I was looking for a simple and efficient backup solution that supports deduplication. Restic can do this and even more.
Restic is a modern backup tool that
- runs on all major platforms (Linux, Mac, Windows),
- has built-in support for various storage types (local filesystem, sftp, S3, Backblaze B2, REST, …),
- supports de-duplication and incremental backups,
- encrypts backups by default and
- is free to use and open source.
Restic is command line program and doesn’t bring a backup scheduler or agent with it. So if you want to use it for automated backups you have to run the restic command from within a script or program.
Local backups
In this guide I’ll show you how to do backups on your local file system to get an idea how Restic works. Local backups can be useful to restore accidentally deleted or modified files. But if you want to have a higher level of protection you should transfer your backups to a remote backup storage.
Initialising a repository
Before you can make backups with restic you have to create a repository where the backups will be stored in. We will create a ‘backup’ folder under root with the following structure.
- /etc/
- restic/ –> folder to store your repository password(s)
- /backup/
- restic/
- repos/ –> folder for multiple repositories
- repo1/
- repo2/
- repos/ –> folder for multiple repositories
- dumps/ –> you can use this folder for database dumps (for later backup)
- db1
- restic/
These are the steps to create a repository on your local filesystem:
# Create a config folder under /etc
$ sudo mkdir /etc/restic/
# Generate a random string and save it under /etc/restic/repo1.pw
# Write the password down and don't loose it otherwise you won't be able to read your files
$ openssl rand -base64 20 | sudo tee /etc/restic/repo1.pw
43R2tGRfMuy6ALbKIxQqyR2DSPk=
# Make sure only root can read the password
$ sudo chmod 400 /etc/restic/repo1.pw
# Create the backup folder structure
$ sudo mkdir -p /backup/restic/repos/repo1
# Initialise the repository
$ sudo restic init --repo /backup/restic/repos/repo1 --password-file /etc/restic/repo1.pw
created restic repository 732b575930 at /backup/restic/repos/repo1
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
Backing up data
Now we can backup data. In this example we will backup the folders /etc and /home. The command is as follows:
$ sudo restic backup --repo /backup/restic/repos/repo1 --password-file /etc/restic/repo1.pw /etc /home
repository ec8a5576 opened successfully, password is correct
created new cache in /root/.cache/restic
Files: 647 new, 0 changed, 0 unmodified
Dirs: 0 new, 0 changed, 0 unmodified
Added to the repo: 1.609 MiB
processed 647 files, 1.627 MiB in 0:00
snapshot 307b091a saved
You can also specify multiple folders or files to backup at once.
Listing snapshots
Use the ‘snapshots’ command to list the backups in the repository:
$ sudo restic snapshots --repo /backup/restic/repos/repo1 --password-file /etc/restic/repo1.pw
repository ec8a5576 opened successfully, password is correct
ID Time Host Tags Paths
-----------------------------------------------------------------------------
e410b74f 2021-01-23 22:23:06 vmi383635.contaboserver.net /etc
/home
0877add4 2021-01-23 22:36:52 vmi383635.contaboserver.net /etc
/home
ce38c56e 2021-01-23 22:45:28 vmi383635.contaboserver.net /etc
/home
-----------------------------------------------------------------------------
3 snapshots
Deleting snapshots
Using the forget command you can delete snapshots from the repository. This can either be done manually or based on rules that restic will take care of.
To manually delete a snapshot you can use “restic forget [snapshot id]“:
$ sudo restic forget --repo /backup/restic/repos/repo1 --password-file /etc/restic/repo1.pw e410b74f
repository ec8a5576 opened successfully, password is correct
removed snapshot e410b74f
To delete based on rules you would use the command as follows:
$ restic forget --repo /backup/restic/repos/repo1 --password-file /etc/restic/repo1.pw --keep-daily 14 --keep-weekly 10 --keep-monthly 6
The options ‘–keep-*’ specify how many of each backup types should be kept. The last backup will always be kept.
After deleting backups you have to prune the files so they are actually deleted from the disk.
$ restic prune --repo /backup/restic/repos/repo1 --password-file /etc/restic/repo1.pw
Alternatively you can use the option ‘–prune’ with the forget command so the space is immediately freed up.
Automating daily backups
Most likely you don’t want to run the backup commands by hand each and every day. With a short script you can have the backup run automatically by cron or systemd.
Restic can also read some options from environment variables which is good as it keeps the commands a bit shorter and easier to read. In the script below the location of the repository and password are specified in environment variables:
#!/bin/bash
# set the location of the repository and password
export RESTIC_REPOSITORY=/backup/restic/repos/repo1
export RESTIC_PASSWORD_FILE=/etc/restic/repo1.pw
# backup folders /etc and /home
restic backup /etc /home
# delete old backups
restic forget --keep-daily 14 --keep-weekly 10 --keep-monthly 6 --prune