ARM compatible fork of Nold360/docker-borgserver. Dockerimage that runs a Borg backup server, accessible by ssh using publickey authentication.
Go to file
nold 184a435060 Add: gitignore
(cherry picked from commit 222ae10c6fc95a9013bfbb8719e51ce61903b1c0)
2017-10-27 11:44:45 +02:00
data Security fix: Delete SSH-Hostkeys in image & regenerate on first run 2017-10-20 16:29:29 +02:00
.gitignore Add: gitignore 2017-10-27 11:44:45 +02:00
Dockerfile Small Dockerfile improvements 2017-10-27 11:29:02 +02:00
README.md Small fix in README 2017-10-26 12:58:43 +02:00

BorgServer - Docker image

Debian based container image, running openssh-daemon only accessable by user named "borg" using SSH-Publickey Auth & "borgbackup" as client. Backup-Repositoriees, client's SSH-Keys & SSHd's Hostkeys will be stored in persistent storage.

Quick Example

Here is a quick example how to configure & run this image:

Create persistent directories

mkdir -p borg/sshkeys/clients borg/backup

Copy any client ssh publickey into container Remember: Filename = Borg-repository name!

cp ~/.ssh/my_machine.pub borg/sshkeys/client/my_machine 

The OpenSSH-Deamon will expose on port 22/tcp - so you will most likely want to redirect it to a different port. Like 2233 in this example:

docker run -td 
			-p 2233:22  \
			--volume $(pwd)/borg/sshkeys:/sshkeys \
			--volume $(pwd)/borg/backup:/backup \
			nold360/borgserver:latest

Borgserver Configuration

  • Place Borg-Clients SSH-PublicKeys in persistent storage
  • Client Repositories will be named by the filename found in /sshkeys/clients/

Persistent Storages & Client Configuration

We will need two persistent storage directories for our borgserver to be usefull:

/sshkeys

This directory has two subdirectories:

/sshkeys/clients/

Here we will put all SSH public keys from our borg clients, we want to backup. Every key must be it's own file, containing only one line, with the key. The name of the file will become the name of the borg repository, we need for our client to connect.

That means every client get's it's own repository. So you might want to use the hostname of the client as the name of the sshkey file.

F.e. /sshkeys/webserver.mydomain.com

Than your client would have to initiat the borg repository like this:

webserver.mydomain.com ~$ borg init ssh://borg@borgserver-container/backup/webserver.mydomain.com

!IMPORTANT!: The container wouldn't start the SSH-Deamon until there is at least one ssh-keyfile in this directory!

/sshkeys/host/

This directory will be automaticly created on first start. Also run.sh will copy the SSH-Hostkeys here, so your clients can verify it's borgservers ssh-hostkey.

/backup

In this directory will borg write all the client data to. It's best to start with an empty directory.