This image is based my own Alpine Linux base image.
This image contains :
This image runs a backup every night (between midnight and 7 AM) on all the containers running on the host. For each container, the script will backup the followin parts (depending of the container labels) :
- The volumes specified by the label
napnap75.backup.volumes
- The directories specified by the label
napnap75.backup.dirs
- The databases specified by the label
napnap75.backup.databases
(must be a MySQL/MariaDB database)
- Map the root directory of your host with the
/root_fs
folder in the container (this will allow the script to access the files to backup). - Map the Docker socket inside the container (this will allow the script to discover automatically the containers and list the things to backup).
- Set the
RESTIC_PASSWORD
environment variable to the name of a file containing the password used by Restic to protect the repository. I advise to make this password available through Docker Swarm secrets. - Set the
RESTIC_REPOSITORY
environment variable to the description of the repository (see below).
- Map the directory where you want to store your backups in the container.
- Set
RESTIC_REPOSITORY
environment variable to the path (inside the container) of this directory.
- Set the
RESTIC_REPOSITORY
environment variable to the formsftp:%USERNAME_ON_THE_REMOTE_HOST%@%NAME_OFF_THE_REMOTE_HOST%:%DIRECTORY_WHERE_TO_BACKUP_ON_THE_REMOTE_HOST%
. - Set the
SFTP_HOST
environment variable to the name of the remote host. - Set the
SFTP_KEY
environment variable to the name of a file containing the SSH key that will be used to connect to the remote host. I advise to make this key available through Docker Swarm secrets. - If it's not 22, set the
SFTP_PORT
environment variable to the SSH port number on the remote host.
- Set the
RESTIC_REPOSITORY
environment variable to the forms3:%URL_OF_YOUR_S3_BUCKET%
. - Set the
AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
variables to your access and secret key (these values could be the name of a file on the disk containing the secret, especially to use with Docker Swarm secrets).
On your other containers (because the Docker socket is mounted on the backup container, the script will be able to read it directly), add the following labels to tell what to backup :
napnap75.backup.dirs=%DIRECTORY_ON_THE_HOST%, %ANOTHER_DIRECTORY%
to backup directories from the Docker hostnapnap75.backup.volumes=%VOLUME_NAME%, %ANOTHER_VOLUME%
to backup Docker volumesnapnap75.backup.databases=%DATABASE_NAME%, %ANOTHER_DATABASE%
to backup MySQL/MariaDB databases (the environment variable MYSQL_ROOT_PASSWORD must be set with the root password on localhost or the root user must have no password on localhost)
- The script is able to post a message to a Slack webhook when a backup is finished or failed. Add the
SLACK_URL
environment variable with the URL of your Slack webhook. - The script is able to store the results of the backup to a InfluxDB database. Add the
INFLUXDB_URL
environment variable with the URL of your database.
If you want to troubleshoot or manage your backups, run docker exec -it %NAME_OF_YOUR_CONTAINER% bash
with a running container and use the restic
command (see https://restic.readthedocs.io/en/stable/manual.html) :
- In case of a problem with the repository use
restic check
,restic prune
orrestic rebuild-index
. - To reduce the size of the repository use
restic forget --prune
. - To restore some backup use
restic restore
.
- Run the backup script container :
docker run -v /home/backup:/restic_repo -e "RESTIC_REPOSITORY=/restic_repo" -v /home/backup/password:/restic_pass -e "RESTIC_PASSWORD=/restic_pass" -v /var/run/docker.sock:/var/run/docker.sock:ro -v /:/root_fs:ro napnap75/rpi-docker-backup:latest
- Run a Transmission container and tell the backup script to backup its home directory :
docker run -v /home/transmission:/home -v /home/media:/media --label "napnap75.backup.dirs=/home/transmission" napnap75/rpi-transmission:latest
- Same with a volume :
docker run -v transmission_home:/home -v /home/media:/media --label "napnap75.backup.volumes=transmission_home" napnap75/rpi-transmission:latest
- Run a MariaDB container and tell the backup script to backup the mysql database :
docker run -e "MYSQL_ROOT_PASSWORD=my-secret-pw" --label "napnap75.backup.databases=mysql" -d mariadb
This stack file will run one backup instance on each node of the swarm and backup the configuration volume of the portainer container.
version: "3.1"
services :
portainer:
image: portainer/portainer:linux-arm
ports:
- 9000:9000
volumes:
- portainer_data:/data
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "napnap75.backup.volumes=portainer_data"
deploy:
placement:
constraints: [node.role == manager]
docker-backup:
image: napnap75/rpi-docker-backup:latest
volumes:
- /:/root_fs:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- SFTP_HOST=myhost.com
- SFTP_PORT=22
- SFTP_KEY=/run/secrets/private.key
- RESTIC_PASSWORD=/run/secrets/restic.password
- RESTIC_REPOSITORY=sftp:myuser@myhost.com:restic
- SLACK_URL=https://hooks.slack.com/services/ABCDE/FGHIJ/KLMNOPQRSTUVWXYZ
- INFLUXDB_URL=http://192.168.1.1:8086/write?db=supervision
secrets:
- private.key
- restic.password
deploy:
mode: global
secrets:
private.key:
external: true
restic.password:
external: true
volumes:
portainer_data: