Publish: 2019-11-02 | Modify: 2019-11-02
restic is a fast, efficient, and secure backup program. It supports three mainstream operating systems (Linux, macOS, Windows) and offers various backup methods, including local backup, SFTP, AWS S3, Backblaze B2, etc.
In a production environment, data is crucial for a company. Regularly backing up data is essential. Although some service providers offer paid/free backup services, they cannot guarantee absolute security. In necessary cases, we can store data elsewhere. Restic supports encrypted backup, incremental backup, snapshot rollback, etc., making it suitable for data backup.
This article records the entire process of using restic to back up data to another server (SFTP method) in a CentOS 7 environment to prevent everyone from encountering difficulties. (Reading this article requires a certain level of Linux operation and maintenance knowledge. It is not recommended for beginners to tinker with it).
Restic is developed using Golang and provides a convenient binary version. Here, we choose to install it in binary mode. The latest version can be downloaded from Github: https://github.com/restic/restic/releases
# Download restic
wget https://github.com/restic/restic/releases/download/v0.9.5/restic_0.9.5_linux_amd64.bz2
# Decompress
bzip2 -d restic_0.9.5_linux_amd64.bz2
# Rename
mv restic_0.9.5_linux_amd64 /usr/sbin/restic
# Grant execution permission
chmod +x /usr/sbin/restic
After these simple steps, the installation of restic is complete. If everything goes well, we can see the usage help by executing the command restic -h
.
[root@ali_sgp ~]# restic -h
restic is a backup program which allows saving multiple revisions of files and
directories in an encrypted repository stored on different backends.
Usage:
restic [command]
Available Commands:
backup Create a new backup of files and/or directories
cache Operate on local cache directories
cat Print internal objects to stdout
check Check the repository for errors
diff Show differences between two snapshots
dump Print a backed-up file to stdout
find Find a file, a directory or restic IDs
forget Remove snapshots from the repository
generate Generate manual pages and auto-completion files (bash, zsh)
help Help about any command
init Initialize a new repository
key Manage keys (passwords)
list List objects in the repository
ls List files in a snapshot
migrate Apply migrations
mount Mount the repository
prune Remove unneeded data from the repository
rebuild-index Build a new index file
recover Recover data from the repository
restore Extract the data from a snapshot
self-update Update the restic binary
snapshots List all snapshots
stats Scan the repository and show basic statistics
tag Modify tags on snapshots
unlock Remove locks other processes created
version Print version information
Flags:
--cacert file file to load root certificates from (default: use system certificates)
--cache-dir string set the cache directory. (default: use system default cache directory)
--cleanup-cache auto remove old cache directories
-h, --help help for restic
--json set output mode to JSON for commands that support it
--key-hint string key ID of key to try decrypting first (default: $RESTIC_KEY_HINT)
--limit-download int limits downloads to a maximum rate in KiB/s. (default: unlimited)
--limit-upload int limits uploads to a maximum rate in KiB/s. (default: unlimited)
--no-cache do not use a local cache
--no-lock do not lock the repo, this allows some operations on read-only repos
-o, --option key=value set extended option (key=value, can be specified multiple times)
--password-command string specify a shell command to obtain a password (default: $RESTIC_PASSWORD_COMMAND)
-p, --password-file string read the repository password from a file (default: $RESTIC_PASSWORD_FILE)
-q, --quiet do not output comprehensive progress report
-r, --repo string repository to backup to or restore from (default: $RESTIC_REPOSITORY)
--tls-client-cert string path to a file containing PEM encoded TLS client certificate and private key
-v, --verbose n be verbose (specify --verbose multiple times or level n)
Use "restic [command] --help" for more information about a command.
xiaoz chose to back up the current server data to another server via SFTP. Therefore, before operation, please refer to: Configure passwordless login on Linux to ensure that the current server can automatically log in to the other server without a password using keys. Assuming you have completed this step, we can now initialize restic.
# Initialize restic
$ restic -r sftp:user@host:/srv/restic-repo init
enter password for new backend:
enter password again:
created restic backend f1c6108821 at sftp:user@host:/srv/restic-repo
Please note that knowledge of your password is required to access the repository.
Losing your password means that your data is irrecoverably lost.
/srv/restic-repo
refers to the path on the other server.For more initialization instructions, please refer to the official documentation: Preparing a new repository
After initialization, we can use the following command to back up the data:
restic -r sftp:user@host:/data/aliyun_sgp --verbose backup /data/wwwroot --exclude=/data/wwwroot/default
/data/aliyun_sgp
: the directory on the remote server (target directory)./data/wwwroot
: the folder to be backed up (local folder)./data/wwwroot/default
: the folder to be excluded (directory that does not need to be backed up).Restic uses incremental backup. When backing up again, restic only backs up files that have been modified or added and creates a snapshot (restore point). The commonly used commands for snapshots are as follows:
View snapshots of the target folder
$ restic -r /srv/restic-repo snapshots
enter password for repository:
ID Date Host Tags Directory
----------------------------------------------------------------------
40dc1520 2015-05-08 21:38:30 kasimir /home/user/work
79766175 2015-05-08 21:40:19 kasimir /home/user/work
bdbd3439 2015-05-08 21:45:17 luigi /home/art
590c8fc8 2015-05-08 21:47:38 kazik /srv
9f0bc19e 2015-05-08 21:46:11 luigi /srv
Delete a specific snapshot
$ restic -r /srv/restic-repo forget bdbd3439
enter password for repository:
removed snapshot d3f01f63
Clean up snapshot reference data (After deleting a snapshot, the data will not be released. Therefore, you need to clean up the reference data).
restic -r /srv/restic-repo prune
Restore a snapshot
$ restic -r /srv/restic-repo restore 79766175 --target /tmp/restore-work
enter password for repository:
restoring <Snapshot of [/home/user/work] at 2015-05-08 21:40:19.884408621 +0200 CEST> to /tmp/restore-work
/srv/restic-repo
: the path to store the snapshots.79766175
: the ID of the snapshot./tmp/restore-work
: the target folder (where you want to restore to).When operating restic, it will prompt for a password every time. If you want to avoid entering the password each time, you can do the following:
# Create a file and store the restic password in it
vi /root/.restic.pw
# Set it as an environment variable
export RESTIC_PASSWORD_FILE=/root/.restic.pw
This way, the password will not be prompted the next time you back up data, and you can easily write Shell scripts.
Restic encrypts and backs up data, uses incremental backup, and supports various backup methods. It is an excellent choice for backing up server data. For more usage instructions, please refer to the official documentation.
I come from China and I am a freelancer. I specialize in Linux operations, PHP, Golang, and front-end development. I have developed open-source projects such as Zdir, ImgURL, CCAA, and OneNav.