This article is the first of a four part series describing my current backup system:
Restic is a backup utility written in Go with four major advantages:
Before diving into the specifics of how restic works and how to configure it, let me introduce you to some key elements of the architecture I need to backup.
There are four main devices I need to backup:
Along these, there are two devices I plan to use to store my backups:
The initial setup requires us to install restic on the device we want to backup and rest-server on the device that will store the backups. I will demonstrate how to do this with the use case NUC to NAS where I backup the NUC data to my NAS.
Installing the restic client on a Linux machine is fairly easy. In my case, my NUC runs Ubuntu server and I can install restic with a simple command.
sudo apt-get install restic
Check out the installation doc to see how to install restic for your use case.
Restic is able to backup to a local storage (another folder or a mounted USB), to Amazon S3, Minio Server, Backblaze B2, Azure, Google Cloud Storage, SFTP, etc. While the number of compatible solutions is impressive, I don't want to learn how Minio, B2, or GCS works to set up my backup solution.
That's why I chose to use restic's own solution: rest-server:
Rest Server is a high performance HTTP server that implements restic's REST backend API. It provides secure and efficient way to backup data remotely, using restic backup client via the rest: URL.
It is simple to use and compatible with restic out the box. You can run it in a docker container to simplify its usage.
docker run -p 8000:8000 -v /my/data:/data --name rest_server restic/rest-server
For my part, I have a QNAP NAS which has a terrible OS, so I had to download the qpkg package and install it. On the NAS, I modified the file
/opt/ResticServer/ResticServer.sh to start the restic server with my preferred options. Since my backup folder is named
Backup, I replaced every instance of
RestBackup (the orignal named configured in the script) to
I installed restic on the NUC and rest-server on the NAS. The rest-server is accessible throught the port
12000 and is configured to store everything in a folder called
Backup on my NAS. Let me throw in a picture to let you rest for a bit:
Now let's say I want to create a repository called
NUC. The command to use is:
restic -r rest:http://my-nas:12000/NUC init
Restic will ask to initialize a password and confirm it. And now I have a new folder
Backup/NUC which stores the restic repository.
I can use the
check command to verify that a repository exists and has no errors:
restic -r rest:http://my-nas:12000/NUC check enter password for repository: password is correct create exclusive lock for repository load indexes check all packs check snapshots, trees and blobs no errors were found
Backing up with restic is pretty easy. I use the
backup command while pointing at the repo where I want to store my backup. If I wish to backup the folder
~/work the command would be:
restic -r rest:http://my-nas:12000/NUC backup ~/work
It is that simple.
Of course there are other options: I can exclude or include files, I can backup data read directly from stdin (from a mysqldump for instance), I can tag my backups. The documentation is well written, there is no point in repeating it here.
If you need to backup a complete system you don't have to run restic as root to do so. The process is explained here. TL;DR: use
setcap cap_dac_read_search on the restic binary.
Everytime a backup is performed, restic creates a snapshot. To list the snapshots, I use the command
restic -r rest:http://my-nas:12000/NUC snapshots enter password for repository: password is correct ID Date Host Tags Directory ---------------------------------------------------------------------- ac8721ec 2020-06-01 20:18:16 my-desktop /home/myuser/Web ---------------------------------------------------------------------- 1 snapshots
I can then use the ID of the snapshots to perform other actions.
Backing up is great, but it serves no purpose if you can't restore your backups.
To restore a backup, you first need to choose which snapshot you want to restore.
For instance the ID of the snapshot I want to restore is
The command to restore it in the directory
restic -r rest:http://my-nas:12000/NUC restore ac8721ec --target /tmp/restore-web
latest to reference the last snapshot id.
restic provides other useful options such as
--include to restrict the restore to a subset of files.
But the most useful feature of restic must be the mount capability. With
mount you can browse a backup like a regular file system. This is done thanks to the
fuse kernel module. The following command mounts the backup with every snapshot in
restic -r rest:http://my-nas:12000/NUC mount /mnt/restic
Another useful command is
dump. It allows you to print the contents of a file to stdout:
restic -r rest:http://my-nas:12000/NUC dump latest --path /home/myuser/Web/db/users.sql > ~/users-restore.sql
If you ever need to change your password, you can use the following command:
restic -r rest:http://my-nas:12000/NUC key passwd
You can add a password with:
restic -r rest:http://my-nas:12000/NUC key add
You can also list keys with
key list and remove them with
We have already seen how to list snapshots.
You can use the
forget command to prune a snapshot by referencing it by its ID:
restic -r rest:http://my-nas:12000/NUC forget bdbd3439
I went through the basics of how to use restic. Now that this is done I can use this knowledge to create an automated backup workflow.
The idea is to create cron job running a shell script using the
restic backup commands seen earlier.
You can keep reading this series with part 2 : A backup monitoring system.