Although Relica offers the fully-managed, highly-available Relica Cloud for reliable off-site backups, you can also back up to different cloud providers or remotes of your own as backends or destinations for your backups. This feature is included with your membership subscription at no extra cost.
Relica currently supports these providers or backends:
- Amazon S3
- Backblaze B2
- Digital Ocean Spaces
- Google Cloud Storage
- Jottacloud
- pCloud (experimental)
- Microsoft Azure Blob Storage
- SFTP (SSH)
- Wasabi
- WebDAV
- REST Server
- Other S3-compatible
When you create a custom cloud destination in Relica, you'll be asked to select the provider or type of backend, give it a name, and specify the necessary configuration and credentials.
Your cloud credentials are stored in our database so that they can be accessed by all the computers on your account and to make restores available via our web interface, but they are encrypted with your encryption password so we cannot read them.
Configuration varies from provider to provider; some fields may even be left blank. Consult your provider's documentation to know which fields to set to access it properly.
Amazon S3
| Field Name | Description |
|---|---|
| Bucket name | The name of the bucket. |
| Sub-directory | The object prefix within the bucket. (optional) |
| ACCESS_KEY_ID | The value of the AWS Access Key ID. |
| SECRET_ACCESS_KEY | The value of the AWS Secret Access Key. |
| REGION | The region to access the bucket. |
If you choose to use a bucket policy on S3, this example policy should allow Relica to work properly (make sure to customize it):
{
"Version": "2012-10-17",
"Id": "RelicaExamplePolicy",
"Statement": [
{
"Sid": "AllowObjectManagement",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::YOUR_IAM"
},
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::BUCKET_NAME/*"
]
},
{
"Sid": "AllowBucketListings",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::YOUR_IAM"
},
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::BUCKET_NAME"
]
}
]
}
Backblaze B2
| Field Name | Description |
|---|---|
| Bucket name | The name of the bucket. |
| Sub-directory | The object prefix within the bucket. (optional) |
| ACCOUNT | The account ID or application key ID. |
| KEY | The API key or application key. |
Application keys must have read+write permissions.
DigitalOcean Spaces
| Field Name | Description |
|---|---|
| Space name | The name of the space. |
| Sub-directory | The object prefix within the bucket. (optional) |
| ACCESS_KEY_ID | The value of the Access Key ID. |
| SECRET_ACCESS_KEY | The value of the Secret Access Key. |
| ENDPOINT | The endpoint with which to communicate with the space. |
Google Cloud Storage
| Field Name | Description |
|---|---|
| Bucket name | The name of the bucket. |
| Sub-directory | The object prefix within the bucket. (optional) |
| LOCATION | The location of the bucket. |
| SERVICE_ACCOUNT_CREDENTIALS | The JSON body that comprises the service account credentials. |
| STORAGE_CLASS | The desired storage class for the objects. |
Jottacloud
| Field Name | Description |
|---|---|
| Remote directory | The remote directory in which to store backups. |
| USER | The username. |
| PASS | The password. |
| MOUNTPOINT | The mountpoint to use. Recommend "Archive". |
pCloud
| Field Name | Description |
|---|---|
| Remote directory | The remote directory in which to store backups. |
| CLIENT_ID | Your client ID. |
| CLIENT_SECRET | Your client secret. You will need to get these credentials from an OAuth flow. |
Microsoft Azure Blob Storage
| Field Name | Description |
|---|---|
| Container name | The name of the blob storage container. |
| Sub-directory | The directory in the container in which to store backups. (optional) |
| ACCOUNT | The blob storage account ID. |
| KEY | One of the blob storage account keys. |
SFTP
Note that shell expansion is not performed in these configurations (i.e. ~ and environment variables and other bash-isms are not recognized).
| Field Name | Description |
|---|---|
| Remote directory | The directory on the remote machine in which to store backups. If relative, is relative to the home directory of the user. |
| HOST | The remote machine's hostname or IP address. |
| USER | The username. |
| KEY_FILE | If logging in with key authentication, the path to the key file. |
| PASS | If logging in with password authentication, the password of the user. |
| PORT | The port to connect on (leave blank for default of 22). |
Wasabi
| Field Name | Description |
|---|---|
| Bucket name | The name of the bucket. |
| Sub-directory | The object prefix with which to store objects. |
| ACCESS_KEY_ID | The IAM user Access Key ID. |
| SECRET_ACCESS_KEY | The IAM user Secret Access Key. |
| ENDPOINT | Should usually be s3.wasabisys.com. |
| REGION | The configured region. |
WebDAV
| Field Name | Description |
|---|---|
| Remote directory | The directory on the remote server in which to store backups. |
| URL | The base URL at which to access the WebDAV server. |
| VENDOR | If using nextcloud, owncloud, or sharepoint, then one of those values. Otherwise, other. |
| USER | The username. |
| PASS | The password. |
| BEARER_TOKEN | To be used in place of a username and password, if applicable. |
REST Server
The REST Server destination type allows you to back up directly to any standard restic rest-server instance. This is ideal for power users who run their own backup server on a NAS, VPS, or home server.
Unlike cloud storage destinations, REST Server uses Restic's native rest: protocol directly, which can provide better performance by eliminating the Rclone adapter layer.
| Field Name | Description |
|---|---|
| Repository Path | A simple name for your backup repository (e.g., mybackup). This becomes the path on the server. |
| URL | The full URL to your rest-server instance (e.g., https://backup.example.com or http://192.168.1.100:8000). |
| USER | The username for authentication (if enabled on the server). |
| PASS | The password for authentication (if enabled on the server). |
Setting up a REST Server
To use this destination type, you need to run a rest-server on your target machine. Here's a quick setup:
# Install rest-server
go install github.com/restic/rest-server/cmd/rest-server@latest
# Run without authentication (local network only!)
rest-server --path /path/to/backups --no-auth --listen :8000
# Run with authentication (recommended for remote access)
htpasswd -B -c /path/to/.htpasswd username
rest-server --path /path/to/backups --htpasswd-file /path/to/.htpasswd --listen :8000
# Run in append-only mode (immutable backups)
rest-server --path /path/to/backups --append-only --listen :8000
Server Modes
- Standard mode: Full read/write access for backups, restores, and pruning.
- Append-only mode: Backups succeed but deletions are blocked (403 Forbidden). Ideal for ransomware protection.
Note: The Repository Path should be a simple name (not a nested path). Most rest-server configurations don't support deeply nested directory structures.
Other S3-compatible
| Field Name | Description |
|---|---|
| Provider Name | The name of the S3-compatible service. |
| Bucket name | The name of the bucket. |
| Sub-directory | The object prefix within the bucket. (optional) |
| ACCESS_KEY_ID | The value of the IAM Access Key ID. |
| SECRET_ACCESS_KEY | The value of the IAM Secret Access Key. |
| REGION | The region to access the bucket. |
| ENDPOINT | The endpoint at which to access the service. |
| STORAGE_CLASS | The desired storage class for the objects. |