wernight/duplicity Docker 镜像 - 轩辕镜像
wernight/duplicity自动构建
Duplicity backs up directories by producing encrypted volumes and uploads them to a remote server.
18 收藏0 次下载
Supported tags and respective Dockerfile links
latestpython2
What is Duplicity?
duplicity backup tool.
Features of this Docker image:
- Small: Built using alpine.
- Simple: Most common cases are explained below and require minimal setup.
- Secure: Runs non-root by default (use randomly chosen UID
1896), and meant to run as any user.
Usage
For the general command-line syntax, do:
$ docker run --rm wernight/duplicity duplicity --help
In general you...
- Must mount what you want to backup or where you want to restore a backup.
- Should mount
/home/duplicity/.cache/duplicityas writable somewhere (if not cached, duplicity will have to recreate it from the remote repository which may require decrypting the backup contents). Note it may be quite large and contains metadata info about files you've backed up in clear text. - Should mount
/home/duplicity/.gnupgas writable somewhere (that directory is used to validate incremental backups and shouldn't be necessary to restore your backup if you follows steps below). - Should specify duplicity flag
--allow-source-mismatchbecause Docker has a random host for each container. - Could set environment variable
PASSPHRASE, unless you want to type it manually in the prompt (remember then to add-it). - May have to mount a few other files for authentication (see examples below).
Example of commands you may want to run periodically to back up with good clean-up/maintenance (see below for various storage options):
$ docker run --rm ... wernight/duplicity duplicity --full-if-older-than=6M source_directory target_url $ docker run --rm ... wernight/duplicity duplicity remove-older-than 6M --force target_url $ docker run --rm ... wernight/duplicity duplicity cleanup --force target_url
This would do:
- A full backup every 6 months so that restoration is a lot faster and for cleanup to work, and incremental backups the rest of the time.
- Delete backups older than 6 months (doesn't break incremental backups).
- Delete files from failed sessions (if any).
Backup to Google Cloud Storage example
Google Cloud Storage nearline costs about $0.01/GB/Month.
Set up:
-
Sign up, create an empty project, enable billing, and create a bucket
-
Under "Storage" section > "Settings" > "Interoperability" tab > click "Enable interoperable access" and then "Create a new key" button and note both Access Key and Secret. Also note your Project Number (aka project ID, it's a number like ***).
-
Run gcloud's
gsutil config -ato generate the~/.botoconfiguration file and give it all these info (alternatively you should be able to set environment variableGS_ACCESS_KEY_IDandGS_SECRET_ACCESS_KEYhowever in my tries I didn't see where to set your project ID). -
You should now have a
~/.botolooking like:[Credentials] gs_access_key_id = MYGOOGLEACCESSKEY gs_secret_access_key = SomeVeryLongAccessKeyXXXXXXXX [GSUtil] default_project_id = ***
Now you're ready to perform a backup:
$ docker run --rm --user $UID \ -e PASSPHRASE=P4ssw0rd \ -v $PWD/.cache:/home/duplicity/.cache/duplicity \ -v $PWD/.gnupg:/home/duplicity/.gnupg \ -v ~/.boto:/home/duplicity/.boto:ro \ -v /:/data:ro \ wernight/duplicity \ duplicity --full-if-older-than=6M --allow-source-mismatch /data gs://my-bucket-name/some_dir
To restore, you'll need:
- Keep
.botoor regenerate it to access your Google Cloud Storage. - The
PASSPHRASEyou've used.
Example:
$ docker run --rm --user $UID \ -e PASSPHRASE=P4ssw0rd \ -v ~/.boto:/home/duplicity/.boto:ro \ -v /:/data:ro \ wernight/duplicity \ duplicity restore gs://my-bucket-name/some_dir /data
See also the note on Google Cloud Storage.
Backup to Google Drive example
Google Drive offers 15GB for free.
Set up:
-
Follow notes on Pydrive Backend to generate a P12 credential file (call it
pydriveprivatekey.p12) and note also the associated service account email generated (e.g.***). -
Convert P12 to PEM:
$ docker run --rm -i --user $UID \ -v $PWD/pydriveprivatekey.p12:/pydriveprivatekey.p12:ro \ wernight/duplicity \ openssl pkcs12 -in /pydriveprivatekey.p12 -nodes -nocerts >pydriveprivatekey.pem Enter Import Password: notasecret
Now you're ready to perform a backup:
$ docker run --rm --user $UID \ -e PASSPHRASE=P4ssw0rd \ -e GOOGLE_DRIVE_ACCOUNT_KEY=$(cat pydriveprivatekey.pem) \ -v $PWD/.cache:/home/duplicity/.cache/duplicity \ -v $PWD/.gnupg:/home/duplicity/.gnupg \ -v /:/data:ro \ wernight/duplicity \ duplicity --full-if-older-than=6M --allow-source-mismatch /data pydrive://***/some_dir
To restore, you'll need:
- Regenerate a PEM file (or keep it somewhere).
- The
PASSPHRASEyou've used.
Backup via rsync example
Supposing you've an SSH access to some machine, you can:
$ docker run --rm -it --user root \ -e PASSPHRASE=P4ssw0rd \ -v $PWD/.cache:/home/duplicity/.cache/duplicity \ -v $PWD/.gnupg:/home/duplicity/.gnupg \ -v ~/.ssh/id_rsa:/id_rsa:ro \ -v ~/.ssh/known_hosts:/etc/ssh/ssh_known_hosts:ro \ -v /:/data:ro \ wernight/duplicity \ duplicity --full-if-older-than=6M --allow-source-mismatch \ --rsync-options='-e "ssh -i /id_rsa"' \ /data rsync://***/some_dir
Note: We're running here as root to have access to ~/.ssh and also because ssh does not
allow to use a random (non-locally existing) UID. To make it safer, you can copy your ~/.ssh
and chown 1896 it (that is duplicity UID within the container). If you know a another way to avoid
the "No user exists for uid" check, please let me know.
Alias
Here is a simple alias that should work in most cases:
$ alias duplicity='docker run --rm --user=root -v ~/.ssh/id_rsa:/home/duplicity/.ssh/id_rsa:ro -v ~/.boto:/home/duplicity/.boto:ro -v ~/.gnupg:/home/duplicity/.gnupg -v /:/mnt:ro -e PASSPHRASE=$PASSPHRASE wernight/duplicity duplicity $@'
Now you should be able to run duplicity almost as if it were installed, example:
$ PASSPHRASE=*** duplicity --progress /mnt rsync://***/some_dir
See also
- duplicity man page
- duplicity back-up how-to - Ubuntu
- How To Use Duplicity with GPG to Securely Automate Backups on Ubuntu | DigitalOcean
Feedbacks
Report issues/questions/feature requests on GitHub Issues.
wernight/qbittorrent
Lightweight qBittorrent-NoX (i.e. headless) torrent client and one of the most feature complete
601M+ pulls
上次更新:未知
wernight/funbox
Fun terminal commands and ASCII art.
27100K+ pulls
上次更新:未知
wernight/beroux-builder
Docker + docker-compose + kubectl to build and deploy projects on Kubernetes.
110K+ pulls
上次更新:未知
轩辕镜像配置手册
探索更多轩辕镜像的使用方法,找到最适合您系统的配置方式
登录仓库拉取
通过 Docker 登录认证访问私有仓库
Linux
在 Linux 系统配置镜像服务
Windows/Mac
在 Docker Desktop 配置镜像
Docker Compose
Docker Compose 项目配置
K8s Containerd
Kubernetes 集群配置 Containerd
K3s
K3s 轻量级 Kubernetes 镜像加速
Dev Containers
VS Code Dev Containers 配置
MacOS OrbStack
MacOS OrbStack 容器配置
宝塔面板
在宝塔面板一键配置镜像
群晖
Synology 群晖 NAS 配置
飞牛
飞牛 fnOS 系统配置镜像
极空间
极空间 NAS 系统配置服务
爱快路由
爱快 iKuai 路由系统配置
绿联
绿联 NAS 系统配置镜像
威联通
QNAP 威联通 NAS 配置
Podman
Podman 容器引擎配置
Singularity/Apptainer
HPC 科学计算容器配置
其他仓库配置
ghcr、Quay、nvcr 等镜像仓库
专属域名拉取
无需登录使用专属域名
需要其他帮助?请查看我们的 常见问题Docker 镜像访问常见问题解答 或 提交工单
镜像拉取常见问题
轩辕镜像免费版与专业版有什么区别?
免费版仅支持 Docker Hub 访问,不承诺可用性和速度;专业版支持更多镜像源,保证可用性和稳定速度,提供优先客服响应。
轩辕镜像支持哪些镜像仓库?
专业版支持 docker.io、gcr.io、ghcr.io、registry.k8s.io、nvcr.io、quay.io、mcr.microsoft.com、docker.elastic.co 等;免费版仅支持 docker.io。
流量耗尽错误提示
当返回 402 Payment Required 错误时,表示流量已耗尽,需要充值流量包以恢复服务。
410 错误问题
通常由 Docker 版本过低导致,需要升级到 20.x 或更高版本以支持 V2 协议。
manifest unknown 错误
先检查 Docker 版本,版本过低则升级;版本正常则验证镜像信息是否正确。
镜像拉取成功后,如何去掉轩辕镜像域名前缀?
使用 docker tag 命令为镜像打上新标签,去掉域名前缀,使镜像名称更简洁。
用户好评
来自真实用户的反馈,见证轩辕镜像的优质服务
oldzhang
运维工程师
Linux服务器
5
"Docker访问体验非常流畅,大镜像也能快速完成下载。"
咨询镜像拉取问题请 提交工单,官方技术交流群:1072982923
轩辕镜像面向开发者与科研用户,提供开源镜像的搜索和访问支持。所有镜像均来源于原始仓库,本站不存储、不修改、不传播任何镜像内容。