Will Webberley
7284062232
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
|
||
|---|---|---|
| .nova | ||
| .woodpecker.yml | ||
| backup.sh | ||
| Dockerfile | ||
| entry.sh | ||
| README.md | ||
DB Backup
A simple script for backing up encrypted MongoDB databases to an S3-compatible bucket.
Usage
I recommend simply using the available Docker image and a docker-compose.yml along the following lines:
version: '2'
services:
db-backup:
image: wilw/db-backup
restart: always
environment:
- "ENCRYPTION_KEY=encryptkey"
- "MONGO_HOST=dbhost"
- "MONGO_USERNAME=dbusername"
- "MONGO_PASSWORD=dbpassword"
- "MONGO_AUTH_DB=admin"
- "MONGO_DBS=db1;db2;db3"
- "S3_BUCKET=bucketname"
- "AWS_ACCESS_KEY_ID=accesskey"
- "AWS_SECRET_ACCESS_KEY=secretaccesskey"
- "S3_ENDPOINT=eu-central-1.linodeobjects.com"
- "S3_PREFIX=backups/service-name"
The backup script will run hourly and will backup the databases db1, db2, and db3. Change these variables (and the other ones in the environment block) before running the container.
Do not include a trailing slash in the S3_PREFIX variable, since the container will create the value as a "directory" in S3.
Decrypting
Encryption is done using OpenSSL via AES-256. To decrypt a backup file, download it from your storage and run the following (changing the backup-date.enc filename to a real one):
echo "encryptkey" | openssl enc -d -in backup-date.enc -out decrypted.tar.gz -aes-256-cbc -pbkdf2 -pass stdin
Expiring backups
You can make use of S3 lifecycle policies to auto-expire backups. An example policy is included in this repository. This can be modified as desired, and then applied using the s3cmd tool:
s3cmd setlifecycle lifecycle_policy.xml s3://BUCKET_NAME
Notes
Please note, if you're using a Mac, make sure you're using OpenSSL and not LibreSSL when decrypting. Run openssl version to see what you're using.