This restores a backup from an Offen backup tar file.

Assumptions

• The docker compose file is in a directory: /srv/docker/<project name>
• The name of the Offen service in the compose file is: <project name>-backup

The Script

Usage: restore-backup.sh <folder in /srv/docker> <volume name> <backup file path>

Example: ./restore-backup.sh n8n n8n_n8n_data ../n8n/backup-2025-12-26T00-00-00.tar.gz

# Save the script dir for later when we need to reference the expanded backup files
script_dir=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd)

# Restore the specified backup to a temp directory
rm -rf ./tmp
mkdir tmp

tar -C ./tmp/ -xvf "$3"

# Create a backup of the current state
cd /srv/docker/$1
docker exec $1-backup backup
docker compose down

# Delete the volume contents
docker run --rm -v $2:/data/ alpine /bin/sh -c "rm -rf /data/*"

# Create a container to copy the files to the backup data to the Docker volume

# Map the volume to the backup_restore folder of the alpine container.
docker run -d --name temp_backup_restore -v $2:/backup_restore alpine

# Copy the backup contents to the backup_restore folder which then writes to the Docker volume.
docker cp $script_dir/tmp/backup/my-app-backup/. temp_backup_restore:/backup_restore

# Clean up
docker stop temp_backup_restore
docker rm temp_backup_restore

# Start containers
docker compose up -d

Note: I don’t know why Offen uses the “my-app-backup” folder in the backup path. I don’t set that anywhere in my Docker compose file or the Offen config file. This might be different for you.

To map an SMB share on a Mac via the terminal:

1. Create a new folder to act as the mount point. This is essentially a proxy for the folder on the remote machine.

mkdir ~/share-home

2. Enter this command to link the new folder to the share.

mount -t smbfs //user@share-host/share-name ~/share-home

• user: your SMB user name on the machine hosting the SMB share.
• share-host : The IP address or network name of the SMB host machine.
• share-name : The name of the SMB share.
• ~/share-home : The name of the folder we created in step 1.

After that you can access the files in the share from the folder created in step 1. Note that this is temporary and will not persist after a reboot.

Secure Your Docker Port Mappings

When using Docker, a standard port mapping like 3000:3000 links the host machine’s port to the container’s port. This makes your application accessible to anyone on your network via the host’s IP (e.g., http://192.168.44.123:3000).

Restricting Access with a Reverse Proxy

If you use a reverse proxy to provide a clean URL like https://application.your-domain.com, you likely want to disable direct IP access for better security.

To prevent outside traffic from bypassing your proxy, restrict the port mapping to the local loopback address. Change your mapping from: 3000:3000 to: 127.0.0.1:3000:3000

Here’s how I use Comentario with Caddy.

Comentario docker-compose.yml file:

services:
  comentario-db:
    image: postgres:17-alpine
    container_name: comentario-db
    environment:
      POSTGRES_DB: comentario
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    volumes:
      - ./db:/var/lib/postgresql/data
    restart: always
    networks:
      - caddy

  comentario:
    image: registry.gitlab.com/comentario/comentario
    container_name: comentario
    environment:
      BASE_URL: https://comments.yourdomain.com/
      SECRETS_FILE: "/secrets.yaml"
    volumes:
      - ./secrets.yaml:/secrets.yaml:ro
    restart: always
    depends_on:
      - comentario-db
    networks:
      - caddy
networks:
  caddy:
    external: true

Here’s the Caddyfile entry:

I use Caddy on my VPS because:

• It’s simple to set up. No UI, just a config file.
• It’s perfectly happy to run in a Docker container. I try to run everything as a Docker container. Makes things super simple to set up and update.
• It automatically obtains SSL certificates from Let’s Encrypt. All the other popular open source reverse proxies do this too, nevertheless it’s a nice feature.

Docker Compose Setup

1. Create a Docker network to make mapping applications easier (see the Caddyfile explanation below). You’ll want to use this same network in any application hosted in Docker containers that use Caddy.