vorta

vorta

Docker app from b3rrytech's Repository

Overview

DESCRIPTION
This is an Unraid Docker template for Vorta, a GUI for BorgBackup. Vorta is a backup client primarily for macOS and Linux desktops. It integrates the mighty BorgBackup with your desktop environment to protect your data from disk failure, ransomware and theft. BorgBackup is originally a CLI based backup tool, so Vorta was created to lower the threshold and allow more people to use it. This containerized version of Vorta gives you access to the GUI over VNC in a browser.

NOTES
• There are other variables available, if needed. Check the GitHub repository to know more.
• The directories needed to interact with the host and/or any external device, is located under '/' in the root of the container.
• When restoring from an archive back to this host, this container needs to be run as Privileged. It is strongly (!) advised that you only do this during restores and toggle it off during normal use.
• I'm not the author of this Docker container. I only provide the Unraid template. Any issues with the container and the application should be submitted to the official GitHub repository. Use the support thread in the forums for any problems with the template. If possible me, or someone else in the community also might be able to provide some guidance for usage.

Vorta-Docker

Run Vorta from Docker. Currently using Vorta 0.11.5 release with Borg 1.4.4 on jlesage/baseimage-gui:alpine-3.22-v4 image Latest version includes embedded Firefox to view help links in UI. File links in the UI will not work but logs have been redirected and will appear in Docker logs.

Usage

Please note that it is highly recommended to set a hostname when running this container. This results in a consistent hostname for the container and allows the prune functionality to work correctly. If you do not set this, a random hostname will be generated by Docker and you will need to adjust the prune settings in the UI so that it doesn't use the hostname as a filter.

Using docker-compose.yml: (set TZ, USER_ID, and GROUP_ID in .env.)

vorta:
    image: ghcr.io/borgbase/vorta-docker:latest
    container_name: vorta
    hostname: storage-vorta
#    cap_add:
#      - SYS_ADMIN
#    security_opt:
#      - apparmor:unconfined
#    privileged: true
    volumes:
      - /volume1/config/vorta:/config
      - /volume1:/data:ro
      - /volumeUSB1/:/destination
    ports:
      - 5811:5800
    restart: unless-stopped
    env_file:
      - ./.env

Using rootless Podman:

$ mkdir config
$ podman run -it --rm -v ./config:/config \
    -p 5900:5900  \
    -e USER_ID=1028 -e GROUP_ID=100 \
    --hostname vorta  \
    --uidmap=0:1:1028 --uidmap=1028:0:1 --uidmap=1029:1029:64507 \
    ghcr.io/borgbase/vorta-docker:latest

Mounting an Archive

Mounting an archive requires granting the Docker Container elevated permissions.
It is recommended to only grant these to the container when doing a restore.

First, add the FUSE device to the container using --device /dev/fuse on the command line. This is low risk and can be done at any time.

There are 3 levels of permissions that may need to be granted depending mostly on the kernel version of the underlying OS. See Linux man capabilities(7) for details.

  • --cap-add SYS_ADMIN grants the Docker container access to mount things devices (among other things)
  • --cap-add SYS_ADMIN --security-opt apparmor=unconfined grants slightly more permissions if required.
  • --privileged makes the container a root superuser that can do anything. DON'T RUN WITH THIS UNLESS RESTORING

You can mount an archive in Vorta and then exec into your container on the command line with something along the lines of docker exec -it --user app vorta sh to access the mounted directory and archive. It will not be accessible outside the Docker container.

Environment Variables

Some environment variables can be set to customize the behavior of the container and its application. The following list give more details about them.

Environment variables can be set in your docker-compose.yamml via the env_file or environment keys or by adding one or more arguments -e "<VAR>=<VALUE>" to the docker run command.

Variable Description Default
APP_NAME Name of the application. DockerApp
USER_ID ID of the user the application runs as. See User/Group IDs to better understand when this should be set. 1000
GROUP_ID ID of the group the application runs as. See User/Group IDs to better understand when this should be set. 1000
SUP_GROUP_IDS Comma-separated list of supplementary group IDs of the application. (unset)
UMASK Mask that controls how file permissions are set for newly created files. The value of the mask is in octal notation. By default, this variable is not set and the default umask of 022 is used, meaning that newly created files are readable by everyone, but only writable by the owner. See the following online umask calculator: http://wintelguy.com/umask-calc.pl (unset)
TZ [TimeZone] of the container. Timezone can also be set by mapping /etc/localtime between the host and the container. Etc/UTC
KEEP_APP_RUNNING When set to 1, the application will be automatically restarted if it crashes or if a user quits it. 0
APP_NICENESS Priority at which the application should run. A niceness value of -20 is the highest priority and 19 is the lowest priority. By default, niceness is not set, meaning that the default niceness of 0 is used. NOTE: A negative niceness (priority increase) requires additional permissions. In this case, the container should be run with the docker option --cap-add=SYS_NICE. (unset)
TAKE_CONFIG_OWNERSHIP When set to 1, owner and group of /config (including all its files and subfolders) are automatically set during container startup to USER_ID and GROUP_ID respectively. 1
CLEAN_TMP_DIR When set to 1, all files in the /tmp directory are deleted during the container startup. 1
DISPLAY_WIDTH Width (in pixels) of the application's window. 1280
DISPLAY_HEIGHT Height (in pixels) of the application's window. 768
SECURE_CONNECTION When set to 1, an encrypted connection is used to access the application's GUI (either via a web browser or VNC client). See the Security section for more details. 0
VNC_PASSWORD Password needed to connect to the application's GUI. See the VNC Password section for more details. (unset)
X11VNC_EXTRA_OPTS Extra options to pass to the x11vnc server running in the Docker container. WARNING: For advanced users. Do not use unless you know what you are doing. (unset)
ENABLE_CJK_FONT When set to 1, open-source computer font WenQuanYi Zen Hei is installed. This font contains a large range of Chinese/Japanese/Korean characters. 0

See also the base container README.md

Discussion and Support

License and Credits

  • @Ranbato (original author and current maintainer)
  • Licensed under GPLv3

Install Vorta on Unraid in a few clicks.

Find Vorta in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.

Open the Apps tab on your Unraid server Search Community Apps for Vorta Review the template variables and paths Click Install

Categories

Related apps

Explore more like this

Explore all

Details

Repository
ghcr.io/borgbase/vorta-docker
Last Updated2026-07-15
First Seen2022-02-28

Runtime arguments

Web UI
http://[IP]:[PORT:5800]
Network
bridge
Shell
sh
Privileged
false
Extra Params
--hostname=unraid-vorta

Template configuration

WebUIPorttcp
Target
5800
Default
5800
Value
5811
SourcePathro

Choose a local source directory. This is Read Only. For multiple sources add another Path.

Target
/unraid/data
Default
/mnt/user/
Value
/mnt/user/
DestinationPathrw

Choose a local destination directory (if needed). For multiple destinations add another Path.

Target
/unraid/destination
Default
/mnt/user/
Value
/mnt/user/
RestorePathrw

Configurable in the event you want to restore from an archive. Requires the container to be run as Privieged during restore. It's strongly recommended to only toggle Privileged on WHEN/IF you need to restore.

Target
/restore/
Default
/mnt/user/
Value
/mnt/user/
VNC passwordVariable

Strongly recommended, but optional. Delete this variable or leave it blank if you don't need a VNC password.

Target
VNC_PASSWORD
App nameVariable

Title that is used in the browser.

Target
APP_NAME
Default
Vorta
Value
Vorta
Time zoneVariable

List your time zone according to the TZ identifier: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

Target
TZ
Default
Europe/Berlin
Secure connection for VNCVariable

Use an encrypted connection to access the application's GUI over VNC (HTTPS). 0=off, 1=on Default: 0

Target
SECURE_CONNECTION
Default
0|1
Value
0
ConfigPathrw

Location for appdata.

Target
/config
Default
/mnt/user/appdata/vorta
Value
/mnt/user/appdata/vorta/
User IDVariable

PUID

Target
USER_ID
Default
99
Value
99
Group IDVariable

PGID

Target
GROUP_ID
Default
100
Value
100
UmaskVariable
Target
UMASK
Default
000
Value
000
VNC display widthVariable

Width (in pixels) of the application's window. Scaling is also available in the VNC webUI settings.

Target
DISPLAY_WIDTH
Default
1280
Value
1280
VNC display heightVariable

Height (in pixels) of the application's window. Scaling is also available in the VNC webUI settings.

Target
DISPLAY_HEIGHT
Default
768
Value
768