Maybe…? I’m not familiar with that router software, but it looks plausible to me…

Since this is on a home network, have you also forwarded port 80 from your router to your machine running certbot?

This is one of the reasons I use the DNS challenge instead… Then you don’t have to route all these Let’s Encrypt challenges into your internal network.

I hope one (or both!) of them end up working out for you.

Separate configs is totally reasonable. It just sounds like you haven’t configured your Borg passphrase with borgmatic… Otherwise it wouldn’t prompt for your passphrase at all.

I’m not super familiar with Unraid, but yeah, the borgserver image sounds like it’d work for this… You don’t need borgmatic on the server side unless you want it there to make running Borg commands easier.

Nope! Borg always requires Borg on the remote side. It’s Borg’s biggest strength and weakness versus competing backup systems IMO. Strength, because it can do pretty smart stuff with its own code running on both sides. Weakness, because it means it doesn’t work natively with cloud object storage like S3. It’s a tradeoff like anything else.

Glad to hear it’s (mostly) working out for you! I know you came here looking for best practices with restores, but if you end up coming up with anything yourself, feel free to comment on that Docker borgmatic ticket with requests or ideas. I use the container myself on some systems for the same reasons you do, and I also wouldn’t mind smoother restores!

borgmatic dev here. First of all, if Vorta is working well for you to recover files, then by all means use Vorta! Right tool for the job and all. Having said that, a couple of thoughts on using borgmatic in Docker and recovering files:

borgmatic has a search feature that makes finding a particular file in an archive or across archives pretty easy. So that might be step one in restoring an accidentally deleted file.

Once you’ve found the file and archive to restore, you can either use borgmatic extract or borgmatic mount. With extract, you copy one or more files out of a backup archives. The challenge though is that with borgmatic in a container, by default there’s not an easy way to copy those files into their original locations. However I think the “fix” is to mount your source volumes as read-write instead of (the documented) read-only. That way you can easily copy extracted files back to where they belong.

As for borgmatic mount, you’ve got a similar challenge and fix. You can presumably mount backup archives (or a whole repository) within the container, but then you need to copy your recovered files out of that mount into their original source volumes. So that probably also means those volumes need to be mounted read-write.

Let me know if you have any questions!

I have one Compose file per stack, which is an application and all of its containers, databases, etc. Pretty much the same way I organized things with just Docker.

Since I use Docker Compose with Podman, I just make a single systemd service to run Docker Compose on boot, thereby starting all my containers at once.

It deduplicates aggressively at the block level. So if your files don’t change much, each additional backup takes very little space. And if a file changes a little, Borg only backs up what’s changed instead of the whole file again.

Borg also has a rich ecosystem of wrappers and tools (borgmatic, Vorta, etc.) that extend its functionality and make it easier to use.

Borg Backup would also fit the bill for backups going forward, especially if OP is still backing up to a local server (as opposed to cloud object storage).

I don’t think Docker’s API and CLI are historically where it’s had problems…

It’s not the “official” way to do it, but you can make systemd run Docker Compose (talking to Podman instead of Docker), which is pretty close to what you’re talking about. And then you don’t have to write stinky systemd INI files for each container.

Yeah, the constant Docker breakage was one of the main reasons I switched to Podman. FYI you can use Docker Compose directly with Podman.

Ooh, lucky you! Maybe it was both the rDNS and the SNDS. Part of the problem IMO is it’s such a black box…

I’ve had similar experiences trying to send mail to Microsoft-hosted email addresses. My current “solution” is to send all outgoing mail directly from my VPS-hosted Mailu server… EXCEPT for Microsoft-destined mail. For those messages, they get transparently relayed from Postfix to a third-party email sending service that Microsoft apparently trusts.

The upshot is I can still use my own Postfix daemon for all mail sent to sane (non-Microsoft) providers.

Many folks use a centralized monitoring solution like Healthchecks to monitor backups across all of their servers. And borgmatic integrates directly with Healthchecks among others.

You mentioned Borg and all of its command-line options, but have you taken a look at borgmatic? It should be much easier to learn and use than Borg, while still retaining Borg’s features. Just note though that borgmatic probably doesn’t hit all of your stated requirements (e.g., no GUI).

Wow, that’s pricey!