疯狂的青蛙[Docker] Kopia 全平台开源备份软件
Kopia 是一种快速、安全的开源备份/恢复工具,允许创建数据的加密快照,并将快照保存到远程或云存储、网络连接存储或服务器,或本地计算机上。Kopia 具有 CLI(命令行界面)和 GUI(图形用户界面)版本,允许备份/恢复重要或关键的任何和所有文件/目录,而不会对整个机器进行“成像”。
Kopia 支持将加密和压缩的快照保存到以下所有存储位置:
- Amazon S3 以及与 S3 兼容的任何云存储
- Azure Blob 存储
- Backblaze B2
- Google 云存储
- 任何支持 WebDAV 的远程服务器或云存储
- 任何支持 SFTP 的远程服务器或云存储
- Rclone 支持的一些云存储选项
- 除了 Kopia 之外,还需要下载并设置 Rclone,但 Kopia 可以用来管理/运行 Rclone
- Rclone 支持是实验性的:并非所有 Rclone 支持的云存储产品都经过测试可以与 Kopia 配合使用,有些可能无法与 Kopia 配合使用; Kopia 已经过测试,可通过 Rclone 与 Dropbox、OneDrive 和 Google Drive 配合使用
- 本地计算机和任何网络连接的存储或服务器
- 通过 Kopia 存储库服务器创建的个人服务器
Kopia,可以控制快照的存储位置,可以将多个存储位置用于不同的备份存储库,可以将多台机器备份到同一存储位置。
部署环境
- 系统:Debian
- 域名一个,并解析到服务器
- 安装好 Docker、Docker-compose,见VPS部署
- 安装好 Caddy,反向代理
部署
升级 packages,
apt update -ykopia
创建安装目录,
mkdir -p /root/data/docker/kopia
cd /root/data/docker/kopia创建并编辑 docker-compose.yml 文件,
version: '3.7'
services:
kopia:
image: kopia/kopia:latest
hostname: Hostname
container_name: Kopia
restart: unless-stopped
ports:
- 51515:51515
# Setup the server that provides the web gui
command:
- server
- start
- --disable-csrf-token-checks
- --insecure
- --address=0.0.0.0:51515
- --server-username=USERNAME
- --server-password=SECRET_PASSWORD
environment:
# Set repository password
KOPIA_PASSWORD: "SECRET"
USER: "User"
volumes:
# Mount local folders needed by kopia
- ./config:/app/config
- ./cache:/app/cache
- ./logs:/app/logs
# Mount local folders to snapshot
- /root/data:/data:ro
# Mount repository location
- /mnt/repository:/repository
# Mount path for browsing mounted snaphots
- /mnt/kopia:/tmp:shared
启动,
docker-compose up -d 更新
进入 docker-compose.yml 所在的文件夹,
cd /root/data/docker/kopia拉取最新的镜像,
docker-compose pull重新更新当前镜像,
docker-compose up -d卸载
进入 docker-compose 所在的文件夹,
cd /root/data/docker/kopia停止容器,此时不会删除映射到本地的数据,
docker-compose down完全删除映射到本地的数据,
cd
rm -rf /root/data/docker/kopia反向代理
进入目录 /etc/caddy/sites ,创建并编辑 backup.amaranthinking.eu.org.conf ,
# Uncomment this in addition with the import admin_redir statement allow access to the admin interface only from local networks
# (admin_redir) {
# @admin {
# path /admin*
# not remote_ip private_ranges
# }
# redir @admin /
# }
backup.amaranthinking.eu.org {
log {
level INFO
output file /root/data/docker/kopia/kopia.log {
roll_size 10MB
roll_keep 10
}
}
# Uncomment this if you want to get a cert via ACME (Let's Encrypt or ZeroSSL).
# tls {$EMAIL}
# Or uncomment this if you're providing your own cert. You would also use this option
# if you're running behind Cloudflare.
# tls {$SSL_CERT_PATH} {$SSL_KEY_PATH}
# This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues.
encode gzip
# Uncomment to improve security (WARNING: only use if you understand the implications!)
# If you want to use FIDO2 WebAuthn, set X-Frame-Options to "SAMEORIGIN" or the Browser will block those requests
header {
# Enable HTTP Strict Transport Security (HSTS)
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "SAMEORIGIN"
# Prevent search engines from indexing (optional)
X-Robots-Tag "none"
# Server name removing
-Server
}
# Uncomment to allow access to the admin interface only from local networks
# import admin_redir
# Proxy everything to Rocket
reverse_proxy 127.0.0.1:51515 {
# Send the true remote IP to Rocket, so that it can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host}
}
}
本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可。
评论已关闭