Restic Backup Guide for RamNode VPS | RamNode Documentation

Introduction

Restic is a modern, fast, and secure backup program that's perfect for protecting your RamNode VPS data. Unlike traditional backup solutions, Restic offers deduplication, encryption, and verification features that make it ideal for cloud environments.

Fast & Efficient

Deduplication saves storage space and bandwidth

Secure by Design

All data is encrypted before leaving your server

Incremental Backups

Only changes are backed up after the initial snapshot

Cross-Platform

Works on Linux, macOS, Windows, and BSD

Prerequisites

Before beginning this guide, you'll need:

A RamNode Cloud VPS (any plan will work)
Root or sudo access to your VPS
RamNode S3-compatible object storage bucket and credentials
Basic familiarity with the Linux command line

S3 Credentials Required

You'll need to generate S3 credentials. See our S3 API Quick Start guide for instructions.

Install Restic

Ubuntu/Debian

Install from package manager

sudo apt update
sudo apt install restic -y

Install Latest Version

Download latest release

# Download the latest release
wget https://github.com/restic/restic/releases/download/v0.16.3/restic_0.16.3_linux_amd64.bz2

# Extract the binary
bzip2 -d restic_0.16.3_linux_amd64.bz2

# Make it executable and move to system path
chmod +x restic_0.16.3_linux_amd64
sudo mv restic_0.16.3_linux_amd64 /usr/local/bin/restic

# Verify installation
restic version

CentOS/RHEL/AlmaLinux

Install on RHEL-based systems

sudo dnf install epel-release -y
sudo dnf install restic -y

Configure RamNode S3-Compatible Storage

Obtain Your S3 Credentials

Log into your RamNode client area and navigate to your object storage service. You'll need:

S3 Endpoint: Your RamNode S3 endpoint URL
Access Key ID: Your S3 access key
Secret Access Key: Your S3 secret key
Bucket Name: The name of your storage bucket

For detailed instructions on generating S3 credentials, see our S3 API Quick Start Guide.

Create Environment Variables File

Create secure directory

# Create a secure directory for backup configuration
sudo mkdir -p /root/.restic
sudo chmod 700 /root/.restic

# Create the environment file
sudo nano /root/.restic/credentials

/root/.restic/credentials

# RamNode S3 Credentials
export AWS_ACCESS_KEY_ID="your_access_key_here"
export AWS_SECRET_ACCESS_KEY="your_secret_key_here"

# Restic repository password (choose a strong password)
export RESTIC_PASSWORD="your_strong_restic_password_here"

# Repository location
export RESTIC_REPOSITORY="s3:https://s3.ramnode.com/your-bucket-name"

Secure the credentials file

sudo chmod 600 /root/.restic/credentials

Initialize the Restic Repository

Before creating your first backup, you must initialize the repository:

Initialize repository

# Load credentials
source /root/.restic/credentials

# Initialize the repository
restic init

Expected output

created restic repository 1234567890 at s3:https://s3.ramnode.com/your-bucket-name

Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.

Critical: Save Your Password!

Save your Restic password securely! Without it, your backups are unrecoverable.

Create Your First Backup

Basic Backup Command

Backup a directory

# Load credentials
source /root/.restic/credentials

# Backup a specific directory
restic backup /path/to/backup

Backup Multiple Directories

Backup multiple directories

restic backup /home /etc /var/www

Create Exclusion File

Create excludes.txt

sudo nano /root/.restic/excludes.txt

/root/.restic/excludes.txt

# Exclude patterns
/tmp/*
/var/tmp/*
/var/cache/*
/proc/*
/sys/*
/dev/*
/run/*
*.log
*.tmp
node_modules/
.cache/

Backup with exclusions

restic backup /home /etc /var/www --exclude-file=/root/.restic/excludes.txt

Backup with Tags

Use tags to organize backups

restic backup /var/www --tag website --tag production

Automate Backups with Cron

Create a Backup Script

Create backup.sh

sudo nano /root/.restic/backup.sh

/root/.restic/backup.sh

#!/bin/bash

# Restic Backup Script for RamNode VPS

# Load credentials
source /root/.restic/credentials

# Log file
LOG_FILE="/var/log/restic-backup.log"

# Function to log messages
log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE"
}

log "Starting Restic backup..."

# Directories to backup
BACKUP_PATHS="/home /etc /var/www /root"

# Exclusion file
EXCLUDE_FILE="/root/.restic/excludes.txt"

# Perform backup
restic backup $BACKUP_PATHS \
    --exclude-file="$EXCLUDE_FILE" \
    --tag automated \
    --tag "$(hostname)" \
    >> "$LOG_FILE" 2>&1

if [ $? -eq 0 ]; then
    log "Backup completed successfully"
else
    log "ERROR: Backup failed!"
    exit 1
fi

# Cleanup old snapshots (keep last 7 daily, 4 weekly, 12 monthly)
log "Running cleanup and pruning..."
restic forget \
    --keep-daily 7 \
    --keep-weekly 4 \
    --keep-monthly 12 \
    --prune \
    >> "$LOG_FILE" 2>&1

if [ $? -eq 0 ]; then
    log "Cleanup completed successfully"
else
    log "WARNING: Cleanup had issues"
fi

# Check repository integrity weekly
if [ $(date +%u) -eq 7 ]; then
    log "Running weekly repository check..."
    restic check >> "$LOG_FILE" 2>&1
    
    if [ $? -eq 0 ]; then
        log "Repository check passed"
    else
        log "ERROR: Repository check failed!"
    fi
fi

log "Backup process finished"

Make script executable

sudo chmod +x /root/.restic/backup.sh

Schedule with Cron

Edit crontab

sudo crontab -e

# Add daily backup at 2:00 AM
0 2 * * * /root/.restic/backup.sh

Test the Backup Script

Run and check

# Run the script manually
sudo /root/.restic/backup.sh

# Check the log
sudo tail -f /var/log/restic-backup.log

Managing and Restoring Backups

List Snapshots

View all snapshots

source /root/.restic/credentials
restic snapshots

# List snapshots with specific tags
restic snapshots --tag website

Restore Files

Restore latest snapshot

# Restore latest snapshot to a specific location
restic restore latest --target /tmp/restore

# Restore a specific snapshot
restic snapshots  # Get the ID first
restic restore abc123de --target /tmp/restore

# Restore specific files or directories
restic restore latest --target /tmp/restore --include /var/www/html

Mount Backups for Browsing

Mount repository

# Install FUSE
sudo apt install fuse -y  # Ubuntu/Debian

# Create mount point
mkdir /mnt/restic

# Mount the repository
restic mount /mnt/restic

# Browse backups
cd /mnt/restic/snapshots
ls -la

Warning: Restoring to Original Location

Using restic restore latest --target / will overwrite existing files!

Monitoring and Maintenance

Check Repository Health

Repository verification

source /root/.restic/credentials

# Quick check
restic check

# Thorough check including data verification
restic check --read-data

View Repository Statistics

Statistics

restic stats

# View statistics for a specific snapshot
restic stats latest

Prune Old Snapshots

Retention policy

restic forget \
    --keep-daily 7 \
    --keep-weekly 4 \
    --keep-monthly 12 \
    --keep-yearly 3 \
    --prune

Compare and Search

Compare and find files

# See what changed between snapshots
restic diff snapshot1_id snapshot2_id

# Find files across all snapshots
restic find "filename"

Advanced Configuration

Backup Database Dumps

Pre-backup script for databases

#!/bin/bash
# /root/.restic/pre-backup.sh

# Database backup directory
BACKUP_DIR="/var/backups/databases"
mkdir -p "$BACKUP_DIR"

# MySQL/MariaDB backup
if command -v mysqldump &> /dev/null; then
    echo "Backing up MySQL databases..."
    DATABASES=$(mysql -e "SHOW DATABASES;" | grep -Ev "(Database|information_schema|performance_schema|mysql)")
    for DB in $DATABASES; do
        mysqldump --single-transaction --routines --triggers "$DB" | gzip > "$BACKUP_DIR/$DB.sql.gz"
    done
fi

# PostgreSQL backup
if command -v pg_dumpall &> /dev/null; then
    echo "Backing up PostgreSQL databases..."
    sudo -u postgres pg_dumpall | gzip > "$BACKUP_DIR/postgresql_all.sql.gz"
fi

Bandwidth Limiting

Limit bandwidth usage

restic backup /path/to/backup --limit-upload 5000  # 5 MB/s

Custom Retention Policy

Comprehensive retention

restic forget \
    --keep-last 5 \
    --keep-hourly 24 \
    --keep-daily 7 \
    --keep-weekly 4 \
    --keep-monthly 12 \
    --keep-yearly 3 \
    --prune

Security Best Practices

Secure Credential Storage

Never store credentials in plain text in scripts. Use the environment file method and ensure proper permissions:

sudo chown root:root /root/.restic/credentials
sudo chmod 600 /root/.restic/credentials

Strong Passwords

Generate a strong Restic password and store it securely in a password manager.

openssl rand -base64 32

Enable 2FA

For RamNode S3 access, enable 2FA in your RamNode client area to protect your object storage credentials.

Regular Restore Tests

Schedule quarterly restore tests to verify backup integrity.

restic restore latest --target /tmp/restore-test
ls -la /tmp/restore-test/

Troubleshooting

Connection Timeouts

restic backup /path --option s3.timeout=300s

Repository Locked

If a backup process crashes, unlock the repository:

restic unlock

Verification Failures

restic rebuild-index
restic check

You're All Set!

You now have a fully automated, encrypted backup solution for your RamNode VPS using Restic.

Your setup provides:

Automated daily backups with retention policies
Secure encryption protecting your data at rest and in transit
Efficient storage through deduplication and compression
Easy restoration with simple commands

View VPS Plans S3 API Guide