Is there a way (restic setup) backup to your friends (trusted ) computer using restic?

i don’t want to pay a recurring fee to any cloud provider and also increase my security by using a peer

the option is available in relicabackup .

Do you mean backing up your own computer to your friend’s computer and vice versa? If that is what you mean, it is no problem.

All you need is an account on your friend’s computer (ssh or even better via rest-server) and, of course, access to your friend’s computer: IP address or dynamic DNS combined with a way through any firewall/router blocking the way.

A nice way to do this is what I’m doing: take a Raspberry Pi, hook up a USB hard drive to it and place it at your friend’s house.

A third option is using Minio but out of the three proposed solution I would definitely recommend the rest-server-approach.

A really easy way to exchange files between two computers is Resilio Sync (used to be called BitTorrent Sync). It works on PCs, server, and R.Pi. It’s really easy to set up and just works.

I would strongly recommend Syncthing over Resilio Sync. Syncthing is free software. Resilio Sync is proprietary and locks many of its features behind a one-time or monthly fee depending on the use case.

4 Likes

Syncthing looks interesting - I would try that over Resilio Sync first. I hadn’t heard of it. I can say the free version of Resilio works fine including backing up data from about 5 family members computers all around the world to my PC, from my phone to my PC, etc.

my use case I meant using a robust and trusted peer’s PC (eg my own office desktop running windows 10) with restic … so as to avoid paying recurring costs with cloud providers

i would love to take up your suggestion , unless its too difficult to configure , since i am not from the software field . can you please point out a how to configure rest-server stuff on a PC and hook it up with restic running on my laptop (macbook) .
regards ,

Thanks for your reply …

i don’t want to use syncthing with restic for this use case ( btw sycnthing is excellent) because
this would mean using laptop for the primary repository which is already low on space

To be honest I have no idea how you’d best setup anything on Windows but here’s the restic documentation and here you find the rest-server.

Quick summary:

  • Download rest-server on server
  • Put a .htpasswd file in target-folder (e.g. htpasswd -B -c target-folder/.htpasswd username)
  • Initialize restic repository: restic -r target-folder init
  • Start rest-server, e.g. like this in append-only mode: rest-server --path target-folder --append-only
  • Download restic on client
  • Backup things: restic -r rest:http://username:password@server:8080/target-folder backup source-folder

Of course you have to make sure that the server can be reached on port 8080 (or whatever you want to use) and you have rest-server running as a daemon. Maybe WSL can help you with that?

EDITED TO ADD: Please make sure you use TLS/HTTPS if you expose rest-server to the internet (see discussion below).

Someone should state the obvious and say that the rest-server port shouldn’t be opened to the public.

I do have a similar setup between Windows, Mac and Linux at home and at work using Wireguard. It takes a little to read how it works and how to set it up, but then it’s just a perfect VPN solution (it’s peer to peer, no central server involved or complicated certificate authority to setup) :+1:

Running HTTPS in front with required authentication has much the same security impact as using a VPN. That’s another alternative. Either way, you get encryption.

Care to elaborate on why?

Did I miss something?

Exposing the port without some encryption layer (HTTPS or VPN) means passwords are sent totally in the clear and can be sniffed off of the wire.

Oh okay yes that is quite obvious indeed. On the other hand, restic itself does encryption and, as you said above, TLS can be used. I should have mentioned that.

@cdhowie Right, but noone with a sane mind would put rest-server up on the Internet without enabling HTTPS in it and only using that. In that case, do you still think it’s a bad idea?

Note to anyone reading this; We’re not talking about the password to your repository - even if you were to put up rest-server without HTTPS on the Internet, and send your backups to it, your actual repository password will not be revealed. We’re only talking about the password used to get access to the rest-server.

That was my point exactly. Sorry it was late and maybe I wasn’t very clear :smile:

1 Like

I think @creativeprojects was just pointing that out because @nicnab’s mini-howto didn’t mention it. There’s a lot of people who will blindly follow guides without a thought given to security, so that’s why it was brought up – just to prevent those people from leaving the front door open.

2 Likes