mirror of
https://github.com/restic/restic.git
synced 2026-03-31 18:32:44 +00:00
doc: Reword parts of the text, replace rclone with rest-server
The intent here is to make the text more consistent in its use of different concepts involved in explaining the idea and setup that is explained, and to make it easier to follow. We're also replacing rclone with rest-server, not because we dislike rclone but in order to keep the text to the basic tooling and the main restic eco- system. Finally we also remove the previous tip at the end about keeping the SSH tunnel up, as it will be during the time the SSH session is running (in which the user is expected to run the restic commands).
This commit is contained in:
Leo R. Lundgren
@@ -353,48 +353,72 @@ system.
|
||||
|
||||
root@a3e580b6369d:/# sudo -u restic /home/restic/bin/restic --exclude={/dev,/media,/mnt,/proc,/run,/sys,/tmp,/var/tmp} -r /tmp backup /
|
||||
|
||||
*****************************************************
|
||||
Backup to an internal host over a reverse ssh tunnel
|
||||
*****************************************************
|
||||
|
||||
***********************************************************
|
||||
Back up to an internal repository server over an SSH tunnel
|
||||
***********************************************************
|
||||
|
||||
Idea
|
||||
==========
|
||||
====
|
||||
|
||||
The idea is to run a rest server locally and forwarding it via a http over ssh tunnel to the remote server.
|
||||
Then running restic on the remote machine to the forwarded restic server.
|
||||
The idea is to run `REST-server <https://github.com/restic/rest-server>`__ on
|
||||
an internal host as the repository server and then back up to it from a remote
|
||||
restic client through a reverse SSH tunnel.
|
||||
|
||||
By backing up like this, you do not need a publicly exposed server where the backup can be stored (like a sftp server).
|
||||
With this approach, you do not need to publicly expose the repository server
|
||||
to which the backups are sent, as the restic client can instead connect to it
|
||||
through the SSH tunnel.
|
||||
|
||||
A specific use case for this could be a backup of a cloud server (e.g. VPS) to your local PC.
|
||||
An example use case for this method would be to create backups of a server,
|
||||
e.g. a VPS in the cloud, to a repository stored on your local computer.
|
||||
|
||||
Running a local rest server
|
||||
==================================
|
||||
Running a local repository server
|
||||
=================================
|
||||
|
||||
Run the local rest server:
|
||||
On the internal host, download and run the latest `release <https://github.com/restic/rest-server/releases>`__
|
||||
of REST-server to act as the repository server. In this example we are using
|
||||
the ``--no-auth`` option to not require authentication when connecting to it:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
rclone serve restic /path/to/repo
|
||||
rest-server --path /path/to/repo --no-auth
|
||||
|
||||
.. note:: this will start a local restic rest server to the local repo (or any other rclone filesystem) and host it on ``127.0.0.1:8080``
|
||||
.. note:: REST-server by default listens on all network interfaces and port
|
||||
``8000``.
|
||||
|
||||
Create a SSH tunnel to the remote machine
|
||||
===========================================
|
||||
Creating a reverse SSH tunnel
|
||||
=============================
|
||||
|
||||
SSH into the server and forward rest-server:
|
||||
On the repository server (the internal host), use ``ssh -R`` to create what's
|
||||
called a "reverse" SSH tunnel that listens for connections on the *remote* side
|
||||
and forwards these back through the tunnel to the *local* side:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
ssh -R 8080:127.0.0.1:8080 user@server_ip
|
||||
ssh -R 8000:localhost:8000 user@server
|
||||
|
||||
.. note:: ``-R 8080:127.0.0.1:8080`` (``local_port:127.0.0.1:remote_port``) remote port forwarding → forwarding connections from the remote machine to the local machine
|
||||
.. note:: In this example, ``localhost`` refers to the local repository server,
|
||||
and ``server`` refers to the remote system where restic is to be run.
|
||||
|
||||
Running restic on the remote system
|
||||
===================================
|
||||
|
||||
Run restic on the remote machine
|
||||
================================
|
||||
Now that the SSH session and tunnel is established, run restic on the remote
|
||||
system as usual, but with a repository URL that targets that system's side of
|
||||
the SSH tunnel, in this example ``localhost:8000``.
|
||||
|
||||
Then you can run restic through the ssh connection like this
|
||||
This will make restic on the remote system connect to port ``8000`` on its
|
||||
``localhost``, where the SSH tunnel is listening, after which the connection
|
||||
is forwarded through the tunnel and finally reaches ``localhost:8000`` on the
|
||||
local side where REST-server is listening and acting as the repository server.
|
||||
|
||||
To initialize the repository:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
restic -r rest:http://127.0.0.1:8080/ init
|
||||
restic -r rest:http://localhost:8000/ init
|
||||
|
||||
You can then use standard restic commands such as ``backup``, ``snapshots`` and
|
||||
``restore`` with the same repository URL and other options as usual.
|
||||
|
||||
.. tip:: The tunnel will be active for the duration of the SSH session.
|
||||
|
||||
Reference in New Issue
Block a user