📦 Setup Restic
Deploy Restic CLI backup tool on Ubuntu — AES-256 encryption, deduplication, and snapshots to S3 or SFTP.
📦 Resources & Setup Scripts
Grab the automated bash script from GitHub to follow along with the video.
Quick Install:
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/backup/restic/restic-ubuntu.sh
chmod +x restic-ubuntu.sh
sudo bash restic-ubuntu.sh
Tutorial Steps
1 Download the Script
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/backup/restic/restic-ubuntu.sh
2 Make it Executable
chmod +x restic-ubuntu.sh
3 Run the Installer
The script installs Docker if needed and sets up Restic with wrapper scripts for easy use.
sudo bash restic-ubuntu.sh
4 Initialize Repository
Run restic init with your chosen backend — local, S3, SFTP, or Backblaze B2.
# Local repository
restic init --repo /path/to/repo
# S3 backend
restic -r s3:s3.amazonaws.com/bucket-name init
5 Run First Backup
Execute your first restic backup command and verify snapshots with restic snapshots.
restic -r /path/to/repo backup /home/user/data
restic -r /path/to/repo snapshots
Ports Used
| Port | Purpose |
|---|---|
| — | No web UI — CLI only. Repository backend (S3/SFTP) uses outbound connections only. |
Overview
Restic is a fast, secure, and efficient open-source backup program that supports local, SFTP, S3, and many other storage backends. Every backup is encrypted, deduplicated, and can be browsed or restored to any point in time — making it one of the most reliable backup tools available.
Why Use It
Restic is what professionals use when they want backup they can trust: AES-256 encryption, content-defined deduplication (only changed chunks upload), and cryptographic integrity verification. It works with any backend — local disk, S3, Backblaze B2, Google Cloud, SFTP — without locking you in. Unlike GUI tools, Restic is scriptable and composable with cron, systemd, or any scheduler.
When You Need It
Who Should Use It
Real Use Cases
Main Features
How to Use After Installation
Security Best Practices
Ports and Firewall Notes
Restic has no web UI and opens no listening ports. It makes outbound connections only — to your S3 endpoint, SFTP server, or local path. No firewall rules needed for inbound traffic. Ensure your server can reach the chosen backend endpoint on the appropriate port.
Backup and Maintenance
Common Mistakes
Troubleshooting
Alternatives
Direct alternatives: Kopia (has a web UI, similar feature set), BorgBackup (Linux-focused, very efficient), Duplicati (GUI-based, older). For cloud-native: Velero (Kubernetes backups), AWS Backup (managed). Restic wins on simplicity, cross-platform support, and backend flexibility.
When Not to Use It
Don't use Restic if your team needs a GUI — use Kopia (web UI) or Duplicati instead. And if you're backing up Kubernetes persistent volumes, Velero is the purpose-built tool. Restic is a CLI tool; if no one on your team will run CLI commands, pick something with a dashboard.
PrismaTechWork Professional Help
PrismaTechWork provides end-to-end infrastructure services — from initial deployment and security hardening to ongoing monitoring, automated backups, and dedicated support. Whether you need a single-server setup or a multi-site network, our team ensures your infrastructure is built right, secured properly, and maintained reliably.
Frequently Asked Questions
What happens if I lose my repository password?
All your backups become permanently unrecoverable — there is no password reset. Restic uses AES-256 with a key derived from your password. Store the password in a password manager, print it, and keep a copy offsite.
Can I back up to multiple backends at once?
Not natively in a single command — but you can run two separate `restic backup` commands pointing to different repositories (one local, one S3). Both repositories share the same data via deduplication only within each repo.
How does deduplication work in Restic?
Restic splits files into variable-size chunks using content-defined chunking, then hashes each chunk. Identical chunks across different files or backups are stored only once. This makes incremental backups extremely space-efficient.
How do I restore a specific file from a snapshot?
Run `restic snapshots` to list snapshots and get the ID, then `restic restore SNAPSHOT_ID --target /restore/path`. You can also restore a single file: `restic restore SNAPSHOT_ID --target /tmp --include /path/to/file`.
How do I set up automatic backups with cron?
Create a script that exports `RESTIC_REPOSITORY` and `RESTIC_PASSWORD` and runs `restic backup /your/data`. Add a cron entry: `0 2 * * * /path/to/backup.sh >> /var/log/restic.log 2>&1`. Use a systemd timer for more control.
How long does the first backup take?
The first backup uploads all data (no deduplication benefit yet) — speed depends on your data size and network. A 100 GB dataset over 100 Mbps takes ~2 hours. Subsequent incremental backups are much faster — only changed chunks upload.
Can Restic back up Docker volumes?
Yes — stop the container (or use a consistent snapshot), then back up the volume mount path: `restic backup /var/lib/docker/volumes/myvolume`. For databases, dump first then back up the dump file for consistency.
How do I remove old snapshots to free space?
Use `restic forget` with retention flags: `restic forget --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --prune`. The `--prune` flag actually frees the storage. Without `--prune`, old data remains in the repository.