This is a wrapper extension for https://github.com/backup-manager/symfony.
⚠️ With the new backup command introduced in Contao 4.13, this bundle will not be maintained anymore. Please refer to https://docs.contao.org/manual/en/cli/db-backups.Upgrade path: Run
php vendor/bin/contao-console contao:backup:createinstead ofphp vendor/bin/contao-console backup-manager:backup contao local -c gzip --filename backup.sql.Upgrade path for using external storage:
- Install the Flysytem adapter of interest, e.g.,
composer require league/flysystem-sftp:^3.0.- Replace the backups storage in Contao as follows:
- Create a DI extension that implements the
ConfigureFilesystemInterface- Configure your extenal stoarge, e.g., SFTP storage:
public function configureFilesystem(FilesystemConfiguration $config): void { $config ->mountAdapter('sftp', [ 'host' => '%env(DB_STORAGE_HOST)%', 'port' => 22, 'username' => '%env(DB_STORAGE_USERNAME)%', 'password' => '%env(DB_STORAGE_PASSWORD)%', 'root' => '/db', 'timeout' => 10, ], 'backups', 'backups') ; }
- If you don't have an bundle nor extension, refer to https://docs.contao.org/dev/guides/modify-container-at-compile-time and replace the filesystem with
(new FilesystemConfig($container))->....Upgrade path for using encrypted external storage:
- Configure an additional middleware flysystem adapter similar to alextartan/flysystem-libsodium-adapter and use this filesystem as backup storage.
Via Composer
$ composer require richardhj/contao-backup-managerRun php vendor/bin/contao-console backup-manager:backup contao local -c gzip --filename backup.sql to create a backup
The dump will be saved within the /backups folder in the website root.
Run php vendor/bin/contao-console backup-manager:restore contao local backup.sql.gz -c gzip to restore from a backup.
The database dump will be searched within the /backups folder in the website root.
You can define external storage for the database dump to upload to. An external SFTP storage, AWS, or many more storages are available. Please consult the documentation of backup-manager or see the example in the section below.
You can encrypt the database dump before it is uploaded on external storage. The encrypted file will be decrypted on-the-fly on restore.
To use file encryption:
- Install
alextartan/flysystem-libsodium-adapter - Configure a
kernel.secret
Example configuration to write encrypted files on an external SFTP storage:
# /config/config.yml
contao_backup_manager:
storage:
hetzner_enc:
type: Encrypted
storage: hetzner
encryption_key: '%env(DB_ENCRYPTION_KEY)%'
hetzner:
type: Sftp
host: '%env(DB_STORAGE_HOST)%'
username: '%env(DB_STORAGE_USERNAME)%'
password: '%env(DB_STORAGE_PASSWORD)%'
port: 22
root: '/db'
timeout: 10# /.env.local
DB_STORAGE_HOST=storage.beispiel.de
DB_STORAGE_USERNAME=user
DB_STORAGE_PASSWORD=pass
DB_ENCRYPTION_KEY=aaabbbcccdddphp vendor/bin/contao-console backup-manager:backup contao hetzner_enc -c gzipThe filesystem utilizes libsodium's Poly1305 algorithm to
encrypt the files on-the-fly. The implementation is adopted from the official documentation. To check the implementation, check the source code. To encrypt the files, we use a "password" ('%env(DB_ENCRYPTION_KEY)%') and "salt" ('%env(kernel.secret)%') to derive a 32-byte encryption key from. The encryption key must not change in order to be able to decrypt the files. As we use the kernel secret for salting the encryption key, please make sure you have the kernel.secret defined in your parameters.yml.
Note: The files can only be encrypted with the same secret, but the kernel secret should be rotated from time to time, so this feature is not recommended for long data retention.
You can configure the data retention:
# /config/config.yml
contao_backup_manager:
purge:
max_days: 14
max_files: 4With this config, older files will be deleted automatically on the backup process.
Important: There must not be any other files in the configured backup folder, because the files get purged regardless of their file type.