Use your internal VPS to snapshot your main VPS OS

The following is based on CentOS 7, though should be easily adapted for other Operating Systems.
Note how little work needs to be done to the internal VPS - essentially it only requires sshd and a username.

– Target internal VPS –

create a group and user for the backup

groupadd backup
useradd -d /home/backup -g backup backup
passwd backup

– Client VPS –

create an ip entry for your internal vps

vi /etc/hosts

create a password-less SSH key


authorize the public key of client to the target

ssh-copy-id backup@internalvps


Download /root/.ssh/id_rsa (the private key) to a safe place…

You WILL need it if you ever need to rebuild the VPS from scratch.

install restic - check for latest release

cd /opt
bzip2 -dk restic_0.9.4_linux_amd64.bz2
ln -s restic_0.9.4_linux_amd64 restic
chmod +x /opt/restic

create the backup repository on the target with a password

/opt/restic -r sftp:backup@internalvps:/home/backup/VPS init
echo "your_repo_password" > /root/
chmod 600 /root/


Download /root/ (the repository key) to a safe place.

Snashot your VPS - adjust the excludes to match your environment

/opt/restic -p /root/ --exclude={/backup,/home,/var/lib/mysql,/dev,/media,/mnt,/proc,/run,/sys,/tmp,/var/tmp,/var/cache,/usr/share/cagefs-skeleton,/var/cagefs} -r sftp:backup@internalvps:/home/backup/VPS backup /

** Optional **

– Create a batch file – adjust the snapshot retention periods, to suit.

vi /root/
/opt/restic -p /root/ --exclude={/backup,/home,/var/lib/mysql,/dev,/media,/mnt,/proc,/run,/sys,/tmp,/var/tmp,/var/cache,/usr/share/cagefs-skeleton,/var/cagefs} -r sftp:backup@internalvps:/home/backup/VPS backup /
/opt/restic -p /root/ -r sftp:backup@internalvps:/home/backup/VPS forget --keep-daily 7 --keep-weekly 5 --keep-monthly 12 --keep-yearly 50
/opt/restic -p /root/ -r sftp:backup@internalvps:/home/backup/VPS prune
/opt/restic -p /root/ -r sftp:backup@internalvps:/home/backup/VPS check

make the shell script executable

chmod u+x /root/

example cron task

crontab -e
05 04 * * * /root/

Stickied. Welcome to the forums AlwaysSkint and thanks for your contribution

1 Like

Note: debian ARM-32 (and likely others) includes restic in its’ repository but it is an old version. It’s best to grab the latest release.

(Thanks David :slight_smile: )

Additional notes:
Please be aware of the typo - there should only be one wget command, not “wget wget”

I’ve also used this elsewhere with an external VPS and a custom ssh port. I manually copied the public key over to /home/backup/.ssh/authorized_hosts on the target VPS. If using a custom port the on the source VPS create /root/.ssh/config with the following example content…

Host internalvps
Hostname internalvps
User backup
Port 12345

I just edited that wget wget for you