Using restic on Windows to backup to a Hetzner Storage Box
I've been using Backblaze to backup my PC for a couple of years now and it's been working great, however, recently I also wanted to backup my notebook and my family's PC without signing up for two new subscriptions. This caused me to look for (open-source) alternatives, which eventually led to me discovering restic.
Alternatives
I also looked at other backup solutions, however, most of them didn't live up to my expectations. Borg also looked promising, providing deduplication and encryption, however, their Windows support was lacking. While there was an attempt to build a Windows client, it didn't come to fruition. While there are some reports of people using WSL to get it running, I didn't want to pursue this solution.
Other solutions I looked at include, among others, Veeam Agent, Kopia, and Duplicati.
Solution
Following this YouTube tutorial I was able to set up restic on Windows to backup my files to a Hetzner Storage Box. I went with the Storage Box because it is very cheap and the data center I chose is in Europe.
In order for restic to work with the Storage Box, an SSH key must be added to allow password-less authentication. Add an authorized SSH key as explained in the Storage Box SSH Keys documentation.
There are two ways to use SSH, the first one is to use port 22 and the second one is to use port 23. When using port 22, the key has to be formatted using RFC4716. When using port 23, the authorized SSH key has to be in "Standard OpenSSH Format". For my setup I went with the port 23 variant.
When using a Storage Box, you also have the option to add sub accounts. The sub accounts all share the storage space of the main account, there is no fixed limit assigned to the individual accounts. I opted to use sub-accounts for each device. This allows me to separate all the devices from each other while keeping the same configuration structure (each device has a Backups directory).
The following configuration files assume you are using sub-accounts to keep backups of multiple devices separated.
File: C:\Users\XXX\.ssh\config
Host restic-backup-host HostName uXXXXXX-subX.your-storagebox.de Port 23 User uXXXXXX-subX IdentityFile ~/.ssh/id_rsa ServerAliveInterval 60 ServerAliveCountMax 240
This is the SSH configuration file that I used to simplify the restic command by centralizing the SSH configuration. This allows me to use the restic-backup-host with restic without having to provide all the other options, making configuration easier.
File: C:\Programs\restic\cron.bat
restic -r sftp:restic-backup-host:/home/Backups/ ^ backup ^ --group-by host ^ --limit-upload 1000 ^ --files-from="C:\Programs\restic\include.txt" ^ --exclude-file="C:\Programs\restic\exclude.txt" ^ --password-file="C:\Programs\restic\password.txt"
During initial setup, I spent a lot of time trying to figure out why the backup wasn't working, only to figure out that my command was faulty. My initial command was missing the /home/ prefix, which caused the backup to fail.
Without specifying the group-by option, restic defaults to grouping by hostname and path. This causes problems with the files-from option, because every time a new path is added to the include.txt file, restic is unable to find a parent snapshot to compare the metadata against, causing all files to be re-scanned.
The limit-upload option is used to prevent restic from using the full available bandwidth, causing degraded performance for other services. The value is specified in Kilobyte, make sure to change the value to something that's reasonable for your upload speed.
File: C:\Programs\restic\include.txt
C:\Media
File: C:\Programs\restic\exclude.txt
C:\Media\Stuff
This file can be used to exclude files and directories from being backed up to the repository. I recommend going with the defaults provided by Kevin Woley in his GitHub repository. Using this configuration as a starting point, I added my own rules to prevent the vendor and node_modules directories from being backed up.
File: C:\Programs\restic\password.txt
YourBackupPasswordHere
Finally, schedule a task as explained in the video. I also checked the "Run task as soon as possible after a scheduled start is missed" checkbox to make sure my backups are getting uploaded even if the device is not running at the specified time.