nold360 / docker-borgserver Goto Github PK

Hello,

I keep getting the following error Docker container borg-server stopped unexpectedly around the time watchtower is scheduled. I have looked into and the only thing I think that has happened is that the container isnt responding to SIGTERM signals causing watchtower, after sometime, to force it via SIGKILL.

I read that this can be caused if the processes of the container are called under bash -c because the SIGTERM signals are not passed on to processes.

Apparently
ENTRYPOINT /run.sh
wraps /run.sh in bash -c

and

ENTRYPOINT [“/run.sh”]
doesn’t
as officially explained

You can also propagate SIGTERM signals to bash child processes using bash’s trap and wait

Lastly, not all docker containers or applications use SIGTERM here you can use dockerfile's STOPSIGNAL to change the signal type

I think its probably the first two issues.

Hey there,

I've been using this docker image for a while. I was curious if automated builds (as stated in the README) are still working?

It's also likely an appropriate time to promote 1.2 to the new stable (latest borg release is 1.2.7)

Hi,

First of all big thanks for building and maintaining these images.
Would you be willing / could you please support multi arch builds. I would really like to run this container on my raspberry pi which is running on arm64.

Kind regards

BorgServer v2

Ideas:

• Don't run sshd as root [breaking change]
  -> Only root can expose ports < 1024 on linux, so the defaut port would change
• Different authorized_keys handling
  1. Git-Based: Simply push all your public keys to git & your good to go. (nice for k8s)
  2. Replace the static-generated authorized_keys-file with a more dynamic script, that reads all keys when a client connects (Using sshd_config/"AuthorizedKeysCommand")

I think i would simply provide both methods using labels, :latest would stay directory based.

@abmaonline do you got anything in mind?

Would it be possible to include a way to ignore hidden files like .gitignore and .gitkeep in the clients folder?

Should be easy to implement by changing following code in data/run.sh:
find ${SSH_KEY_DIR}/clients -type f -not -name ".*" | wc -l and find "${SSH_KEY_DIR}/clients" -type f -not -name ".*"

I didn't create a Pull request, as I wasn't sure which option would seem the best to you:

• Hardcoded hidden files (.*)
• Hardcoded hidden git files (.git*)
• Environment variable, empty by default => No impact on existing setups

Personally, I feel the environment variable is the way to go. As it very easy to implement and can be set dynamically by the user.

Thanks on advance!

Thanks a bunch for making this image! I was going crazy trying to figure out why I couldn't add the --restrict-to-path magic to my client ssh keys. I was getting ERROR: /home/borg/.ssh/authorized_keys is not a public key file.. But once I looked at (https://github.com/Nold360/docker-borgserver/blob/master/data/run.sh#L12, I saw that you'd taken care of all this for us.

It would be nice to add language in the readme to reassure people that this is already done for them, and they don't need to mess around with custom ssh restrictions. Thanks again!

Hello, is there any nice way to add something like to the build?

for i in $(ls $BORG_DATA_DIR/)
do
	echo "###### Pruning backup for $i on $(date) ######"
	borg prune -v $BORG_DATA_DIR/$i --keep-daily=7 --keep-weekly=4 --keep-monthly=6
done

I tried to add cron and run it, but i didn't get it working

Build failed with the error "COPY failed: stat /var/lib/docker/tmp/docker-builder549501746/data/run.sh: no such file or directory".

The Dockerfile declares:

COPY ./data/run.sh /run.sh
COPY ./data/sshd_config /etc/ssh/sshd_config

but the documentation does not mention these files or what they should contain.

Thanks for your work. I use it all the time.

It would be nice to have a way to specify sshd_config options to follow the recommendation in the borg documentation. If it undesirable to add general sshd_config options, just having a way to specify:

ClientAliveInterval 10
ClientAliveCountMax 30

would be good.

Thanks.

Hey,
I'm running your borg-server on my Synology NAS.
I've added my pub Key in the /sshkeys/client Folder and start the Container.
The container found the Key and import it.
But when i try to init my repo there is a permission denied error.
The Container see my connection, but is it normal that the port ist increase with every try?
Did you have an idea?

Here the log from the Docker:

Here is my terminal:

root@xyz:~# borg init ssh://[email protected]:port/backup/xyz.pub/repo
Remote: Permission denied (publickey).
Connection closed by remote host. Is borg working on the server?

Thx
Jan

First of all, thanks for the awesome project!

Unfortunately, while setting a new backup server, I hit a weird issue.
After adding multiple hosts, it seems there are new lines missing in authorized_keys and everything sticks together.

Did you ever face this issue?
As a workaround, I just appended a blank line in each client key.

root@1e79af88bb3f:/# bash run.sh
########################################################
 * Docker BorgServer powered by borg 1.1.9
########################################################
 * User  id: 1000
 * Group id: 1000
########################################################
 * Testing Volume BORG_DATA_DIR: /backup
 * Testing Volume SSH_KEY_DIR: /sshkeys
 * Checking / Preparing SSH Host-Keys...
########################################################
 * Starting SSH-Key import...
  ** Adding client kubo with repo path /backup/kubo
  ** Adding client olaf with repo path /backup/olaf
  ** Adding client eve with repo path /backup/eve
 * Validating structure of generated /home/borg/.ssh/authorized_keys...
ERROR: /home/borg/.ssh/authorized_keys is not a public key file.

root@1e79af88bb3f:/# cat /home/borg/.ssh/authorized_keys
command="cd /backup/kubo; borg serve --restrict-to-path /backup/kubo " ssh-rsa AAAAB3...qisc=command="cd /backup/olaf; borg serve --restrict-to-path /backup/olaf " ssh-rsa AAAAB3...dGrk=command="cd /backup/eve; borg serve --restrict-to-path /backup/eve " ssh-rsa AAAAB3...wdIV

First line in a docker-compose.yml file needs to be a version number, i.e.

version: "3"

The documentation is inconsistent about directories, sometimes referring to borg/sshkeys/clients, other times just sshkeys/clients. Same with borg/backup and just backup.