This Docker container runs the Backblaze personal backup client via WINE, so that you can back up your files with the separation and portability capabilities of Docker on Linux.
It runs the Backblaze client and starts a virtual X server and a VNC server with Web GUI, so that you can interact with it.
⚠️ This project is not affiliated with Backblaze Inc. ⚠️
This docker should just work for most people. But if you for example have a complex permissions setup in the filesystem you are trying to back up you will need good knowledge of docker to get it set up.
Still please be attentive during the install process: The docker by design has read/write access to all the data you are trying to back up and if you make a grave mistake you could delete stuff.
Here are the main components of this image:
Tag | Description |
---|---|
latest | Latest stable version of the image based on ubuntu 22 |
ubuntu22 | Latest stable version of the image based on ubuntu 22 |
ubuntu20 | Latest stable version of the image based on ubuntu 20 |
ubuntu18 | Latest stable version of the image based on ubuntu 18 (End of Life - unmaintained) |
v1.x | Versioned stable releases based on ubuntu 22 |
main | Automatic build of the main branch (may be unstable) based on ubuntu 22 |
There are no versioned ubuntu20 or ubuntu18 builds.
Platform | Support |
---|---|
linux/amd64 | Fully supported |
linux/arm64 | Currently no support (maybe in the future) |
linux/arm/v7 | No support |
linux/arm/v6 | No support |
linux/riscv64 | Currently no support (maybe in the future) |
linux/s390x | No support |
linux/ppc64le | No support |
linux/386 | No support |
As Backblaze runs on Windows and MacOS, there is no point in supporting these platforms.
Environment variables can be set by adding one or more arguments -e "<VAR>=<VALUE>"
to the docker run
command.
Variable | Description | Default |
---|---|---|
DISABLE_VIRTUAL_DESKTOP |
Disables Wine's Virtual Desktop Mode | false |
DISABLE_AUTOUPDATE |
Disables the auto-update of the backblaze client to the latest known-good version at the time of the docker version release | true |
FORCE_LATEST_UPDATE |
Forces the auto updater to download the newest version of the backblaze client from the backblaze servers instead of a known-good version from the Internet Archive | true |
UMASK |
Mask that controls how file permissions are set for newly created files. The value of the mask is in octal notation. By default, this variable is not set and the default umask of 022 is used, meaning that newly created files are readable by everyone, but only writable by the owner. See the following online umask calculator: http://wintelguy.com/umask-calc.pl |
(unset) |
TZ |
[TimeZone] of the container. Timezone can also be set by mapping /etc/localtime between the host and the container. |
Etc/UTC |
APP_NICENESS |
Priority at which the application should run. A niceness value of -20 is the highest priority and 19 is the lowest priority. By default, niceness is not set, meaning that the default niceness of 0 is used. NOTE: A negative niceness (priority increase) requires additional permissions. In this case, the container should be run with the docker option --cap-add=SYS_NICE . |
(unset) |
USER_ID |
When mounting docker-volumes, permission issues can arise between the docker host and the container. You can pass the User_ID permissions to the container with this variable. | 1000 |
GROUP_ID |
When mounting docker-volumes, permission issues can arise between the docker host and the container. You can pass the Group_ID permissions to the container with this variable. | 1000 |
CLEAN_TMP_DIR |
When set to 1 , all files in the /tmp directory are deleted during the container startup. |
1 |
DISPLAY_WIDTH |
Width (in pixels) of the virtual screen's window. (Has to be divisible by 4) | 900 |
DISPLAY_HEIGHT |
Height (in pixels) of the virtual screen's window. (Has to be divisible by 4) | 700 |
SECURE_CONNECTION |
When set to 1 , an encrypted connection is used to access the application's GUI (either via a web browser or VNC client). See the Security section for more details. |
0 |
VNC_PASSWORD |
Password needed to connect to the application's GUI. See the VNC Password section for more details. | (unset) |
X11VNC_EXTRA_OPTS |
Extra options to pass to the x11vnc server running in the Docker container. WARNING: For advanced users. Do not use unless you know what you are doing. | (unset) |
ENABLE_CJK_FONT |
When set to 1 , open-source computer font WenQuanYi Zen Hei is installed. This font contains a large range of Chinese/Japanese/Korean characters. |
0 |
STARTUP_LOGFILE |
The location for writing logs of the startup script, responsible for installing and starting the Backblaze app. The default path is also backed up to Backblaze. | /config/wine/dosdevices/c:/backblaze-wine-startapp.log |
Inside the container, wine's configuration and with it Backblaze's configuration is stored in the
/config/wine/
directory.
This directory is also used to store the VNC password. See the VNC Pasword section for more details.
Here is the list of ports used by container. They can be mapped to the host
via the -p <HOST_PORT>:<CONTAINER_PORT>
parameter. The port number inside the
container cannot be changed, but you are free to use any port on the host side.
Port | Mapping to host | Description |
---|---|---|
5800 | Mandatory | Port used to access the application's GUI via the web interface. |
5900 | Optional | Port used to access the application's GUI via the VNC protocol. Optional if no VNC client is used. |
A minimum of 2 volumes need to be mounted to the container
You can mount drives with different paths, but these will need to be mounted manually within wine using the following method
Add your storage path as a wine drive, so Backblaze can access it
docker exec --user app backblaze_personal_backup ln -s /backup_volume/ /config/wine/dosdevices/d:
Restart the docker to get Backblaze to recognize the new drive
docker restart backblaze_personal_backup
Reload the Web Interface
Assuming that container's ports are mapped to the same host's ports, the graphical interface of the application can be accessed via:
A web browser:
http://<HOST IP ADDR>:5800
Any VNC client:
<HOST IP ADDR>:5900
By default, access to the application's GUI is done over an unencrypted connection (HTTP or VNC).
Secure connection can be enabled via the SECURE_CONNECTION
environment
variable. See the Environment Variables section for
more details on how to set an environment variable.
When enabled, application's GUI is performed over an HTTPs connection when accessed with a browser. All HTTP accesses are automatically redirected to HTTPs.
When using a VNC client, the VNC connection is performed over SSL. Note that few VNC clients support this method. SSVNC is one of them.
SSVNC is a VNC viewer that adds encryption security to VNC connections.
While the Linux version of SSVNC works well, the Windows version has some
issues. At the time of writing, the latest version 1.0.30
is not functional,
as a connection fails with the following error:
ReadExact: Socket error while reading
However, for your convienence, an unoffical and working version is provided here:
https://github.com/jlesage/docker-baseimage-gui/raw/master/tools/ssvnc_windows_only-1.0.30-r1.zip
The only difference with the offical package is that the bundled version of
stunnel
has been upgraded to version 5.49
, which fixes the connection
problems.
Here are the certificate files needed by the container. By default, when they are missing, self-signed certificates are generated and used. All files have PEM encoded, x509 certificates.
Container Path | Purpose | Content |
---|---|---|
/config/certs/vnc-server.pem |
VNC connection encryption. | VNC server's private key and certificate, bundled with any root and intermediate certificates. |
/config/certs/web-privkey.pem |
HTTPs connection encryption. | Web server's private key. |
/config/certs/web-fullchain.pem |
HTTPs connection encryption. | Web server's certificate, bundled with any root and intermediate certificates. |
NOTE: To prevent any certificate validity warnings/errors from the browser or VNC client, make sure to supply your own valid certificates.
NOTE: Certificate files are monitored and relevant daemons are automatically restarted when changes are detected.
To restrict access to your application, a password can be specified. This can be done via two methods:
VNC_PASSWORD
environment variable..vncpass_clear
file at the root of the /config
volume.
This file should contains the password in clear-text. During the container
startup, content of the file is obfuscated and moved to .vncpass
.The level of security provided by the VNC password depends on two things:
When using a VNC password, it is highly desirable to enable the secure connection to prevent sending the password in clear over an unencrypted channel.
Access to the host by unexpected users with sufficient privileges can be dangerous as they can retrieve the password with the following methods:
VNC_PASSWORD
environment variable value via the
docker inspect
command. By defaut, the docker
command can be run only
by the root user. However, it is possible to configure the system to allow
the docker
command to be run by any users part of a specific group./config/.vncpass
file. This requires the user to have
the appropriate permission to read the file: it has to be root or be the
user defined by the USER_ID
environment variable. Also, to be able to
retrieve the correct decryption key, one needs to know that the content of
the file was generated by x11vnc
.Diffie-Hellman (DH) parameters define how the DH key-exchange is performed. More details about this algorithm can be found on the OpenSSL Wiki.
DH Parameters are saved into the PEM encoded file located inside the container
at /config/certs/dhparam.pem
. By default, when this file is missing, 2048
bits DH parameters are automatically generated. Note that this one-time
operation takes some time to perform and increases the startup time of the
container.
Check for yourself if using this docker complies with the Backblaze terms of service
Modify the following for your setup (in terms of ports, volumes and environment variables) and run it
(for Unraid users, instead of running this command navigate to the Apps tab, search for this docker and install it)
NOTE: root priviliges may be needed
docker run \
-p 8080:5800 \
--init \
--name backblaze_personal_backup \
-v "[backup folder]/:/drive_d/" \
-v "[config folder]/:/config/" \
tessypowder/backblaze-personal-wine:latest
Open the Web Interface (on the port you specified in the docker run command, in this example 8080):
You may see wine being updated, this will take a couple of minutes
The UI of the first step of the Backblaze installer is broken on wine, but it doesn't matter, just insert the email to your backblaze account into the input field
Press Enter
Insert your password (important: keyboard locale mismatches can mess up your inputs)
Press Enter
Wait for Backblaze to analyze your drives
Click Ok
If your [config folder] is somewehere inside the [backup folder] on the docker host side (which is the case for the Unraid template) in order to prevent an infinite loop of config file uploads, because those uploads change bz_done* files in [config folder]/wine/drive_c/ProgramData/Backblaze/bzdata/bzbackup/bzdatacenter open the web interface, open the Backblaze settings, open the "Exclusions" tab, click on "Add Folder" and in the popup navigate to My Computer -> (D:) and naviagate to the config folder inside. For unraid template installs this is My Computer -> (D:) -> appdata -> backblaze_personal_backup. Click on OK and close the Backblaze Settings.
The Installation is done 🎉
Buy a license for your Computer in the Backblaze Dashboard, just like for a normal Windows/Mac installation
The Backblaze Installer says it recognized a server operating system
Explanation: I don't know what can cause this, it seems to randomly occur on some installations
Solution: Stop the docker, delete the config directory, restart installation from beginning
(Speculation: I think this only happens, when no volume is mounted at /config/ and docker manages the folder instead of the volume)
The backup folder mounted as drive D is not being backed up
Explanation: Depending on when you added drive D to your wine configuration, the Backblaze installer might not recognize it
Solution:
Open the Backblaze settings
In the section "Hard Drives" in the first tab "Settings" enable the checkbox for next to the drive D:\
Still not working:
Run
docker exec --user app backblaze_personal_backup ls -la /config/wine/dosdevices/
The output should look like this:
drwxr-xr-x 2 app app 4096 Jan 16 13:43 .
drwxr-xr-x 4 app app 4096 Jan 16 14:08 ..
lrwxrwxrwx 1 app app 10 Jan 16 13:43 c: -> ../drive_c
lrwxrwxrwx 1 app app 10 Jan 16 13:43 d: -> /drive_d/
lrwxrwxrwx 1 app app 1 Jan 16 13:43 z: -> /
I can only see a black screen when I start the container
Explanation: The Docker container may have insufficient permissions to download and install Backblaze.
Solution:
Try a different run command where you explicitly pass the root ID 0 to the container:
docker run \
-p 8080:5800 \
--init \
-e USER_ID=0 \
-e GROUP_ID=0 \
--name backblaze_personal_backup \
-v "[backup folder]/:/drive_d/" \
-v "[config folder]/:/config/" \
tessypowder/backblaze-personal-wine:latest
docker run \
-p 8080:5800 \
--init \
--privileged \
-e USER_ID=0 \
-e GROUP_ID=0 \
--name backblaze_personal_backup \
-v "[backup folder]/:/drive_d/" \
-v "[config folder]/:/config/" \
tessypowder/backblaze-personal-wine:latest
--init
flag installs a tiny process that can actually do a few init things like wait()ing children in place of the backblaze client as PID 1. .bzvol
directory in the root of every hard drive it's configured to back up in which it'll store a full copy of files >100M split into 10M parts. Mount accordingly if you want to preserve SSD erase cycles.docker exec --user app backblaze_personal_backup wine explorer
docker exec --user app backblaze_personal_backup winecfg
docker run ... -e "DISPLAY_WIDTH=1280" -e "DISPLAY_HEIGHT=800" ...
This was originally developed by @Atemu (https://github.com/Atemu/backblaze-personal-wine-container).
The Backblaze name, logo and application is the property of Backblaze, Inc.
This docker does not redistribute the Backblaze application. It gets downloaded from the official Backblaze Servers or Internet Archive during the install process.
This docker image is based on @jlesage 's excellent base image.
This project was made by: