Here’s a simple container that will provide you with a means of backing up files and folders from your server. Duplicati is a great choice not just because it offers a neat web front-end that makes it easy to configure backup jobs, but because it supports backing up to a variety of destinations – including remote servers. Those servers include popular cloud-based backup services like OneDrive.
But, I hear you cry, isn’t one of the key reasons for running your own self-hosted server because you don’t trust cloud services with your data? Yes, but Duplicati offers a secure way to use them – because it allows you to encrypt all your data before it’s uploaded. This effectively locks your cloud provider out of your data – if they’re breached or hand over the encryption keys for your account to a third party, your data remains locked behind that extra layer of encryption.
1. Before you begin
First, you’ll need to create a suitable backup folder for any locally stored backups. We’ll assume you have a backup drive connected for this very purpose – for example:
mkdir ~/media/bay5/data-backups
mkdir ~/media/usb1/duplicati-backups
The above example gives you two local backup locations – always a good idea when it comes to providing redundancy for your data.
2. Spin up Duplicati
Now simply adapt the following script. You’ll notice that we’ve given Duplicati complete access to our home folder – this basically means we’re able to back up any personal file(s) we need to. Also note that the container’s data folder is pointing directly at the container-data folder – don’t worry, it’ll create a Duplicati folder within there, inside which all its configuration is stored.
podman run -d \
--name duplicati \
--replace \
-e UID=1000 \
-e GID=1000 \
--label "io.containers.autoupdate=registry" \
-v /home/username/container-data/:/data \
-v /home/username/media/bay5/backups/:/backups \
-v /home/username/:/n100-server \
-p 8200:8200 \
docker.io/duplicati/duplicati:latest
The first time Duplicati starts, it’ll generate a temporary login link, which you need to paste into your browser in order to gain access for the first time to generate your own password.
If you’re accessing your server through Cockpit, use the Podman plugin: expand the duplicati entry, switch to the Logs tab and then use your mouse to select the link shown. Paste this into a browser tab, but before hitting Enter replace ‘localhost’ with your server’s IP address. This should take you to the first run wizard – make sure you set up a passphrase/password when prompted, as you’ll need this going forward.
(If you’re told the login link has expired because you took too long to copy and paste it, simply shut down and restart the container – a new link will be generated.)
Access to Duplicati is via port 8200 on a http connection (http://192.168.x.y:8200). There’s no real need to configure external access through Nginx Proxy Manager – in most cases you’ll want to keep access purely local. If you did want to dial in when on the road, take our advice and do so through Wireguard VPN.
For more on Duplicati, check out its online documentation.
Autoupdate containers
By default, containers don’t automatically get updated when new versions are released. If you’d like your containers to always be running the latest version, then add the following line (as seen in our Duplicati script above):--label "io.containers.autoupdate=registry" \
What happens is that whenever you restart the container – for example, when you reboot your server having set it as a service – it will attempt to update the container before doing so.
3. Autostart Duplicati
Another of Duplicati’s strengths is that it has built-in scheduling options to ensure your data’s backed up regularly. That means you’ll want to configure it to be always running:
podman generate systemd --new --name duplicati -f
mv -v container-duplicati.service ~/.config/systemd/user/
systemctl --user daemon-reload
systemctl --user enable container-duplicati.service