Backup & Restore
dockmesh backs up stack volumes, bind-mounted paths, and optional database dumps to reusable backup targets. Every backup is encrypted with age, versioned, and subject to a retention policy.
Backup targets
Section titled “Backup targets”Targets are reusable connection configs that backup jobs reference. Create them once under Backups → Targets:
| Type | Fields | Notes |
|---|---|---|
| Local | Directory path | On the dockmesh server filesystem |
| SMB / NAS | Host + username + password | Share list auto-discovered on Test connection |
| SFTP | Host + port + user + key or password | Uses OpenSSH-compatible key formats |
| WebDAV | URL + user + password | Tested against Nextcloud, OwnCloud, Synology |
| S3 | Endpoint + bucket + region + access/secret | Works with AWS, MinIO, Backblaze B2, Wasabi |
Every dialog has a Test connection button that establishes a live session and reports failures with the actual protocol error.
Backup jobs
Section titled “Backup jobs”A job ties a target to a schedule. Open Backups → New job:
- Select stacks (or leave blank for all stacks on a host)
- Pick a target
- Schedule — visual cron builder (every 6h, daily at 02:00, weekly Sunday, etc.) or raw cron
- Pre/post hooks — pick a preset (PostgreSQL dump, MySQL dump, Redis
BGSAVE) or write a custom shell command - Retention — keep last N, or keep daily/weekly/monthly rotation
- Encryption passphrase — required; stored encrypted at rest in the database
What’s in a backup
Section titled “What’s in a backup”For each selected stack:
compose.yamland.env- All named volumes (streamed as tar)
- Bind mounts (tar of the referenced host path)
- Optional hook output — e.g. a
pg_dumpfile placed next to the volume
Everything is combined into a single <stack>-<timestamp>.tar.age file, encrypted with the job’s passphrase.
Restoring
Section titled “Restoring”Backups → Browse shows every backup file on every target, grouped by stack. Click Restore and dockmesh:
- Stops the target stack (if running)
- Decrypts and extracts the archive
- Replaces named volume contents (with a 24h safety copy retained)
- Restarts the stack
You can restore to a different host — pick a destination from the dropdown and dockmesh handles the transfer.
Retention and rotation
Section titled “Retention and rotation”The retention policy runs after every successful job:
- Keep last N — simplest, rotates after N backups
- Grandfather-father-son — keep N daily, N weekly, N monthly
Expired backups are deleted from the target. The audit log records every deletion.
See also
Section titled “See also”- PostgreSQL backup guide — full walkthrough with hooks
- Configuration — bootstrap paths for local backup target