Introduction
In this tutorial you will learn how to set up a basic Restic Docker and back up your data to a Hetzner Storage Box.
Prerequisites
- Docker is already installed on your local device
- A Hetzner Storage Box
Step 1 - Create SSH key
See Hetzner docs
Run this command on your local device to create a new SSH key:
ssh-keygen -f resticPress Enter when asked for the passphrase. It means an empty passphrase.
Move the newly generated key is in the ~/.ssh directory.
mv restic $HOME/.ssh/
mv restic.pub $HOME/.ssh/Make sure your Storage Box has "External Reachability" and "SSH Support" enabled. Sync the SSH key to your Storage Box.
ssh-copy-id -p 23 -i $HOME/.ssh/restic.pub -s uXXXXX@uXXXXX.your-storagebox.deYou can validate your SSH key with the SSH command.
If you can execute it and log in without providing a password, your SSH key was added correctly.
ssh -p 23 -i $HOME/.ssh/restic uXXXXX@uXXXXX.your-storagebox.deStep 2 - Add SSH connection in config file
Add ~/.ssh/config with the following content:
Host restic
Hostname uXXXXX.your-storagebox.de
Port 23
User uXXXXX
IdentityFile /root/.ssh/restic| Description | |
|---|---|
| Host | Alias for your conf (See secret file below) |
| Hostname | Your Storage Box URL |
| User | Your SSH user |
| IdentityFile | Your private key location in the Docker container |
Now set the permissions for this file. Since this file is used by root within the Docker container, root should be the owner:
chmod 600 $HOME/.ssh/config
sudo chown root:root $HOME/.ssh/configStep 3 - Create files and directories
You will need to following files and directories:
$HOME/.ssh
$HOME/restic/.env
$HOME/restic/cache
$HOME/restic/backup/1
$HOME/restic/backup/nThe .ssh directory should already exist. Create the other files:
mkdir -p $HOME/restic/cache $HOME/restic/backup/1 $HOME/restic/backup/n
touch $HOME/restic/.env
echo "Content of file 1" > $HOME/restic/backup/1/file-1
echo "Content of file 2" > $HOME/restic/backup/n/file-2Step 4 - Create an .env file
In $HOME/restic/.env, add:
Replace
your-pw-for-file-encryptionwith a password of your choice. This is used to encrypt the backup. When you restore a backup, you need the same password to decrypt the data.
RESTIC_REPOSITORY=sftp:restic:./backup
RESTIC_PASSWORD=your-pw-for-file-encryptionStep 5 - Run Docker
Init repository command:
docker run --rm --hostname restic -ti \
--env-file $HOME/restic/.env \
-v $HOME/.ssh:/root/.ssh \
-v $HOME/restic/cache:/root/.cache/restic \
restic/restic initOn your Storage Box, you should now see the new directory backup
Backup command for back up all folders under /data:
docker run --rm --hostname restic -ti \
--env-file $HOME/restic/.env \
-v $HOME/.ssh:/root/.ssh \
-v $HOME/restic/cache:/root/.cache/restic \
-v $HOME/restic/backup/1:/data/1:ro \
-v $HOME/restic/backup/n:/data/n:ro \
restic/restic backup /dataIn /data/1:ro, the ro stands for read-only.
You should see the backup on your Storage Box in backup/snapshots.
Step 6 - Restore a backup
First, create a new directory for the restored data:
mkdir $HOME/restic/restoredWhen you restore the content, make sure you use the same .env that you also used for backup. To decrypt the data, you need the same restic password that was used for encryption.
Now use Docker to view available backups:
docker run --rm --hostname restic -ti \
--env-file $HOME/restic/.env \
-v $HOME/.ssh:/root/.ssh \
restic/restic snapshotsPick the ID of one of those backups and restore it:
Replace
<id>with the actual ID of your backup.
docker run --rm --hostname restic -ti \
--env-file $HOME/restic/.env \
-v $HOME/.ssh:/root/.ssh \
-v $HOME/restic/restored:/restore \
restic/restic restore <id> --target /restoreVerify the content:
cat $HOME/restic/restored/data/1/file-1
cat $HOME/restic/restored/data/n/file-2Conclusion
You now know how to set up a basic Restic Docker to backup your data to the Storage Box.