The sysutils/restic-rest-server port

restic-rest-server-0.12.1 – REST backend for the restic backup tool (cvsweb github mirror)


Rest Server is a high performance HTTP server that implements restic's REST
backend API.
No homepage


| Running ${PKGSTEM} on OpenBSD

User Authentication

The server uses an .htpasswd file to specify users. You can create such a file
at the root of the persistence directory (/var/restic by default) by executing
the following command. In order to append new user to the file, just omit the
-c argument.

  # su -l -s/bin/sh _restic
  $ htpasswd .htpasswd username


By default the server uses HTTP protocol. This is not very secure since with
Basic Authentication, username and passwords will travel in cleartext in every
request. In order to enable TLS support, add the --tls argument. By default
the server will read files named "public_key" and "private_key" at the root
of your persistence directory. The location can be changed with the flags
--tls-cert and --tls-key (they must be readable by the _restic user).

The above arguments can be set by using rcctl(8):

  rcctl enable restic_rest_server
  rcctl set restic_rest_server flags --tls --path /var/restic

You can either use a certificate signed by a standard CA, or generate a
self-signed certificate with the following commands:

  openssl genrsa -out private_key 4096
  openssl req -new -x509 -key private_key -out public_key -days 365

The restic backend normally validates certificates using the system
CA store in /etc/ssl/cert.pem; if using a self-signed certificate, point
the restic backend at a copy of the certificate using the --cacert option.


Stuart Henderson

Only for arches

aarch64 amd64 arm i386 riscv64


lang/go sysutils

Build dependencies