Crashplan Docker Install

Crashplan Pro (For Small Business) is now the only consumer level option for crashplan.

Reference

Ports

Crashplan Pro Ports

Port

Protocol

Type

Purpose

5800

TCP

EXPOSED

GUI web interface

5900

TCP

EXPOSED

GUI via VNC

Updated: None

Files

Crashplan Pro Files

Location

Purpose

/config/var

Crashplan identity certs

/storage

Default map for backup location

Updated: None

Docker Creation

If first-run, just launch the docker container to generate the correct configuration directory structure, afterwards you can stop and inject your current certificates into the configuration directory.

  • Crashplan should run as root to be able to read/backup all files.

  • /storage is the default location; however, you can mount any directory as long as it doesn’t overwrite docker image directories. /data is free to use.

  • / is mapped to /root-mount to enable backup of any files on / for the host that also exist in the docker image.

  • Map your backup drives as read only.

Docker Compose.
crashplan:
  image: jlesage/crashplan-pro:latest
  restart: unless-stopped
  environment:
    - GROUP_ID=0
    - KEEP_APP_RUNNING=1
    - SECURE_CONNECTION=1
    - TZ=America/Los_Angeles
    - USER_ID=0
  volumes:
    - /:/root-mount:ro
    - /data/services/crashplan:/config:rw
    - /data:/data:ro
    - /etc/localtime:/etc/localtime:ro

  • Proxy will forward traffic to the container, so no ports need to be exposed.

Reverse Proxy Setup

Allows you to isolate your containers as well as wrap connections in SSL. See NGINX for more details. See Setup Base Proxy Control for basic proxy configuration.

Using Subdomains

0644 root root nginx/conf.d/reverse-proxy.conf
# Websockets: remap http_upgrade to 'upgrade' or 'close' based on
# connection_upgrade being set.
map $http_upgrade $connection_upgrade {
    default                     upgrade;
    ''                          close;
}

server {
  listen                        443 ssl http2;
  server_name                   crashplan.{DOMAIN} crashplan;

  location / {
    proxy_pass                  https://crashplan:5800/;
    include                     /etc/nginx/conf.d/proxy-control.conf;
  }

  location /websockify {
    proxy_pass                  https://crashplan:5800;
    include                     /etc/nginx/conf.d/proxy-control.conf;
    proxy_set_header Upgrade    $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
  }
}

Reference

Using Subpaths

0644 root root nginx/conf.d/reverse-proxy.conf
# Websockets: remap http_upgrade to 'upgrade' or 'close' based on
# connection_upgrade being set.
map $http_upgrade $connection_upgrade {
  default                         upgrade;
  ''                              close;
}

server {
  listen                          443 ssl http2;

  location /crashplan/ {
    proxy_pass                    https://crashplan:5800/;
    include                       /etc/nginx/conf.d/proxy-control.conf;
  }

  location /crashplan/websockify {
    proxy_pass                    https://crashplan:5800/websockify/;
    include                       /etc/nginx/conf.d/proxy-control.conf;
    proxy_set_header Upgrade      $http_upgrade;
    proxy_set_header Connection   $connection_upgrade;
  }
}

  • Ensure HTTP or HTTPS for underlying service, depending on whether you are running it in the container (SECURE_CONNECTION=).

  • If a black screen occurs, remove image and pull a new one. Ensure multiple containers are not running.

  • The docker container uses websockets for the built in GUI display.

Reference

Initial Setup

Stop crashplan to configure service.
docker-compose stop crashplan

Add Existing Certs

If you have a current crashplan installation, you can copy your crashplan identity to /config/var.

0750 root root /config/var
.identity
service.pem
.ui_info

Increase inotify limits to prevent warnings, see: Inotify Limits.

Import existing backup configuration with Backup Set Adoption.