Hello there,
after using restic for a while with local disks it’s time to step up and use the rest-server. What I want is to be able to make a backup without the need to have a physical disk with me. As I have a small server at home it makes sense to use that instead of S3 etc…
What I have:
- Unraid Server as a Docker host
- Nginx Proxy Manager (with a SSL cert)
- Subdomain pointed at the docker container
What works:
- Backing up with the –no-auth Flag
Creating a user
htpasswd -B data/.htpasswd <user>
New password:
Re-type new password:
Adding password for user <user>
Repo init
restic -r rest:https://<user>@<domain>/<user> init
enter password for new repository:
enter password again:
created restic repository 84dea75cf9 at rest:https://<user>@<domain>/<user>/
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
Backup
restic -r rest:https://<domain>/<user> backup someFiles
enter password for repository:
repository 84dea75c opened (version 2, compression level auto)
using parent snapshot 88c86a16
Files: 0 new, 0 changed, 25 unmodified
Dirs: 0 new, 0 changed, 2 unmodified
Added to the repository: 0 B (0 B stored)
processed 25 files, 20.499 MiB in 0:00
snapshot af56be3f saved
So far so good. At this point I am able to create backups. But so is everybody else with knowledge of the Domain:
restic -r rest:https://<domain>/someRandomName init
enter password for new repository:
enter password again:
created restic repository f3d55e217c at rest:https://<domain>/someRandomName/
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
restic -r rest:https://<domain>/<someRandomName> backup randomNamesFiles
enter password for repository:
repository f3d55e21 opened (version 2, compression level auto)
created new cache in /Users/someRandomName/Library/Caches/restic
no parent snapshot found, will read all files
Files: 25 new, 0 changed, 0 unmodified
Dirs: 2 new, 0 changed, 0 unmodified
Added to the repository: 20.513 MiB (20.202 MiB stored)
processed 25 files, 20.499 MiB in 0:00
snapshot 596a105a saved
What doesn’t work
The risk this happens might be minor, but I’d rather not have an more or less open door to a system in my home. So what I’ve done is remove the –no-auth Flag on the docker container. Since I created a with a password I’d expect the following to work:
restic -r rest:https://<user>:<password>@<domain>/<user> backup someFiles
Fatal: unable to open config file: unexpected HTTP response (401): 401 Unauthorized
Is there a repository at the following location?
rest:https://<user>:***@<domain>/<user>/
Staring the Docker Container with the flag –htpasswd-file (just to be sure the right .htpasswd is chosen) does not change anything. After removing the –htpasswd-file Flag and adding the –no-auth Flag I am able to do backups again, with and without explicitly stating a user/password:
restic -r rest:https://<user>:<password>@<domain>/<user> backup someFiles
enter password for repository:
repository 84dea75c opened (version 2, compression level auto)
using parent snapshot af56be3f
Files: 0 new, 0 changed, 25 unmodified
Dirs: 0 new, 0 changed, 2 unmodified
Added to the repository: 0 B (0 B stored)
processed 25 files, 20.499 MiB in 0:00
snapshot 3a3b6ff0 saved
restic -r rest:https://<domain>/<user> backup someFiles
enter password for repository:
repository 84dea75c opened (version 2, compression level auto)
using parent snapshot 3a3b6ff0
Files: 0 new, 0 changed, 25 unmodified
Dirs: 0 new, 0 changed, 2 unmodified
Added to the repository: 0 B (0 B stored)
processed 25 files, 20.499 MiB in 0:00
snapshot 46535a2e saved
A feeling tells me this has something to do with the Nginx Proxy Manager, but I have no evidence to support that. It might as well be a mistake while setting up the user or repo. Does anyone have an idea what might be wrong here?