● Stable Release\n

Backup & Restore

Enterprise-grade data protection for geospatial layers, styles, data stores, and system configurations. Ensure zero data loss with automated, encrypted backups.

Overview

GeoServer's Backup & Restore module provides a unified, automated system to protect your entire geospatial infrastructure. It captures vector/raster layers, SLD/SE styles, data store connections, user roles, and audit logs into versioned, encrypted archives.

Designed for compliance (GDPR, HIPAA, SOC 2) and high availability, backups support incremental snapshots, cross-region replication, and one-command restoration with full integrity verification.

How It Works

1

Snapshot

Creates a consistent read-only snapshot of all active data stores and metadata without interrupting live queries.

2

Encrypt & Compress

Applies AES-256 encryption and LZ4 compression before writing to your configured storage backend.

3

Replicate

Automatically replicates archives to secondary regions or cloud buckets for disaster recovery readiness.

4

Verify & Test

Runs automated checksum validation and optional dry-run restores to ensure recovery readiness.

Configuration & Scheduling

Backups can be configured via YAML, CLI, or the REST API. Supports cron expressions, event-driven triggers, and policy-based retention.

backup-config.yaml 
backup:
  enabled: true
  schedule: "0 2 * * *"  # Daily at 2:00 AM UTC
  retention:
    daily: 7
    weekly: 4
    monthly: 12
  encryption:
    algorithm: AES-256-GCM
    key_management: AWS-KMS
  storage:
    primary: s3://geoserver-backups-prod
    replica: s3://geoserver-backups-dr-us-west
    compression: lz4

Configuration Parameters

Parameter Type Description Default
schedule string (cron) Backup execution schedule 0 3 * * *
retention.daily integer Number of daily snapshots to keep 7
encryption.key_management string KMS provider for encryption keys local
verify_on_restore boolean Run integrity checks before restoring true

CLI & API Usage

Automate backup and restore workflows directly from your terminal or CI/CD pipelines.

Terminal 
# Trigger an immediate full backup
geoserver backup --full --encrypt

# Restore from specific snapshot
geoserver restore --snapshot 2025-06-12_020000 --target prod-cluster

# List available backups with metadata
geoserver backup list --format json --filter "type:incremental"

REST API endpoints for programmatic control:

  • POST /api/v2/backup/trigger - Initiate backup
  • GET /api/v2/backup/snapshots - List archives
  • POST /api/v2/restore - Restore with rollback safety
  • GET /api/v2/backup/verify/{id} - Check integrity

Best Practices

  1. Separate Infrastructure: Store backups on independent networks/cloud accounts to prevent cascade failures.
  2. Regular Restore Drills: Test restoration monthly in isolated environments to validate RPO/RTO targets.
  3. Key Rotation: Rotate encryption keys every 90 days using your configured KMS provider.
  4. Immutable Backups: Enable object lock/WORM policies for compliance and ransomware protection.
  5. Monitor & Alert: Set up Prometheus/Grafana alerts for failed backups or retention threshold breaches.

Frequently Asked Questions

No. GeoServer uses consistent read-only snapshots and zero-copy mechanisms. Live WMS/WFS requests continue uninterrupted during backup windows.
Yes. The restore engine supports granular extraction. Use `geoserver restore --select layers/urban-zoning,styles/heatmap` to restore specific assets without overwriting the entire configuration.
RPO is configurable (as low as 5 minutes for incremental). RTO typically ranges from 2–10 minutes depending on dataset size and network throughput. Enterprise plans include instant failover with <15s RTO.
Fully supported. Backups can target local NAS, POSIX storage, or hybrid cloud endpoints. Air-gapped environments are supported via offline export/import workflows.

Need Help Implementing Backup & Restore?

Our geospatial infrastructure team can design a custom DR strategy, configure automated pipelines, and run validation drills for your environment.

Contact Solutions Engineering →
"}