This is an all-purpose backup tool for your container environment.
BACKUP_BASE_URL
: Duplicity compatible URL to store the backup to.BACKUP_NAME
: Duplicity name for the backupPGP_ENCRYPT_KEY
: Username, email or GPG Key ID for backup encryption.
backup
: Backuprestore
: Restorestatus
: Show the status ofBACKUP_NAME
.full-status
: Show the status of all dupliticy backupsdf
: Show the free disk space on the SFTP hostinit
: Initialize the key, see belowshell
: Spawn a bash in the container
The script backups the container directory /data
. To backup specific volumes, just mount them below /data
using docker run --volume
.
Note: The directory /data/database
is reserved for database dumps.
To backup a mysql instance, provide these variables:
MYSQL_HOST
MYSQL_PORT
(default: 3306)MYSQL_USER
(default: root)MYSQL_PASSWORD
MYSQL_DATABASE
To backup a postgres instance, provide these variables:
POSTGRES_HOST
POSTGRES_PORT
(default: 5432)POSTGRES_USER
(default: postgres)POSTGRES_PASSWORD
POSTGRES_DATABASE
Databases will be dumped to /data/database
.
Mount a volume at /root/.gnupg
with the PGP keyring to decrypt and encrypt backups. If the key is protected with a passphrase, it's only required for the restore
command. It might be required for the commands status
andfull-status
if you didn't provide an /archive
mountpoint.
Mount a volume at /root/.ssh
with a proper SSH config
, known_hosts
and id_rsa
to log into your backup server. If the key is protected with a passphrase, you have to enter it for the backup
and restore
command.
The init
command provides a way to store keep the keys in a external repository. Mount a volume at /keys
, containing two directories:
/keys/backup-ssh
contains the SSH keys/keys/backup-gnupg
contains the GPG keyring
During init
, any passphrase will be removed from the SSH keys, and all files will be put in proper place at /root/.gnupg
and /root/.ssh
so you don't have to provide those directories as host mount.
In case you want to keep a local copy of the duplicity metadata archive, mount a volume at /archive
. If you don't provide this mount, dupliticy has to fetch and decrypt the metadata before every backup, which might require the private GPG key's passphrase.