Docker Backup
Introduction
When working with Docker, data persistence and backup strategies are critical aspects of a robust deployment. Docker containers are ephemeral by nature - when a container is removed, all data within it disappears unless it was stored in a persistent volume. This makes backing up your Docker environment essential for:
- Disaster recovery
- System migration
- Version control of configurations
- Compliance with data retention policies
In this guide, we'll explore various approaches to backing up different Docker components, including containers, images, and volumes, along with practical examples and best practices.
Docker Components Worth Backing Up
Before diving into backup methods, let's understand what Docker components typically need backup:
Backing Up Docker Containers
Method 1: Docker Commit
The simplest way to create a snapshot of a container's state is using the docker commit
command, which creates an image from a container.
# Syntax
docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
# Example
docker commit mysql-container mysql-backup:v1
This creates a new image that captures the container's filesystem at that moment. However, it doesn't capture volumes mounted to the container.
Method 2: Docker Export
To export a container's filesystem as a tarball:
# Syntax
docker export [OPTIONS] CONTAINER > output.tar
# Example
docker export mysql-container > mysql-backup.tar
You can later import this tarball as an image:
cat mysql-backup.tar | docker import - mysql-restored:latest
Backing Up Docker Images
Saving Images to Tar Files
You can back up Docker images using the docker save
command:
# Syntax
docker save [OPTIONS] IMAGE [IMAGE...] > output.tar
# Example
docker save nginx:latest redis:alpine > my-images-backup.tar
To restore these images:
docker load < my-images-backup.tar
Let's see what this process looks like with output:
# Saving multiple images
$ docker save nginx:latest redis:alpine > my-images-backup.tar
$ ls -lh my-images-backup.tar
-rw-r--r-- 1 user user 186M May 10 14:23 my-images-backup.tar
# Loading images back
$ docker load < my-images-backup.tar
Loaded image: nginx:latest
Loaded image: redis:alpine
Backing Up Docker Volumes
Volumes are Docker's preferred mechanism for persisting data. There are several approaches to backing them up:
Method 1: Using Docker Run with Volumes
# Syntax
docker run --rm -v [volume-name]:/source -v $(pwd):/backup alpine tar -czf /backup/volume-backup.tar.gz -C /source .
# Example
docker run --rm -v mysql-data:/source -v $(pwd):/backup alpine tar -czf /backup/mysql-data-backup.tar.gz -C /source .
This command:
- Creates a temporary Alpine Linux container
- Mounts the Docker volume you want to back up
- Mounts your current directory as a target for the backup file
- Uses
tar
to compress the volume contents to a.tar.gz
file - Automatically removes the container after completion (
--rm
)
Method 2: Docker Volume Backup Plugin
For more robust volume backups, you can use Docker plugins like loomchild/volume-backup
:
# Install the plugin
docker plugin install loomchild/volume-backup
# Backup a volume
docker run --rm -v mysql-data:/source -v $(pwd):/backup loomchild/volume-backup backup mysql-data
# Restore a volume
docker run --rm -v mysql-data:/target -v $(pwd):/backup loomchild/volume-backup restore mysql-data
Automating Docker Backups
For production environments, you'll want to automate your backup process. Here's a simple shell script example:
#!/bin/bash
# Docker backup script
# Set variables
BACKUP_DIR="/path/to/backups"
DATE=$(date +%Y-%m-%d_%H-%M-%S)
CONTAINER_LIST="container1 container2"
VOLUME_LIST="volume1 volume2"
# Create backup directory
mkdir -p $BACKUP_DIR/$DATE
# Backup containers as images
for container in $CONTAINER_LIST; do
echo "Backing up container: $container"
docker commit $container $container-backup-$DATE
docker save $container-backup-$DATE > $BACKUP_DIR/$DATE/$container.tar
docker rmi $container-backup-$DATE
done
# Backup volumes
for volume in $VOLUME_LIST; do
echo "Backing up volume: $volume"
docker run --rm -v $volume:/source -v $BACKUP_DIR/$DATE:/backup \
alpine tar -czf /backup/$volume.tar.gz -C /source .
done
# Retain only the last 7 backups
cd $BACKUP_DIR && ls -t | tail -n +8 | xargs rm -rf
echo "Backup completed: $DATE"
You can schedule this script using cron:
# Run backup daily at 2 AM
0 2 * * * /path/to/docker-backup.sh
Backing Up Docker Compose Projects
For applications managed with Docker Compose, you should back up:
- The
docker-compose.yml
file - Any environment files (
.env
) - Configuration files mounted to containers
- Volumes used by the services
Here's an example backup script for a Docker Compose project:
#!/bin/bash
# Docker Compose project backup
PROJECT_DIR="/path/to/compose/project"
BACKUP_DIR="/path/to/backups"
DATE=$(date +%Y-%m-%d_%H-%M-%S)
# Create backup directory
mkdir -p $BACKUP_DIR/$DATE
# Backup docker-compose files
cp $PROJECT_DIR/docker-compose.yml $BACKUP_DIR/$DATE/
cp $PROJECT_DIR/.env $BACKUP_DIR/$DATE/ 2>/dev/null
# Backup config files
cp -r $PROJECT_DIR/config $BACKUP_DIR/$DATE/ 2>/dev/null
# Get volume list from docker-compose
cd $PROJECT_DIR
VOLUMES=$(docker-compose config --volumes)
# Backup each volume
for volume in $VOLUMES; do
echo "Backing up volume: $volume"
docker run --rm -v $volume:/source -v $BACKUP_DIR/$DATE:/backup \
alpine tar -czf /backup/$volume.tar.gz -C /source .
done
echo "Docker Compose project backup completed: $DATE"
Practical Example: Backing Up a WordPress Site
Let's walk through a complete example of backing up a WordPress site running in Docker:
- First, let's assume you have a WordPress setup with:
- WordPress container
- MySQL database container
- Volumes for database and WordPress files
# List our WordPress containers
$ docker ps
CONTAINER ID IMAGE NAMES PORTS
a1b2c3d4e5f6 wordpress:5.9 wordpress-app 0.0.0.0:8080->80/tcp
f6e5d4c3b2a1 mysql:5.7 wordpress-db 3306/tcp
# List our volumes
$ docker volume ls | grep wordpress
local wordpress_db_data
local wordpress_files
- Back up the database volume:
$ docker run --rm -v wordpress_db_data:/source -v $(pwd):/backup \
alpine tar -czf /backup/db-backup.tar.gz -C /source .
- Back up the WordPress files volume:
$ docker run --rm -v wordpress_files:/source -v $(pwd):/backup \
alpine tar -czf /backup/wp-files-backup.tar.gz -C /source .
- Export container configurations (optional):
$ docker inspect wordpress-app > wordpress-app-config.json
$ docker inspect wordpress-db > wordpress-db-config.json
- Save the Docker Compose file (if using compose):
$ cp /path/to/wordpress/docker-compose.yml wordpress-compose-backup.yml
Now you have a complete backup of your WordPress site that can be restored on any Docker host.
Best Practices for Docker Backups
- Regular Scheduling: Automate backups on a regular schedule
- Offsite Storage: Store backups in a location separate from your Docker host
- Backup Rotation: Implement a retention policy (e.g., keep daily backups for a week, weekly for a month)
- Incremental Backups: Use incremental backup solutions for large volumes
- Testing Restoration: Regularly test your backup restoration process
- Monitoring: Monitor backup jobs and get notified of failures
- Documentation: Document your backup and restore procedures
Security Considerations
When implementing Docker backups, consider these security aspects:
- Encryption: Encrypt sensitive backup data
- Access Control: Restrict access to backup storage
- Credentials: Never store database or service credentials in plain text
- Network Security: Use secure channels when transferring backups
Example of creating an encrypted backup:
# Create an encrypted backup of a volume
docker run --rm -v mysql-data:/source -v $(pwd):/backup \
alpine sh -c "tar -czf - -C /source . | gpg --symmetric --cipher-algo AES256 -o /backup/mysql-encrypted.tar.gz.gpg"
To decrypt and restore:
# Decrypt and restore a volume
gpg --decrypt mysql-encrypted.tar.gz.gpg | docker run --rm -i -v mysql-data:/target \
alpine sh -c "tar -xzf - -C /target"
Summary
In this guide, we've covered comprehensive approaches to backing up various Docker components:
- Container backup using
docker commit
anddocker export
- Image backup with
docker save
- Volume backup using temporary containers
- Automated backup strategies with shell scripts
- Docker Compose project backups
- A practical WordPress backup example
- Best practices and security considerations
Implementing a robust Docker backup strategy ensures that your containerized applications remain protected against data loss and can be quickly restored when needed.
Additional Resources
Exercises
- Create a backup script for a multi-container application using Docker Compose
- Implement and test a volume backup and restoration procedure
- Set up a scheduled backup for a containerized database with log rotation
- Create an encrypted backup of a sensitive volume and practice restoration
- Design a backup strategy for a microservices architecture with multiple volumes
If you spot any mistakes on this website, please let me know at [email protected]. I’d greatly appreciate your feedback! :)