Using restic to backup VPS data on CentOS 7
Publish: 2019-11-02 | Modify: 2019-11-02
restic is a fast, efficient, and secure backup program. It supports three mainstream operating systems (Linux, macOS, Windows) and offers various backup methods, including local backup, SFTP, AWS S3, Backblaze B2, etc.
In a production environment, data is crucial for a company. Regularly backing up data is essential. Although some service providers offer paid/free backup services, they cannot guarantee absolute security. In necessary cases, we can store data elsewhere. Restic supports encrypted backup, incremental backup, snapshot rollback, etc., making it suitable for data backup.
This article records the entire process of using restic to back up data to another server (SFTP method) in a CentOS 7 environment to prevent everyone from encountering difficulties. (Reading this article requires a certain level of Linux operation and maintenance knowledge. It is not recommended for beginners to tinker with it).
Installing restic
Restic is developed using Golang and provides a convenient binary version. Here, we choose to install it in binary mode. The latest version can be downloaded from Github: https://github.com/restic/restic/releases
# Download restic
wget https://github.com/restic/restic/releases/download/v0.9.5/restic_0.9.5_linux_amd64.bz2
# Decompress
bzip2 -d restic_0.9.5_linux_amd64.bz2
# Rename
mv restic_0.9.5_linux_amd64 /usr/sbin/restic
# Grant execution permission
chmod +x /usr/sbin/resticAfter these simple steps, the installation of restic is complete. If everything goes well, we can see the usage help by executing the command restic -h.
[root@ali_sgp ~]# restic -h
restic is a backup program which allows saving multiple revisions of files and
directories in an encrypted repository stored on different backends.
Usage:
restic [command]
Available Commands:
backup Create a new backup of files and/or directories
cache Operate on local cache directories
cat Print internal objects to stdout
check Check the repository for errors
diff Show differences between two snapshots
dump Print a backed-up file to stdout
find Find a file, a directory or restic IDs
forget Remove snapshots from the repository
generate Generate manual pages and auto-completion files (bash, zsh)
help Help about any command
init Initialize a new repository
key Manage keys (passwords)
list List objects in the repository
ls List files in a snapshot
migrate Apply migrations
mount Mount the repository
prune Remove unneeded data from the repository
rebuild-index Build a new index file
recover Recover data from the repository
restore Extract the data from a snapshot
self-update Update the restic binary
snapshots List all snapshots
stats Scan the repository and show basic statistics
tag Modify tags on snapshots
unlock Remove locks other processes created
version Print version information
Flags:
--cacert file file to load root certificates from (default: use system certificates)
--cache-dir string set the cache directory. (default: use system default cache directory)
--cleanup-cache auto remove old cache directories
-h, --help help for restic
--json set output mode to JSON for commands that support it
--key-hint string key ID of key to try decrypting first (default: $RESTIC_KEY_HINT)
--limit-download int limits downloads to a maximum rate in KiB/s. (default: unlimited)
--limit-upload int limits uploads to a maximum rate in KiB/s. (default: unlimited)
--no-cache do not use a local cache
--no-lock do not lock the repo, this allows some operations on read-only repos
-o, --option key=value set extended option (key=value, can be specified multiple times)
--password-command string specify a shell command to obtain a password (default: $RESTIC_PASSWORD_COMMAND)
-p, --password-file string read the repository password from a file (default: $RESTIC_PASSWORD_FILE)
-q, --quiet do not output comprehensive progress report
-r, --repo string repository to backup to or restore from (default: $RESTIC_REPOSITORY)
--tls-client-cert string path to a file containing PEM encoded TLS client certificate and private key
-v, --verbose n be verbose (specify --verbose multiple times or level n)
Use "restic [command] --help" for more information about a command.Initializing restic
xiaoz chose to back up the current server data to another server via SFTP. Therefore, before operation, please refer to: Configure passwordless login on Linux to ensure that the current server can automatically log in to the other server without a password using keys. Assuming you have completed this step, we can now initialize restic.
# Initialize restic
$ restic -r sftp:user@host:/srv/restic-repo init
enter password for new backend:
enter password again:
created restic backend f1c6108821 at sftp:user@host:/srv/restic-repo
Please note that knowledge of your password is required to access the repository.
Losing your password means that your data is irrecoverably lost.- When initializing, you will be prompted to enter the password twice. Please note that this password is used by restic to encrypt and decrypt data, not the server password. Please do not forget it. Once the password is forgotten, the data cannot be decrypted and will be lost.
/srv/restic-reporefers to the path on the other server.
For more initialization instructions, please refer to the official documentation: Preparing a new repository
Backing up data
After initialization, we can use the following command to back up the data:
restic -r sftp:user@host:/data/aliyun_sgp --verbose backup /data/wwwroot --exclude=/data/wwwroot/default/data/aliyun_sgp: the directory on the remote server (target directory)./data/wwwroot: the folder to be backed up (local folder)./data/wwwroot/default: the folder to be excluded (directory that does not need to be backed up).
Viewing and removing snapshots
Restic uses incremental backup. When backing up again, restic only backs up files that have been modified or added and creates a snapshot (restore point). The commonly used commands for snapshots are as follows:
View snapshots of the target folder
$ restic -r /srv/restic-repo snapshots
enter password for repository:
ID Date Host Tags Directory
----------------------------------------------------------------------
40dc1520 2015-05-08 21:38:30 kasimir /home/user/work
79766175 2015-05-08 21:40:19 kasimir /home/user/work
bdbd3439 2015-05-08 21:45:17 luigi /home/art
590c8fc8 2015-05-08 21:47:38 kazik /srv
9f0bc19e 2015-05-08 21:46:11 luigi /srvDelete a specific snapshot
$ restic -r /srv/restic-repo forget bdbd3439
enter password for repository:
removed snapshot d3f01f63Clean up snapshot reference data (After deleting a snapshot, the data will not be released. Therefore, you need to clean up the reference data).
restic -r /srv/restic-repo pruneRestore a snapshot
$ restic -r /srv/restic-repo restore 79766175 --target /tmp/restore-work
enter password for repository:
restoring <Snapshot of [/home/user/work] at 2015-05-08 21:40:19.884408621 +0200 CEST> to /tmp/restore-work/srv/restic-repo: the path to store the snapshots.79766175: the ID of the snapshot./tmp/restore-work: the target folder (where you want to restore to).
Passwordless operation
When operating restic, it will prompt for a password every time. If you want to avoid entering the password each time, you can do the following:
# Create a file and store the restic password in it
vi /root/.restic.pw
# Set it as an environment variable
export RESTIC_PASSWORD_FILE=/root/.restic.pwThis way, the password will not be prompted the next time you back up data, and you can easily write Shell scripts.
Finally
Restic encrypts and backs up data, uses incremental backup, and supports various backup methods. It is an excellent choice for backing up server data. For more usage instructions, please refer to the official documentation.
- Official documentation: Restic Documentation
- Restic project: https://github.com/restic/restic
Comments
xiaoz
I come from China and I am a freelancer. I specialize in Linux operations, PHP, Golang, and front-end development. I have developed open-source projects such as Zdir, ImgURL, CCAA, and OneNav.
Random article
- ProcessOn: A Free and User-friendly Mind Mapping/Flowchart Tool
- Double 11 Special: 4 Must-Have Efficient Tools on Mac Recommended
- Viewing Disk Current Read and Write Speeds Using iotop Command in Linux System
- UpCloud: Get $25 Sign-up Bonus, Choose from 8 Data Centers, Hourly Billing Supported
- Nginx using HTTP/2 and HTTPS benchmark testing
- IPinfo: An Integrated IP Address Lookup Tool with Multiple Interfaces
- What to do if Tencent's free enterprise email does not support custom domain login?
- Deploying Open Source Music Streaming Service Navidrome with Docker: Creating Your Own Cloud Music
- Simple Configuration of Nginx Reverse Proxy
- 2 Free and User-friendly Compression Software for Windows: 7-Zip & Bandizip