ravinou / borgwarehouse Goto Github PK

Hi,
since I run on rpi4 I had to build the image, everything seems to be going ok, but running the image fails at the step where it wants to create the crontab entry.

logs from building the image:

[+] Building 194.6s (17/17) FINISHED                                                                                                                                                                                                                                               docker:default
 => [borgwarehouse internal] load build definition from Dockerfile                                                                                                                                                                                                                           0.0s
 => => transferring dockerfile: 813B                                                                                                                                                                                                                                                         0.0s
 => [borgwarehouse internal] load .dockerignore                                                                                                                                                                                                                                              0.0s
 => => transferring context: 128B                                                                                                                                                                                                                                                            0.0s
 => [borgwarehouse internal] load metadata for docker.io/library/node:18-bookworm-slim                                                                                                                                                                                                       1.4s
 => [borgwarehouse internal] load build context                                                                                                                                                                                                                                              1.0s
 => => transferring context: 21.96MB                                                                                                                                                                                                                                                         0.9s
 => [borgwarehouse  1/12] FROM docker.io/library/node:18-bookworm-slim@sha256:9f834baecd119515cb7705aa2e9b0c0313bed4a4dafbe274f2f25fbbb0d2bb37                                                                                                                                               0.0s
 => CACHED [borgwarehouse  2/12] RUN apt-get update && apt-get install -y     curl git jq jc borgbackup openssh-server sudo cron &&     apt-get upgrade -y &&     apt-get clean && rm -rf /var/lib/apt/lists/*                                                                               0.0s
 => CACHED [borgwarehouse  3/12] RUN echo "borgwarehouse ALL=(ALL) NOPASSWD: /usr/sbin/service ssh restart" >> /etc/sudoers                                                                                                                                                                  0.0s
 => CACHED [borgwarehouse  4/12] RUN echo "borgwarehouse ALL=(ALL) NOPASSWD: /usr/sbin/service cron restart" >> /etc/sudoers                                                                                                                                                                 0.0s
 => CACHED [borgwarehouse  5/12] RUN groupadd borgwarehouse                                                                                                                                                                                                                                  0.0s
 => CACHED [borgwarehouse  6/12] RUN useradd -m -g borgwarehouse borgwarehouse                                                                                                                                                                                                               0.0s
 => CACHED [borgwarehouse  7/12] RUN cp /etc/ssh/sshd_config /etc/ssh/moduli /home/borgwarehouse/                                                                                                                                                                                            0.0s
 => CACHED [borgwarehouse  8/12] WORKDIR /home/borgwarehouse/app                                                                                                                                                                                                                             0.0s
 => [borgwarehouse  9/12] COPY . .                                                                                                                                                                                                                                                           0.6s
 => [borgwarehouse 10/12] RUN chown -R borgwarehouse:borgwarehouse * .*                                                                                                                                                                                                                      1.0s
 => [borgwarehouse 11/12] RUN npm ci --only=production                                                                                                                                                                                                                                      77.5s
 => [borgwarehouse 12/12] RUN npm run build                                                                                                                                                                                                                                                 79.3s
 => [borgwarehouse] exporting to image                                                                                                                                                                                                                                                      33.7s
 => => exporting layers                                                                                                                                                                                                                                                                     33.7s
 => => writing image sha256:5ac2f549d7312cf82681a5813f7dbede12fd4964e7217b204504dd4ea0dd3f53                                                                                                                                                                                                 0.0s
 => => naming to docker.io/library/borgwarehouse-borgwarehouse

logs from trying to run the container:

[+] Running 2/2
 ✔ Network borgwarehouse_default  Created                                                                                                                                                                                                                                                    0.2s
 ✔ Container borgwarehouse        Started                                                                                                                                                                                                                                                    0.1s
borgwarehouse  | CRONJOB_KEY not found or empty. Generating a random key...
borgwarehouse  | NEXTAUTH_SECRET not found or empty. Generating a random key...
borgwarehouse  | /etc/ssh is empty, generating SSH host keys...
borgwarehouse  | ssh-keygen: generating new host keys: RSA ECDSA ED25519
borgwarehouse  | The authorized_keys file does not exist, creating...
borgwarehouse  | Adding cron job...
borgwarehouse  | must be privileged to use -u
borgwarehouse exited with code 1

Any help welcome, I'm really eager to switch to the docker deplyment asap.

I see https://next-auth.js.org/ is deprecated and apparently now called authjs.dev?
In your env vars you still use NEXTAUTH_URL and NEXTAUTH_SECRET. Maybe rename/find some better name?

IMHO you can stay baackwards-compatible by falling back to the old env variable names if the new ones are not set. That should be possible, should not it?

Maybe take the chance to rename these in general to:

• WEB_URL
• AUTH_SECRET

This would be independent of the implementation details and would avoid confusion. Because at least I thought NextAuth is some third-party auth portal, where I need to login/get an API key (secret) and paste it in there. Or somehow host it by myself (proving the URL). But if it is just the same URL of BorgWarehouse, well… then this is no problem.

Hey Ravinou,

i just found jour project an it is is nearly exactly what i was looking for =D

After installation i realized that the server isnt just a gui for the Monitoring, it is ment ro be run on the targetserver. Since Im storing to a hetzner stoage and im not able to run any software on that, is there a possibility to monitor the existing repos on the remote storage wit your web ui?

I followed the debian deploy (raspberry pi) https://borgwarehouse.com/docs/admin-manual/debian-installation/

But I don't have any users.json generated, so can't login:

~/borgwarehouse $ find config/
config/
config/.gitkeep

Should I generate this file? I seems it should be created if it doesn't exist?

Both for security (fast releases, maybe even automatic when merged into the main branch, see #66) and convenience (see #58 (comment)) this would really be needed.

The web is full of references and if you still think you need help maybe ChatGPT can do so. Also https://github.com/PrivateBin/docker-nginx-fpm-alpine/blob/master/.github/workflows/build-images.yml is an example I can personally provide. (Though it has different image versions and it also pushes to different container registries, so maybe a bit overblown.)

Though what I would recommend to integrate then is a OWASP security scan. Although wait this bit is easy to integrate as it exists already.

Hi,
when I first deployed borgwarehouse I realized using fqdn in the NEXTAUTH_URL generates the repos as user@fqdn:remote_port/repo, which is fine for remote machines, but when used for machines that were on local lan they were backing up over my slow internet instead of lan.

My borgwarehouse instance is behind nginx-proxy-manager reverse proxy. In router I have random remote_port forwarded to ssh port of machine where borgwarehouse runs

So I changed NEXTAUTH_URL to the ip where borgwarehouse runs, rebuilt and now:

• when I back up remote machine - nothing changes - I paste in commands as borgwarehouse generates them
• BUT when I back up local machine, I have to manually change in every command the @fqdn:remote_port part to @local_ip:local_port

I propose a toggle in the repo config to designate it "local". Extract the ip from NEXTAUTH_URL variable. A new env var NEXT_LOCAL_SSH_SERVER_PORT in the .env.local (I've no idea if it current ssh port cannot be retrieved automatically in case 22 is not used, if so then not needed).

Then if toggled, would display all the generated commands for the selected repo as ...@local_ip:${NEXT_LOCAL_SSH_SERVER_PORT}

Let me know what you think.

• Apprise : Allows to send notifications to many notifications services, e.g. I'm hosting my apprise container, and I use basic curl commands sent to the Apprise API to spawn notifications on my Discord server. Could be a nice addition to mail notifications.

• Docker : I see that you plan to create a Docker image, it could be nice to think about Linuxserver variable type PUID and PGID. BorgWarehouse can perfecly fit on a NAS, and as you probably know, UID and GID can be a mess on these. Forget about running 1000/1000, if you want to deal with the ACL properly, the best way is to map users from the container to the host, it saves a lot of time and does its "magic"

• Documentation : I didn't see anywhere in the documentation that trying to login on a http page would not proceed. When I was clicking on Login through http://xxxxx:3000, no error, but I was remaining on the same page. Once I reached BWH through my reverse proxy, I could log on. I don't know if logging through TLS only is a bug or intended, but in the second case, maybe an error or a warning on the page could be nice.

• Group devices : I have multiple repositories for each device, being able to group up them through the GUI on specific tags (e.g. devices here) could provide an ease of reading.

• Connect to an InfluxDB/Prometheus database

Of course, I don't think you are out of ideas to improve BorgWarehouse, nor having much free time to spend ;) just my 2 cents.

Currently the README says:

You can find more details about generating your secrets or retrieving your SSH fingerprint in the documentation.

I assume it is actually supposed to link to here instead?

Add to the borgwarehouse documentation (in addition to the comment on this subject in the dockerfile), in the Docker section, information about the UID:GID, which is free but must be greater than 1000 to avoid errors such as the issue #60

Hi,
backups and everything else works, the cron command (runs from root cron) works if I run it manually I get {"success":"Status cron has been executed."}{"success":"Storage cron has been executed."}, but the status is red and last change never changes.

I presume this then would not trigger the notifications on missed backups as well?

Hi,
for now I just disabled the service, but is there a way to remove the bare-metal install of borgwarehouse after switching to docker deployment?

Thanks

Hello.
My installed BorgWarehouse on a VM and everything was fine. But this morning i cannot acces it.
When i tried to restart the app i got this error SyntaxError: Unexpected end of JSON input at JSON.parse (<anonymous>) at handler (/home/borgwarehouse/borgwarehouse/.next/server/pages/api/cronjob/getStorageUsed.js:70:29).
I searched on the file and the line is that on repoList = JSON.parse(repoList); //If repoList is empty we stop here. if (repoList.length === 0) { res.status(200).json({ success: "No repositories to analyse yet." });
I"m not familiar with JS so i do not know why i have this error.
Thakns in advance for your help

On Ubuntu 22.04.2 LTS (but I don't think Ubuntu is a problem here unless there's something weird going on with the Shell env), tried using the docs' specified cronjobs and got:

curl -sS  --request POST --url 'http://localhost:3000/api/cronjob/getStorageUsed' --header 'Authorization: Bearer REDACTED'
{"status":500,"message":"API error, contact the administrator."}

I think the current implementation of calling the getStorageUsed.sh script from NPM is causing issues with jc.

Calling /home/borgwarehouse/borgwarehouse/helpers/shells/getStorageUsed.sh directly works without errors but when calling via curl / the cronjob the journal logging shows:

Feb 26 02:30:01 server npm[37283]: Error: Command failed: /home/borgwarehouse/borgwarehouse/helpers/shells/getStorageUsed.sh
Feb 26 02:30:01 server npm[37283]: jc:  Error - Piped data and Magic syntax used simultaneously. Use "jc -h" for
Feb 26 02:30:01 server npm[37283]:              help.
Feb 26 02:30:01 server npm[37283]:     at ChildProcess.exithandler (node:child_process:419:12)
Feb 26 02:30:01 server npm[37283]:     at ChildProcess.emit (node:events:513:28)
Feb 26 02:30:01 server npm[37283]:     at maybeClose (node:internal/child_process:1091:16)
Feb 26 02:30:01 server npm[37283]:     at ChildProcess._handle.onexit (node:internal/child_process:302:5) {
Feb 26 02:30:01 server npm[37283]:   code: 100,
Feb 26 02:30:01 server npm[37283]:   killed: false,
Feb 26 02:30:01 server npm[37283]:   signal: null,
Feb 26 02:30:01 server npm[37283]:   cmd: '/home/borgwarehouse/borgwarehouse/helpers/shells/getStorageUsed.sh',
Feb 26 02:30:01 server npm[37283]:   stdout: '',
Feb 26 02:30:01 server npm[37283]:   stderr: 'jc:  Error - Piped data and Magic syntax used simultaneously. Use "jc -h" for\n' +
Feb 26 02:30:01 server npm[37283]:     '             help.\n'
Feb 26 02:30:01 server npm[37283]: }

I ended up resolving this with the following changes:

/etc/sudoers.d/10-borgwarehouse

#borgwarehouse ALL=(ALL) NOPASSWD: /usr/bin/jc du -s [[\:xdigit\:]]*
borgwarehouse ALL=(ALL) NOPASSWD: /usr/bin/du -s [[\:xdigit\:]]*

/home/borgwarehouse/borgwarehouse/helpers/shells/getStorageUsed.sh

#!/bin/bash

# Shell created by Raven for BorgWarehouse.
# Get the size of all repositories in a JSON output.
# stdout will be an array like : 
# [
#     { size: 32, name: '10e73223' },
#     { size: 1155672, name: '83bd4ef1' },
#     { size: 112, name: '635a6f8b' },
#     { size: 32, name: 'bce68e87' },
#     { size: 44, name: 'e4c04552' },
# ];

# Exit when any command fails
set -e

# Use jc to output a JSON format with du command
cd /var/borgwarehouse
#sudo jc du -s *
sudo /usr/bin/du -s * | jc --du

Hello! Thanks for a cool product.

Please tell me. Where can I change the default path of created repositories in BorgWarehouse? Initially, it creates them along the /var/borgwarehouse path, but in my case, for example, this is a system partition and it is very limited in terms of memory and fault tolerance. I have a mounted disk on the /mnt partition that is much larger and has fault tolerance due to RAID5.

Thank you in advance for your response!

Hi, I just updated to 1.5, and afterwards when running service borgwarehouse status to confirm it's running ok I noticed it lists the version as 1.0'. Am I looking in wrong spot or where can I confim I updated correctly?

Aug 08 23:12:53 pi-docker npm[371652]: > [email protected] start

Perhaps of note is then while updating when running git pull inside the ~/borgwarehouse directory while logged as borgwarehouse user I was getting error

borgwarehouse@pi-docker:~/borgwarehouse $ git pull
Updating d721377..182b282
error: Your local changes to the following files would be overwritten by merge:
        package-lock.json
Please commit your changes or stash them before you merge.
Aborting

I moved the file out of the directory and could afterwards proceed. This is what was inside the file (you can see it says version 1.0 at the top): https://o.o5.ddns.net/h0qeO

The file got recreated during update, but inside it the versions are still listed as 1.0

{
    "name": "borgwarehouse",
    "version": "1.0",
    "lockfileVersion": 3,
    "requires": true,
    "packages": {
        "": {
            "name": "borgwarehouse",
            "version": "1.0",

I presume it's jsut an omission of updating the version number, but wanted to know a way be sure I am indeed running the latest version.

Thanks!

I installed borgwarehouse on a VM and initialized a repository, but I can't monitor it. I can list the archives that are in the repository with borg list ssh://user@vm_ip:22/./repo but on borgwarehouse the dot is always red and I can't see the used storage space of the directory.
Do you have any idea what could be causing this?
Thanks in advance.

I have been able to setup the Docker install of BorgWarehouse, and I can create repos and use borgmatic to setup my remotes to backup to the repos successfully. But the default page does not give me any data on the repos. It just shows a red dot next to each repo and still shows that 0% of the selected storage used. What could be happening? Any help would be great. Thanks.

Hi,
very excited to try out your app, been looking for some sort of web frontend for borg for some time. Looking forward to docker deployment.

When I enter my email in the admin page I get the error "Your email is not valid". For obvious reasons I don't wanna put my email in public space, but perhaps it is something in the pattern of it that makes in not get accepted.

The pattern of the email is as follows:
1 letter 1 number @ 3 letters dash mail.net so for example [email protected] would be email of same pattern as mine. Hope that makes sense.

Thanks for any idea.

Hi, there is a typo in wizard step 4, take a look at PR #52

For this I have to manage two cases:

• The case where the repo.json file does not exist
• The case where the users.json file does not exist

Hi,

Just installed borgwarehouse, tried to add a repository but got a popup : "An error has occured" but nowhere there are logs, not in the webserver log error, in the access log I can see a 500

lolomin [18/Dec/2022:23:43:25 +0100] "POST /api/repo/add HTTP/2.0" 500 63 "https://borgwarehouse.mydomain.tld/manage-repo/add" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" 51076 -/- (-%) TLSv1.3 port:443

Where to find some logs to identify/know what is the source of the problem please ?

Regards,

lolo

It would be good to get more details about the managed repositories from the web based dashboard.

Details like:
borg info
borg list --format '{archive:24}{TAB}{start}{TAB}{end}{NL}'

https://borgbackup.readthedocs.io/en/stable/usage/info.html
https://borgbackup.readthedocs.io/en/stable/usage/list.html

I wiped up a quick Dockerfile if someone wants to use it: https://gist.github.com/aacater/6086b51732dfdd9a6ef0db6fa7d316d4

It is currently working. Although I have not tested it intensively.

Notes

Some minor bugs:

• When copying commands from the UI, the hostname and port are not filled in, they are just left blank. For example I get ssh://bdd5588d@:/./repo1, when based on my environment variables it should be ssh://bdd5588d@localhost:2222/./repo1. I am unsure if this is related to the Dockerfile or the app.

• I initially limited the borgwarehouse user's access to commands like in the docs. But then the scripts where getting stuck with sudo requiring a password. Too lazy to debug this at the moment.

Not currently implemented:

When the container is recreated all users are reset which means each repo's user is removed. createRepo.sh seems like it could easily be modified to create a user with a specific user and uid, instead of both being random.

Then entrypoint.sh could look at repo.json and recreate each user as needed. It would have to get the UID right so the user actually owned the relevant files. So maybe store UID in repo.json also? Or forget about having the correct UID and create a user with a random UID then chown to fix the repo's permissions. That seems like its more work though.

Feature Request:

I would like it if it was possible to set the config (./config/) and home (/var/borgwarehouse) directories using environment variables. This would allow entrypoint.sh to be simplified because /app/config/ would no longer be used in the container. Instead of creating the json files from hardcoded values, the script could copy files from /app/config/ to /config/ for example.

Hi there,

I just realized that for some reason the "Last Change" date in the UI is off by a month.

So an update was done tonight on 2022-12-30, but the UI shows 2022-11-30:

The date on the server is correct.

root@backup:~# date
Fri 30 Dec 2022 01:43:57 PM CET

Please say if you need any further information from me.

I've created a repository, after that I copied the command:
"borg init -e repokey-blake2 ssh://61000xx8@https://sub.domain.tld:22/./repo1"

Console Output on the client side:
borg init: error: argument REPOSITORY: Invalid location format: "ssh://61000xx8@https://sub.domain.tld:22/./repo1"

Here :

admin user unable to delete repos fresinstall

how to uninstall and remove the user and is the repos by user or are they all shared by on user

Hello,

I'm trying to find out why my repo status is not calculating the storage used when running manually the curl command :

curl --request POST --url 'http://localhost:3000/api/cronjob/checkStatus' --header 'Authorization: Bearer CRONJOB_KEY' ; curl --request POST --url 'http://localhost:3000/api/cronjob/getStorageUsed' --header 'Authorization: Bearer CRONJOB_KEY'

The status is updated, going to green light, but logs say :

{"success":"Status cron has been executed."}{"status":500,"message":"Error on getting storage, contact the administrator."}

Running it through a crontask, neither the status or the storage are updated, which is probably related to another issue.

Some details of the setup :

• crontask added to root user (since executed by root)
• I changed the hostname of my vm meanwhile the first setup, thus I have modified the NEXT_PUBLIC_HOSTNAME accordingly. Even though this variable doesn't seem to make a rebuild mandatory, I went through the full npm circle to ensure that the change is taken into account.

For the NEXTAUTH_URL, be sure to specify the right protocol : http or https. Indicating an https URL when using http will make login impossible.

https://borgwarehouse.com/docs/admin-manual/env-vars/

This is fun, because obviously (at least when exposed to the internet), the web interface should never be run without HTTPS).

Maybe this could be worded better?
BTW I did not find the website doc (or this snippet) in this repo. I would have contributed otherwise directly. Where is the website source hmm?

Hello,

Thanks for this wonderful idea, it's been a while I was looking for a GUI for my borg backup, this software is pure pristine and I wish I could have a global view of my backup states, so BorgWarehouse seems totally fitting the purpose.

I have followed your instructions, and managed to run the automated scripts to my repos, doing my first dummy tries :

~ $ borg list ssh://[email protected]:22/./repo0
Enter passphrase for key ssh://[email protected]:22/./repo0:
ida-2023-01-26T11:00:06              Thu, 2023-01-26 11:00:07 [61488041c022246946b897aac85310e7e3eb73ce4eff73ba5249fa1452a264eb]

But I can't see anything on the GUI, as if there was nothing in the repository, plus the light keeps being red :

Anything I could investigate on ?

Hello,

I'm considering on deploying borgwarehouse. I wonder when do you plan on v2 to came out? I don't want to roll out a deployment only to find out that in 2 weeks there is a new version. I'm in no hurry.

Thank you.

I tried to initialize a directory from a command line client but the problem is that the system asks for the password of the random user generated by borgwarehouse.
I don't understand how I can do.
I need your help.
Thanks in advance

Hello,

I can't login on HTTP page. Typing credentials and clicking "Login" just refresh the page.

No error in the browser. And I can't find any log, where are they located ?

Going through my reverse proxy is functional though :

Maybe I missed a warning about BWH not working through HTTP.

A couple of my repos are larger than 999G.
Is there a reason for this limit?
Would it be possible to set it higher or remove it altogether?

Thanks for a fantastic project! A good well maintained self-hostable webui has long been something I've felt is missing when it comes to borg so I was really happy to find this.

One feature I'd love to see at some point is the ability to browse the contents of repos at different points in time and download files from those repos. Have systems in place like backup failure notification is really import for ensure data is reliably backed up but backups are only as helpful as the process of restoring. When something goes wrong and I accidentally delete an important file or something, being able to quickly and painlessly restore that file really valuable. Adding a UI for restoring files makes restoring easier which means you're more likely to try it out more often which helps build confidence that you can actually trust your backups.

Thanks for your consideration :)

Hi, is seems that /var/borgwarehouse is hardcoded, do you have any plans to make it:

• customizable (in .env.local ) ?
• import existing repositories in a different mount (for users who already have borg repo and looking for a gui) ?

The cronjob didn't work (only with docker) since PR #58 , it's due because the curl in cronjob call "localhost" but with the image rework there is an hostname instead of "localhost" :

I'm working on a fix today.

Hi there,

I havent looked too far into how it could be better yet, but I'm creating this issue so I don't forget about it again.

And maybe you already have an idea how to make it better.

The issue is that currently in the docs you recommend limiting the borgwarehouse users' sudo permissions to some commands. This is, of course, great. However, you allow things like "/usr/bin/bash", which makes it pretty useless in the current iteration, in my opinion. If you have sudo access to bash, you have sudo access to everything.

Maybe it would be best to make it more fine-grained in allowing access only to the specific scripts that you need to start via bash, however then you'd also need to keep in mind that the scripts you want to start this way shouldnt be editable by the user, otherwise it again defeats the purpose.

I'll come back to this on the weekend probably with a PR, if you haven't already fixed it. 😄

Hi,
I finally successfully switched from bare-metal to docker deployment, added my local machines and successfully performed backup with borgmatic running in docker as well.

Next I proceeded to add my remote machines, however herein lies the issue, where these will ask for password of user borgwarehouse preventing me from continuing

trying to init repo from remote machine:

The authenticity of host '[REDACTED]:2223 ([REDACTED]:2223)' can't be established.
ED25519 key fingerprint is SHA256:REDACTED
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Remote: Warning: Permanently added '[REDACTED]:2223' (ED25519) to the list of known hosts.
borgwarehouse@[REDACTED]'s password:

my docker-compose.yml

version: "3"
services:
  borgwarehouse:
    container_name: borgwarehouse
    build:
       context: .
       dockerfile: Dockerfile
    user: "1001:1001"
    ports:
      - "3000:3000"
      - "2223:22"
    environment:
      - NEXTAUTH_URL=http://192.168.1.227:3000
      - [email protected]
      - MAIL_SMTP_HOST=[REDACTED]
      - MAIL_SMTP_PORT=587
      - MAIL_SMTP_LOGIN=[REDACTED]
      - MAIL_SMTP_PWD=[REDACTED]
      - MAIL_REJECT_SELFSIGNED_TLS=true
      - NEXT_TELEMETRY_DISABLED=1
      - SSH_SERVER_PORT=2223
      - FQDN=[REDACTED]
      - FQDN_LAN=192.168.1.227
      - SSH_SERVER_PORT_LAN=2223

    volumes:
      - ./config:/home/borgwarehouse/app/config
      - ./ssh:/home/borgwarehouse/.ssh
      - ./ssh_host:/etc/ssh
      - /var/borgwarehouse:/home/borgwarehouse/repos

It looks like the fact that Borgwarehouse creates users dynamically is an issue that kind of blocks Docker support (See #3 or #19).
Since I believe that Docker support is one key feature I want to share an alternative approach on how BorgBackup can be used with one single user on the backup server, securely.

• Create a user on the server / or in the container that is used for the remote backups . It can be named borgwarehouse or anything else, I'll chose borgbackup as the user name in this example. The home should be set to the base-dir, where all backups are stored in a subfolder named repos. Let's choose /data/borgbackups as a home.
• Wee need to add a configuration line to the file /data/borgbackups/.ssh/authorized_keys for every connecting client, like this:

command="cd /data/borgbackups/repos/USERNAME;borg serve --restrict-to-path /data/borgbackups/repos/USERNAME",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc SSHKEY

• The repository URL that is used by the clients to push their backup would then look like this:

ssh://[email protected]:repos/USERNAME

Explanation: The command parameter in the authorized_keys file restricts the given SSH-Public-Key to the user specific folder. The string USERNAME has to be replaced with the real username in both occurrences. The other options are limiting the usage to borg backup by disabling port forwarding etc. The string SSKEY is the public key used by this user.

I should say that this is not a crazy idea invented by me. This is based on an example from the official documentation of Borg (see https://borgbackup.readthedocs.io/en/stable/deployment/central-backup-server.html). I'm using this setup for 7 years and it works exactly the way I want.

Beside the fact that this does only require one user, I think it is actually pretty secure and it does make user management easier. For a new user, there is just one line required in the authorized_keys file and disabling or deleting this user can be done by simply removing this line.
It should be easier to manage permissions as well, since all borg repositories are belonging to one user-id.

With this setup it should be much simpler to create a docker image.

What do you think about this suggestion?

I followed the installation instructions on the website and the only changes I made were that I gave the folder a different name and the username instead of borgwarehouse and I did not create an Apache conf with Certbot for TLS support.

I open the interface with the server IP address: "IP:3000"
Then I enter admin in both fields and click on Sign In but nothing happens.

There is a lot that can be improved in that regard

• Maybe use a lighter base image. TODO: investigate if we can, because there is a bit more here than just nodejs
• Build in a separate stage to avoid having the source code and unneeded dependencies in the final image (pretty sure we don't need the entire 220MB of node_modules)
• Avoid chown since it effectively causes a copy of all the files affected

I'll try to make a PR later. 408MB for a web app and an SSH server is a bit much IMO.

Hi and thanks for this work !

I this this would be great if there was a doc explaining how to install borgwarehouse on top of an existing borgbackup server.

Also I had trouble understanding how it works internally so it could be great to explain how it communicates with borg (I think it sends CLI commands, isn't it ?)

From what I understand borgwarehouse have to be installed on the same server as the borg server, I think it would improve the comprehension for some people to put it in the doc.

Many thanks for this project, it looks awesome !

I have recently started experiencing this problem.

borgwarehouse@borg:~/borgwarehouse$ /usr/bin/npm run start

> [email protected] start
> next start

ready - started server on 0.0.0.0:3000, url: http://localhost:3000
info  - Loaded env from /home/borgwarehouse/borgwarehouse/.env.local
SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at handler (/home/borgwarehouse/borgwarehouse/.next/server/pages/api/repo.js:88:29)
    at async Object.apiResolver (/home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/api-utils/node.js:372:9)
    at async NextNodeServer.runApi (/home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/next-server.js:514:9)
    at async Object.fn (/home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/next-server.js:828:35)
    at async Router.execute (/home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/router.js:243:32)
    at async NextNodeServer.runImpl (/home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/base-server.js:432:29)
    at async NextNodeServer.handleRequestImpl (/home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/base-server.js:375:20)
    at async /home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/base-server.js:157:99
SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at handler (/home/borgwarehouse/borgwarehouse/.next/server/pages/api/repo.js:88:29)
    at async Object.apiResolver (/home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/api-utils/node.js:372:9)
    at async NextNodeServer.runApi (/home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/next-server.js:514:9)
    at async Object.fn (/home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/next-server.js:828:35)
    at async Router.execute (/home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/router.js:243:32)
    at async NextNodeServer.runImpl (/home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/base-server.js:432:29)
    at async NextNodeServer.handleRequestImpl (/home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/base-server.js:375:20)
    at async /home/borgwarehouse/borgwarehouse/node_modules/next/dist/server/base-server.js:157:99
^C
borgwarehouse@borg:~/borgwarehouse$ /home/borgwarehouse/borgwarehouse/helpers/shells/getStorageUsed.sh | jsonlint-php
Valid JSON (stdin)
borgwarehouse@borg:~/borgwarehouse$ cat /etc/debian_version 
11.6
borgwarehouse@borg:~/borgwarehouse$ node --version
v18.15.0
borgwarehouse@borg:~/borgwarehouse$ git status 
HEAD detached at v1.4.0
nothing to commit, working tree clean

I have overwritten the Sudoers file with the one from the Tag Branch, so far everything seems to work.

Currently I have no idea what the problem could be, if I have overlooked something or should check, please point it out.

I get this error when using the same SSH key for two repos:

This was working before 2.0. How could I use the same ?

Hi !

Do you plan to add a aarch64 docker image of your app ?

The Docker support for 2.0.0 is a good thing, but as I'm hosting currently on a raspberry pi, I can't use the image.

Thank's for your work !

I've tried two installations by following exactly the instructions at https://borgwarehouse.com/docs/admin-manual/debian-installation/, including one on a fresh Debian install (bookworm).

The default admin credentials are not working, no error message. 'Sign in' juste do a little animation, nothing else. I can't find any useful logs (I'm not used to npm).

Does someone have an idea ?

Hi there,

great job on the project. Looking really good so far. Its already my favourite Borg webUI.

As for this issue, Id want to make the suggestion to bind the "npm run start" "production" command to localhost only, so that borgwarehouse isn't reachable on any public IPs.
You currently recommend using Apache as a reverse proxy in the documentation, so this shouldn't be needed then.

ie:

{
    "name": "borgwarehouse",
    "version": "1.0",
    "private": true,
    "scripts": {
        "dev": "next dev",
        "build": "next build",
        "start": "next start -H 127.0.0.1",
        "lint": "next lint"
    },
    "dependencies": {
        "@tabler/icons": "^1.96.0",
        "bcryptjs": "^2.4.3",
        "chart.js": "^3.9.1",
        "next": "^13.0.5",
        "next-auth": "^4.17.0",
        "react": "^18.2.0",
        "react-chartjs-2": "^4.3.1",
        "react-dom": "^18.2.0",
        "react-hook-form": "^7.36.1",
        "react-modal": "^3.15.1",
        "react-select": "^5.6.0",
        "react-toastify": "^9.0.8",
        "spinners-react": "^1.0.7",
        "swr": "^1.3.0"
    },
    "devDependencies": {
        "eslint": "8.23.1",
        "eslint-config-next": "^13.0.5"
    }
}

Again, thanks for the great project.