Deploy Restic CLI backup tool on Ubuntu — AES-256 encryption, deduplication, and snapshots to S3 or SFTP.
Grab the automated bash script from GitHub to follow along with the video.
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/backup/restic/restic-ubuntu.sh
chmod +x restic-ubuntu.sh
sudo bash restic-ubuntu.shwget https://raw.githubusercontent.com/mhmdali94/Docker/main/backup/restic/restic-ubuntu.shchmod +x restic-ubuntu.shThe script installs Docker if needed and sets up Restic with wrapper scripts for easy use.
sudo bash restic-ubuntu.shRun restic init with your chosen backend — local, S3, SFTP, or Backblaze B2.
# Local repository
restic init --repo /path/to/repo
# S3 backend
restic -r s3:s3.amazonaws.com/bucket-name initExecute your first restic backup command and verify snapshots with restic snapshots.
restic -r /path/to/repo backup /home/user/data
restic -r /path/to/repo snapshots| Port | Purpose |
|---|---|
| — | No web UI — CLI only. Repository backend (S3/SFTP) uses outbound connections only. |
Restic is a fast, secure, and efficient open-source backup program that supports local, SFTP, S3, and many other storage backends. Every backup is encrypted, deduplicated, and can be browsed or restored to any point in time — making it one of the most reliable backup tools available.
Restic is what professionals use when they want backup they can trust: AES-256 encryption, content-defined deduplication (only changed chunks upload), and cryptographic integrity verification. It works with any backend — local disk, S3, Backblaze B2, Google Cloud, SFTP — without locking you in. Unlike GUI tools, Restic is scriptable and composable with cron, systemd, or any scheduler.
Restic has no web UI and opens no listening ports. It makes outbound connections only — to your S3 endpoint, SFTP server, or local path. No firewall rules needed for inbound traffic. Ensure your server can reach the chosen backend endpoint on the appropriate port.
Direct alternatives: Kopia (has a web UI, similar feature set), BorgBackup (Linux-focused, very efficient), Duplicati (GUI-based, older). For cloud-native: Velero (Kubernetes backups), AWS Backup (managed). Restic wins on simplicity, cross-platform support, and backend flexibility.
Don't use Restic if your team needs a GUI — use Kopia (web UI) or Duplicati instead. And if you're backing up Kubernetes persistent volumes, Velero is the purpose-built tool. Restic is a CLI tool; if no one on your team will run CLI commands, pick something with a dashboard.
PrismaTechWork provides end-to-end infrastructure services — from initial deployment and security hardening to ongoing monitoring, automated backups, and dedicated support. Whether you need a single-server setup or a multi-site network, our team ensures your infrastructure is built right, secured properly, and maintained reliably.
All your backups become permanently unrecoverable — there is no password reset. Restic uses AES-256 with a key derived from your password. Store the password in a password manager, print it, and keep a copy offsite.
Not natively in a single command — but you can run two separate `restic backup` commands pointing to different repositories (one local, one S3). Both repositories share the same data via deduplication only within each repo.
Restic splits files into variable-size chunks using content-defined chunking, then hashes each chunk. Identical chunks across different files or backups are stored only once. This makes incremental backups extremely space-efficient.
Run `restic snapshots` to list snapshots and get the ID, then `restic restore SNAPSHOT_ID --target /restore/path`. You can also restore a single file: `restic restore SNAPSHOT_ID --target /tmp --include /path/to/file`.
Create a script that exports `RESTIC_REPOSITORY` and `RESTIC_PASSWORD` and runs `restic backup /your/data`. Add a cron entry: `0 2 * * * /path/to/backup.sh >> /var/log/restic.log 2>&1`. Use a systemd timer for more control.
The first backup uploads all data (no deduplication benefit yet) — speed depends on your data size and network. A 100 GB dataset over 100 Mbps takes ~2 hours. Subsequent incremental backups are much faster — only changed chunks upload.
Yes — stop the container (or use a consistent snapshot), then back up the volume mount path: `restic backup /var/lib/docker/volumes/myvolume`. For databases, dump first then back up the dump file for consistency.
Use `restic forget` with retention flags: `restic forget --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --prune`. The `--prune` flag actually frees the storage. Without `--prune`, old data remains in the repository.