Nginx Restic Back End

Summary

I’ve started using an excellent piece of software called Restic for backing up my various hosts. Restic has multiple backend types that you can send your backups to. One of the backends it supports is a REST API for which there is an implementation named Rest Server written in Go. I thought to myself, if it’s just a simple REST API, why do I need to learn/install/manage a new piece of software? I already use Nginx all over the place. Can I just use Nginx for this? The answer was yes. I have configured two nginx vhosts, and run them on different ports. One of the vhosts is to be accessed by hosts which are backing themselves up. It doesn’t allow them to delete objects (other than lock files), or overwrite them either. Meaning it is an “append-only” backup solution. The other vhost allows deletion, and exists for administrative tasks like pruning old backups. For demo purposes, I’ve stripped a few things out of this config, e.g TLS. You will need to modify the config for your own use cases. Here is the the append-only config: server { listen 0.0.0.0:80; client_max_body_size 1000M; default_type "application/vnd.x.restic.rest.v2"; auth_basic "Restic Append-Only Backups"; auth_basic_user_file /opt/backups/auth/.htpasswd; root /opt/backups/repo/$remote_user; error_page 470 = @list_objects; error_page 471 = @read_object; error_page 472 = @write_object; error_page 473 = @delete_object; error_page 474 = @put_proxy; location ~ "^/(data|keys|locks|snapshots|index)/$" { if ($request_method = 'GET') { return 470; } return 403; } location ~ "^/(config|keys/[a-f0-9]{64})$" { if ($request_method = 'HEAD') { return 471; } if ($request_method = 'GET') { return 471; } return 403; } location ~ "^/locks/[a-f0-9]{64}$" { if ($request_method = 'HEAD') { return 471; } if ($request_method = 'GET') { return 471; } if ($request_method = 'DELETE') { return 473; } if ($request_method = 'PUT') { return 472; } if ($request_method = 'POST') { return 474; } return 403; } location ~ "^/(data|index|s...