Backups are essential for disaster recovery but they are not trivial to manage. Using Garage as your backup target will enable you to scale your storage as needed while ensuring high availability.
Borg Backup
Borg Backup is very popular among the backup tools but it is not yet compatible with the S3 API.
We recommend using any other tool listed in this guide because they are all compatible with the S3 API.
If you still want to use Borg, you can use it with rclone mount.
git-annex
git-annex supports synchronizing files with its S3 special remote.
Note that git-annex requires to be compiled with Haskell package version
aws-0.24 to work with Garage.
garage key new --name my-key
garage bucket create my-git-annex
garage bucket allow my-git-annex --read --write --key my-key
Register your Key ID and Secret key in your environment:
export AWS_ACCESS_KEY_ID=GKxxx
export AWS_SECRET_ACCESS_KEY=xxxx
Within a git-annex enabled repository, configure your Garage S3 endpoint with the following command:
git annex initremote garage type=S3 encryption=none host=my-garage-instance.mydomain.tld protocol=https bucket=my-git-annex requeststyle=path region=garage signature=v4
Files can now be synchronized using the usual git-annex copy or get
commands.
Note that for simplicity - this example does not enable encryption for the files sent to Garage - please refer to the git-annex encryption page for how to configure this.
Restic
Create your key and bucket:
garage key create my-key
garage bucket create backups
garage bucket allow backups --read --write --key my-key
Then register your Key ID and Secret key in your environment:
export AWS_ACCESS_KEY_ID=GKxxx
export AWS_SECRET_ACCESS_KEY=xxxx
Configure restic from environment too:
export RESTIC_REPOSITORY="s3:http://localhost:3900/backups"
echo "Generated password (save it safely): $(openssl rand -base64 32)"
export RESTIC_PASSWORD=xxx # copy paste your generated password here
Do not forget to save your password safely (in your password manager or print it). It will be needed to decrypt your backups.
Now you can use restic:
# Initialize the bucket, must be run once
restic init
# Backup your PostgreSQL database
# (We suppose your PostgreSQL daemon is stopped for all commands)
restic backup /var/lib/postgresql
# Show backup history
restic snapshots
# Backup again your PostgreSQL database, it will be faster as only changes will be uploaded
restic backup /var/lib/postgresql
# Show backup history (again)
restic snapshots
# Restore a backup
# (79766175 is the ID of the snapshot you want to restore)
mv /var/lib/postgresql /var/lib/postgresql.broken
restic restore 79766175 --target /var/lib/postgresql
Restic has way more features than the ones presented here. You can discover all of them by accessing its documentation from the link below.
Files on Android devices can also be backed up with restic-android.
External links: Restic Documentation > Amazon S3
Duplicity
External links: Duplicity > man (scroll to "URL Format" and "A note on Amazon S3")
Duplicati
External links: Duplicati Documentation > Storage Providers
The following fields need to be specified:
Storage Type: S3 Compatible
Use SSL: [ ] # Only if you have SSL
Server: Custom server url (s3.garage.localhost:3900)
Bucket name: bucket-name
Bucket create region: Custom region value (garage) # Or as you've specified in garage.toml
AWS Access ID: Key ID from "garage key info key-name"
AWS Access Key: Secret key from "garage key info key-name"
Client Library to use: Minio SDK
Click Test connection and then no when asked The bucket name should start with your username, prepend automatically?. Then it should say Connection worked!.
knoxite
External links: Knoxite Documentation > Storage Backends
kopia
External links: Kopia Documentation > Repositories
To create the Kopia repository, you need to specify the region, the HTTP(S) endpoint, the bucket name and the access keys.
For instance, if you have an instance of garage running on https://garage.example.com:
kopia repository create s3 --region=garage --bucket=mybackups --access-key=KEY_ID --secret-access-key=SECRET_KEY --endpoint=garage.example.com
Or if you have an instance running on localhost, without TLS:
kopia repository create s3 --region=garage --bucket=mybackups --access-key=KEY_ID --secret-access-key=SECRET_KEY --endpoint=localhost:3900 --disable-tls
After the repository has been created, check that everything works as expected:
kopia repository validate-provider
You can then run all the standard kopia commands: kopia snapshot create, kopia mount...
Everything should work out-of-the-box.