Restic is an open-source, secure, and efficient backup tool designed for simplicity and versatility. It is ideal for self-hosting because it gives users full control over their data, supports deduplication, and ensures encrypted backups by default. This guide will walk you through installing, configuring, and managing Restic in a self-hosted environment, covering its deployment via Docker, Nginx reverse proxy setup, logging and debugging, backup and restore workflows, and keeping the application up to date.
Installing Restic
π¦ Docker/Docker Compose Setup
Docker is one of the simplest ways to run Restic in a controlled environment. Below is a docker-compose.yml file to deploy Restic with persistent storage:
version: '3.8'
services:
restic:
image: restic/rest-server:latest
container_name: restic-server
environment:
- OPTIONS=--path /data --append-only
ports:
- "8000:8000"
volumes:
- ./data:/data
- ./config:/config
restart: unless-stopped
To deploy Restic using this file:
mkdir restic && cd restic
nano docker-compose.yml # Paste the above content
docker-compose up -d
This will start a Restic server on port 8000 and mount persistent data under the ./data directory. Adjust paths according to your needs.
π Manual Installation
You can install Restic directly on a Linux server using the following commands:
sudo apt update
sudo apt install -y curl
curl -L https://github.com/restic/restic/releases/download/v0.15.2/restic_0.15.2_linux_amd64 -o /usr/local/bin/restic
sudo chmod +x /usr/local/bin/restic
restic version # Verify the installation
This will install the Restic binary globally, making it accessible from the command line.
Configuring Nginx as a Reverse Proxy
π Nginx Configuration
If you're running Restic through Docker or directly, you can configure Nginx to expose it via a custom domain. Create an Nginx server block for Restic:
server {
listen 80;
server_name backup.example.com;
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Save it as /etc/nginx/sites-available/restic and enable it:
sudo ln -s /etc/nginx/sites-available/restic /etc/nginx/sites-enabled/
sudo nginx -t # Test the configuration
sudo systemctl reload nginx
π SSL/TLS Setup
Secure your Restic instance with Let's Encrypt SSL:
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d backup.example.com
This will automatically generate and configure SSL certificates for your domain.
π οΈ Testing and Reloading Nginx
After configuring Nginx, test your setup by navigating to https://backup.example.com. You can reload Nginx anytime using:
sudo systemctl reload nginx
Logging and Debugging Restic
ποΈ Enabling Debug Logs
To enable debug logs for Restic in a Docker setup, add the --verbose flag to the OPTIONS environment variable in your docker-compose.yml:
environment:
- OPTIONS=--path /data --append-only --verbose
Restart the container:
docker-compose down && docker-compose up -d
π Viewing Logs
If you're running Restic in Docker, view logs with:
docker logs restic-server --tail 100
For manual installations, logs can be redirected to a file:
restic backup /path/to/files > /var/log/restic.log 2>&1
π οΈ Troubleshooting Common Issues
For errors related to repository access, ensure correct permissions:
sudo chown -R $(whoami):$(whoami) /path/to/repository
You can also verify repository integrity:
restic check
π€ Exporting Logs
To export logs to the ELK stack, install and configure filebeat to forward /var/log/restic.log to Elasticsearch.
Backup and Restore
ποΈ File-Based Backups
Use the following command to back up a directory:
restic -r /backup/repo init # Initialize repository
restic -r /backup/repo backup /path/to/files
π Database Backups
To back up a MySQL database:
mysqldump -u root -p database_name > /tmp/db_backup.sql
restic -r /backup/repo backup /tmp/db_backup.sql
π Automated Backup Scripts
Automate periodic backups using cron:
crontab -e
Add the following line to schedule backups daily at midnight:
0 0 * * * /usr/local/bin/restic -r /backup/repo backup /path/to/files
Updating and Upgrading Restic
β¬οΈ Updating Docker Images
To update Restic in Docker:
docker-compose pull
docker-compose down && docker-compose up -d
π οΈ Manual Updates
For manual installations, simply download the updated binary:
curl -L https://github.com/restic/restic/releases/download/v0.15.2/restic_0.15.2_linux_amd64 -o /usr/local/bin/restic
sudo chmod +x /usr/local/bin/restic
π Checking for Updates
To check for the latest version, visit Resticβs GitHub releases page:
curl -s https://api.github.com/repos/restic/restic/releases/latest | grep tag_name
Leveraging Resticβs Unique Features
π§ Enabling APIs
To enable the Restic HTTP API for remote backups, modify the OPTIONS in the Docker setup:
environment:
- OPTIONS=--path /data --append-only --private-repos --listen :8000
Restart the container and use tools like curl to interact with it:
curl -u user:pass http://localhost:8000/config
π Advanced Configurations
Leverage Resticβs ability to back up to cloud storage by setting repository URLs. For example, back up to AWS S3:
AWS_ACCESS_KEY_ID=your_key AWS_SECRET_ACCESS_KEY=your_secret \
restic -r s3:s3.amazonaws.com/your-bucket-name backup /path/to/files
Wrapping Up
Restic is a powerful, flexible, and secure backup solution, perfect for self-hosted environments. By following this guide, you can deploy, configure, and manage Restic to meet your specific needs. With its robust feature set and focus on encryption and deduplication, Restic ensures that your data is both safe and optimized for storage efficiency. Start implementing these workflows today to fully harness Resticβs capabilities!
