文档|Rclone 加密备份方案
不知道为什么,总感觉单机服务不可靠,为了避免服务器上的重要数据丢失,还是需要定期备份。
本次使用的是rclone,将数据打包,加密备份到OneDrive中,如果觉得网盘也不可靠,可以备份到多个网盘。如od、gd、s3、r2、b2等等。
rclone添加od
挂载od可以使用rclone的api,但是rclone的api限速非常严重,推荐自己创建api。
获取Token
rclone authorize "onedrive" "client_id" "client_secret"
2025/07/11 15:58:46 NOTICE: Make sure your Redirect URL is set to "http://localhost:53682/" in your custom config.
2025/07/11 15:58:46 NOTICE: If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=Ep8w-0RBDM66yRQCzo0jTA
2025/07/11 15:58:46 NOTICE: Log in and authorize rclone for access
2025/07/11 15:58:46 NOTICE: Waiting for code...
2025/07/11 16:04:06 NOTICE: Got code
Paste the following into your remote machine --->
{"access_token":"EwBIBMl6BAAUBKgm8k1UswUNwklmy2v7U/S+1fEAAUAYSNwDpUZj72McicsjmAHnscq3e+fXFkUnQeBeJkC4VhvP3Jui3v1ZGRcG2PscT8TKUtHVRN8xRR4R7kIa0AAxqKfeZsc+QqdwHZB2KBEVfW+SNedFQuNmvk/39KjKozZui9vXSC9Pq1d9D7K/ZDjzy2DKNQ9xwvcsRYFrt43pDyQUrAclm2hM1YAjurrp+Gk5lbeSOx7IcFwv/07M9iR2sWpeIyCtX0lTtJVhOmM3LsGGimmDg/t0GKL0GAWu5u7RDNtkw0tWm7GxgWx3F8ZewZ/YSTAFezhHdgHAg31yqtr6AMXKnFUTKhyDDI9g1g2lvriO0VbYUMBRZwAVeh4QZgAAEBQ93m4cc6Z9sZyZ+/Q3JO4QA9oMz5fmvHcOqKCUyq50iKBzFp0vWlfaaXUsGt4uutSbfCGcMihW1PkKDxE7NvyA4OpKwAvTDXbvPZtvQNuHShQupBX/Td2qOP/bKR2SZbLx30bcQ+BWicWjvsLTTtPlh8vRpcrWvjAleon5u47laBEFJkFbqJMj9zPPB5mgVsAzSI+CeTGMmIzBe3uFL1PLFNB/qHu3eR6U/Yfl5j2q7DF7RIyR+eAd9lH1NG9TPaGnUxrkLvUCyyftdFQEyNjebJ15N1B7jNJpkQbnaXDDRfnntH3HwSGrpE8fGTdG7tPyJuGa+WEXP/gpP+OIE4+mr19p2SCrHmXZElKos6pIERifMIC6Hfo86EI/tGmn0fUmBC7QGaW6q2H9OjyZF86MYGRHqpI+Reu8kx2Q2qLrH4GtZPTDxz1VgDh78JNO2QMCuKzyXCh2fziRBr2ml5yuNrHdW2NEbQahIgEhrcSk8xAEVjnYTiJ8M6nxN3LULKeCBh9tUUyDs6gLh3CErr1OPn8Ha4Pfk9sLsFujubb3ZNPZS3qlv5CaCPTjhLBfYuayi0u1SaE6DjKAuAqXYtEGji09oqPpmdFO/sL7yCFJRnNLo7vlvCYVwcfVn8XXkETX6U2eXq7EV1TGS3uSY7uahvQyB31AwcVhepGAGvo4hHnJacW0VwQ8dsrVmiHTto8Oh4aBr3sXF1LB5qkBbdzRz+SQGJwgBS2b3fPCQhB5vCsDsArLp5l6MbptekndXqnugJgPsCh/V6dY+/L6bI3FpSJ7/Q7nVU6dcggnbzOJyus1lBnT8utG/EwgTE9gd37op66CSbU0PAUiHc0/wZLzl56N4fwiQHeQM5WtSZwet0uvXfmjeoagtXuZr0NAaLsbYIYEszqifm3C0wK/yobc/IAYt/GDxciHsCLgCo01PBbiemhqM2Fi6s6G1Oh/gGJi8GUFBLJK1kToRXVv7diorLwaIaNt6Y+qMj0Qqp7Noz0+kPcXeek/48gEcLh1kOSf3UTcL31SQ1HSkREmTNttWMCErGHNK2MWXa6B/QDr92pFAw==","token_type":"Bearer","refresh_token":"M.C530_BAY.0.U.-CvgcatRZWGpGnpfJHMh4*t2e8QEeuKRTO8UXT8UwKIgiyVawbxSqkNlZXzHMEa!0dnBhJo5dtjPOD3yILelNwDIwzT8fH2XSaLHlG7t3HayAshMBSm8vTrXMMaw0EC!PSdr4AJ1Suh!ic4eqi2R8WmXP9JhLnoXv5w9eSbjF54f*yaBkT22GnjlnmaVxX3b3DOzlyHTUtufL2fy!O2PodwASoLHnjiwbvFrnh*q2jepba1sFqvTN5QfGzfcz0l*CkBL*F8AeQ8eQbQqMohq7VSYbbu5rFoO7Ab9H7RG5dH9P9RU6hKIAqaB3ssnqxTfocDYe0SKQiRqgy!RHmyL5wrG5L35Yd7mTF3VzBQUVHjKjuMnx26DEUKl9Vn2OEuCMw0CyVhwieisPgl6*8MGDVTU$","expiry":"2025-07-11T17:04:06.553097+08:00","expires_in":3599}
在浏览器登录后,记录下这串JSON。
添加od
rclone config
2025/07/09 11:17:19 NOTICE: Config file "/home/peng/.config/rclone/rclone.conf" not found - using defaults
No remotes found, make a new one?
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
Enter name for new remote.
name> od
Option Storage.
Type of storage to configure.
Choose a number from below, or type in your own value.
1 / 1Fichier
\ (fichier)
2 / Akamai NetStorage
\ (netstorage)
3 / Alias for an existing remote
\ (alias)
4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile, Cloudflare, DigitalOcean, Dreamhost, Exaba, FlashBlade, GCS, HuaweiOBS, IBMCOS, IDrive, IONOS, LyveCloud, Leviia, Liara, Linode, Magalu, Mega, Minio, Netease, Outscale, Petabox, RackCorp, Rclone, Scaleway, SeaweedFS, Selectel, StackPath, Storj, Synology, TencentCOS, Wasabi, Qiniu and others
\ (s3)
5 / Backblaze B2
\ (b2)
6 / Better checksums for other remotes
\ (hasher)
7 / Box
\ (box)
8 / Cache a remote
\ (cache)
9 / Citrix Sharefile
\ (sharefile)
10 / Cloudinary
\ (cloudinary)
11 / Combine several remotes into one
\ (combine)
12 / Compress a remote
\ (compress)
13 / DOI datasets
\ (doi)
14 / Dropbox
\ (dropbox)
15 / Encrypt/Decrypt a remote
\ (crypt)
16 / Enterprise File Fabric
\ (filefabric)
17 / FTP
\ (ftp)
18 / FileLu Cloud Storage
\ (filelu)
19 / Files.com
\ (filescom)
20 / Gofile
\ (gofile)
21 / Google Cloud Storage (this is not Google Drive)
\ (google cloud storage)
22 / Google Drive
\ (drive)
23 / Google Photos
\ (google photos)
24 / HTTP
\ (http)
25 / Hadoop distributed file system
\ (hdfs)
26 / HiDrive
\ (hidrive)
27 / ImageKit.io
\ (imagekit)
28 / In memory object storage system.
\ (memory)
29 / Internet Archive
\ (internetarchive)
30 / Jottacloud
\ (jottacloud)
31 / Koofr, Digi Storage and other Koofr-compatible storage providers
\ (koofr)
32 / Linkbox
\ (linkbox)
33 / Local Disk
\ (local)
34 / Mail.ru Cloud
\ (mailru)
35 / Mega
\ (mega)
36 / Microsoft Azure Blob Storage
\ (azureblob)
37 / Microsoft Azure Files
\ (azurefiles)
38 / Microsoft OneDrive
\ (onedrive)
39 / OpenDrive
\ (opendrive)
40 / OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)
\ (swift)
41 / Oracle Cloud Infrastructure Object Storage
\ (oracleobjectstorage)
42 / Pcloud
\ (pcloud)
43 / PikPak
\ (pikpak)
44 / Pixeldrain Filesystem
\ (pixeldrain)
45 / Proton Drive
\ (protondrive)
46 / Put.io
\ (putio)
47 / QingCloud Object Storage
\ (qingstor)
48 / Quatrix by Maytech
\ (quatrix)
49 / SMB / CIFS
\ (smb)
50 / SSH/SFTP
\ (sftp)
51 / Sia Decentralized Cloud
\ (sia)
52 / Storj Decentralized Cloud Storage
\ (storj)
53 / Sugarsync
\ (sugarsync)
54 / Transparently chunk/split large files
\ (chunker)
55 / Uloz.to
\ (ulozto)
56 / Union merges the contents of several upstream fs
\ (union)
57 / Uptobox
\ (uptobox)
58 / WebDAV
\ (webdav)
59 / Yandex Disk
\ (yandex)
60 / Zoho
\ (zoho)
61 / iCloud Drive
\ (iclouddrive)
62 / premiumize.me
\ (premiumizeme)
63 / seafile
\ (seafile)
Storage> 38
Option client_id.
OAuth Client Id.
Leave blank normally.
Enter a value. Press Enter to leave empty.
client_id> 6cfaf2df-1397-4fbf-b6b0-883beb3d31fa # 如果使用rclone的api,留空
Option client_secret.
OAuth Client Secret.
Leave blank normally.
Enter a value. Press Enter to leave empty.
client_secret> u6E8Q~NAKhNcr~gEJQaMW3whiUsz1fRSWUJmBaKt # 如果使用rclone的api,留空
Option region.
Choose national cloud region for OneDrive.
Choose a number from below, or type in your own value of type string.
Press Enter for the default (global).
1 / Microsoft Cloud Global
\ (global)
2 / Microsoft Cloud for US Government
\ (us)
3 / Microsoft Cloud Germany (deprecated - try global region first).
\ (de)
4 / Azure and Office 365 operated by Vnet Group in China
\ (cn)
region> 1
Option tenant.
ID of the service principal's tenant. Also called its directory ID.
Set this if using
- Client Credential flow
Enter a value. Press Enter to leave empty.
tenant> # 目录ID,不知道为空即可
Edit advanced config?
y) Yes
n) No (default)
y/n> n
Use web browser to automatically authenticate rclone with remote?
* Say Y if the machine running rclone has a web browser you can use
* Say N if running rclone on a (remote) machine without web browser access
If not sure try Y. If Y failed, try N.
y) Yes (default)
n) No
y/n> n # 在服务器上选择n,在本地选择y
Option config_token.
For this to work, you will need rclone available on a machine that has
a web browser available.
For more help and alternate methods see: https://rclone.org/remote_setup/
Execute the following on the machine with the web browser (same rclone
version recommended):
rclone authorize "onedrive" "eyJjbGllbnRfaWQiOiI2Y2ZhZjJkZi0xMzk3LTRmYmYtYjZiMC04ODNiZWIzZDMxYzIiLCJjbGllbnRfc2VjcmV0IjoidTZFOFF+TkFLaE5jcn5nRUpRYU1XM3doaVVzejFmUlNXVUptTWFLdCJ9"
Then paste the result.
Enter a value.
config_token> {"access_token":"EwBIBMl6BAAUBKgm8k1UswUNwklmy2v7U/S+1fEAAUAYSNwDpUZj72McicsjmAHnscq3e+fXFkUnQeBeJkC4VhvP3Jui3v1ZGRcG2PscT8TKUtHVRN8xRR4R7kIa0AAxqKfeZsc+QqdwHZB2KBEVfW+SNedFQuNmvk/39KjKozZui9vXSC9Pq1d9D7K/ZDjzy2DKNQ9xwvcsRYFrt43pDyQUrAclm2hM1YAjurrp+Gk5lbeSOx7IcFwv/07M9iR2sWpeIyCtX0lTtJVhOmM3LsGGimmDg/t0GKL0GAWu5u7RDNtkw0tWm7GxgWx3F8ZewZ/YSTAFezhHdgHAg31yqtr6AMXKnFUTKhyDDI9g1g2lvriO0VbYUMBRZwAVeh4QZgAAEBQ93m4cc6Z9sZyZ+/Q3JO4QA9oMz5fmvHcOqKCUyq50iKBzFp0vWlfaaXUsGt4uutSbfCGcMihW1PkKDxE7NvyA4OpKwAvTDXbvPZtvQNuHShQupBX/Td2qOP/bKR2SZbLx30bcQ+BWicWjvsLTTtPlh8vRpcrWvjAleon5u47laBEFJkFbqJMj9zPPB5mgVsAzSI+CeTGMmIzBe3uFL1PLFNB/qHu3eR6U/Yfl5j2q7DF7RIyR+eAd9lH1NG9TPaGnUxrkLvUCyyftdFQEyNjebJ15N1B7jNJpkQbnaXDDRfnntH3HwSGrpE8fGTdG7tPyJuGa+WEXP/gpP+OIE4+mr19p2SCrHmXZElKos6pIERifMIC6Hfo86EI/tGmn0fUmBC7QGaW6q2H9OjyZF86MYGRHqpI+Reu8kx2Q2qLrH4GtZPTDxz1VgDh78JNO2QMCuKzyXCh2fziRBr2ml5yuNrHdW2NEbQahIgEhrcSk8xAEVjnYTiJ8M6nxN3LULKeCBh9tUUyDs6gLh3CErr1OPn8Ha4Pfk9sLsFujubb3ZNPZS3qlv5CaCPTjhLBfYuayi0u1SaE6DjKAuAqXYtEGji09oqPpmdFO/sL7yCFJRnNLo7vlvCYVwcfVn8XXkETX6U2eXq7EV1TGS3uSY7uahvQyB31AwcVhepGAGvo4hHnJacW0VwQ8dsrVmiHTto8Oh4aBr3sXF1LB5qkBbdzRz+SQGJwgBS2b3fPCQhB5vCsDsArLp5l6MbptekndXqnugJgPsCh/V6dY+/L6bI3FpSJ7/Q7nVU6dcggnbzOJyus1lBnT8utG/EwgTE9gd37op66CSbU0PAUiHc0/wZLzl56N4fwiQHeQM5WtSZwet0uvXfmjeoagtXuZr0NAaLsbYIYEszqifm3C0wK/yobc/IAYt/GDxciHsCLgCo01PBbiemhqM2Fi6s6G1Oh/gGJi8GUFBLJK1kToRXVv7diorLwaIaNt6Y+qMj0Qqp7Noz0+kPcXeek/48gEcLh1kOSf3UTcL31SQ1HSkREmTNttWMCErGHNK2MWXa6B/QDr92pFAw==","token_type":"Bearer","refresh_token":"M.C530_BAY.0.U.-CvgcatRZWGpGnpfJHMh4*t2e8QEeuKRTO8UXT8UwKIgiyVawbxSqkNlZXzHMEa!0dnBhJo5dtjPOD3yILelNwDIwzT8fH2XSaLHlG7t3HayAshMBSm8vTrXMMaw0EC!PSdr4AJ1Suh!ic4eqi2R8WmXP9JhLnoXv5w9eSbjF54f*yaBkT22GnjlnmaVxX3b3DOzlyHTUtufL2fy!O2PodwASoLHnjiwbvFrnh*q2jepba1sFqvTN5QfGzfcz0l*CkBL*F8AeQ8eQbQqMohq7VSYbbu5rFoO7Ab9H7RG5dH9P9RU6hKIAqaB3ssnqxTfocDYe0SKQiRqgy!RHmyL5wrG5L35Yd7mTF3VzBQUVHjKjuMnx26DEUKl9Vn2OEuCMw0CyVhwieisPgl6*8MGDVTU$","expiry":"2025-07-11T17:04:06.553097+08:00","expires_in":3599} # 输入刚刚获取到的JSON
Option config_type.
Type of connection
Choose a number from below, or type in an existing value of type string.
Press Enter for the default (onedrive).
1 / OneDrive Personal or Business
\ (onedrive)
2 / Root Sharepoint site
\ (sharepoint)
/ Sharepoint site name or URL
3 | E.g. mysite or https://contoso.sharepoint.com/sites/mysite
\ (url)
4 / Search for a Sharepoint site
\ (search)
5 / Type in driveID (advanced)
\ (driveid)
6 / Type in SiteID (advanced)
\ (siteid)
/ Sharepoint server-relative path (advanced)
7 | E.g. /teams/hr
\ (path)
config_type> 1
Option config_driveid.
Select drive you want to use
Choose a number from below, or type in your own value of type string.
Press Enter for the default (b!OiMIdhjhVU6KWVo2_2VQFJ0B2Fyt_nhHvRpMbVmExle6z4kziL-JQrVz5T0sEwtp).
1 / OneDrive (business)
\ (b!OiMIdhjhVU6KWVo2_2VQFJ0B2Fyt_nhHvRpMbVmExle6z4kziL-JQrVz5T0sEwtp)
config_driveid> 1
Drive OK?
Found drive "root" of type "business"
URL: https://dolphinsimon-my.sharepoint.com/personal/gbrp_gbrp_top/Documents
y) Yes (default)
n) No
y/n>
Configuration complete.
Options:
- type: onedrive
- client_id: 6cfaf2df-1397-4fbf-b6b0-883beb3d31fa
- client_secret: u6E8Q~NAKhNcr~gEJQaMW3whiUsz1fRSWUJmBaKt
- token: {"access_token":"EwBIBMl6BAAUBKgm8k1UswUNwklmy2v7U/S+1fEAAUAYSNwDpUZj72McicsjmAHnscq3e+fXFkUnQeBeJkC4VhvP3Jui3v1ZGRcG2PscT8TKUtHVRN8xRR4R7kIa0AAxqKfeZsc+QqdwHZB2KBEVfW+SNedFQuNmvk/39KjKozZui9vXSC9Pq1d9D7K/ZDjzy2DKNQ9xwvcsRYFrt43pDyQUrAclm2hM1YAjurrp+Gk5lbeSOx7IcFwv/07M9iR2sWpeIyCtX0lTtJVhOmM3LsGGimmDg/t0GKL0GAWu5u7RDNtkw0tWm7GxgWx3F8ZewZ/YSTAFezhHdgHAg31yqtr6AMXKnFUTKhyDDI9g1g2lvriO0VbYUMBRZwAVeh4QZgAAEBQ93m4cc6Z9sZyZ+/Q3JO4QA9oMz5fmvHcOqKCUyq50iKBzFp0vWlfaaXUsGt4uutSbfCGcMihW1PkKDxE7NvyA4OpKwAvTDXbvPZtvQNuHShQupBX/Td2qOP/bKR2SZbLx30bcQ+BWicWjvsLTTtPlh8vRpcrWvjAleon5u47laBEFJkFbqJMj9zPPB5mgVsAzSI+CeTGMmIzBe3uFL1PLFNB/qHu3eR6U/Yfl5j2q7DF7RIyR+eAd9lH1NG9TPaGnUxrkLvUCyyftdFQEyNjebJ15N1B7jNJpkQbnaXDDRfnntH3HwSGrpE8fGTdG7tPyJuGa+WEXP/gpP+OIE4+mr19p2SCrHmXZElKos6pIERifMIC6Hfo86EI/tGmn0fUmBC7QGaW6q2H9OjyZF86MYGRHqpI+Reu8kx2Q2qLrH4GtZPTDxz1VgDh78JNO2QMCuKzyXCh2fziRBr2ml5yuNrHdW2NEbQahIgEhrcSk8xAEVjnYTiJ8M6nxN3LULKeCBh9tUUyDs6gLh3CErr1OPn8Ha4Pfk9sLsFujubb3ZNPZS3qlv5CaCPTjhLBfYuayi0u1SaE6DjKAuAqXYtEGji09oqPpmdFO/sL7yCFJRnNLo7vlvCYVwcfVn8XXkETX6U2eXq7EV1TGS3uSY7uahvQyB31AwcVhepGAGvo4hHnJacW0VwQ8dsrVmiHTto8Oh4aBr3sXF1LB5qkBbdzRz+SQGJwgBS2b3fPCQhB5vCsDsArLp5l6MbptekndXqnugJgPsCh/V6dY+/L6bI3FpSJ7/Q7nVU6dcggnbzOJyus1lBnT8utG/EwgTE9gd37op66CSbU0PAUiHc0/wZLzl56N4fwiQHeQM5WtSZwet0uvXfmjeoagtXuZr0NAaLsbYIYEszqifm3C0wK/yobc/IAYt/GDxciHsCLgCo01PBbiemhqM2Fi6s6G1Oh/gGJi8GUFBLJK1kToRXVv7diorLwaIaNt6Y+qMj0Qqp7Noz0+kPcXeek/48gEcLh1kOSf3UTcL31SQ1HSkREmTNttWMCErGHNK2MWXa6B/QDr92pFAw==","token_type":"Bearer","refresh_token":"M.C530_BAY.0.U.-CvgcatRZWGpGnpfJHMh4*t2e8QEeuKRTO8UXT8UwKIgiyVawbxSqkNlZXzHMEa!0dnBhJo5dtjPOD3yILelNwDIwzT8fH2XSaLHlG7t3HayAshMBSm8vTrXMMaw0EC!PSdr4AJ1Suh!ic4eqi2R8WmXP9JhLnoXv5w9eSbjF54f*yaBkT22GnjlnmaVxX3b3DOzlyHTUtufL2fy!O2PodwASoLHnjiwbvFrnh*q2jepba1sFqvTN5QfGzfcz0l*CkBL*F8AeQ8eQbQqMohq7VSYbbu5rFoO7Ab9H7RG5dH9P9RU6hKIAqaB3ssnqxTfocDYe0SKQiRqgy!RHmyL5wrG5L35Yd7mTF3VzBQUVHjKjuMnx26DEUKl9Vn2OEuCMw0CyVhwieisPgl6*8MGDVTU$","expiry":"2025-07-11T17:04:06.553097+08:00","expires_in":3599}
- drive_id: b!OiMIdhjhVU6KWVo2_2VQFJ0B2Fyt_nhHvRpMbVmExle6z4kziL-JQrVz5T0sEwtp
- drive_type: business
Keep this "target_od" remote?
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d>
Current remotes:
Name Type
==== ====
target_od onedrive
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q
配置加密
rclone config
# n) New remote
name> od-crypt
# 在类型列表中选择 “crypt”
Storage> crypt
# 配置加密源,格式为 “<已有 remote>:<path>”
remote> od-crypt:backup/encrypted
# 选择加密文件名:true
filename_encryption> standard
# 输入一个主密码(用于内容加密)
password> ********
# 输入一个 salt(可自动生成)
password2> ********
# 保存并退出
q) Quit config
大致流程是这样的。
测试
root@peng:~# vim a.txt # 创建一个测试文件
root@peng:~# rclone copy a.txt od-crypt:/ # 写入
root@peng:~# rclone copy od-crypt:/ ./app/ # 读取
备份脚本
上面rclone环境配置好后,就可以开始备份啦。
以备份vaultwarden为例:
vaultwarden-backup.sh
#!/usr/bin/env bash
set -euo pipefail
# ==== 配置区 ====
SRC="/root/app/vaultwarden/vw-data" # 待打包的源目录
TMP_DIR="/root/app/backup/tmp" # 本地临时目录
DATE_STR=$(date +'%Y-%m-%d_%H%M%S') # 时间戳
ARCHIVE_NAME="backup_${DATE_STR}.tar.gz" # 归档名
ARCHIVE_PATH="${TMP_DIR}/${ARCHIVE_NAME}"
# rclone 目标(一个存放 .tar.gz 的目录)
DST_REMOTE="vaultwarden-crypt:/"
# 日志文件
LOGFILE="/root/app/backup/log/vaultwarden-backup.log"
# ==== 执行区 ====
echo "[`date '+%F %T'`] 开始:打包 ${SRC}" >> "$LOGFILE"
tar czf "$ARCHIVE_PATH" -C "$(dirname "$SRC")" "$(basename "$SRC")"
echo "[`date '+%F %T'`] 上传:${ARCHIVE_NAME} → ${DST_REMOTE}" >> "$LOGFILE"
rclone copy "$ARCHIVE_PATH" "$DST_REMOTE" \
--log-file="$LOGFILE" --log-level=INFO
# 删除本地临时归档
rm -f "$ARCHIVE_PATH"
echo "[`date '+%F %T'`] 本地已清理:${ARCHIVE_PATH}" >> "$LOGFILE"
# ==== 可选:保留最近 N 天的归档 ====
# 比如保留最近 7 天(168h):
echo "[`date '+%F %T'`] 远端清理:删除 7 天前的归档" >> "$LOGFILE"
rclone delete "$DST_REMOTE" \
--min-age 168h \
--log-file="$LOGFILE" --log-level=INFO
echo "[`date '+%F %T'`] 完成备份" >> "$LOGFILE"
root@peng:~/app/backup# chmod +x vaultwarden-backup.sh
root@peng:~/app/backup# ./vaultwarden-backup.sh
# 查看日志
root@peng:~/app/backup/log# tail -100f vaultwarden-backup.log
[2025-07-11 09:12:21] 开始:打包 /root/app/vaultwarden/vw-data
[2025-07-11 09:12:57] 开始:打包 /root/app/vaultwarden/vw-data
[2025-07-11 09:12:57] 上传:backup_2025-07-11_091257.tar.gz → vaultwarden-crypt:/
2025/07/11 09:13:01 INFO : backup_2025-07-11_091257.tar.gz: Copied (new)
2025/07/11 09:13:01 INFO :
Transferred: 1.868 MiB / 1.868 MiB, 100%, 954.083 KiB/s, ETA 0s
Transferred: 1 / 1, 100%
Elapsed time: 2.0s
[2025-07-11 09:13:01] 本地已清理:/root/app/backup/tmp/backup_2025-07-11_091257.tar.gz
[2025-07-11 09:13:01] 远端清理:删除 7 天前的归档
[2025-07-11 09:13:02] 完成备份
还原:
root@peng:~/app/backup# rclone copy vaultwarden-crypt:/backup_2025-07-11_091257.tar.gz ./test
root@peng:~/app/backup# cd test
root@peng:~/app/backup/test# tar -xvpf backup_2025-07-11_091257.tar.gz
vw-data/
vw-data/attachments/
vw-data/rsa_key.pem
vw-data/db_20250703_034408.sqlite3
vw-data/icon_cache/
vw-data/icon_cache/my.frantech.ca.png.miss
.....
root@peng:~/app/backup/test# cd vw-data/
root@peng:~/app/backup/test/vw-data# ls
attachments db_20250703_034408.sqlite3 db.sqlite3 db.sqlite3-shm db.sqlite3-wal icon_cache rsa_key.pem sends tmp
停止vaultwarden应用,将恢复的数据copy到应用数据目录下,重新启动应用看是否可以正常运行。
定时备份
sudo crontab -e
# 添加
0 3 * * * /root/app/backup/vaultwarden-backup.sh