4 The command-line client for `Proxmox Backup`_ Server is called
5 :command:`proxmox-backup-client`.
9 Backup Repository Locations
10 ---------------------------
12 The client uses the following format to specify a datastore repository
13 on the backup server (where username is specified in the form of user@realm):
15 [[username@]server[:port]:]datastore
17 The default value for ``username`` is ``root@pam``. If no server is specified,
18 the default is the local host (``localhost``).
20 You can specify a port if your backup server is only reachable on a non-default
21 port (for example, with NAT and port forwarding configurations).
23 Note that if the server uses an IPv6 address, you have to write it with square
24 brackets (for example, `[fe80::01]`).
26 You can pass the repository with the ``--repository`` command-line option, or
27 by setting the ``PBS_REPOSITORY`` environment variable.
29 Below are some examples of valid repositories and their corresponding real
32 ================================ ================== ================== ===========
33 Example User Host:Port Datastore
34 ================================ ================== ================== ===========
35 mydatastore ``root@pam`` localhost:8007 mydatastore
36 myhostname:mydatastore ``root@pam`` myhostname:8007 mydatastore
37 user@pbs@myhostname:mydatastore ``user@pbs`` myhostname:8007 mydatastore
38 user\@pbs!token@host:store ``user@pbs!token`` host:8007 store
39 192.168.55.55:1234:mydatastore ``root@pam`` 192.168.55.55:1234 mydatastore
40 [ff80::51]:mydatastore ``root@pam`` [ff80::51]:8007 mydatastore
41 [ff80::51]:1234:mydatastore ``root@pam`` [ff80::51]:1234 mydatastore
42 ================================ ================== ================== ===========
48 The default backup repository.
51 When set, this value is used as the password for the backup server.
52 You can also set this to an API token secret.
54 ``PBS_PASSWORD_FD``, ``PBS_PASSWORD_FILE``, ``PBS_PASSWORD_CMD``
55 Like ``PBS_PASSWORD``, but read data from an open file descriptor, a file
56 name or from the `stdout` of a command, respectively. The first defined
57 environment variable from the order above is preferred.
59 ``PBS_ENCRYPTION_PASSWORD``
60 When set, this value is used to access the secret encryption key (if
61 protected by password).
63 ``PBS_ENCRYPTION_PASSWORD_FD``, ``PBS_ENCRYPTION_PASSWORD_FILE``, ``PBS_ENCRYPTION_PASSWORD_CMD``
64 Like ``PBS_ENCRYPTION_PASSWORD``, but read data from an open file descriptor,
65 a file name or from the `stdout` of a command, respectively. The first
66 defined environment variable from the order above is preferred.
69 When set, this value is used to verify the server certificate (only used if
70 the system CA certificates cannot validate the certificate).
73 When set, the client uses the specified HTTP proxy for all connections to the
74 backup server. Currently only HTTP proxies are supported. Valid proxy
75 configurations have the following format:
76 `[http://][user:password@]<host>[:port]`. Default `port` is 1080, if not
80 .. Note:: The recommended solution for shielding hosts is using tunnels such as
81 wireguard, instead of using an HTTP proxy.
84 .. Note:: Passwords must be valid UTF-8 and may not contain newlines. For your
85 convenience, Proxmox Backup Server only uses the first line as password, so
86 you can add arbitrary comments after the first newline.
92 .. include:: output-format.rst
95 .. _client_creating_backups:
100 This section explains how to create a backup from within the machine. This can
101 be a physical host, a virtual machine, or a container. Such backups may contain
102 file and image archives. There are no restrictions in this case.
104 .. Note:: If you want to backup virtual machines or containers on Proxmox VE,
105 see :ref:`pve-integration`.
107 For the following example, you need to have a backup server set up, have working
108 credentials, and know the repository name.
109 In the following examples, we use ``backup-server:store1``.
111 .. code-block:: console
113 # proxmox-backup-client backup root.pxar:/ --repository backup-server:store1
114 Starting backup: host/elsa/2019-12-03T09:35:01Z
116 skip mount point: "/boot/efi"
117 skip mount point: "/dev"
118 skip mount point: "/run"
119 skip mount point: "/sys"
120 Uploaded 12129 chunks in 87 seconds (564 MB/s).
121 End Time: 2019-12-03T10:36:29+01:00
123 This will prompt you for a password, then upload a file archive named
124 ``root.pxar`` containing all the files in the ``/`` directory.
126 .. Caution:: Please note that proxmox-backup-client does not
127 automatically include mount points. Instead, you will see a short
128 ``skip mount point`` message for each of them. The idea is to
129 create a separate file archive for each mounted disk. You can
130 explicitly include them using the ``--include-dev`` option
131 (i.e. ``--include-dev /boot/efi``). You can use this option
132 multiple times for each mount point that should be included.
134 The ``--repository`` option can get quite long and is used by all commands. You
135 can avoid having to enter this value by setting the environment variable
136 ``PBS_REPOSITORY``. Note that if you would like this to remain set over
137 multiple sessions, you should instead add the below line to your ``.bashrc``
140 .. code-block:: console
142 # export PBS_REPOSITORY=backup-server:store1
144 After this, you can execute all commands without having to specify the
145 ``--repository`` option.
147 A single backup is allowed to contain more than one archive. For example, if
148 you want to back up two disks mounted at ``/mnt/disk1`` and ``/mnt/disk2``:
150 .. code-block:: console
152 # proxmox-backup-client backup disk1.pxar:/mnt/disk1 disk2.pxar:/mnt/disk2
154 This creates a backup of both disks.
156 If you want to use a namespace for the backup target, you can add the `--ns`
159 .. code-block:: console
161 # proxmox-backup-client backup disk1.pxar:/mnt/disk1 disk2.pxar:/mnt/disk2 --ns a/b/c
163 The backup command takes a list of backup specifications, which include the
164 archive name on the server, the type of the archive, and the archive source at
165 the client. The format is:
167 <archive-name>.<type>:<source-path>
169 Common types are ``.pxar`` for file archives and ``.img`` for block
170 device images. To create a backup of a block device, run the following command:
172 .. code-block:: console
174 # proxmox-backup-client backup mydata.img:/dev/mylvm/mydata
177 Excluding Files/Directories from a Backup
178 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
180 Sometimes it is desired to exclude certain files or directories from a backup
181 archive. To tell the Proxmox Backup client when and how to ignore files and
182 directories, place a text file named ``.pxarexclude`` in the filesystem
183 hierarchy. Whenever the backup client encounters such a file in a directory,
184 it interprets each line as a glob match pattern for files and directories that
185 are to be excluded from the backup.
187 The file must contain a single glob pattern per line. Empty lines and lines
188 starting with ``#`` (indicating a comment) are ignored.
189 A ``!`` at the beginning of a line reverses the glob match pattern from an
190 exclusion to an explicit inclusion. This makes it possible to exclude all
191 entries in a directory except for a few single files/subdirectories.
192 Lines ending in ``/`` match only on directories.
193 The directory containing the ``.pxarexclude`` file is considered to be the root
194 of the given patterns. It is only possible to match files in this directory and
197 .. Note:: Patterns without a leading ``/`` will also match in subdirectories,
198 while patterns with a leading ``/`` will only match in the current directory.
200 ``\`` is used to escape special glob characters.
201 ``?`` matches any single character.
202 ``*`` matches any character, including an empty string.
203 ``**`` is used to match current directory and subdirectories. For example, with
204 the pattern ``**/*.tmp``, it would exclude all files ending in ``.tmp`` within
205 a directory and its subdirectories.
206 ``[...]`` matches a single character from any of the provided characters within
207 the brackets. ``[!...]`` does the complementary and matches any single
208 character not contained within the brackets. It is also possible to specify
209 ranges with two characters separated by ``-``. For example, ``[a-z]`` matches
210 any lowercase alphabetic character, and ``[0-9]`` matches any single digit.
212 The order of the glob match patterns defines whether a file is included or
213 excluded, that is to say, later entries override earlier ones.
214 This is also true for match patterns encountered deeper down the directory
215 tree, which can override a previous exclusion.
217 .. Note:: Excluded directories will **not** be read by the backup client. Thus,
218 a ``.pxarexclude`` file in an excluded subdirectory will have no effect.
219 ``.pxarexclude`` files are treated as regular files and will be included in
222 For example, consider the following directory structure:
224 .. code-block:: console
228 . .. .pxarexclude subfolder0 subfolder1
231 . .. file0 file1 file2 file3 .pxarexclude
234 . .. file0 file1 file2 file3
236 The different ``.pxarexclude`` files contain the following:
238 .. code-block:: console
240 # cat folder/.pxarexclude
245 .. code-block:: console
247 # cat folder/subfolder0/.pxarexclude
250 This would exclude ``file1`` and ``file3`` in ``subfolder0`` and all of
251 ``subfolder1`` except ``file2``.
253 Restoring this backup will result in:
255 .. code-block:: console
259 . .. .pxarexclude subfolder0 subfolder1
262 . .. file0 file2 .pxarexclude
268 .. _client_encryption:
273 Proxmox Backup supports client-side encryption with AES-256 in GCM_
274 mode. To set this up, you first need to create an encryption key:
276 .. code-block:: console
278 # proxmox-backup-client key create my-backup.key
279 Encryption Key Password: **************
281 The key is password protected by default. If you do not need this
282 extra protection, you can also create it without a password:
284 .. code-block:: console
286 # proxmox-backup-client key create /path/to/my-backup.key --kdf none
288 Having created this key, it is now possible to create an encrypted backup, by
289 passing the ``--keyfile`` parameter, with the path to the key file.
291 .. code-block:: console
293 # proxmox-backup-client backup etc.pxar:/etc --keyfile /path/to/my-backup.key
295 Encryption Key Password: **************
298 .. Note:: If you do not specify the name of the backup key, the key will be
299 created in the default location
300 ``~/.config/proxmox-backup/encryption-key.json``. ``proxmox-backup-client``
301 will also search this location by default, in case the ``--keyfile``
302 parameter is not specified.
304 You can avoid entering the passwords by setting the environment
305 variables ``PBS_PASSWORD`` and ``PBS_ENCRYPTION_PASSWORD``.
308 Using a Master Key to Store and Recover Encryption Keys
309 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
311 You can also use ``proxmox-backup-client key`` to create an RSA public/private
312 key pair, which can be used to store an encrypted version of the symmetric
313 backup encryption key alongside each backup and recover it later.
315 To set up a master key:
317 1. Create an encryption key for the backup:
319 .. code-block:: console
321 # proxmox-backup-client key create
322 creating default key at: "~/.config/proxmox-backup/encryption-key.json"
323 Encryption Key Password: **********
326 The resulting file will be saved to ``~/.config/proxmox-backup/encryption-key.json``.
328 2. Create an RSA public/private key pair:
330 .. code-block:: console
332 # proxmox-backup-client key create-master-key
333 Master Key Password: *********
336 This will create two files in your current directory, ``master-public.pem``
337 and ``master-private.pem``.
339 3. Import the newly created ``master-public.pem`` public certificate, so that
340 ``proxmox-backup-client`` can find and use it upon backup.
342 .. code-block:: console
344 # proxmox-backup-client key import-master-pubkey /path/to/master-public.pem
345 Imported public master key to "~/.config/proxmox-backup/master-public.pem"
347 4. With all these files in place, run a backup job:
349 .. code-block:: console
351 # proxmox-backup-client backup etc.pxar:/etc
353 The key will be stored in your backup, under the name ``rsa-encrypted.key``.
355 .. Note:: The ``--keyfile`` parameter can be excluded, if the encryption key
356 is in the default path. If you specified another path upon creation, you
357 must pass the ``--keyfile`` parameter.
359 5. To test that everything worked, you can restore the key from the backup:
361 .. code-block:: console
363 # proxmox-backup-client restore /path/to/backup/ rsa-encrypted.key /path/to/target
365 .. Note:: You should not need an encryption key to extract this file. However, if
366 a key exists at the default location
367 (``~/.config/proxmox-backup/encryption-key.json``) the program will prompt
368 you for an encryption key password. Simply moving ``encryption-key.json``
369 out of this directory will fix this issue.
371 6. Then, use the previously generated master key to decrypt the file:
373 .. code-block:: console
375 # proxmox-backup-client key import-with-master-key /path/to/target --master-keyfile /path/to/master-private.pem --encrypted-keyfile /path/to/rsa-encrypted.key
376 Master Key Password: ******
378 Verify Password: ******
380 7. The target file will now contain the encryption key information in plain
381 text. The success of this can be confirmed by passing the resulting ``json``
382 file, with the ``--keyfile`` parameter, when decrypting files from the backup.
384 .. warning:: Without their key, backed up files will be inaccessible. Thus, you should
385 keep keys ordered and in a place that is separate from the contents being
386 backed up. It can happen, for example, that you back up an entire system, using
387 a key on that system. If the system then becomes inaccessible for any reason
388 and needs to be restored, this will not be possible, as the encryption key will be
389 lost along with the broken system.
391 It is recommended that you keep your master key safe, but easily accessible, in
392 order for quick disaster recovery. For this reason, the best place to store it
393 is in your password manager, where it is immediately recoverable. As a backup to
394 this, you should also save the key to a USB flash drive and store that in a secure
395 place. This way, it is detached from any system, but is still easy to recover
396 from, in case of emergency. Finally, in preparation for the worst case scenario,
397 you should also consider keeping a paper copy of your master key locked away in
398 a safe place. The ``paperkey`` subcommand can be used to create a QR encoded
399 version of your master key. The following command sends the output of the
400 ``paperkey`` command to a text file, for easy printing.
402 .. code-block:: console
404 proxmox-backup-client key paperkey --output-format text > qrkey.txt
410 The regular creation of backups is a necessary step in avoiding data loss. More
411 importantly, however, is the restoration. It is good practice to perform
412 periodic recovery tests to ensure that you can access the data in case of
415 First, you need to find the snapshot which you want to restore. The snapshot
416 list command provides a list of all the snapshots on the server:
418 .. code-block:: console
420 # proxmox-backup-client snapshot list
421 ┌────────────────────────────────┬─────────────┬────────────────────────────────────┐
422 │ snapshot │ size │ files │
423 ╞════════════════════════════════╪═════════════╪════════════════════════════════════╡
424 │ host/elsa/2019-12-03T09:30:15Z │ 51788646825 │ root.pxar catalog.pcat1 index.json │
425 ├────────────────────────────────┼─────────────┼────────────────────────────────────┤
426 │ host/elsa/2019-12-03T09:35:01Z │ 51790622048 │ root.pxar catalog.pcat1 index.json │
427 ├────────────────────────────────┼─────────────┼────────────────────────────────────┤
431 .. tip:: List will by default only output the backup snapshots of the root
432 namespace itself. To list backups from another namespace use the ``--ns
435 You can inspect the catalog to find specific files.
437 .. code-block:: console
439 # proxmox-backup-client catalog dump host/elsa/2019-12-03T09:35:01Z
441 d "./root.pxar.didx/etc/cifs-utils"
442 l "./root.pxar.didx/etc/cifs-utils/idmap-plugin"
443 d "./root.pxar.didx/etc/console-setup"
446 The restore command lets you restore a single archive from the
449 .. code-block:: console
451 # proxmox-backup-client restore host/elsa/2019-12-03T09:35:01Z root.pxar /target/path/
453 To get the contents of any archive, you can restore the ``index.json`` file in the
454 repository to the target path '-'. This will dump the contents to the standard output.
456 .. code-block:: console
458 # proxmox-backup-client restore host/elsa/2019-12-03T09:35:01Z index.json -
464 If you only want to restore a few individual files, it is often easier
465 to use the interactive recovery shell.
467 .. code-block:: console
469 # proxmox-backup-client catalog shell host/elsa/2019-12-03T09:35:01Z root.pxar
470 Starting interactive shell
472 bin boot dev etc home lib lib32
475 The interactive recovery shell is a minimal command-line interface that
476 utilizes the metadata stored in the catalog to quickly list, navigate and
477 search for files in a file archive.
478 To restore files, you can select them individually or match them with a glob
481 Using the catalog for navigation reduces the overhead considerably because only
482 the catalog needs to be downloaded and, optionally, decrypted.
483 The actual chunks are only accessed if the metadata in the catalog is
484 insufficient or for the actual restore.
486 Similar to common UNIX shells, ``cd`` and ``ls`` are the commands used to change
487 working directory and list directory contents in the archive.
488 ``pwd`` shows the full path of the current working directory with respect to the
491 The ability to quickly search the contents of the archive is a commonly required
492 feature. That's where the catalog is most valuable. For example:
494 .. code-block:: console
496 pxar:/ > find etc/**/*.txt --select
498 pxar:/ > list-selected
500 pxar:/ > restore-selected /target/path
503 This will find and print all files ending in ``.txt`` located in ``etc/`` or its
504 subdirectories, and add the corresponding pattern to the list for subsequent restores.
505 ``list-selected`` shows these patterns and ``restore-selected`` finally restores
506 all files in the archive matching the patterns to ``/target/path`` on the local
507 host. This will scan the whole archive.
509 The ``restore`` command can be used to restore all the files contained within
510 the backup archive. This is most helpful when paired with the ``--pattern
511 <glob>`` option, as it allows you to restore all files matching a specific
512 pattern. For example, if you wanted to restore configuration files
513 located in ``/etc``, you could do the following:
515 .. code-block:: console
517 pxar:/ > restore target/ --pattern etc/**/*.conf
520 The above will scan through all the directories below ``/etc`` and restore all
521 files ending in ``.conf``.
523 .. todo:: Explain interactive restore in more detail
525 Mounting of Archives via FUSE
526 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
528 The :term:`FUSE` implementation for the pxar archive allows you to mount a
529 file archive as a read-only filesystem to a mount point on your host.
531 .. code-block:: console
533 # proxmox-backup-client mount host/backup-client/2020-01-29T11:29:22Z root.pxar /mnt/mountpoint
535 bin dev home lib32 libx32 media opt root sbin sys usr
536 boot etc lib lib64 lost+found mnt proc run srv tmp var
538 This allows you to access the full contents of the archive in a seamless manner.
540 .. note:: As the FUSE connection needs to fetch and decrypt chunks from the
541 backup server's datastore, this can cause some additional network and CPU
542 load on your host, depending on the operations you perform on the mounted
545 To unmount the filesystem, use the ``umount`` command on the mount point:
547 .. code-block:: console
549 # umount /mnt/mountpoint
554 The client tool prompts you to enter the login password as soon as you
555 want to access the backup server. The server checks your credentials
556 and responds with a ticket that is valid for two hours. The client
557 tool automatically stores that ticket and uses it for further requests
560 You can also manually trigger this login/logout using the login and
563 .. code-block:: console
565 # proxmox-backup-client login
568 To remove the ticket, issue a logout:
570 .. code-block:: console
572 # proxmox-backup-client logout
575 .. _changing-backup-owner:
577 Changing the Owner of a Backup Group
578 ------------------------------------
580 By default, the owner of a backup group is the user which was used to originally
581 create that backup group (or in the case of sync jobs, ``root@pam``). This
582 means that if a user ``mike@pbs`` created a backup, another user ``john@pbs``
583 can not be used to create backups in that same backup group. In case you want
584 to change the owner of a backup, you can do so with the below command, using a
585 user that has ``Datastore.Modify`` privileges on the datastore.
587 .. code-block:: console
589 # proxmox-backup-client change-owner vm/103 john@pbs
591 This can also be done from within the web interface, by navigating to the
592 `Content` section of the datastore that contains the backup group and selecting
593 the user icon under the `Actions` column. Common cases for this could be to
594 change the owner of a sync job from ``root@pam``, or to repurpose a backup
600 Pruning and Removing Backups
601 ----------------------------
603 You can manually delete a backup snapshot using the ``forget`` command:
605 .. code-block:: console
607 # proxmox-backup-client snapshot forget <snapshot>
610 .. caution:: This command removes all archives in this backup snapshot. They
611 will be inaccessible and *unrecoverable*.
613 Don't forget to add the namespace ``--ns`` parameter if you want to forget a
614 snapshot that is contained in the root namespace:
616 .. code-block:: console
618 # proxmox-backup-client snapshot forget <snapshot> --ns <ns>
623 Although manual removal is sometimes required, the ``prune``
624 command is normally used to systematically delete older backups. Prune lets
625 you specify which backup snapshots you want to keep. The
626 following retention options are available:
629 Keep the last ``<N>`` backup snapshots.
631 ``--keep-hourly <N>``
632 Keep backups for the last ``<N>`` hours. If there is more than one
633 backup for a single hour, only the latest is kept.
636 Keep backups for the last ``<N>`` days. If there is more than one
637 backup for a single day, only the latest is kept.
639 ``--keep-weekly <N>``
640 Keep backups for the last ``<N>`` weeks. If there is more than one
641 backup for a single week, only the latest is kept.
643 .. note:: Weeks start on Monday and end on Sunday. The software
644 uses the `ISO week date`_ system and handles weeks at
645 the end of the year correctly.
647 ``--keep-monthly <N>``
648 Keep backups for the last ``<N>`` months. If there is more than one
649 backup for a single month, only the latest is kept.
651 ``--keep-yearly <N>``
652 Keep backups for the last ``<N>`` years. If there is more than one
653 backup for a single year, only the latest is kept.
655 The retention options are processed in the order given above. Each option
656 only covers backups within its time period. The next option does not take care
657 of already covered backups. It will only consider older backups.
659 Unfinished and incomplete backups will be removed by the prune command unless
660 they are newer than the last successful backup. In this case, the last failed
663 .. code-block:: console
665 # proxmox-backup-client prune <group> --keep-daily 7 --keep-weekly 4 --keep-monthly 3
668 You can use the ``--dry-run`` option to test your settings. This only
669 shows the list of existing snapshots and what actions prune would take.
671 .. code-block:: console
673 # proxmox-backup-client prune host/elsa --dry-run --keep-daily 1 --keep-weekly 3
674 ┌────────────────────────────────┬──────┐
676 ╞════════════════════════════════╪══════╡
677 │ host/elsa/2019-12-04T13:20:37Z │ 1 │
678 ├────────────────────────────────┼──────┤
679 │ host/elsa/2019-12-03T09:35:01Z │ 0 │
680 ├────────────────────────────────┼──────┤
681 │ host/elsa/2019-11-22T11:54:47Z │ 1 │
682 ├────────────────────────────────┼──────┤
683 │ host/elsa/2019-11-21T12:36:25Z │ 0 │
684 ├────────────────────────────────┼──────┤
685 │ host/elsa/2019-11-10T10:42:20Z │ 1 │
686 └────────────────────────────────┴──────┘
688 .. note:: Neither the ``prune`` command nor the ``forget`` command free space
689 in the chunk-store. The chunk-store still contains the data blocks. To free
690 space you need to perform :ref:`client_garbage-collection`.
692 It is also possible to protect single snapshots from being pruned or deleted:
694 .. code-block:: console
696 # proxmox-backup-client snapshot protected update <snapshot> true
698 This will set the protected flag on the snapshot and prevent pruning or manual
699 deletion of this snapshot until the flag is removed again with:
701 .. code-block:: console
703 # proxmox-backup-client snapshot protected update <snapshot> false
705 When a group with a protected snapshot is deleted, only the non-protected
706 ones are removed, and the rest will remain.
708 .. note:: This flag will not be synced when using pull or sync jobs. If you
709 want to protect a synced snapshot, you have to do this again manually on
710 the target backup server.
712 .. _client_garbage-collection:
717 The ``prune`` command removes only the backup index files, not the data
718 from the datastore. This task is left to the garbage collection
719 command. It is recommended to carry out garbage collection on a regular basis.
721 The garbage collection works in two phases. In the first phase, all
722 data blocks that are still in use are marked. In the second phase,
723 unused data blocks are removed.
725 .. note:: This command needs to read all existing backup index files
726 and touches the complete chunk-store. This can take a long time
727 depending on the number of chunks and the speed of the underlying
730 .. note:: The garbage collection will only remove chunks that haven't been used
731 for at least one day (exactly 24h 5m). This grace period is necessary because
732 chunks in use are marked by touching the chunk which updates the ``atime``
733 (access time) property. Filesystems are mounted with the ``relatime`` option
734 by default. This results in a better performance by only updating the
735 ``atime`` property if the last access has been at least 24 hours ago. The
736 downside is that touching a chunk within these 24 hours will not always
737 update its ``atime`` property.
739 Chunks in the grace period will be logged at the end of the garbage
740 collection task as *Pending removals*.
742 .. code-block:: console
744 # proxmox-backup-client garbage-collect
745 starting garbage collection on store store2
746 Start GC phase1 (mark used chunks)
747 Start GC phase2 (sweep unused chunks)
748 percentage done: 1, chunk count: 219
749 percentage done: 2, chunk count: 453
751 percentage done: 99, chunk count: 21188
752 Removed bytes: 411368505
754 Original data bytes: 327160886391
755 Disk bytes: 52767414743 (16 %)
757 Average chunk size: 2486565
760 Garbage collection can also be scheduled using ``proxmox-backup-manager`` or
761 from the Proxmox Backup Server's web interface.
766 The backup client also comes with a benchmarking tool. This tool measures
767 various metrics relating to compression and encryption speeds. If a Proxmox
768 Backup repository (remote or local) is specified, the TLS upload speed will get
771 You can run a benchmark using the ``benchmark`` subcommand of
772 ``proxmox-backup-client``:
774 .. note:: The TLS speed test is only included if a :ref:`backup server
775 repository is specified <client_repository>`.
777 .. code-block:: console
779 # proxmox-backup-client benchmark
780 Uploaded 1517 chunks in 5 seconds.
781 Time per request: 3309 microseconds.
782 TLS speed: 1267.41 MB/s
783 SHA256 speed: 2066.73 MB/s
784 Compression speed: 775.11 MB/s
785 Decompress speed: 1233.35 MB/s
786 AES256/GCM speed: 3688.27 MB/s
787 Verify speed: 783.43 MB/s
788 ┌───────────────────────────────────┬─────────────────────┐
790 ╞═══════════════════════════════════╪═════════════════════╡
791 │ TLS (maximal backup upload speed) │ 1267.41 MB/s (103%) │
792 ├───────────────────────────────────┼─────────────────────┤
793 │ SHA256 checksum computation speed │ 2066.73 MB/s (102%) │
794 ├───────────────────────────────────┼─────────────────────┤
795 │ ZStd level 1 compression speed │ 775.11 MB/s (103%) │
796 ├───────────────────────────────────┼─────────────────────┤
797 │ ZStd level 1 decompression speed │ 1233.35 MB/s (103%) │
798 ├───────────────────────────────────┼─────────────────────┤
799 │ Chunk verification speed │ 783.43 MB/s (103%) │
800 ├───────────────────────────────────┼─────────────────────┤
801 │ AES256 GCM encryption speed │ 3688.27 MB/s (101%) │
802 └───────────────────────────────────┴─────────────────────┘
805 .. note:: The percentages given in the output table correspond to a
806 comparison against a Ryzen 7 2700X.
808 You can also pass the ``--output-format`` parameter to output stats in ``json``,
809 rather than the default table format.