Automating Server Backups with Restic

Why Restic?

Restic is a modern backup program that supports encryption, deduplication, and multiple storage backends (S3, SFTP, local).

Installation

sudo apt install -y restic

# Or latest version
wget https://github.com/restic/restic/releases/latest/download/restic_0.16.4_linux_amd64.bz2
bunzip2 restic_*.bz2
chmod +x restic_*
sudo mv restic_* /usr/local/bin/restic

Initialize a Repository

# Local backup
restic init --repo /backup/restic

# S3-compatible storage
export AWS_ACCESS_KEY_ID=your-key
export AWS_SECRET_ACCESS_KEY=your-secret
restic init --repo s3:s3.amazonaws.com/bucket-name/backups

# SFTP to another server
restic init --repo sftp:backup-server:/backups/myserver

You'll be prompted for an encryption password. Store this password securely — without it, backups are unrecoverable.

Creating Backups

# Back up web files and database dumps
restic backup /var/www /home/deploy/db-dumps --tag web --tag daily

Automating with Cron

Create a backup script:

#!/bin/bash
# /opt/backup/daily.sh

export RESTIC_REPOSITORY="sftp:backup-server:/backups/myserver"
export RESTIC_PASSWORD_FILE="/root/.restic-password"

# Dump databases first
mysqldump --all-databases | gzip > /home/deploy/db-dumps/all-databases.sql.gz

# Run backup
restic backup \
  /var/www \
  /home/deploy/db-dumps \
  /etc/nginx \
  /etc/letsencrypt \
  --tag daily

# Prune old snapshots (keep 7 daily, 4 weekly, 6 monthly)
restic forget --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --prune

# Check repository health
restic check

# Schedule daily at 3 AM
echo "0 3 * * * root /opt/backup/daily.sh >> /var/log/backup.log 2>&1" | sudo tee /etc/cron.d/restic-backup

Restoring Files

# List snapshots
restic snapshots

# Restore specific snapshot
restic restore latest --target /tmp/restore

# Restore specific files
restic restore latest --target /tmp/restore --include /var/www/html/config.php

Tip Test your restore process regularly. A backup you can't restore is worthless.