Backup your mailcow-dockerized with borg
This project is intended to provide an easy way to add a backup solution with Borg to an existing Mailcow installation. This backup solution backs up the data of the mailcow to a configurable Borg repository server with a configurable interval and number of backup versions.
The installation guide assumes in this case that a working mailcow-dockerized stack is installed and a Hetzner StorageBox is used as backup target.
- Create the required directories and files:
$ mkdir -p /opt/backup/mailcow/secrets $ touch /opt/backup/mailcow/secrets/borg_repo_pw
- Create an SSH key for authentication to the Borg repository using
ssh-keygen -t ed25519 -a 100
and save it as/opt/backup/mailcow/secrets/id_rsa
:$ ssh-keygen -t ed25519 -a 100 Generating public/private ed25519 key pair. Enter file in which to save the key (/root/.ssh/id_ed25519): /opt/backup/mailcow/secrets/id_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /opt/backup/mailcow/secrets/id_rsa Your public key has been saved in /opt/backup/mailcow/secrets/id_rsa.pub The key fingerprint is: SHA256:Ic8ENYMDEFWwv1o4Hs8sKu00eUUkq/Qqa+PfiJot7uY root@mailcowhost The key's randomart image is: +--[ED25519 256]--+ | o+=++o+ | | =o. o | | . o o.o | | . o o = . | | . . o S | | o o . | |..= = o | |oXo++O | |%E*+oo+ | +----[SHA256]-----+
- Creating a backup directory on the StorageBox and setting up a user:
- Connect to a SFTP/SCP client via the address and port 23 on the StorageBox and create a new directory. Give the directory the permission '0700'. Example:
BorgBackups/mailcow
- Create a subdirectory (
BorgBackups/mailcow/.ssh
) and in it a file namedauthorized_keys
and assign permission0600
to this file - Add to the file
authorized_keys
on your StorageBox the content of the file/opt/backup/mailcow/secrets/id_rsa.pub
- Create a new sub-account in Hetzner's robot interface at your StorageBox and assign the directory
BorgBackups/mailcow
to it.
Important: The StorageBox requires SSH access and if the mailcow is outside of the Hetzner network, external access must also be allowed/activated.
- Connect to a SFTP/SCP client via the address and port 23 on the StorageBox and create a new directory. Give the directory the permission '0700'. Example:
- Set the password for the Borg repository:
$ echo "your super secure password" > /opt/backup/mailcow/secrets/borg_repo_pw
-
Copy the contents of the
docker-compose.override.yml.example
into your mailcow directory in the filedocker-compose.override.yml
-
Open the
docker-compose.override.yml
file with an editor of your choice and adjust the following lines according to your desired configuration:- BORG_REPO=ssh://[email protected]:23/./backup - BACKUP_INTERVAL=hourly
Replace the corresponding usernames in the URL of
BORG_REPO
and adjust the value ofBACKUP_INTERVAL
to your desired interval. Possible values are5min
,15min
,hourly
,daily
,weekly
,monthly
orcustom
. If you choose the valuecustom
you also have to copy the filecrontab
from this repository to/opt/backup/mailcow
and adjust it to your needs. Afterwards you add a link to thecrontab
file in thedocker-compose.override.yml
:borgbackup_unofficial-mailcow: volumes: ... - /opt/backup/mailcow/crontab:/root/crontab
-
Start the backup container:
$ cd /opt/mailcow-dockerized/ && docker-compose up -d
For possible values/usage of BORG_REPO, BORG_RSH, BORG_PASSPHRASE, the BORG_*_CMD variables, as well as other borg commands, please consult the borg documentation at
https://borgbackup.readthedocs.io/
And, last but not least:
Always check your logs, attempt restores etc. to be sure it's working!
See the open issues for a list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature
) - Commit your Changes (
git commit -m 'Add some AmazingFeature'
) - Push to the Branch (
git push origin feature/AmazingFeature
) - Open a Pull Request
Distributed under the GPL-3.0 License. See LICENSE
for more information.