console
Hafnium <haf@hafnium.me>
lang-go
file-storage
backup
sync
bash
Restic is a fast and secure backup program, which have compatibility with multiple cloud providers.
Note
For this guide you should be familiar with the basic concepts of
SSH <basics-ssh>
cronjobs <daemons-cron>
Restic is an open source software distributed under the BSD-2-Clause License. All relevant legal information can be found here
If you want to backup files to a remote server, you should set up a bucket a or user first. Restic currently supports backup with:
- Local directory
- sftp server (via SSH)
- HTTP REST server (protocol rest-server)
- AWS S3 (either from Amazon or using the Minio server)
- OpenStack Swift
- BackBlaze B2
- Microsoft Azure Blob Storage
- Google Cloud Storage
- And many other services via the rclone Backend
You can find and download the latest stable release versions of restic from the restic release page. SHA256 checksums and GPG signed files can also be found there.
We're installing a compiled restic binary for a 64-bit machine, and making it executable with the following steps:
[isabell@stardust ~]$ wget https://github.com/restic/restic/releases/download/v0.12.1/restic_0.12.1_linux_amd64.bz2
[isabell@stardust ~]$ bzip2 -d restic_0.12.1_linux_amd64.bz2
[isabell@stardust ~]$ mv restic_0.12.1_linux_amd64 ~/bin/restic
[isabell@stardust ~]$ chmod 700 ~/bin/restic
[isabell@stardust ~]$
Now it's time to get you login/API details from you remote server. This differs from service to service, but usually boils down to a key id (username) and a key (password).
Note
The service or protocol used, needs to be specified, when communicating with a repository. Please read in the restic documentation: https://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html
Warning
Restic repositories are encrypted, and losing the password means losing access to all the files. So please save the password somewhere safe.
Here we're initializing a repository on a Backblaze B2 bucket
[isabell@stardust ~]$ export B2_ACCOUNT_ID=<MY_APPLICATION_KEY_ID>
[isabell@stardust ~]$ export B2_ACCOUNT_KEY=<MY_APPLICATION_KEY>
[isabell@stardust ~]$ restic -r b2:bucketname:path/to/repo init
enter password for new repository:
enter password again:
created restic repository eefee03bbd at b2:bucketname:path/to/repo
Please note that knowledge of your password is required to access the repository.
Losing your password means that your data is irrecoverably lost.
[isabell@stardust ~]$
It is recommended to create a script to automate the backups. Please edit this template to fit your needs.
Note
Remember to set the B2_ACCOUNT_ID
, B2_ACCOUNT_KEY
and repository to your service, details on environment variables can be read here.
Tip
If you need to backup a folder but want to exclude some files from backup withing that folder, you can use the flag --exclude-if-present='superSecretFile.txt'
while calling restic. Be aware that this flag will create an error if the list of excluded files is empty.
#!/bin/bash
# Restic API keys
export B2_ACCOUNT_ID='[hidden]'
export B2_ACCOUNT_KEY='[hidden]'
export RESTIC_PASSWORD='[hidden]'
# Print commands for debugging
#set -x
#Files to include/exclude
FILES='/var/www/virtual/isabell/html/ /home/isabell/myImportantDocument.md'
# Run restic backup
~/bin/restic -r b2:bucketname:path/to/repo backup $FILES
#set +x # Stop printing
# Remove restic details from current shell
export -n B2_ACCOUNT_ID B2_ACCOUNT_KEY RESTIC_PASSWORD
Save the content into the file ~/resticBackup.sh
and make executable chmod +x ~/resticBackup.sh
.
We do not want to login every day to backup our files. So a cronjob can be set up, to run the bash script at 00:05:00 (5 AM).
Insert the following into your crontab <daemons-cron>
:
0 5 * * * sh $HOME/resticBackup.sh > $HOME/logs/restic-cron.log 2>&1
Make sure only your user account can run the script by changing file permissions
[isabell@stardust ~]$ chmod 700 ~/resticBackup.sh
[isabell@stardust ~]$
You should use a strong password for the repository.
Another consideration is to find a solution to distribute the API keys and repository password. If you followed the guide, the details are in plaintext right now, but if someone (including root user) can read the bash script, they can possibly also read the files you are trying backing up.
Restic allows for creation of multiple keys. this can be done with
[isabell@stardust ~]$ restic -r /srv/restic-repo key add
enter password for repository:
enter password for new key:
enter password again:
saved new key as <Key of isabell@stardust, created on 2020-01-01 12:00:00.000000000 +0200 CEST>
[isabell@stardust ~]$
Current keys can now be listed with
[isabell@stardust ~]$ restic -r /srv/restic-repo key list
enter password for repository:
ID User Host Created
----------------------------------------------------------------------
5c657874 isabell stardust 2020-01-01 10:30:00
*eb78040b isabell stardust 2020-01-01 12:00:00
[isabell@stardust ~]$
Please follow the Restic documentation on how to restore the files
Note
Releases can be followed on the Github repository: https://github.com/restic/restic/releases or with the update feed.
The binaries can be updated by using the restic self-update
command or by building from source again.
Tested with Restic 0.12.1, Uberspace 7.11.4