As I was intending to create a nice multi-client configuration for Restic’s REST-server, I found that Debian comes with all I needed.

Note that this is a configuration that prioritizes automation and availability and at no point relies on interactive entering of passwords or passphrases or an ssh-/putty agent.

You MUST however keep note of a) how to access your backup medium and b) the restic repository passphrase.

REST-Server (on Linux)

For the BACKUP_DIR configuration in /etc/default/restic-rest-server, I’ll go with /var/lib/restic-rest-server:

# lvcreate, mkfs, fstab, mount etc...
chown restic-rest-server /var/lib/restic-rest-server

For good measure, I also add the –private-repos option in /etc/default/restic-rest-server, so every user will only be able to access repositories in the directory hierarchy matching their user name:

# TCP or UNIX listen address.
#LISTEN = unix:/run/restic-rest-server
LISTEN = :8000

# Directory to store backups.
# Note: the server will not start unless this variable is defined.
#BACKUP_DIR = /srv/backups/
BACKUP_DIR = /var/lib/restic-rest-server

# Extra arguments to pass to the server. Run `restic-rest-server --help` to see
# available options. By default, basic authentication is enabled.
ARGS = "\
  --htpasswd-file /etc/restic-rest-server/users.htpasswd \
  --private-repos \
"

An HTTP password for my user mas needs to be set and my user’s backup location created:

htpasswd -B /etc/restic-rest-server/users.htpasswd mas
install -o restic-rest-server -d /var/lib/restic-rest-server/mas

restic-rest-server.service can be started now.

I’m lazy, so I didn’t configure TLS but configured a reverse proxy into a TLS web server that was already running:

ProxyPass        /restic http://localhost:8000
ProxyPassReverse /restic http://localhost:8000

Restic (on Windows)

I have added the directory containing the restic.exe binary to the Windows PATH environment, and also maintain restic configuration as environment variables:

• The repository passphrase is in restic-pw.txt,
• the URL for the repository in restic-url.txt, and
• the list of files to back up in restic-include.txt (no environment for this one).

RESTIC_REPOSITORY_FILE=C:/Users/mas/Apps/restic/restic-url.txt
RESTIC_PASSWORD_FILE=C:/Users/mas/Apps/restic/restic-pw.txt

Contents of restic-url.txt resemble the following:

rest:https://mas:***@backupserver/restic/mas/win11-mas/

Now, I can initialize a repository.

restic init

Behold the first backup:

restic --files-from c:/Users/mas/Apps/restic/restic-include.txt backup

Note that while Windows has awful file system issues with files locked while open for reading, restic has the ability to create and work on a volume shadow copy on the fly, provided it runs with elevated privileges:

restic --files-from c:/Users/mas/Apps/restic/restic-include.txt backup --use-fs-snapshot

For running restic on a schedule, I use the operating system’s built-in Task Scheduler.

Restic on Windows does NOT allow mounting the backups the ways it does on Linux. For browsing the backups on Windows, I therefore use Restic Browser which just springs to life without any configuration, provided the environment variables are in place.