Taken from siomiz/postgresql-s3, this image has the necessary utilties for you to perform continuous postgres backups to S3.
The idea is here is to provide an easy ready-to-go way to dump an entire postgresql database, compress it, encrypt it, and push it to Amazon s3.
Please check the version/tag you pull of this image. If a version mismatch
occurs, pg_dumpall will not execute!
- Symmetric Encryption via gpg
- Compression via xz (lzma2)
- Extreme configurability via environment variables :)
Up and Running
Without going through and providing all the required env vars, here is a quick docker run line for getting up and running with this container.
docker run --link postgres:postgres inanimate/postgres-s3-archive
Note that the alias/name used to identify your linked postgres container must actually be postgres!
AWS_ACCESS_KEY_ID- AWS S3 access key.
AWS_SECRET_ACCESS_KEY- AWS S3 secret key.
BUCKET- AWS S3 bucket (and folder) to store the backup. i.e.
SYMMETRIC_PASSPHRASE- The gpg symmetric passphrase to use to encrypt your file.
PGHOST/PGPORT- Two variables which can be set to specify the usage of a different container or postgres server (meaning you aren't linking). (default: HOST and PORT of the container you link.)
PGUSER- The database user to connect as (default:
We assume the user provided has full access without a password needed. Please make sure this exists and your server allows this user to login from the same network segment.
TIMEOUT- How often perform backup, in seconds. (default:
NAME_PREFIX- A prefix in front of the date i.e.
GPG_COMPRESSION_LEVEL- The compression level for gpg to use (0-9). (default:
0; not recommended since we're using xz)
XZ_COMPRESSION_LEVEL- The compression level for xz (lzma2) to use (0-9). (default:
9; this is the best compression level)
CIPHER_ALGO- The cipher for gpg to utilize when encrypting your archive. (default:
EXTENSION- The extension to use for the backup file i.e.
AWSCLI_OPTIONS- Provide some arguments to awscli (default:
--sse) See here for possibilities.
All other aws-cli variables are also supported.
A few notes
- Use spaces in your buckets, prefix, or extension at your own risk!
- I really didn't feel like using cron. Deal with it.
- One day, I'll implement asymmetric encryption so you can use your gpg keys. For now, this image does...maybe you could make your own ;P