Open xtvdata opened 3 months ago
Interesting issue -- I think this is something that could make a lot of sense for the cookbooks section of the docs https://github.com/garethgeorge/backrest/tree/main/docs/content/3.cookbooks if you're interested in elaborating on / sharing your setup w/ self hosted S3 (I'm assuming minio or similar) and custom certificates. It'd be a great pull request.
Hi, atm I've my hands full at work... but as soon as I'll have some spare time I think it could be possible (if I finally decide to learn how to properly use GitHub... ;-) ).
Just FYI:
Interesting re: garage, I'll take a look at it. I've been using minio in my deployment with good success -- but haven't looked much at the resources it's using.
About resources see attachments…
it’s just testing env, with a couple of buckets and less than 100MB of storage, but also on 2 additional nodes.
First of all thanks a lot for the excellent work.
Why Usage of on-premise S3 services is often linked to either self signed certificates (not so good), or to certificates signed by a Custom CA (much better). If Backrest is installed directly on the server it will use the system CA --> no issue. If Backrest is installed in Docker with the sample compose file, custom CA will not be available in the container, therefore it will not be possible to connect to the local S3 repository. However, it is possible to use
RESTIC_CACERT
environment variable...Solution description No changes to the code or to the docker image are required. Simply I'd suggest to improve the documentation by adding the info on how to use a custom CA.
Example: docker-compose with custom CA support.
$CA_CERT_FILENAME
should be defined in the environment variables.