zerobyte/apps/docs/content/docs/concepts/volumes.mdx
ivenos 38b49debb1
Rename docker-compose.yml to compose.yaml
Aligns the project with the current Compose Specification, which
designates compose.yaml as the canonical filename and treats the
docker-compose.yml name as a legacy fallback.

Renames every compose file in the repo (the root dev/e2e stack, the
deployment examples under examples/, and the integration-test infra
stack) and updates all documentation, the integration test runner, the
capability hint messages, and the .gitattributes pattern accordingly.
No top-level version field was present to remove.

Functional behavior is unchanged: docker compose discovers either
filename, so existing deployments are not affected by the rename.

Reference: https://docs.docker.com/compose/intro/compose-application-model/
2026-06-02 21:09:47 +02:00

303 lines
12 KiB
Text

---
title: Volumes
description: Understand volume types, mounting, and how Zerobyte connects to your data sources
---
Volumes are the data sources you want to protect with Zerobyte. Each volume represents a filesystem, such as a local directory, a network share, or a remote storage location, that Zerobyte mounts and reads from when running backups.
## What are volumes?
A volume tells Zerobyte *where* your data lives. When you create a volume, you provide connection details (a path, a server address, credentials) and Zerobyte takes care of mounting that filesystem, monitoring its health, and making it available to your backup jobs.
Volumes support a range of protocols, from simple local directories to NFS shares, Windows/Samba file servers, WebDAV endpoints, SFTP connections, and cloud storage via rclone. Once a volume is mounted, you can browse its contents directly in the UI, assign it to one or more backup jobs, and let Zerobyte handle the rest.
<Callout type="warn">
Mounted remote volumes can expose translated metadata instead of the source system's original ownership and ACL model. Before relying on NFS, SMB, WebDAV, SFTP, or rclone volumes for metadata-sensitive backups, read [Mounted Shares, ACLs, and Metadata Fidelity](/docs/guides/mounted-shares-and-acls).
</Callout>
## Supported volume types
Zerobyte supports six volume types. Each one is configured through the web UI when you create or edit a volume.
<Tabs items={["Directory", "NFS", "SMB/CIFS", "WebDAV", "SFTP", "Rclone"]}>
<Tab value="Directory">
### Directory (local)
A local directory on the host machine, mounted into the Zerobyte container via your `compose.yaml` file.
**Use cases:**
- Backing up application data, configuration files, or databases on the host
- Testing backup configurations before adding remote volumes
- Protecting Docker volume data or bind-mounted directories
**Form fields:**
- **Name**, a descriptive label for this volume
- **Path**, the path *inside the container* where the directory is mounted (e.g., `/data`)
<Callout type="info">
You must first mount the host directory into the Zerobyte container by adding it to the `volumes` section of your `compose.yaml`. For example, to back up `/home/user/photos` on the host, add `- /home/user/photos:/photos:ro` to your compose file, restart the container, then create a Directory volume in the UI with the path `/photos`.
</Callout>
</Tab>
<Tab value="NFS">
### NFS (Network File System)
Mount NFS exports from a NAS, file server, or any system that shares directories over the NFS protocol.
**Use cases:**
- Backing up NAS devices (Synology, QNAP, TrueNAS, etc.)
- Enterprise file server protection
- Shared storage in Linux environments
**Form fields:**
- **Name**, a descriptive label for this volume
- **Server**, hostname or IP address of the NFS server
- **Export Path**, the exported directory on the server (e.g., `/volume1/data`)
- **NFS Version**, protocol version: `3`, `4`, or `4.1`
- **Port**, NFS port (default: `2049`)
- **Read Only**, mount the share in read-only mode
<Callout type="warn">
NFS volumes require the `SYS_ADMIN` capability in your Docker container configuration. See the [Installation guide](/docs/installation) for details on enabling `cap_add: [SYS_ADMIN]`.
</Callout>
</Tab>
<Tab value="SMB/CIFS">
### SMB/CIFS
Connect to Windows file shares or Samba servers using the SMB/CIFS protocol.
**Use cases:**
- Windows file server backups
- Samba shares on Linux or NAS devices
- Active Directory-integrated storage
**Form fields:**
- **Name**, a descriptive label for this volume
- **Server**, hostname or IP address of the SMB server
- **Share**, name of the shared folder (e.g., `documents`)
- **Guest Mode**, enable unauthenticated access if the share allows it
- **Username**, account used to connect when guest mode is disabled
- **Password**, account password when guest mode is disabled
- **Domain**, Windows domain (optional)
- **SMB Version**, protocol version: `1.0`, `2.0`, `2.1`, or `3.0`
- **Port**, SMB port (default: `445`)
- **Read Only**, mount the share in read-only mode
<Callout type="info">
Guest access is supported through the **Guest Mode** option.
</Callout>
<Callout type="warn">
SMB volumes require the `SYS_ADMIN` capability in your Docker container configuration. See the [Installation guide](/docs/installation) for setup details.
</Callout>
</Tab>
<Tab value="WebDAV">
### WebDAV
Mount storage over HTTP/HTTPS using the WebDAV protocol. This is a common option for self-hosted cloud platforms.
**Use cases:**
- Nextcloud or ownCloud instances
- Web-based file storage services
- Any server that exposes a WebDAV endpoint
**Form fields:**
- **Name**, a descriptive label for this volume
- **Server**, hostname or IP of the WebDAV server
- **Path**, path on the server (e.g., `/remote.php/dav/files/username`)
- **Username**, WebDAV account username (optional)
- **Password**, WebDAV account password (optional)
- **Port**, server port (e.g., `443` for HTTPS)
- **SSL**, enable HTTPS connection
- **Read Only**, mount in read-only mode
<Callout type="warn">
WebDAV volumes require the `SYS_ADMIN` capability in your Docker container configuration. See the [Installation guide](/docs/installation) for setup details.
</Callout>
</Tab>
<Tab value="SFTP">
### SFTP (SSH File Transfer Protocol)
Mount remote directories over SSH. Supports both password-based and private key authentication.
**Use cases:**
- Remote Linux server backups
- VPS data protection
- Any SSH-accessible storage
**Form fields:**
- **Name**, a descriptive label for this volume
- **Host**, hostname or IP of the SSH server
- **Port**, SSH port (default: `22`)
- **Username**, SSH account username
- **Password**, password authentication (optional if using a private key)
- **Private Key**, SSH private key authentication (optional if using a password)
- **Path**, directory path on the remote server
- **Skip Host Key Verification**, disable host key checking (not recommended for production)
- **Known Hosts**, required unless host key verification is skipped
- **Read Only**, mount in read-only mode
<Callout type="warn">
SFTP volumes require both the `SYS_ADMIN` capability and access to `/dev/fuse` in your Docker container configuration. See the [Installation guide](/docs/installation) for setup details.
</Callout>
</Tab>
<Tab value="Rclone">
### Rclone (40+ cloud providers)
Access cloud storage from providers like Google Drive, Dropbox, OneDrive, Backblaze B2, and many more through rclone.
**Use cases:**
- Backing up data stored in cloud services to an encrypted repository
- Consolidating data from multiple cloud providers
- Accessing specialized storage backends not natively supported
**Form fields:**
- **Name**, a descriptive label for this volume
- **Remote**, the rclone remote name as defined in your rclone configuration (e.g., `gdrive`)
- **Path**, path within the remote (e.g., `/documents`)
- **Read Only**, mount in read-only mode
<Callout type="info">
Rclone must be configured on your host first, and the configuration directory must be mounted into the Zerobyte container. See the [Installation guide](/docs/installation#mounting-rclone-configuration) for instructions on mounting your rclone config.
</Callout>
<Callout type="warn">
Rclone volumes require both the `SYS_ADMIN` capability and access to `/dev/fuse` in your Docker container configuration.
</Callout>
</Tab>
</Tabs>
## Volume status
Every volume is in one of three states, visible at a glance in the Volumes list.
<Steps>
<Step>
### Mounted
The volume is connected and accessible. Backup jobs can read from this volume.
</Step>
<Step>
### Unmounted
The volume exists in Zerobyte but is not currently connected. Backups that depend on this volume will not run until it is mounted again.
</Step>
<Step>
### Error
Something went wrong, the mount failed, the network is unreachable, or credentials were rejected. The volume detail view shows the specific error message. If auto-remount is enabled, Zerobyte will attempt to recover automatically.
</Step>
</Steps>
## Auto-remount
Auto-remount is enabled by default for every volume. When a mounted volume enters an error state (for example, due to a temporary network outage or a server restart), Zerobyte automatically attempts to re-establish the connection without any manual action.
This is especially valuable for network-based volume types (NFS, SMB, WebDAV, SFTP, Rclone) where transient connectivity issues are common. Auto-remount ensures your scheduled backups continue to run even after brief disruptions.
You can disable auto-remount for any volume if you prefer to handle reconnections manually.
## File browsing
Once a volume is mounted, you can browse its contents directly from the Zerobyte web interface. File browsing lets you:
- Verify that the volume mounted correctly and points to the expected data
- Explore the directory structure to identify paths you want to include or exclude in your backup jobs
- Confirm that the files and folders you need to protect are accessible
This is a read-only view of the volume's contents, browsing does not modify any files.
## Read-only mode
All six volume types support mounting in read-only mode. When enabled, Zerobyte can still read and back up files, but write operations are blocked at the filesystem level.
<Callout type="info">
Read-only mode adds an extra layer of safety when backing up production data. It guarantees that the backup process cannot accidentally modify or delete source files.
</Callout>
## Credential security
Sensitive fields, such as passwords, private keys, and other secrets, are encrypted before they are stored. Zerobyte never saves credentials in plain text.
Provisioned volumes also support secret references:
- **`env://VARIABLE_NAME`**, resolves the value from an environment variable set in your `compose.yaml` during provisioning
- **`file://secret_name`**, resolves the value from a Docker secrets file at `/run/secrets/secret_name` during provisioning
During provisioning, Zerobyte resolves these references on startup and stores the resolved value encrypted in the database.
The regular volume form in the UI currently expects the actual credential value. Entering `env://...` or `file://...` there will not resolve it at runtime.
<Callout type="info">
For a complete walkthrough of managing secrets through environment variables, Docker secrets, and provisioning files, see the [Provisioning guide](/docs/guides/provisioning).
</Callout>
## Best practices
<Accordions>
<Accordion title="Name volumes descriptively">
Use names that clearly identify what data the volume contains and where it comes from. Good examples:
- `production-database-dumps`
- `customer-uploads-nfs`
- `accounting-smb-share`
Avoid generic names like `volume1` or `backup`, they become confusing as you add more volumes.
</Accordion>
<Accordion title="Enable auto-remount for network volumes">
Network shares can experience transient failures from server restarts, brief network outages, or DNS hiccups. Keep auto-remount enabled so Zerobyte recovers on its own and your scheduled backups are not disrupted.
</Accordion>
<Accordion title="Use read-only mode when possible">
Mounting volumes in read-only mode prevents any chance of the backup process modifying source data. This is especially important for:
- Live production systems
- Archive or compliance data
- Shared storage used by multiple applications
</Accordion>
<Accordion title="Monitor volume health">
A volume in error state will cause its associated backup jobs to fail. Check the Volumes list regularly. Catching mount issues early prevents gaps in your backup coverage.
</Accordion>
</Accordions>
## Next steps
<Cards>
<Card title="Repositories" href="/docs/concepts/repositories">
Learn about encrypted storage destinations where your backup snapshots are kept
</Card>
<Card title="Backups" href="/docs/concepts/backups">
Configure backup jobs that connect your volumes to repositories with scheduling and retention
</Card>
</Cards>
import { Step, Steps } from "fumadocs-ui/components/steps";
import { Accordion, Accordions } from "fumadocs-ui/components/accordion";
import { Tab, Tabs } from "fumadocs-ui/components/tabs";