You should already have an account with AWS.
S3 Bucket — How Do I Create an S3 Bucket?
Access keys (access key ID and secret access key) need to be generate from AWS Management Console — Understanding and Getting Your Security Credentials
Step 1 — Installing Restic
Restic might be included in your OS’s default repositories (it is on Ubuntu) but it’s better to opt for the releases on Restic’s GitHub page. The binary you’ll get from
yum will be several versions behind, and the GitHub flavor auto-updates itself anyways.
Find the latest version of Restic on their GitHub releases page. Since I’m assuming this is a Linux server, we only want the file ending in
_linux_amd64.bz2. (For a 32-bit Linux server, find
_linux_386.bz2. Windows, macOS, and BSD binaries are also there.) Right-click and copy the direct URL for that file and head over to your server’s command line to download it into your home directory:
$ cd ~
$ wget https://github.com/restic/restic/releases/download/v0.9.5/restic_0.9.5_linux_amd64.bz2
Next, we’ll unzip the download in place:
$ bunzip2 restic_*
This should leave us with a single file: the Restic binary. In order to make Restic available system-wide and accessible with a simple
restic command, we need to move it into the
/usr/local/bin folder, which requires
$ sudo mv restic_* /usr/local/bin/restic
$ sudo chmod a+x /usr/local/bin/restic
Now’s a good time to run
restic to make sure we’re good to move on. If you see the version number we downloaded, you’re all set!
$ restic version
Step 2 — Connect Restic to Amazon S3
We need to store these keys as environment variables named
AWS_SECRET_ACCESS_KEY. For now, we’ll set these temporarily until we automate everything in the next step.
$ export AWS_ACCESS_KEY_ID=”your AWS access key”
$ export AWS_SECRET_ACCESS_KEY=”your AWS secret”
We’ll also need to tell Restic where the bucket is located and set a secure password to encrypt the backups. You can generate a super-secure 32-character password by running
openssl rand -base64 32 — just make sure you store it somewhere safe!
$ export RESTIC_REPOSITORY=”s3:s3.amazonaws.com/your-bucket-name”
$ export RESTIC_PASSWORD=”enter-your-super-secure-password”
Step 3 — Initialize the backup repository
Now we’re ready to have Restic initialize the repository. This saves a
config file in your S3 bucket and starts the encryption process right off the bat. You only need to run this once.
$ restic init
If successful, you should see a message containing
created restic backend. If not, make sure you set all four environment variables correctly and try again.
Step 4 — Make our first backup
Now that the hard parts are done, creating a backup (or “snapshot” in Restic terms) is as simple as a one-line command. All we need to specify is the directory you want to backup.
$ restic backup /srv/important/data
restic snapshots will list every snapshot you’ve stored. You should see one listed at this point if everything went according to plan.
Step 5 — Automate backups using a cron job
Linux makes it incredibly easy to automate scripts using cron jobs. So let’s set one up for this.
Make a new file at a convenient location on your server and name it
backup.sh. This is where we’ll replicate everything we did above. Here’s my full
restic backup -q /srv/xxxxxxxx
-q flag silences the output, since we won’t be able to see it anyways.)
I highly recommend adding one final command to the end of the file: Restic’s
forget feature. Constantly storing multiple snapshots a day to S3 without pruning them will rack up your bill more than you’d probably like. Using
forget, we can specify how many snapshots we want to keep and from when.
This command keeps one snapshot from each of the last six hours, one snapshot from each of the last seven days, one snapshot from each of the last four weeks, and one snapshot from each of the last twelve months.
restic forget -q –prune –keep-hourly 6 –keep-daily 7 –keep-weekly 4 –keep-monthly 12
Reading the documentation for different
forget options can be helpful if you want to customize these.
Save the shell script and close the editor. Don’t forget to make the script we just wrote actually executable:
$ chmod +x backup.sh
Lastly, we need to set the actual cron job. To do this, run
sudo crontab -e and add the following line to the end:
0 * * * * /root/backup.sh
The first part specifies how often the script should run.
0 * * * * runs it right at the top of every hour. Personally, I choose to run it at the 15th minute of every other hour, so mine looks like
15 */2 * * *. crontab.guru is a nifty “calculator” to help you customize this expression to your liking — it’s definitely not the most intuitive syntax.
The second part specifies where the script we just wrote is located, of course, so set that to wherever you saved
Step 6 — Verifying and restoring snapshots
Note: In order to use
restic in future shell sessions, we need to make the four environment variables permanent by adding them to your
.bashrc file in your home directory. Simply copy and paste the four
export lines from the
backup.sh file we created above to the end of either dotfile.
Take note of the next time that your new cron job should run, so we can check that it was automatically triggered. After that time — at the top of the next hour if you used my defaults in the last step — you can run
restic snapshots like we did before to make sure there’s an additional snapshot listed, and optionally take the IDs of each snapshot and run
restic diff ID_1 ID_2 to see what’s changed between the two.
To restore a snapshot to a certain location, grab the ID from
restic snapshots and use
restore like so:
$ restic restore 750x69xyz –target ~/restored_files
You can also replace the ID with
latest to restore the latest snapshot.
When trouble strikes and you’re setting up a new server, just re-follow steps one, two, and six and you’ll have all your files back before you know it!
There are a few other neat options for browsing and restoring snapshots, like
mounting a snapshot as a disk on your file system. Read more about that on the “restoring from backup” docs page.
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?