Restic is a fast and secure backup program, which have compatibility with multiple cloud providers.
Restic is an open source software distributed under the BSD-2-Clause License. All relevant legal information can be found here
If you want to backup files to a remote server, you should set up a bucket a or user first. Restic currently supports backup with:
We’re installing a compiled restic binary for a 64-bit machine, and making it executable with the following steps:
[isabell@stardust ~]$ wget https://github.com/restic/restic/releases/download/v0.12.0/restic_0.12.0_linux_amd64.bz2 [isabell@stardust ~]$ bzip2 -d restic_0.12.0_linux_amd64.bz2 [isabell@stardust ~]$ mv restic_0.12.0_linux_amd64 ~/bin/restic [isabell@stardust ~]$ chmod 700 ~/bin/restic [isabell@stardust ~]$
Now it’s time to get you login/API details from you remote server. This differs from service to service, but usually boils down to a key id (username) and a key (password).
The service or protocol used, needs to be specified, when communicating with a repository. Please read in the restic documentation: https://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html
Restic repositories are encrypted, and losing the password means losing access to all the files. So please save the password somewhere safe.
Here we’re initializing a repository on a Backblaze B2 bucket
[isabell@stardust ~]$ export B2_ACCOUNT_ID=<MY_APPLICATION_KEY_ID> [isabell@stardust ~]$ export B2_ACCOUNT_KEY=<MY_APPLICATION_KEY> [isabell@stardust ~]$ restic -r b2:bucketname:path/to/repo init enter password for new repository: enter password again: created restic repository eefee03bbd at b2:bucketname:path/to/repo Please note that knowledge of your password is required to access the repository. Losing your password means that your data is irrecoverably lost. [isabell@stardust ~]$
It is recommended to create a script to automate the backups. Please edit this template to fit your needs.
Remember to set the
B2_ACCOUNT_KEY and repository to your service, details on environment variables can be read here.
If you need to backup a folder but want to exclude some files from backup withing that folder, you can use the flag
--exclude-if-present='superSecretFile.txt' while calling restic. Be aware that this flag will create an error if the list of excluded files is empty.
#!/bin/bash # Restic API keys export B2_ACCOUNT_ID='[hidden]' export B2_ACCOUNT_KEY='[hidden]' export RESTIC_PASSWORD='[hidden]' # Print commands for debugging #set -x #Files to include/exclude FILES='/var/www/virtual/isabell/html/ /home/isabell/myImportantDocument.md' # Run restic backup restic -r b2:bucketname:path/to/repo backup $FILES #set +x # Stop printing # Remove restic details from current shell export -n B2_ACCOUNT_ID B2_ACCOUNT_KEY RESTIC_PASSWORD
Save the content into the file
~/resticBackup.sh and make executable
chmod +x ~/resticBackup.sh.
We do not want to login every day to backup our files. So a cronjob can be set up, to run the bash script at 00:05:00 (5 AM).
Insert the following into your crontab:
0 5 * * * sh $HOME/resticBackup.sh > $HOME/logs/restic-cron.log 2>&1
Make sure only your user account can run the script by changing file permissions
[isabell@stardust ~]$ chmod 700 ~/resticBackup.sh [isabell@stardust ~]$
You should use a strong password for the repository.
Another consideration is to find a solution to distribute the API keys and repository password. If you followed the guide, the details are in plaintext right now, but if someone (including root user) can read the bash script, they can possibly also read the files you are trying backing up.
Restic allows for creation of multiple keys. this can be done with
[isabell@stardust ~]$ restic -r /srv/restic-repo key add enter password for repository: enter password for new key: enter password again: saved new key as <Key of isabell@stardust, created on 2020-01-01 12:00:00.000000000 +0200 CEST> [isabell@stardust ~]$
Current keys can now be listed with
[isabell@stardust ~]$ restic -r /srv/restic-repo key list enter password for repository: ID User Host Created ---------------------------------------------------------------------- 5c657874 isabell stardust 2020-01-01 10:30:00 *eb78040b isabell stardust 2020-01-01 12:00:00 [isabell@stardust ~]$
Restoring from backup¶
Please follow the Restic documentation on how to restore the files
The binaries can be updated by using the
restic self-update command or by building from source again.
Tested with Restic 0.12.0, Uberspace 220.127.116.11Written by: Hafnium <firstname.lastname@example.org>