ~/test-repo every minute. The repository is initialized automatically by the container.

To enter your container execute

docker exec -ti backup-test /bin/sh

Now you can use restic as documented, e.g. try to run restic snapshots to list all your snapshots.

Logfiles

Logfiles are inside the container. If needed you can create volumes for them.

docker logs

Shows /var/log/cron.log

Additionally you can see the the full log, including restic output, of the last execution in /var/log/backup-last.log. When the backup fails the log is copied to /var/log/restic-error-last.log.

Customize the Container

The container is setup by setting environment variables and volumes.

Environment variables

  • RESTIC_REPOSITORY - the location of the restic repository. Default /mnt/restic. For S3: s3:https://s3.amazonaws.com/BUCKET_NAME
  • RESTIC_PASSWORD - the password for the restic repository. Will also be used for restic init during first start when the repository is not initialized.
  • RESTIC_TAG - Optional. To tag the images created by the container.
  • NFS_TARGET - Optional. If set the given NFS is mounted, i.e. mount -o nolock -v ${NFS_TARGET} /mnt/restic. RESTIC_REPOSITORY must remain it's default value!
  • BACKUP_CRON - A cron expression to run the backup. Note: cron daemon uses UTC time zone. Default: 0 */6 * * * aka every 6 hours.
  • RESTIC_FORGET_ARGS - Optional. Only if specified restic forget is run with the given arguments after each backup. Example value: -e "RESTIC_FORGET_ARGS=--prune --keep-last 10 --keep-hourly 24 --keep-daily 7 --keep-weekly 52 --keep-monthly 120 --keep-yearly 100"
  • RESTIC_JOB_ARGS - Optional. Allows to specify extra arguments to the back up job such as limiting bandwith with --limit-upload or excluding file masks with --exclude.
  • AWS_ACCESS_KEY_ID - Optional. When using restic with AWS S3 storage.
  • AWS_SECRET_ACCESS_KEY - Optional. When using restic with AWS S3 storage.

Volumes

  • /data - This is the data that gets backed up. Just mount it to wherever you want.

Set the hostname

Since restic saves the hostname with each snapshot and the hostname of a docker container is it's id you might want to customize this by setting the hostname of the container to another value.

Either by setting the environment variable HOSTNAME or with --hostname in the network settings

Backup to SFTP

Since restic needs a password less login to the SFTP server make sure you can do sftp user@host from inside the container. If you can do so from your host system, the easiest way is to just mount your .ssh folder conaining the authorized cert into the container by specifying -v ~/.ssh:/root/.ssh as argument for docker run.

Now you can simply specify the restic repository to be an SFTP repository.

-e "RESTIC_REPOSITORY=sftp:user@host:/tmp/backup"

Changelog

Versioning follows Semantic versioning