docker-postgres-s3-archive
Taken from InAnimaTe/docker-postgres-s3-archive, this image has the necessary utilities for you to perform postgres backups to S3.
The idea is here is to provide an easy ready-to-go way to dump an entire postgresql database, compress it, encrypt it, and push it to Amazon S3.
Usage
docker build --build-arg POSTGRES_VERSION=15 -t postgres-backup .
docker run -it --network=container:postgres --env-file .env --rm --name postgres-backup postgres-backup
To perform continues backups schedule a cron job:
0 2 * * * docker run -itd --network=container:postgres --env-file .env --rm --name postgres-backup postgres-backup
Restore
echo $SYMMETRIC_PASSPHRASE | gpg --batch --passphrase-fd 0 --decrypt database-archive.psql.xz.gpg | xz -d | psql -U postgres postgres
Features:
- Symmetric Encryption via
gpg
- Compression via
xz
(lzma2) - Extreme configurability via environment variables :)
Environment variables
Required
AWS_ACCESS_KEY_ID
- AWS S3 access key.AWS_SECRET_ACCESS_KEY
- AWS S3 secret key.BUCKET
- AWS S3 bucket (and folder) to store the backup. i.e.s3://herpderpbucket/folder
SYMMETRIC_PASSPHRASE
- The gpg symmetric passphrase to use to encrypt your file.
Optional
-
PGHOST/PGPORT
- Two variables which can be set to specify the usage of a different container or postgres server (meaning you aren't linking). (default: HOST and PORT of the container you link.) -
PGUSER
- The database user to connect as (default:postgres
)We assume the user provided has full access without a password needed. Please make sure this exists and your server allows this user to login from the same network segment.
-
NAME_PREFIX
- A prefix in front of the date i.e.jira-data-dir-backup
(default:database-archive
) -
GPG_COMPRESSION_LEVEL
- The compression level for gpg to use (0-9). (default:0
; not recommended since we're using xz) -
XZ_COMPRESSION_LEVEL
- The compression level for xz (lzma2) to use (0-9). (default:9
; this is the best compression level) -
CIPHER_ALGO
- The cipher for gpg to utilize when encrypting your archive. (default:aes256
) -
EXTENSION
- The extension to use for the backup file i.e.tgz,tar.xz,bz2
(default:.psql.xz.gpg
) -
AWSCLI_OPTIONS
- Provide some arguments to awscli (default:--sse
) See here for possibilities. -
EXCLUDED_DATABASES
- The postgres databases (comma-separated) which should be excluded from the backup. (default: none)
All other aws-cli variables are also supported.
A few notes
- Use spaces in your buckets, prefix, or extension at your own risk!