Restic Backup to Storage VPS: Automated Encrypted Backups with Scheduling
Data integrity is the basis of professional infrastructure management; yet backup strategies often fail because of the complexity or high storage costs. In this guide, we will implement a secure and automated Restic backup to Storage VPS, which ensures your data is encrypted, deduplicated, and safely stored off-site.
By combining Restic’s modern snapshot capabilities with a reliable destination like Perlod hosting, you can create a strong disaster recovery pipeline that guarantees your data is protected against hardware failures, accidental deletions, and security threats.
Table of Contents
Prerequisites for Restic Backup to Storage VPS
Before you start the Restic backup to storage VPS, ensure you have the following resources and proper access to establish a secure connection between your servers:
- Source Server: The machine you want to back up, for example, your production server.
- Destination Server: A Storage VPS with SSH access.
- SSH Key Access: Ensure the source server can SSH into the destination server without a password.
Quick check: You can run the command below from your source server:
ssh user@storage-vps-ipIf it asks for a password, you must set up SSH keys with ssh-copy-id before you start.
Once you are done with these prerequisites, follow the steps below to complete the restic backup to storage VPS.
Install Restic on Source Server
You must install the Restic package on the machine you want to back up. Restic is available in the default repositories of most major Linux distributions.
On Ubuntu and Debian-based distros, you can use:
apt update
apt install restic -yOn CentOS and RHEL-based distros, you can use:
dnf update -y
dnf install epel-release -y
dnf install restic -yThen, you can run the restic self-update command, which is recommended for the latest features:
restic self-updateInitialize Encrypted Repository on Storage VPS
In this step, you must initialize the storage location on your storage VPS. This process creates the necessary directory structure for your data and establishes the master encryption keys that will protect your backups from unauthorized access.
First, you must define your repository location string:
sftp:user@remote_IP:/path/to/backup_folderThen, you can run the initialization command on your storage VPS:
restic -r sftp:[email protected]:/var/backups/restic-repo initRemember to replace [email protected] with your Storage VPS username and password.
Important Note: You will be asked to type a password. Save this password securely; if you lose it, your backups are unrecoverable.
If you need a safe place to store your critical credentials, you can check this guide on Secrets Management with HashiCorp Vault for a proper solution.
Create Backup Automation Script on Source Server
At this point, you can create a shell script on your source server to automate the entire backup workflow. This script will handle authentication, perform the backup, and automatically remove old snapshots based on your retention policy to keep your storage usage efficient.
Create the automation script file with the command below:
nano /usr/local/bin/restic-backup.shPaste the following script into the file and edit the VARIABLES section with your details:
#!/bin/bash
# --- VARIABLES ---
export RESTIC_REPOSITORY="sftp:[email protected]:/var/backups/restic-repo"
export RESTIC_PASSWORD="your-strong-password-here"
# List of directories to backup
BACKUP_PATHS="/etc /var/www /home"
# Retention Policy (Pruning)
# Keep: Last 7 days, 4 weeks, and 6 months
RETENTION="--keep-daily 7 --keep-weekly 4 --keep-monthly 6"
# --- COMMANDS ---
# 1. Perform Backup
echo "Starting Backup..."
restic backup $BACKUP_PATHS --verbose
# 2. Prune Old Backups (Forget + Prune)
echo "Pruning Old Snapshots..."
restic forget $RETENTION --prune
# 3. Check Integrity (Optional but recommended periodically)
# echo "Checking Repository Integrity..."
# restic checkOnce you are done, save and close the file.
Make the script executable and restrict permissions since it contains your password:
chmod 700 /usr/local/bin/restic-backup.shYou can test the backup automation script manually with the command below:
/usr/local/bin/restic-backup.shYou should see Restic scanning files, uploading blobs, and then cleaning up old snapshots.
Schedule Backups with Systemd
Now that you have a working backup script on the source server, you need to schedule it to run automatically. You can use Systemd timers for this task, as they provide superior reliability, logging, and error handling compared to traditional Cron jobs, which ensure your critical data is backed up consistently.
Create the service unit file for your Restic backup with the command below:
nano /etc/systemd/system/restic-backup.serviceAdd the following content to the file:
[Unit]
Description=Restic Backup Service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/restic-backup.sh
User=rootThen, create the Timer unit file, which schedules the service:
nano /etc/systemd/system/restic-backup.timerAdd the following content to the file that runs daily at 3 AM:
[Unit]
Description=Run Restic Backup Daily
[Timer]
OnCalendar=*-*-* 03:00:00
Persistent=true
[Install]
WantedBy=timers.targetOnce you are done, enable and start the service with the commands below:
systemctl daemon-reload
systemctl enable --now restic-backup.timerTo verify the schedule, you can run:
systemctl list-timers restic-backup.timerSnapshot Management and Disaster Recovery
A backup strategy is incomplete without a tested recovery plan. In this final step, you can use these essential commands on your source server to list your available snapshots, verify the integrity of your repository, and restore your data quickly in the event of data loss.
To list all snapshots, you can use:
export RESTIC_REPOSITORY="sftp:[email protected]:/var/backups/restic-repo"
export RESTIC_PASSWORD="your-strong-password-here"
restic snapshotsRestore the latest backup with the command below:
restic restore latest --target /tmp/restore-testTo restore a specific snapshot ID, you can use:
restic restore a1b2c3d4 --target /tmp/restore-testTo mount the repository and mount backups like a file system, you can use:
mkdir /mnt/restic
restic mount /mnt/resticNow you can browse /mnt/restic/snapshots in your file manager.
You can also automate this verification process with the Bash Automated Backup Integrity Script tutorial to get alerted instantly if a backup is corrupted.
That’s it, you are done with the restic backup to storage VPS.
FAQs
Does Restic upload the full file every time for backup?
No. Restic is smart; it only uploads the parts of files that have changed. This makes daily backups extremely fast and saves space on your Storage VPS.
How to fix the Restic ‘Repository is already locked’ error?
This usually means a previous backup didn’t finish properly. You can fix it easily by running the unlock command: restic -r sftp:user@remote_IP:/path unlock.
Can I back up multiple servers with Restic to the same Storage VPS?
Yes. You can back up multiple servers to one Storage VPS. If they share the same repository, Restic will even deduplicate data between them to save extra space.
Conclusion
At this point, you have a fully automated and secure backup system. Your data is encrypted and safely sent to your Storage VPS. With Systemd handling the scheduling and Restic managing deduplication and automation, your backup strategy is now efficient enough to run daily without impacting performance.
Just remember to test a restore to ensure your disaster recovery plan is always ready for action.
We hope you enjoy this guide on Restic backup to storage VPS. Subscribe to our X and Facebook channels to get the latest updates and articles.
