zerobyte
Zerobyte is a self-hosted backup automation tool built on Restic that provides a web UI for scheduling, encrypting, and managing backups across multiple storage backends. It targets self-hosters and small teams seeking centralized backup control with end-to-end encryption and flexible retention policies.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | nicotsx/zerobyte |
| Owner | nicotsx |
| Primary language | TypeScript |
| License | AGPL-3.0 — OSI-approved |
| Stars | 6.7k |
| Forks | 168 |
| Open issues | 106 |
| Latest release | v0.40.0 (2026-06-22) |
| Last updated | 2026-07-07 |
| Source | https://github.com/nicotsx/zerobyte |
What zerobyte is
TypeScript-based backup orchestration layer over Restic with Docker deployment, supporting NFS/SMB/WebDAV/SFTP/local sources, multi-protocol scheduling, and webhook integrations. Requires Docker, FUSE, and persistent storage; currently pre-1.0 with active development.
Get the zerobyte source
Clone the repository and explore it locally.
git clone https://github.com/nicotsx/zerobyte.gitcd zerobyte# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Docker, Docker Compose, and persistent local storage (not network-mounted) for `/var/lib/zerobyte`. TrueNAS users must use ZFS datasets, not `/var/lib`.
- Mandatory configuration: `APP_SECRET` (32+ chars, generate via `openssl rand -hex 32`), `BASE_URL`, and timezone (`TZ`) for accurate scheduling. Docker `cap_add: SYS_ADMIN` and `/dev/fuse` device needed.
- Network isolation essential: bind to `127.0.0.1:4096` if internet-facing; use SSH tunnel or Cloudflare Tunnel for remote access. `WEBHOOK_ALLOWED_ORIGINS` must be explicitly configured for outbound webhooks.
- Pre-release stability: expect potential database schema changes, configuration format shifts, or API incompatibilities on version upgrades. Test upgrades in non-production first.
- Resource tuning: set `GOMAXPROCS` if CPU-bound, adjust compression level, and configure repository bandwidth limits to prevent backup jobs from saturating host resources.
When to avoid it — and what to weigh
- Production-critical workloads requiring stability guarantee — Project is pre-1.0 (currently 0.40.0) with explicit warning of major breaking changes between releases. Do not adopt if you need long-term API/schema stability or SLA-backed support.
- Managed SaaS backup requirement — Zerobyte is self-hosted only. If you need vendor-managed infrastructure, redundancy across regions, or zero operational overhead, use commercial alternatives (Backblaze, Carbonite, Veeam Cloud).
- Internet-exposed public deployment — README explicitly discourages public internet exposure without additional authentication/tunneling. Not designed for untrusted networks without substantial hardening.
- High-volume enterprise audit/compliance — Limited adoption signals (6.6K stars, 168 forks, 106 open issues) and pre-release status reduce industry references and formal security audit history needed for regulated sectors (financial, healthcare).
License & commercial use
AGPL-3.0 (GNU Affero General Public License v3.0). Copyleft open-source license requiring source code disclosure of network service modifications or derivative works. No proprietary exceptions listed.
AGPL-3.0 is copyleft and does not restrict commercial use internally (using for your own backups is permitted). However, if you modify Zerobyte and run it as a network service or SaaS, you must provide modified source code to users under AGPL-3.0. Reselling or bundling modified Zerobyte requires AGPL-3.0 compliance. Consult legal counsel if building a commercial service on top. Using unmodified Zerobyte for internal ops is straightforward.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
End-to-end encryption via Restic; sensitive data in DB encrypted using APP_SECRET. No independent security audit mentioned. FUSE and SYS_ADMIN capabilities required for container restore operations—verify container isolation on shared hosts. Network policy enforced on webhooks (whitelist approach reduces SSRF risk). Pre-1.0 status means potential unpatched vulnerabilities; monitor GitHub security advisories. No explicit mention of secrets rotation, audit logging, or compliance frameworks (SOC2, ISO27001).
Alternatives to consider
Restic CLI + custom shell scripts
Lower operational overhead, zero dependencies beyond Restic and cron. Trades UI/scheduling convenience for full control and no pre-release risk. Better for experienced DevOps teams.
Proxmox Backup Server (PBS)
Production-ready (v3+), enterprise support, built-in deduplication/compression, and web UI. Tightly integrated with Proxmox/KVM but can backup external systems. Higher barrier to entry; more feature-rich for homelabs and small datacenters.
Veeam Community Edition or Backblaze B2
Veeam: enterprise-grade, stable API, but Windows-centric. Backblaze: managed SaaS, zero ops, but vendor lock-in and less control. Choose if simplicity/support outweigh cost or customization needs.
Build on zerobyte with DEV.co software developers
Zerobyte offers a modern alternative to manual Restic scripts for self-hosted teams. Evaluate our deployment & DevOps services to integrate Zerobyte into your infrastructure securely.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
zerobyte FAQ
Can I use Zerobyte in production today?
What's the difference between Zerobyte and plain Restic?
Do I need to run Zerobyte on the same server as my data?
Is AGPL-3.0 a problem for my company?
Software development & web development with DEV.co
Adopting zerobyte is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source devops software in production.
Ready to centralize your backups?
Zerobyte offers a modern alternative to manual Restic scripts for self-hosted teams. Evaluate our deployment & DevOps services to integrate Zerobyte into your infrastructure securely.