Rclone Backblaze B2
The place where your backups will be saved is called a “repository”.This chapter explains how to create (“init”) such a repository. The repositorycan be stored locally, or on some remote server or service. We’ll first coverusing a local repository; the remaining sections of this chapter cover all theother options. You can skip to the next chapter once you’ve read the relevantsection here.
Openstack Swift / Rackspace cloud files / Memset Memstore Dropbox Google Cloud Storage Amazon Drive Microsoft One Drive Hubic Backblaze B2 Yandex Disk The local filesystem Rclone 更完整的云存储支持列表 - 查看完整列表. Using Starwind VTL with Backblaze B2 Cloud Storage automatically replicates and tiers your backups and helps businesses reduce or eliminate their costly tape backup processes. Veeam users now have a way to back up their data to Backblaze B2 and save up to 75%.
For automated backups, restic accepts the repository location in theenvironment variable RESTIC_REPOSITORY
. Restic can also read the repositorylocation from a file specified via the --repository-file
option or theenvironment variable RESTIC_REPOSITORY_FILE
. For the password, severaloptions exist:
- Setting the environment variable
RESTIC_PASSWORD
- Specifying the path to a file with the password via the option
--password-file
or the environment variableRESTIC_PASSWORD_FILE
- Configuring a program to be called when the password is needed via theoption
--password-command
or the environment variableRESTIC_PASSWORD_COMMAND
Local¶
In order to create a repository at /srv/restic-repo
, run the followingcommand and enter the same password twice:
Warning
Remembering your password is important! If you lose it, you won’t beable to access data stored in the repository.
Warning
On Linux, storing the backup repository on a CIFS (SMB) share is notrecommended due to compatibility issues. Either use another backendor set the environment variable GODEBUG to asyncpreemptoff=1.Refer to GitHub issue #2659 for further explanations.
SFTP¶
In order to backup data via SFTP, you must first set up a server withSSH and let it know your public key. Passwordless login is reallyimportant since restic fails to connect to the repository if the serverprompts for credentials.
Once the server is configured, the setup of the SFTP repository cansimply be achieved by changing the URL scheme in the init
command:
You can also specify a relative (read: no slash (/
) character at thebeginning) directory, in this case the dir is relative to the remoteuser’s home directory.
Also, if the SFTP server is enforcing domain-confined users, you canspecify the user this way: user@domain@host
.
Note
Please be aware that sftp servers do not expand the tilde character(~
) normally used as an alias for a user’s home directory. If youwant to specify a path relative to the user’s home directory, pass arelative path to the sftp backend.
If you need to specify a port number or IPv6 address, you’ll need to useURL syntax. E.g., the repository /srv/restic-repo
on [::1]
(localhost)at port 2222 with username user
can be specified as
Note the double slash: the first slash separates the connection settings fromthe path, while the second is the start of the path. To specify a relativepath, use one slash.
Alternatively, you can create an entry in the ssh
configuration file,usually located in your home directory at ~/.ssh/config
or in/etc/ssh/ssh_config
:
Then use the specified host name foo
normally (you don’t need tospecify the user name in this case):
You can also add an entry with a special host name which does not exist,just for use with restic, and use the Hostname
option to set thereal host name:
Then use it in the backend specification:
Last, if you’d like to use an entirely different program to create theSFTP connection, you can specify the command to be run with the option-osftp.command='foobar'
.
Note
Please be aware that sftp servers close connections when no data isreceived by the client. This can happen when restic is processing hugeamounts of unchanged data. To avoid this issue add the following linesto the client’s .ssh/config file:
REST Server¶
In order to backup data to the remote server via HTTP or HTTPS protocol,you must first set up a remote RESTserver instance. Once theserver is configured, accessing it is achieved by changing the URLscheme like this:
Depending on your REST server setup, you can use HTTPS protocol,password protection, multiple repositories or any combination ofthose features. The TCP/IP port is also configurable. Hereare some more examples:
If you use TLS, restic will use the system’s CA certificates to verify theserver certificate. When the verification fails, restic refuses to proceed andexits with an error. If you have your own self-signed certificate, or a customCA certificate should be used for verification, you can pass restic thecertificate filename via the --cacert
option. It will then verify that theserver’s certificate is contained in the file passed to this option, or signedby a CA certificate in the file. In this case, the system CA certificates arenot considered at all.
REST server uses exactly the same directory structure as local backend,so you should be able to access it both locally and via HTTP, evensimultaneously.
Amazon S3¶
Restic can backup data to any Amazon S3 bucket. However, in this case,changing the URL scheme is not enough since Amazon uses special securitycredentials to sign HTTP requests. By consequence, you must first setupthe following environment variables with the credentials you obtainedwhile creating the bucket.
You can then easily initialize a repository that uses your Amazon S3 asa backend. If the bucket does not exist it will be created in thedefault location:
If needed, you can manually specify the region to use by either setting theenvironment variable AWS_DEFAULT_REGION
or calling restic with an optionparameter like -os3.region='us-east-1'
. If the region is not specified,the default region is used. Afterwards, the S3 server (at least for AWS,s3.amazonaws.com
) will redirect restic to the correct endpoint.
Until version 0.8.0, restic used a default prefix of restic
, so the filesin the bucket were placed in a directory named restic
. If you want toaccess a repository created with an older version of restic, specify the pathafter the bucket name like this:
For an S3-compatible server that is not Amazon (like Minio, see below),or is only available via HTTP, you can specify the URL to the serverlike this: s3:http://server:port/bucket_name
.
Note
restic expects path-style URLslike for example s3.us-west-2.amazonaws.com/bucket_name
.Virtual-hosted–style URLs like bucket_name.s3.us-west-2.amazonaws.com
,where the bucket name is part of the hostname are not supported. These mustbe converted to path-style URLs instead, for example s3.us-west-2.amazonaws.com/bucket_name
.
Note
Certain S3-compatible servers do not properly implement theListObjectsV2
API, most notably Ceph versions before v14.2.5. On thesebackends, as a temporary workaround, you can provide the-os3.list-objects-v1=true
option to use the olderListObjects
API instead. This option may be removed in futureversions of restic.
Minio Server¶
Minio is an Open Source Object Storage,written in Go and compatible with AWS S3 API.
- Download and Install MinioServer.
- You can also refer to https://docs.minio.io for step by step guidanceon installation and getting started on Minio Client and Minio Server.
You must first setup the following environment variables with thecredentials of your Minio Server.
Now you can easily initialize restic to use Minio server as a backend withthis command.
Wasabi¶
Wasabi is a low cost AWS S3 conformant object storage provider.Due to it’s S3 conformance, Wasabi can be used as a storage provider for a restic repository.
- Create a Wasabi bucket using the Wasabi Console.
- Determine the correct Wasabi service URL for your bucket here.
You must first setup the following environment variables with thecredentials of your Wasabi account.
Now you can easily initialize restic to use Wasabi as a backend withthis command.
Alibaba Cloud (Aliyun) Object Storage System (OSS)¶
Alibaba OSS is anencrypted, secure, cost-effective, and easy-to-use object storageservice that enables you to store, back up, and archive large amountsof data in the cloud.
Alibaba OSS is S3 compatible so it can be used as a storage providerfor a restic repository with a couple of extra parameters.
- Determine the correct Alibaba OSS region endpoint - this will be something like
oss-eu-west-1.aliyuncs.com
- You’ll need the region name too - this will be something like
oss-eu-west-1
You must first setup the following environment variables with thecredentials of your Alibaba OSS account.
Now you can easily initialize restic to use Alibaba OSS as a backend withthis command.
For example with an actual endpoint:
OpenStack Swift¶
Restic can backup data to an OpenStack Swift container. Because Swift supportsvarious authentication methods, credentials are passed through environmentvariables. In order to help integration with existing OpenStack installations,the naming convention of those variables follows the official Python Swift client:
Restic should be compatible with an OpenStack RC filein most cases.
Once environment variables are set up, a new repository can be created. Thename of the Swift container and optional path can be specified. Ifthe container does not exist, it will be created automatically:
The policy of the new container created by restic can be changed using environment variable:
Backblaze B2¶
Restic can backup data to any Backblaze B2 bucket. You need to first setup thefollowing environment variables with the credentials you can find in thedashboard on the “Buckets” page when signed into your B2 account:
Note
As of version 0.9.2, restic supports both master and non-master application keys. If using a non-master application key, ensure that it is created with at least read and write access to the B2 bucket. On earlier versions of restic, a master application key is required.
You can then initialize a repository stored at Backblaze B2. If thebucket does not exist yet and the credentials you passed to restic have theprivilege to create buckets, it will be created automatically:
Note that the bucket name must be unique across all of B2.
The number of concurrent connections to the B2 service can be set with the -ob2.connections=10
switch. By default, at most five parallel connections areestablished.
Microsoft Azure Blob Storage¶
Rclone Backblaze B2 For Sale
You can also store backups on Microsoft Azure Blob Storage. Export the Azureaccount name and key as follows:
Afterwards you can initialize a repository in a container called foo
in theroot path like this:
The number of concurrent connections to the Azure Blob Storage service can be set with the-oazure.connections=10
switch. By default, at most five parallel connections areestablished.
Google Cloud Storage¶
Restic supports Google Cloud Storage as a backend and connects via a service account.
For normal restic operation, the service account must have thestorage.objects.{create,delete,get,list}
permissions for the bucket. Theseare included in the “Storage Object Admin” role.resticinit
can create the repository bucket. Doing so requires thestorage.buckets.create
permission (“Storage Admin” role). If the bucketalready exists, that permission is unnecessary.
To use the Google Cloud Storage backend, first create a service account keyand download the JSON credentials file.Second, find the Google Project ID that you can see in the Google CloudPlatform console at the “Storage/Settings” menu. Export the path to the JSONkey file and the project ID as follows:
Restic uses Google’s client library to generate default authentication material,which means if you’re running in Google Container Engine or are otherwiselocated on an instance with default service accounts then these should work out ofthe box.
Alternatively, you can specify an existing access token directly:
If GOOGLE_ACCESS_TOKEN
is set all other authentication mechanisms aredisabled. The access token must have at least thehttps://www.googleapis.com/auth/devstorage.read_write
scope. Keep in mindthat access tokens are short-lived (usually one hour), so they are not suitableif creating a backup takes longer than that, for instance.
Once authenticated, you can use the gs:
backend type to create a newrepository in the bucket foo
at the root path:
The number of concurrent connections to the GCS service can be set with the-ogs.connections=10
switch. By default, at most five parallel connections areestablished.
Other Services via rclone¶
Scan for virus on mac free. The program rclone can be used to access many other different services andstore data there. First, you need to install and configure rclone. Thegeneral backend specification format is rclone:<remote>:<path>
, the<remote>:<path>
component will be directly passed to rclone. When youconfigure a remote named foo
, you can then call restic as follows toinitiate a new repository in the path bar
in the repo:
Restic takes care of starting and stopping rclone.
As a more concrete example, suppose you have configured a remote namedb2prod
for Backblaze B2 with rclone, with a bucket called yggdrasil
.You can then use rclone to list files in the bucket like this:
In order to create a new repository in the root directory of the bucket, callrestic like this:
If you want to use the path foo/bar/baz
in the bucket instead, pass this torestic:
Listing the files of an empty repository directly with rclone should return alisting similar to the following:
Rclone Version
Rclone can be configured with environment variables, so for instanceconfiguring a bandwidth limit for rclone can be achieved by setting theRCLONE_BWLIMIT
environment variable:
For debugging rclone, you can set the environment variable RCLONE_VERBOSE=2
.
Rclone Forum
The rclone backend has two additional options:
-orclone.program
specifies the path to rclone, the default value is justrclone
-orclone.args
allows setting the arguments passed to rclone, by default this isserverestic--stdio--b2-hard-delete
The reason for the --b2-hard-delete
parameters can be found in the corresponding GitHub issue #1657.
In order to start rclone, restic will build a list of arguments by joining thefollowing lists (in this order): rclone.program
, rclone.args
and as thelast parameter the value that follows the rclone:
prefix of the repositoryspecification.
So, calling restic like this
runs rclone as follows:
Manually setting rclone.program
also allows running a remote instance ofrclone e.g. via SSH on a server, for example:
With these options, restic works with local files. It uses rclone andcredentials stored on remotehost
to communicate with B2. All data (exceptcredentials) is encrypted/decrypted locally, then sent/received viaremotehost
to/from B2.
A more advanced version of this setup forbids specific hosts from removingfiles in a repository. See the blog post by Simon Ruderichfor details.
Rclone Install
The rclone command may also be hard-coded in the SSH configuration or theuser’s public key, in this case it may be sufficient to just start the SSHconnection (and it’s irrelevant what’s passed after rclone:
in therepository specification):
Rclone Backblaze
Password prompt on Windows¶
At the moment, restic only supports the default Windows consoleinteraction. If you use emulation environments likeMSYS2 orCygwin, which use terminals likeMintty
or rxvt
, you may get a password error.
You can workaround this by using a special tool called winpty
(lookhere andhere for detail information).On MSYS2, you can install winpty
as follows: