docker.recipes

Restic + Autorestic

intermediate

Automated backup solution with Restic.

Overview

Restic is a modern, fast backup program designed for the cloud era, originally created by Alexander Neumann in 2014 to address the shortcomings of traditional backup solutions. It implements client-side encryption, deduplication, and supports multiple storage backends including S3, SFTP, Azure, Google Cloud Storage, and Backblaze B2. The tool uses a content-addressable storage format with cryptographic checksums to ensure data integrity and efficient incremental backups. This Docker stack combines Restic with mazzolino's containerized wrapper that adds cron scheduling and automated backup execution. The wrapper provides environment variable configuration, automatic repository initialization, and simplified backup orchestration while preserving all of Restic's core functionality. The combination enables scheduled, unattended backups with proper error handling and logging. This setup is ideal for system administrators managing multiple servers, homelab enthusiasts seeking reliable automated backups, and DevOps teams requiring consistent backup policies across environments. The encrypted, deduplicated nature of Restic backups makes it particularly valuable for organizations with compliance requirements or those managing large datasets where storage efficiency matters.

Key Features

  • Client-side AES-256 encryption with Poly1305-AES for authentication
  • Content-defined chunking deduplication reducing storage requirements by 70-90%
  • Multiple backend support including S3, SFTP, Azure Blob, Google Cloud Storage, and Backblaze B2
  • Incremental forever backup strategy with fast differential uploads
  • Snapshot-based restore with file-level granularity and point-in-time recovery
  • Cryptographic integrity verification using Blake2b hashing
  • FUSE filesystem mounting for browsing backups as regular directories
  • Cron-based scheduling with configurable retention policies and cleanup automation

Common Use Cases

  • 1Automated daily backups of Docker volume data to cloud storage providers
  • 2Multi-site disaster recovery with encrypted offsite backup replication
  • 3Development environment backup automation for code repositories and databases
  • 4Homelab server backup with deduplication across multiple machines
  • 5Compliance-focused backup with client-side encryption for sensitive data
  • 6Cost-effective cloud backup leveraging S3 Glacier or Backblaze B2 storage tiers
  • 7Cross-platform backup orchestration for mixed Linux/Windows environments

Prerequisites

  • Minimum 512MB RAM available (1GB+ recommended for large repositories)
  • Backup destination configured (S3 bucket, SFTP server, or local storage)
  • RESTIC_PASSWORD securely stored and documented for disaster recovery
  • Network connectivity to backup backend with appropriate authentication
  • Sufficient disk space for local cache (typically 1-5% of backup size)
  • Understanding of cron syntax for backup scheduling configuration

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  restic: 
3    image: mazzolino/restic:latest
4    container_name: restic
5    restart: unless-stopped
6    environment: 
7      RESTIC_REPOSITORY: ${RESTIC_REPOSITORY}
8      RESTIC_PASSWORD: ${RESTIC_PASSWORD}
9      BACKUP_CRON: "0 4 * * *"
10      RUN_ON_STARTUP: "true"
11    volumes: 
12      - /path/to/backup:/data:ro
13      - restic_cache:/root/.cache/restic
14
15volumes: 
16  restic_cache:

.env Template

.env
1RESTIC_REPOSITORY=/backups
2RESTIC_PASSWORD=changeme

Usage Notes

  1. 1Docs: https://restic.readthedocs.io/
  2. 2BACKUP_CRON: schedule in cron format (0 4 * * * = daily at 4am)
  3. 3Repository types: local, S3, SFTP, Azure, GCS, Backblaze B2
  4. 4Data encrypted with RESTIC_PASSWORD - NEVER LOSE THIS
  5. 5List snapshots: docker exec restic restic snapshots
  6. 6Restore: docker exec restic restic restore latest --target /restore

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  restic:
5    image: mazzolino/restic:latest
6    container_name: restic
7    restart: unless-stopped
8    environment:
9      RESTIC_REPOSITORY: ${RESTIC_REPOSITORY}
10      RESTIC_PASSWORD: ${RESTIC_PASSWORD}
11      BACKUP_CRON: "0 4 * * *"
12      RUN_ON_STARTUP: "true"
13    volumes:
14      - /path/to/backup:/data:ro
15      - restic_cache:/root/.cache/restic
16
17volumes:
18  restic_cache:
19EOF
20
21# 2. Create the .env file
22cat > .env << 'EOF'
23RESTIC_REPOSITORY=/backups
24RESTIC_PASSWORD=changeme
25EOF
26
27# 3. Start the services
28docker compose up -d
29
30# 4. View logs
31docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/restic-backup/run | bash

Troubleshooting

  • Fatal: unable to open config file: Verify RESTIC_REPOSITORY format and backend credentials are correct
  • Backup fails with 'repository does not exist': Set RESTIC_INIT=true environment variable for first run
  • Out of memory errors during backup: Increase container memory limit or reduce concurrent file processing
  • S3 access denied errors: Ensure IAM policy includes s3:GetObject, s3:PutObject, s3:ListBucket permissions
  • Slow backup performance: Mount cache volume persistently and verify backend network throughput
  • Repository corruption warnings: Run 'restic check --read-data' to verify integrity and rebuild index if needed

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

restic

Tags

#restic#backup#automated#encrypted

Category

Storage & Backup

Related Recipes

Ad Space