automated backup system · v2.0

VPS
BACKUP

A cinematic, dynamic runbook for Docker-based automated backups to Google Drive using rclone. It keeps the original guide flow, then adds interactive steps, copy buttons, a live .env generator, progress tracking, and command search.

Start the guide
0guided steps
0retained backups
0day default cron
rclone-backup:/usr/local/bin/backup.sh
root@vpsinitializing backup container...
cronloaded schedule: 0 2 */3 * *
mounthost filesystem mounted read-only at /host
status
drivedestination: rclone-google-backup:my-backups/vaultwarden
retentionoldest files pruned automatically after limit
scroll
// architecture

How the backup pipeline moves data

The host is mounted read-only, the container creates a zero-compression zip archive, rclone uploads it to Google Drive, and retention cleanup keeps the remote folder tidy.

// selected node

VPS Host Filesystem

The container sees your server through a read-only mount. That is useful because the backup script can read files from the host without being able to accidentally overwrite or delete host files.

  • Safe read-only host mount using /:/host:ro.
  • Backup paths are controlled from .env, so you do not rebuild the image for path changes.
  • Works well for folders such as Vaultwarden, app configs, and small server data directories.
!
Best part: the guide stays simple: build once, configure rclone once, then edit .env whenever your backup target changes.
// step by step

Interactive deployment guide

Filter steps, mark progress, and copy commands directly. Your checklist state is saved in this browser.

/
01
builddockermulti-arch

Clone & run build.sh

A single script auto-detects your CPU architecture, installs dependencies if missing, generates the Dockerfile inline, and builds the image.

bash
# Download build script
curl -fsSL https://raw.githubusercontent.com/potatosips/potato-guides/refs/heads/main/public/rclone-on-docker/build.sh -o build.sh
chmod +x build.sh && sudo ./build.sh

Supported architectures: amd64, arm64, armv7, armv6, 386.

i
What it builds: debian:stable-slim base → installs curl, zip, cron → downloads latest rclone binary for your arch → embeds backup.sh and entrypoint.sh → tags as rclone-backup:latest.
02
googleoauthdrive api

Create Google Cloud credentials

Use your own OAuth credentials to avoid shared rate limits on rclone's default key.

1. console.cloud.google.comCreate new projectName it anything, for example rclone-vps-backup.
2. APIs & ServicesEnable Google Drive APISearch for Google Drive API and enable it for the project.
3. OAuth Consent ScreenExternal → add your Gmail as test userRequired before using the OAuth client with your own account.
4. CredentialsOAuth 2.0 Client ID → Desktop appDownload the JSON and use the client_id + client_secret during rclone config.
03
rcloneconfigheadless

Configure rclone

Run rclone config inside a temporary container. Mount the config file, not the directory, so credentials persist cleanly.

bash
# Create config file first, not a directory
mkdir -p ~/docker/rclone/config
touch ~/docker/rclone/config/rclone.conf

# Run interactive config
sudo docker run --rm -it \
  -v ~/docker/rclone/config/rclone.conf:/config/rclone.conf \
  --entrypoint rclone \
  rclone-backup:latest config
!
Headless VPS: when asked “Use web browser?”, press n. Copy the authorize command, run it on your local machine, then paste the token back into the VPS terminal.

When prompted for the remote name, use rclone-google-backup.

04
configcronretention

Configure .env

All backup behavior is controlled from a single env file. No need to rebuild the image to change paths or schedule.

.env
# ── Remote destination ──────────────────────
GDRIVE_FOLDER=rclone-google-backup:my-backups/vaultwarden

# ── Retention & schedule ────────────────────
KEEP_BACKUPS=10
BACKUP_CRON=0 2 */3 * *
TZ=Asia/Dhaka

# ── Paths, space-separated host paths ───────
BACKUP_PATHS=/home/ubuntu/docker/vaultwarden
GDRIVE_FOLDERremote:bucket/subfolderRemote name must match what you set in rclone config.
KEEP_BACKUPS10Number of zip files to keep on Drive. Oldest files are deleted automatically.
BACKUP_CRON0 2 */3 * *Every 3 days at 2 AM. Uses the container timezone.
BACKUP_PATHS/path/one /path/twoSpace-separated host paths. The script prepends /host/ internally.
05
deploycomposelogs

Deploy with docker compose

yaml — docker-compose.yml
services:
  rclone-backup:
    image: rclone-backup:latest
    container_name: rclone-backup
    restart: unless-stopped
    user: root
    privileged: true
    env_file: .env
    volumes:
      - ./config/rclone.conf:/config/rclone.conf:ro
      - ./logs:/var/log
      - /:/host:ro
bash
sudo docker compose up -d

# Test immediately
sudo docker exec rclone-backup /usr/local/bin/backup.sh

# Watch logs
tail -f ~/docker/rclone/logs/vps-backup.log
06
referencecommandsmanual run

Useful commands

bash
# Run backup manually
sudo docker exec rclone-backup /usr/local/bin/backup.sh

# View logs
tail -f ~/docker/rclone/logs/vps-backup.log

# List backups on Drive
sudo docker exec rclone-backup \
  rclone --config /config/rclone.conf \
  lsf rclone-google-backup:my-backups/vaultwarden

# Rebuild image after changes
sudo ./build.sh
sudo docker compose down && sudo docker compose up -d

# Change paths or schedule — edit .env then
sudo docker compose down && sudo docker compose up -d
07
referencecronschedule

Cron schedule reference

0 2 * * *Daily at 2 AM
0 2 */3 * *Every 3 days at 2 AM
0 */6 * * *Every 6 hours
0 2 * * 0Weekly — Sunday 2 AM
0 2 1 * *Monthly — 1st of month
// dynamic config

Live .env generator

Change the fields and the output updates instantly. Use the presets for common cron schedules.

0%
Checklist progress

Mark guide steps complete and this meter updates automatically.

generated .env

          

          

            
quick deploy


sudo docker compose up -d
sudo docker exec rclone-backup /usr/local/bin/backup.sh
tail -f ~/docker/rclone/logs/vps-backup.log

          

          
i
Tip: keep path names simple when using space-separated paths. For directories with spaces, adjust the backup script or avoid spaces in folder names.

        

      

    


    

      

        

          
// notes

          
Operational notes

          
A few final reminders for keeping the backup container reliable and easy to operate.

        

      

      

        
Change schedule safely
Edit .env, then restart the compose stack. The image does not need a rebuild just for cron, retention, timezone, or path changes.

        
Verify remote uploads
Use rclone lsf inside the container to confirm that Google Drive receives new zip files after manual tests.

        
🛡
Keep secrets private
Treat rclone.conf like a secret because it contains access tokens. Mount it read-only in the running backup container.

      

    

  


  

  
  
Copied