Docker image that creates and streams a tar backup of a host volume to Amazon S3 storage.
- Lightweight: Based on the Alpine base image
- Fast: Backups are streamed directly to S3 with awscli
- Versatile: Can also be used with selfhosted S3-compatible services like minio
Run the automated build, specifying your AWS credentials, bucket name, and backup path.
docker run -it \
-e AWS_ACCESS_KEY_ID=ID \
-e AWS_SECRET_ACCESS_KEY=KEY \
-e BUCKET_NAME=backups \
-e BACKUP_NAME=backup \
-v /path/to/backup:/backup dokku/s3backupExample with different region, different S3 storage class, different signature version and call to S3-compatible service (different endpoint url)
docker run -it \
-e AWS_ACCESS_KEY_ID=ID \
-e AWS_SECRET_ACCESS_KEY=KEY \
-e AWS_DEFAULT_REGION=us-east-1 \
-e AWS_SIGNATURE_VERSION=s3v4 \
-e S3_STORAGE_CLASS=STANDARD_IA \
-e ENDPOINT_URL=https://YOURAPIURL \
-e BUCKET_NAME=backups \
-e BACKUP_NAME=backup \
-v /path/to/backup:/backup dokku/s3backupYou can optionally encrypt your backup using GnuPG. To do so, set ENCRYPTION_KEY. This would encrypt the backup with the passphrase "your_secret_passphrase". The cypher algorithm used is AES256.
docker run -it \
-e AWS_ACCESS_KEY_ID=ID \
-e AWS_SECRET_ACCESS_KEY=KEY \
-e BUCKET_NAME=backups \
-e BACKUP_NAME=backup \
-e ENCRYPTION_KEY=your_secret_passphrase
-v /path/to/backup:/backup dokku/s3backupYou can also use a GPG public key to encrypt the backup. To do so, set ENCRYPTION_KEY to the public key. This would encrypt the backup with the public key. The backup can only be decrypted with the corresponding private key, making it impossible to encrypt your data even if the backups and all the configuration files are compromised.
docker run -it \
-e AWS_ACCESS_KEY_ID=ID \
-e AWS_SECRET_ACCESS_KEY=KEY \
-e BUCKET_NAME=backups \
-e BACKUP_NAME=backup \
-e ENCRYPT_WITH_PUBLIC_KEY_ID=public_key_id \
-v /path/to/backup:/backup dokku/s3backupIn the above command, replace public_key_id with the ID (or, even better, the fingerprint) of your GPG public key. The
backup will be encrypted using this
public key and can only be decrypted with the corresponding private key. Please note that the public key must be
available on the keyserver specified by the KEYSERVER environment variable. By default, this is set
to hkp://keyserver.ubuntu.com and can be overridden by setting the KEYSERVER environment variable:
docker run -it \
-e AWS_ACCESS_KEY_ID=ID \
-e AWS_SECRET_ACCESS_KEY=KEY \
-e BUCKET_NAME=backups \
-e BACKUP_NAME=backup \
-e ENCRYPT_WITH_PUBLIC_KEY_ID=public_key_id \
-e KEYSERVER=hkp://pgp.mit.edu \
-v /path/to/backup:/backup dokku/s3backupFirst, build the image.
docker build -t s3backup .Then run the image, specifying your AWS credentials, bucket name, and backup path.
docker run -it \
-e AWS_ACCESS_KEY_ID=ID \
-e AWS_SECRET_ACCESS_KEY=KEY \
-e BUCKET_NAME=backups \
-e BACKUP_NAME=backup \
-v /path/to/backup:/backup s3backup
