Restic REST server using docker-compose with Traefik as reverse proxy

Simple Traefik docker-compose setup with Lets Encrypt Cloudflare DNS-01 & TLS-ALPN-01 & HTTP-01 challenges - how to set up Traefik with Cloudflare DNS-01 challenge for Let’s Encrypt certificates

services:
  restic:
    image: restic/rest-server:latest
    container_name: restic-rest-server
    restart: unless-stopped
    volumes:
      - ./restic_data:/data 
    environment:
      - DATA_DIRECTORY=/data
      - PASSWORD_FILE=/data/.htpasswd
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.restic.rule=Host(`restic.mydomain.com`)"
      - "traefik.http.routers.restic.entrypoints=websecure"
      - "traefik.http.routers.restic.tls.certresolver=cloudflare-ec384"
      - "traefik.http.routers.restic.tls.domains[0].main=mydomain.com"
      - "traefik.http.routers.restic.tls.domains[0].sans=*.mydomain.com"
      - "traefik.http.services.restic.loadbalancer.server.port=8000"

You only need to create the user credentials file with the following command:

touch restic_data/.htpasswd
docker-compose exec restic create_user myuser Koh3iebaiyeesho4aexu4shee8heiz

Typically, you want to enable autostart, see Create a systemd service for your docker-compose project in 10 seconds for details.

TL;DR:

curl -fsSL https://techoverflow.net/scripts/create-docker-compose-service.sh | sudo bash /dev/stdin

Optionally, you can add command line options to the environment: section:

    environment:
      - OPTIONS=--append-only --private-repos

but I consider this to be for advanced users only. The default options are sufficient for most use cases.

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee