Container Backup Manager with a web interface.
ContBak discovers Docker containers and their named volumes and bind mounts. It can back up one container or all containers, restore an existing backup, run daily schedules, and retain a configurable number of versions.
- GitHub:
Frazon11/ContBak - Docker Hub:
frazon11/contbak - Current version:
1.4.0 - License: MIT
Warning
ContBak mounts /var/run/docker.sock. This grants broad administrative control over the Docker host. Keep the interface on a trusted network or behind a VPN/authenticated reverse proxy. Do not expose it directly to the Internet.
- Automatic container discovery
- Named-volume and bind-mount backups
- Per-container and backup-all actions
- Optional stop/start for better filesystem consistency
- Restore through the web interface
- Daily schedules per container
- Configurable retention
- Backup manifests and
docker inspectmetadata - Responsive dashboard
linux/amd64andlinux/arm64images- Synology DSM and Portainer-friendly deployment
Create .env next to docker-compose.yml:
TZ=Europe/Brussels
CONTBAK_USER=admin
CONTBAK_PASSWORD=replace-with-a-long-random-password
HELPER_IMAGE=alpine:3.22
STOP_CONTAINERS=true
RETENTION_COUNT=7
CONTBAK_CONFIG_PATH=/volume1/docker/contbak/config
CONTBAK_BACKUP_PATH=/volume1/docker/contbak/backupsStart ContBak:
docker compose up -dOpen:
http://DOCKER-HOST:8787
Create the host directories first:
/volume1/docker/contbak/config
/volume1/docker/contbak/backups
Then deploy the supplied docker-compose.yml as a Portainer stack and define the environment variables in Portainer or upload the .env file.
Each backup is stored below /backups/<container>/<timestamp>/ and contains:
manifest.json
container-inspect.json
mount_00_<name>.tar.gz
mount_01_<name>.tar.gz
When STOP_CONTAINERS=true, a running container is stopped before its mount data is archived and started again afterward.
Version 1.4.0 restores mount contents into the original container's currently configured mounts. The container must still exist. Restore removes the existing content of every selected mount before extracting its archive.
Always keep another tested backup before using restore in production.
Stopping the database container makes a file-level backup safer, but application-native dumps remain the preferred method for databases requiring guaranteed transactional consistency. Native database hooks are planned for a later release.
Add this label:
labels:
contbak.exclude: "true"ContBak excludes itself by default in the included compose file.
The repository workflow publishes tagged releases to Docker Hub. Configure these GitHub Actions secrets:
DOCKERHUB_USERNAME=frazon11
DOCKERHUB_TOKEN=<Docker Hub personal access token with Read & Write>
Then create and push a tag:
git tag -a v1.4.0 -m "ContBak 1.4.0"
git push origin v1.4.0The workflow publishes:
frazon11/contbak:1.4.0
frazon11/contbak:1.0
frazon11/contbak:latest
- Deleted containers are not recreated automatically yet.
- Backups are full TAR/Gzip archives, not incremental or deduplicated.
- Backups are not encrypted by ContBak itself.
- Jobs execute sequentially.
- Restore should be tested on non-production data first.
MIT License. See LICENSE.