Public | Automated Build

Last pushed: 2 years ago
Short Description
Backup PostgreSQL data to S3 (includes dumpall, gzip & optional GPG encryption)
Full Description

backup-postgres-to-s3

This Docker image features

  • backup PostgreSQL data to Amazon S3 (via pg_dumpall & gzip)
  • restore a backup
  • optional: encrypt the backup file before uploading to S3 / decrypt after downloading from S3

Backup

dumpall & gzip PostgreSQL data, upload to S3 bucket

docker run --rm \
  -e PGHOST=postgres \
  -e PGPORT=5432 \
  -e PGUSER=backup_user \
  -e PGPASSWORD=backupUserPassword \
  --net=postgresdb \
  -e AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE \
  -e AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \
  -e S3_PATH=s3://mybucket/postgres/ \
  rori/backup-postgres-to-s3 \
  backup

If you want to encrypt the PostgreSQL dump, additionally provide the following 2 parameters

...
-v /mykeys:/gpgkey \
-e GPGKEY_FILE=/gpgkey/public.key \
...

The environment variable GPGKEY_FILE refers to your public GPG key. Therefore you have to provide a Docker volume /gpgkey, containing your public key.

Restore

Download PostgreSQL data from S3 bucket, un-gzip and restore in PostgreSQL instance

docker run --rm \
  -e PGHOST=postgres \
  -e PGPORT=5432 \
  -e PGUSER=backup_user \
  -e PGPASSWORD=backupUserPassword \
  --net=postgresdb \
  -e AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE \
  -e AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \
  -e S3_PATH=s3://mybucket/postgres/2016-01-23_22-40-42.gz.gpg \
  rori/backup-postgres-to-s3 \
  restore

The environment variable S3_PATH refers to the backup file in your S3 bucket.

If you have to decrypt the backup, please provide 3 additional parameters:

...
-v /mykeys/private:/gpgkey \
-e GPGKEY_FILE=/gpgkey/private.key \
-it \
...

The environment variable GPGKEY_FILE refers to your private GPG key. Therefore you have to provide a Docker volume /gpgkey, containing the private key. The container will ask for your private key passphrase.

If you don't like the fact, that a Docker container uses your private key, provide the parameter

-v /var/myapp/data:/data

instead of the decryption parameters and decrypt & un-gzip the PostgreSQL dump file yourself. The container won't be offended :-)

Periodic backups

The image does not run periodic backups itself. You can achieve this by running cron jobs or systemd timers.

Docker Pull Command
Owner
rori
Source Repository

Comments (0)