For keeping here a summary, in case it help others, I did the following to get restic backups working on a QNAP with QuTShero (ZFS) and rest server with TLS:
On QNAP GUI:
- Open Storage & Snapshots, create the base storage for the rest server backups, /share/restic in my case
- Open Container Station, create a container
- Docker Hub, image: restic/rest-server
- name: rest-server
- publish port: Host 38000, Container 8000 (adjust 38000 as needed)
- storage: Volume /share/restic, Container /data
(/share/restic/ will be used for keys and .htaccess, so, keep unshared) - OPTIONS --private-repos --tls
- Docker Hub, image: restic/rest-server
On QNAP over ssh or terminal:
- go to /share/restic/ and do:
openssl req -newkey rsa:2048 -nodes -x509 \
-keyout private_key \
-out public_key \
-days 36500 \
-addext "subjectAltName = IP:WRITE_HERE_THE_IP_OF_REST_SERVER,DNS:WRITE_HERE_THE_NAME_OF_REST_SERVER
cat /share/restic/public_keywill give you the public key, store it for later usage- Now, for adding servers to backup perform, each time:
docker exec -it rest-server create_user server1 strong_pass_for_server_1
Then, on servers to backup (take as example and customize to your setup:
- write the previous rest server public key in a file, I used: /home/restic/.restic/rest_server_public_key
- write the restic pass for the backups in a file, I used /home/restic/.restic/pass
- initialize the restic repo:
sudo -u restic /home/restic/bin/restic \ --cacert /home/restic/.restic/rest_server_public_key \ -r rest:https://server1:strong_pass_for_server_1@REST_SERVER_IP:38000/server1/ \ --password-file=/home/restic/.restic/pass \ init
From now on, just replace the init with your backup commands, but keep the remaining parameters to access the repo.