在之前的教程中,我们已经介绍了如何在 HestiaCP 服务器上搭建 MinIO 对象存储服务。

HestiaCP 安装 MinIO 教程
在Hestiacp中新建网站,配置ssl,新建数据库的操作就不再赘述了。如果你是第一次看到hestiacp系列教程,请点击下方链接,就能看到完整的一系列教程了。 HestiaCP - HOSTEYEHOSTEYE由 FOXCOO 如果你想利用hestiacp的备份与恢复功能,那就将minio安装到网站目录下。这里将以此类情况演示。 安装 MinIO 服务器 这里新建用户不建议用minio 你可以使用minio-user 。 因为要利用hestiacp的备份与恢复功能,所以我们全部自定义安装。 然后进入网站目录/home/minio-user/web/xxx.com/public_html/ 使用以下命令下载最新的稳定 MinIO 二进制文件并将其安装到系统 wget https://dl.min.io/server/minio/release/linux-amd64/minio chmod +x minio 使用 systemd 守护进程 在 /etc/systemd/

自 HestiaCP 1.9 版本更新后,官方已支持 Restic 作为备份工具,这意味着我们可以直接利用 HestiaCP 内置的 Restic 进行 增量备份,而无需手动安装和配置它。

HestiaCP 1.9 版本更新:Restic 备份支持

在 HestiaCP 1.9 之前,官方的备份方式是 tar.gz 归档打包的传统方式,这种方式虽然简单,但有几个问题:

  • 每次备份都会重新打包整个数据,占用大量存储空间
  • 备份速度较慢,无法实现增量存储
  • 还原数据时,需要解压整个存档,操作不够高效

HestiaCP 1.9+ 引入 Restic 的优势

  • 支持增量备份:仅存储自上次备份以来更改的数据,大幅减少存储占用
  • 支持加密:默认加密所有备份,提高安全性
  • 支持多种存储后端:本地磁盘、FTP、S3(包括 MinIO)、Google Drive 等
  • 自动化:可直接使用 HestiaCP 的任务调度功能,无需额外编写脚本

准备

在开始配置之前,你需要确保:

  1. 你的 HestiaCP 版本 >= 1.9。如果你的版本较旧,请先升级。
  2. 你已经安装并运行了 MinIO 作为对象存储(如果还未搭建,可参考之前的 MinIO 教程)。
  3. 你拥有 MinIO 的 Access Key 和 Secret Key,并已创建存储桶(bucket)。

配置

1. 在用户方案中启用增量备份

首先,确保 HestiaCP 的 用户方案(package) 已启用 增量备份

  • 登录 HestiaCP 管理面板
  • 进入 用户账户 → 用户方案 →编辑
  • 找到(增量备份) 选项并启用它
  • 点击 保存更改

2. 使用 Rclone 配置远程存储

从 HestiaCP 1.9+ 开始,系统 默认包含 Rclone,可以用于将备份存储到 MinIO、S3、Google Drive、OneDrive 等支持的后端。

配置 Rclone

以 root 用户运行以下命令:

rclone config

然后按照提示步骤操作。示例:

Enter name for new remote.
name> restic                

Option Storage.
Type of storage to configure.
Choose a number from below, or type in your own value.
 1 / 1Fichier
   \ (fichier)
 2 / Akamai NetStorage
   \ (netstorage)
 3 / Alias for an existing remote
   \ (alias)
 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile, Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive, IONOS, LyveCloud, Leviia, Liara, Linode, Magalu, Minio, Netease, Petabox, RackCorp, Rclone, Scaleway, SeaweedFS, StackPath, Storj, Synology, TencentCOS, Wasabi, Qiniu and others
   \ (s3)
 5 / Backblaze B2
   \ (b2)
 6 / Better checksums for other remotes
   \ (hasher)
 7 / Box
   \ (box)
 8 / Cache a remote
   \ (cache)
 9 / Citrix Sharefile
   \ (sharefile)
10 / Combine several remotes into one
   \ (combine)
11 / Compress a remote
   \ (compress)
12 / Dropbox
   \ (dropbox)
13 / Encrypt/Decrypt a remote
   \ (crypt)
14 / Enterprise File Fabric
   \ (filefabric)
15 / FTP
   \ (ftp)
16 / Files.com
   \ (filescom)
17 / Gofile
   \ (gofile)
18 / Google Cloud Storage (this is not Google Drive)
   \ (google cloud storage)
19 / Google Drive
   \ (drive)
20 / Google Photos
   \ (google photos)
21 / HTTP
   \ (http)
22 / Hadoop distributed file system
   \ (hdfs)
23 / HiDrive
   \ (hidrive)
24 / ImageKit.io
   \ (imagekit)
25 / In memory object storage system.
   \ (memory)
26 / Internet Archive
   \ (internetarchive)
27 / Jottacloud
   \ (jottacloud)
28 / Koofr, Digi Storage and other Koofr-compatible storage providers
   \ (koofr)
29 / Linkbox
   \ (linkbox)
30 / Local Disk
   \ (local)
31 / Mail.ru Cloud
   \ (mailru)
32 / Mega
   \ (mega)
33 / Microsoft Azure Blob Storage
   \ (azureblob)
34 / Microsoft Azure Files
   \ (azurefiles)
35 / Microsoft OneDrive
   \ (onedrive)
36 / OpenDrive
   \ (opendrive)
37 / OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)
   \ (swift)
38 / Oracle Cloud Infrastructure Object Storage
   \ (oracleobjectstorage)
39 / Pcloud
   \ (pcloud)
40 / PikPak
   \ (pikpak)
41 / Pixeldrain Filesystem
   \ (pixeldrain)
42 / Proton Drive
   \ (protondrive)
43 / Put.io
   \ (putio)
44 / QingCloud Object Storage
   \ (qingstor)
45 / Quatrix by Maytech
   \ (quatrix)
46 / SMB / CIFS
   \ (smb)
47 / SSH/SFTP
   \ (sftp)
48 / Sia Decentralized Cloud
   \ (sia)
49 / Storj Decentralized Cloud Storage
   \ (storj)
50 / Sugarsync
   \ (sugarsync)
51 / Transparently chunk/split large files
   \ (chunker)
52 / Uloz.to
   \ (ulozto)
53 / Union merges the contents of several upstream fs
   \ (union)
54 / Uptobox
   \ (uptobox)
55 / WebDAV
   \ (webdav)
56 / Yandex Disk
   \ (yandex)
57 / Zoho
   \ (zoho)
58 / premiumize.me
   \ (premiumizeme)
59 / seafile
   \ (seafile)
Storage> 4

Option provider.
Choose your S3 provider.
Choose a number from below, or type in your own value.
Press Enter to leave empty.
 1 / Amazon Web Services (AWS) S3
   \ (AWS)
 2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun
   \ (Alibaba)
 3 / Arvan Cloud Object Storage (AOS)
   \ (ArvanCloud)
 4 / Ceph Object Storage
   \ (Ceph)
 5 / China Mobile Ecloud Elastic Object Storage (EOS)
   \ (ChinaMobile)
 6 / Cloudflare R2 Storage
   \ (Cloudflare)
 7 / DigitalOcean Spaces
   \ (DigitalOcean)
 8 / Dreamhost DreamObjects
   \ (Dreamhost)
 9 / Google Cloud Storage
   \ (GCS)
10 / Huawei Object Storage Service
   \ (HuaweiOBS)
11 / IBM COS S3
   \ (IBMCOS)
12 / IDrive e2
   \ (IDrive)
13 / IONOS Cloud
   \ (IONOS)
14 / Seagate Lyve Cloud
   \ (LyveCloud)
15 / Leviia Object Storage
   \ (Leviia)
16 / Liara Object Storage
   \ (Liara)
17 / Linode Object Storage
   \ (Linode)
18 / Magalu Object Storage
   \ (Magalu)
19 / Minio Object Storage
   \ (Minio)
20 / Netease Object Storage (NOS)
   \ (Netease)
21 / Petabox Object Storage
   \ (Petabox)
22 / RackCorp Object Storage
   \ (RackCorp)
23 / Rclone S3 Server
   \ (Rclone)
24 / Scaleway Object Storage
   \ (Scaleway)
25 / SeaweedFS S3
   \ (SeaweedFS)
26 / StackPath Object Storage
   \ (StackPath)
27 / Storj (S3 Compatible Gateway)
   \ (Storj)
28 / Synology C2 Object Storage
   \ (Synology)
29 / Tencent Cloud Object Storage (COS)
   \ (TencentCOS)
30 / Wasabi Object Storage
   \ (Wasabi)
31 / Qiniu Object Storage (Kodo)
   \ (Qiniu)
32 / Any other S3 compatible provider
   \ (Other)
provider> 19

Option env_auth.
Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
Only applies if access_key_id and secret_access_key is blank.
Choose a number from below, or type in your own boolean value (true or false).
Press Enter for the default (false).
 1 / Enter AWS credentials in the next step.
   \ (false)
 2 / Get AWS credentials from the environment (env vars or IAM).
   \ (true)
env_auth> 1

Option access_key_id.
AWS Access Key ID.
Leave blank for anonymous access or runtime credentials.
Enter a value. Press Enter to leave empty.
access_key_id> ******************

Option secret_access_key.
AWS Secret Access Key (password).
Leave blank for anonymous access or runtime credentials.
Enter a value. Press Enter to leave empty.
secret_access_key> ******************

Option region.
Region to connect to.
Leave blank if you are using an S3 clone and you don't have a region.
Choose a number from below, or type in your own value.
Press Enter to leave empty.
   / Use this if unsure.
 1 | Will use v4 signatures and an empty region.
   \ ()
   / Use this only if v4 signatures don't work.
 2 | E.g. pre Jewel/v10 CEPH.
   \ (other-v2-signature)
region> ******************

Option endpoint.
Endpoint for S3 API.
Required when using an S3 clone.
Enter a value. Press Enter to leave empty.
endpoint> https://******************

Option location_constraint.
Location constraint - must be set to match the Region.
Leave blank if not sure. Used when creating buckets only.
Enter a value. Press Enter to leave empty.
location_constraint> 

Option acl.
Canned ACL used when creating buckets and storing or copying objects.
This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
Note that this ACL is applied when server-side copying objects as S3
doesn't copy the ACL from the source but rather writes a fresh one.
If the acl is an empty string then no X-Amz-Acl: header is added and
the default (private) will be used.
Choose a number from below, or type in your own value.
Press Enter to leave empty.
   / Owner gets FULL_CONTROL.
 1 | No one else has access rights (default).
   \ (private)
   / Owner gets FULL_CONTROL.
 2 | The AllUsers group gets READ access.
   \ (public-read)
   / Owner gets FULL_CONTROL.
 3 | The AllUsers group gets READ and WRITE access.
   | Granting this on a bucket is generally not recommended.
   \ (public-read-write)
   / Owner gets FULL_CONTROL.
 4 | The AuthenticatedUsers group gets READ access.
   \ (authenticated-read)
   / Object owner gets FULL_CONTROL.
 5 | Bucket owner gets READ access.
   | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
   \ (bucket-owner-read)
   / Both the object owner and the bucket owner get FULL_CONTROL over the object.
 6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
   \ (bucket-owner-full-control)
acl>  

Option server_side_encryption.
The server-side encryption algorithm used when storing this object in S3.
Choose a number from below, or type in your own value.
Press Enter to leave empty.
 1 / None
   \ ()
 2 / AES256
   \ (AES256)
 3 / aws:kms
   \ (aws:kms)
server_side_encryption> 1

Option sse_kms_key_id.
If using KMS ID you must provide the ARN of Key.
Choose a number from below, or type in your own value.
Press Enter to leave empty.
 1 / None
   \ ()
 2 / arn:aws:kms:*
   \ (arn:aws:kms:us-east-1:*)
sse_kms_key_id> 

Edit advanced config?
y) Yes
n) No (default)
y/n> 

Configuration complete.
Options:
- type: s3
- provider: Minio
- access_key_id: ******************
- secret_access_key: ******************
- region: ******************
- endpoint: ******************
Keep this "restic" remote?
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> 

3. 启用 Restic 备份

在 Rclone 配置完成后,我们可以使用 v-add-backup-host-restic 命令来 添加 Restic 备份存储

运行以下命令:

v-add-backup-host-restic 'rclone:restic:restic/claw/' '30' '8' '5' '3' '-1'
  • rclone:restic:restic/claw/ → 存储位置,即 Rclone 配置名 restic 和目标路径 /claw/
  • '30' → 保留 30 天的每日备份
  • '8' → 保留 8 周的每周备份
  • '5' → 保留 5 个月的每月备份
  • '3' → 保留 3 年的年度备份
  • '-1' → 不保留额外备份

4. 运行增量备份

执行以下命令启动 全用户备份

v-backup-users-restic

或为 特定用户 备份:

v-backup-user-restic username

⚠️ 重要提示

  • 首次运行时,HestiaCP 会初始化一个新的 Restic 存储库,这个过程可能需要一些时间。
  • Restic 默认会在 /usr/local/hestia/data/users/{user}/restic.conf 生成加密密钥,确保备份时数据是加密的。

警告与注意事项

务必备份 restic.conf 

Restic 采用 强加密 保护备份数据,而 加密密钥存储在 /usr/local/hestia/data/users/{users}/restic.conf,如果你丢失了这个文件,你将 无法恢复 备份!

如果 服务器崩溃 或 用户被删除,但 restic.conf 丢失,你将无法解密备份数据,HestiaCP 也 无法提供恢复方式


其他方法

Restic 不仅仅支持 Rclone,它还可以直接连接到 S3、FTP、本地磁盘等。
但由于 HestiaCP 运行备份时 不允许提前提供密钥/密码,所以推荐 使用 Rclone 进行外部存储管理。因为它可以更灵活地管理远程存储,并且无需手动输入存储凭据

你也可以使用 Restic 原生方式,比如:

export RESTIC_REPOSITORY="s3:http://minio-server-ip:9000/hestiabackups"
export RESTIC_PASSWORD="your-strong-password"
restic init

但这种方法需要手动管理密码,而 Rclone 方式更加推荐,因为它简化了远程存储连接的配置。

如果你的 备份需求超出了 HestiaCP,比如:

  • 你希望在 多个服务器 之间同步备份
  • 你需要管理 多个存储位置
  • 你想要 更灵活的备份策略

那么,你可以参考我的 另一篇教程,使用 AutoRestic 进行更高级的 Restic 备份管理。

可以参考

HestiaCP 安装 Restic 并使用 Autorestic 实现自动增量备份
HestiaCP 自带的备份功能提供了强大的数据保护功能,可以轻松地对用户数据进行全量备份。其实现方式是打包整个用户目录下的所有文件,这对于大多数用户来说已经足够。但如果你需要更高效、灵活的备份方式,尤其是增量备份,那么使用 Restic 进行备份将是一个更好的选择。 restic · Backups done right! 增量备份相比全量备份,能够只备份发生变化的数据,从而大幅减少备份数据量,节省存储空间并提高备份速度。虽然 HestiaCP 在未来的版本中计划内建对 Restic 增量备份的支持,但它仍然局限于备份位于用户目录下的文件。为了实现更灵活的备份,我们可以通过安装 Restic 和配置 Autorestic 来实现自动化增量备份,并且不仅限于用户目录的文件。 在本篇教程中,我们将详细介绍如何在 HestiaCP 中安装 Restic、配置 Autorestic,并通过定时任务实现自动增量备份。 安装使用 Restic 安装 Restic 的安装很简单。 sudo apt update sudo apt

包含的标签:

教程, HestiaCP

最后更新: March 20, 2025