This repository contains instructions and scripts to setup a Docker container to perform automatic encrypted backups for a GitLab container. This assumes a standard GitLab installation using the official docker image and instructions.
The tool used to create the backups is Duplicity and the backup destination is as remote directory. Due to docker security restrictions this remote directory is mounted on the docker host and passed as a local volume to the backup container. The scripts are set up to generate daily incremental backups at 3 AM and to do a full backup once a month. Duplicity compresses, encrypts and signs the backups.
- Create the mounting point folder on the docker host.
sudo mkdir /mnt/backup
- Next, configure the host to mount the remote directory during boot. The instructions to do this depend on your specific infrastructure and won't be covered here. The backup generation will already work once the
/mnt/backupfolder exists, but local storage kind of defeats the purpose of the backup strategy.
git clone ssh://[email protected]:felipewer/gitlab-backup.git
cd gitlab-backup/docker
docker build -t duplicity .
Substitute the value of <the-actual-passphrase> with the passphrase you wish to use to protect the bakups
docker run --detach \
--env 'PASSPHRASE=<the-actual-passphrase>' \
--name duplicity \
--restart always \
--volumes-from gitlab \
--volume /mnt/backup:/backup \
duplicity
To restore the most recent backup run:
docker exec -it duplicity duplicity --force file:///backup /
Duplicity has integrations to Amazon S3 buckets and others, therefore different storage approaches are possible with some changes to the scripts.