Restic ist ein modernes Backup-Programm in Go geschrieben. Es bietet schnelle, verschlüsselte und deduplizierte Backups auf verschiedene Backends.
Warum Restic?
Vorteile
- Schnell (Go-basiert)
- Verschlüsselung standardmäßig
- Deduplizierung
- Viele Backends
- Einfache Bedienung
- Plattformübergreifend
- Aktive EntwicklungVergleich
| Feature | Restic | BorgBackup | |---------|--------|------------| | Sprache | Go | Python/C | | Geschwindigkeit | Schneller | Schnell | | Backends | Viele | SSH primär | | Verschlüsselung | Immer | Optional | | Kompression | Seit 0.14 | Ja |
Installation
Debian/Ubuntu
apt install resticAktuellste Version
# Via GitHub
wget https://github.com/restic/restic/releases/download/v0.16.4/restic_0.16.4_linux_amd64.bz2
bunzip2 restic_0.16.4_linux_amd64.bz2
mv restic_0.16.4_linux_amd64 /usr/local/bin/restic
chmod +x /usr/local/bin/resticSelf-Update
restic self-updateRepository initialisieren
Lokal
restic init --repo /backup/restic-repoSFTP
restic init --repo sftp:user@backup-server:/backup/resticAmazon S3
export AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG..."
restic init --repo s3:s3.amazonaws.com/bucket-nameBackblaze B2
export B2_ACCOUNT_ID="xxxxxxxxxxxx"
export B2_ACCOUNT_KEY="K000xxxxxxxxxxxxxxx"
restic init --repo b2:bucket-name:/resticMinIO/S3-kompatibel
restic init --repo s3:https://minio.example.de/bucketREST Server
restic init --repo rest:https://user:pass@backup.example.de/Backup erstellen
Einfaches Backup
restic -r /backup/restic-repo backup /home /etcMit Optionen
restic -r /backup/restic-repo backup \
--verbose \
--tag server1 \
--exclude-caches \
--exclude='*.tmp' \
--exclude='.cache' \
/home /etc /var/wwwExclude-Datei
# /etc/restic/excludes.txt
*.tmp
*.log
.cache
node_modules
.git
__pycache__restic backup --exclude-file=/etc/restic/excludes.txt /homeStdin-Backup
# Datenbank-Dump
mysqldump --all-databases | restic -r /backup/restic backup --stdin --stdin-filename mysql-dump.sqlSnapshots verwalten
Snapshots auflisten
restic -r /backup/restic snapshotsNach Tags filtern
restic snapshots --tag server1Snapshot-Details
restic -r /backup/restic stats
restic -r /backup/restic stats --mode files-by-contentsDateien in Snapshot
restic -r /backup/restic ls latest
restic -r /backup/restic ls abc123de # Snapshot-IDWiederherstellen
Kompletter Snapshot
restic -r /backup/restic restore latest --target /restoreBestimmter Snapshot
restic -r /backup/restic restore abc123de --target /restoreEinzelne Dateien
restic restore latest --target /restore --include /home/user/wichtig.txtMit Pattern
restic restore latest --target /restore --include '*.conf'Snapshot mounten
mkdir /mnt/restic
restic -r /backup/restic mount /mnt/restic
# Durchsuchen
ls /mnt/restic/snapshots/latest/
# Beenden mit Ctrl+C oder
fusermount -u /mnt/resticSnapshots löschen
Einzelner Snapshot
restic -r /backup/restic forget abc123deMit Retention-Policy
restic -r /backup/restic forget \
--keep-last 10 \
--keep-daily 7 \
--keep-weekly 4 \
--keep-monthly 12 \
--keep-yearly 2Mit Prune (Daten löschen)
restic forget --keep-daily 7 --pruneDry-Run
restic forget --keep-daily 7 --dry-runAutomatisierung
Backup-Skript
#!/bin/bash
# /usr/local/bin/restic-backup.sh
# Repository
export RESTIC_REPOSITORY="s3:s3.eu-central-1.amazonaws.com/backup-bucket"
export RESTIC_PASSWORD="verschluesselungs_passwort"
export AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG..."
# Logging
LOG=/var/log/restic-backup.log
exec >> $LOG 2>&1
echo "=== Backup gestartet: $(date) ==="
# Backup
restic backup \
--verbose \
--tag $(hostname) \
--exclude-caches \
--exclude-file=/etc/restic/excludes.txt \
/home \
/etc \
/var/www \
/var/lib/mysql
backup_exit=$?
# Alte Snapshots löschen
restic forget \
--keep-daily 7 \
--keep-weekly 4 \
--keep-monthly 6 \
--prune
forget_exit=$?
# Integrität prüfen (wöchentlich)
if [ $(date +%u) -eq 7 ]; then
restic check
fi
echo "=== Backup beendet: $(date), Exit: $backup_exit ==="Systemd-Timer
# /etc/systemd/system/restic-backup.service
[Unit]
Description=Restic Backup
[Service]
Type=oneshot
ExecStart=/usr/local/bin/restic-backup.sh# /etc/systemd/system/restic-backup.timer
[Unit]
Description=Restic Backup Timer
[Timer]
OnCalendar=*-*-* 03:00:00
RandomizedDelaySec=1800
Persistent=true
[Install]
WantedBy=timers.targetsystemctl enable restic-backup.timer
systemctl start restic-backup.timerPasswort-Datei
# /etc/restic/password
mein_geheimes_passwort
chmod 600 /etc/restic/passwordexport RESTIC_PASSWORD_FILE=/etc/restic/passwordREST-Server
Installation
# REST-Server für Restic
wget https://github.com/restic/rest-server/releases/download/v0.12.1/rest-server_0.12.1_linux_amd64.gz
gunzip rest-server_0.12.1_linux_amd64.gz
mv rest-server_0.12.1_linux_amd64 /usr/local/bin/rest-server
chmod +x /usr/local/bin/rest-serverStarten
# Ohne Authentifizierung
rest-server --path /backup/restic-data
# Mit Authentifizierung
rest-server --path /backup/restic-data --private-repos
# Mit TLS
rest-server --path /backup/restic-data --tls --tls-cert cert.pem --tls-key key.pemSystemd-Service
# /etc/systemd/system/restic-rest-server.service
[Unit]
Description=Restic REST Server
After=network.target
[Service]
Type=simple
User=restic
ExecStart=/usr/local/bin/rest-server --path /backup/restic-data --private-repos
Restart=always
[Install]
WantedBy=multi-user.targetClient-Konfiguration
restic -r rest:https://user:pass@backup.example.de/repo initKompression (ab 0.14)
Kompression aktivieren
restic backup --compression auto /homeKompressionsoptionen
| Option | Beschreibung | |--------|--------------| | off | Keine Kompression | | auto | Automatisch (Standard) | | max | Maximale Kompression |
Existierende Daten komprimieren
# Bei nächstem prune
restic prune --repack-uncompressedIntegrität prüfen
Schnelle Prüfung
restic -r /backup/restic checkVollständige Prüfung
restic check --read-dataTeil der Daten prüfen
restic check --read-data-subset=10%Mehrere Repositories
Kopieren zwischen Repos
restic -r /backup/source copy --repo2 /backup/targetMit Passwörtern
restic -r /backup/source \
--password-file /etc/restic/source-pass \
copy \
--repo2 /backup/target \
--password-file2 /etc/restic/target-passMonitoring
Prometheus-Metriken
#!/bin/bash
# Nach Backup
PROM_FILE=/var/lib/prometheus/restic.prom
restic stats --json | jq -r '
"restic_total_size " + (.total_size|tostring),
"restic_total_file_count " + (.total_file_count|tostring)
' > $PROM_FILE
echo "restic_last_backup_timestamp $(date +%s)" >> $PROM_FILEHealthcheck
# Am Ende des Backup-Skripts
if [ $backup_exit -eq 0 ]; then
curl -fsS -m 10 https://hc-ping.com/your-uuid
fiTroubleshooting
Lock entfernen
restic -r /backup/restic unlockCache löschen
restic cache --cleanupRepository reparieren
restic -r /backup/restic recover
restic -r /backup/restic pruneDebug-Modus
restic -v backup /home
restic -vv backup /home # Noch detaillierterZusammenfassung
| Backend | URL-Format | |---------|------------| | Local | /pfad/zum/repo | | SFTP | sftp:user@host:/pfad | | S3 | s3:s3.region.amazonaws.com/bucket | | B2 | b2:bucket-name:/pfad | | REST | rest:https://host/ |
| Befehl | Funktion | |--------|----------| | init | Repository erstellen | | backup | Backup erstellen | | snapshots | Snapshots auflisten | | restore | Wiederherstellen | | mount | Snapshot mounten | | forget | Snapshots löschen | | prune | Daten aufräumen | | check | Integrität prüfen |
| Umgebungsvariable | Bedeutung | |-------------------|-----------| | RESTIC_REPOSITORY | Repository-Pfad | | RESTIC_PASSWORD | Passwort | | RESTIC_PASSWORD_FILE | Passwort-Datei | | AWS_ACCESS_KEY_ID | S3 Access Key | | AWS_SECRET_ACCESS_KEY | S3 Secret Key |
Fazit
Restic ist ein ausgezeichnetes Backup-Tool für moderne Infrastrukturen. Die Geschwindigkeit und einfache Bedienung machen es ideal für automatisierte Backups. Die Verschlüsselung ist standardmäßig aktiv und schützt sensible Daten. Mit der breiten Backend-Unterstützung lassen sich flexible Backup-Strategien umsetzen. Der REST-Server ermöglicht zentrale Backup-Infrastrukturen.
