Are you looking for an easy way to store an encrypted copy of your important data on another server, for example your friend's NAS? If so, this docker image is for you.
On the server side, create a new directory with a docker-compose.yaml
file with the following content (or add it to an existing file):
version: '2'
services:
backup_server:
image: derkades/webdav
ports: ['8080:80']
volumes: ['./data:/data']
environment:
USERNAME: user
PASSWORD: password
restart: unless-stopped
Change the outside port if needed, and of course the data storage location, username and password.
Run docker-compose up -d
in the same directory to start the server. Because restart: unless-stopped
is set, the service will automatically start at boot. Use docker-compose rm -sf
to stop and remove the service. To check if it is working, you can visit the address in a web browser.
Create a new directory with a docker-compose.yaml
file with the following content.
version: '2'
services:
cryptclone:
image: derkades/cryptclone
command: sync
volumes:
- '/home/user/Documents:/data/documents:ro'
- '/home/user/Downloads:/data/downloads:ro'
- '/opt/ImportantProgram/data:/data/important-program:ro'
- '/opt/Application:/data/application:ro'
environment:
REMOTE_URL: http://123.45.67.89:80
REMOTE_USER: user
REMOTE_PASS: password
ENCRYPT_PASS: verysecretpassword
- Add as many volumes as you want to the volumes section. I recommend adding the
:ro
(read only) suffix, so you can be sure that the random docker container you are using doesn't destroy your files. - Make sure to store your encryption password carefully! If you lose this, you will lose your backups as well.
- To start a backup, run
docker-compose up -d cryptclone
. Useup
instead ofrun
so there can only be one instance of the container running at once.
version: '2'
services:
restore:
image: derkades/cryptclone
command: restore
volumes:
- '/mnt/restore:/data'
environment:
REMOTE_URL: http://123.45.67.89:80
REMOTE_USER: user
REMOTE_PASS: password
ENCRYPT_PASS: verysecretpassword
docker-compose run --rm restore
- To only restore a specific directory (for example
/data/documents/2019
) setRESTORE_DIR="documents/2019"
This mode is used by default. In this mode, the container will print a line to the log with progress every minute:
2020/05/23 17:51:56 NOTICE: 354.781M / 5.068 GBytes, 7%, 470.319 kBytes/s, ETA 2h55m27s (xfr#270/345)
2020/05/23 17:52:56 NOTICE: 380.398M / 5.068 GBytes, 7%, 467.932 kBytes/s, ETA 2h55m24s (xfr#295/347)
2020/05/23 17:53:56 NOTICE: 409.704M / 5.090 GBytes, 8%, 470.099 kBytes/s, ETA 2h54m21s (xfr#320/352)
Follow the logs using docker-compose logs -f cryptclone
If you want more detailed live progress information, you can choose to use interactive mode. You will need to make some changes to your compose file:
- Add
tty: 'true'
to run the container in interactive mode - Set environment variable
INTERACTIVE_PROGRESS=true
- Set a container name using
container_name: 'something'
You can now monitor progress using docker attach <container name>
while the container is running. It will look something like this:
Transferred: 39.739M / 44.633 MBytes, 89%, 299.512 kBytes/s, ETA 16s
Checks: 21341 / 21341, 100%
Transferred: 32 / 34, 94%
Elapsed time: 2m15.8s
Transferring:
* grafana/grafana.db: 87% /2.582M, 471.446 kBytes/s, -
* pictures/cool-photo.jpg: 15% /2.312M, 274.348 kBytes/s, -
Create a new file in your cron directory (probably in /etc/cron.d
). For daily at 2AM:
0 2 * * * root docker rm cryptclone; docker-compose -f /path/to/docker-compose.yaml up cryptclone
This uses rm; up
rather than run --rm
so there can never be more than one instance of the container. If a backup job is still running when the cron job runs the existing job will continue and no new job will be started.
Make sure the cron file has a newline at the end! Feel free to customize the time, when doing so, an online schedule preview tool may be useful.
Set bandwidth limit. For scheduling, set a whitespace separated list of times with speeds in kilobytes/s. (note that internet speed is usually measured in bits instead of bytes per second, 8 times larger!)
BWLIMIT: '512' # Limit to 4 Mb/s
BWLIMIT: '2M' # Limit to 16 Mb/s
BWLIMIT: '06:00,512 01:00,1M' # 4 Mb/s during the day, 8Mb/s after 1AM
BWLIMIT: 'Mon-00:00,512 Fri-23:59,off Sat-09:00,1M Sun-20:00,off"
For more info, see the rclone documentation.
Use RCLONE_OPTIONS
to pass command line options to rclone:
environment:
RCLONE_OPTIONS: '--transfers 2 --order-by size,asc --local-no-check-updated --checkers 10 --exclude some/directory/**'
Ping healthchecks system if backup successfully completed
environment:
HEALTHCHECKS_URL: 'https://healthchecks.derkad.es/ping/23123e2c-c405-4c3d-8321-292fd5f828d2'
- If you are getting
401 Unauthorized
errors and you are sure the username/password is correct, set a shorter password. I haven't looked into this, but apparently either nginx, htpasswd or rclone seems to have issues with long passwords. - If you are getting errors like
corrupted on transfer: sizes differ
orconnection broken: http: ContentLength=number with Body length othernumber
it's because rclone is uploading a file while another program is modifying it. In most cases this is a log file that you don't really need to back up anyway, so use--exclude
to exclude it. (e.g.--exclude app/log.txt
or--exclude app/logs/**
)