doc: reviewed docs

docs/how-tos/backup-to-ssh.md

@@ -1,91 +1,129 @@
 ---
-title: Backup to SSH
+title: Backup to SSH or SFTP
 layout: default
 parent: How Tos
 nav_order: 3
 ---
-# Backup to SSH remote server
+# Backup to SFTP or SSH Remote Server
 
+To store your backups on an `SFTP` or `SSH` remote server instead of the default storage, you can configure the backup process to use the `--storage ssh` or `--storage remote` option.
+This section explains how to set up and configure SSH-based backups.
 
-As described for s3 backup section, to change the storage of your backup and use SSH Remote server as storage. You need to add `--storage ssh` or `--storage remote`.
-You need to add the full remote path by adding `--path /home/jkaninda/backups` flag or using `REMOTE_PATH` environment variable.
+---
+
+## Configuration Steps
+
+1. **Specify the Storage Type**  
+   Add the `--storage ssh` or `--storage remote` flag to your backup command.
+
+2. **Set the Remote Path**  
+   Define the full remote path where backups will be stored using the `--path` flag or the `REMOTE_PATH` environment variable.  
+   Example: `--path /home/jkaninda/backups`.
+
+3. **Required Environment Variables**  
+   The following environment variables are mandatory for SSH-based backups:
+
+    - `SSH_HOST`: The hostname or IP address of the remote server.
+    - `SSH_USER`: The username for SSH authentication.
+    - `REMOTE_PATH`: The directory on the remote server where backups will be stored.
+    - `SSH_IDENTIFY_FILE`: The path to the private key file for SSH authentication.
+    - `SSH_PORT`: The SSH port (default is `22`).
+    - `SSH_PASSWORD`: (Optional) Use this only if you are not using a private key for authentication.
+
+   {: .note }
+   **Security Recommendation**: Using a private key (`SSH_IDENTIFY_FILE`) is strongly recommended over password-based authentication (`SSH_PASSWORD`) for better security.
+
+---
 
-{: .note }
-These environment variables are required for SSH backup `SSH_HOST`, `SSH_USER`, `SSH_REMOTE_PATH`, `SSH_IDENTIFY_FILE`, `SSH_PORT` or `SSH_PASSWORD` if you dont use a private key to access to your server.
-Accessing the remote server using password is not recommended, use private key instead.
+## Example Configuration
 
-```yml
+Below is an example `docker-compose.yml` configuration for backing up to an SSH remote server:
+
+```yaml
 services:
-  mysql-bkup:
-    # In production, it is advised to lock your image tag to a proper
-    # release version instead of using `latest`.
-    # Check https://github.com/jkaninda/mysql-bkup/releases
-    # for a list of available releases.
-    image: jkaninda/mysql-bkup
-    container_name: mysql-bkup
-    command: backup --storage remote -d database
-    volumes:
-      - ./id_ed25519:/tmp/id_ed25519"
-    environment:
-      - DB_PORT=3306
-      - DB_HOST=mysql
-      #- DB_NAME=database
-      - DB_USERNAME=username
-      - DB_PASSWORD=password
-      ## SSH config
-      - SSH_HOST="hostname"
-      - SSH_PORT=22
-      - SSH_USER=user
-      - REMOTE_PATH=/home/jkaninda/backups
-      - SSH_IDENTIFY_FILE=/tmp/id_ed25519
-      ## We advise you to use a private jey instead of password
-      #- SSH_PASSWORD=password
+   mysql-bkup:
+      # In production, lock your image tag to a specific release version
+      # instead of using `latest`. Check https://github.com/jkaninda/mysql-bkup/releases
+      # for available releases.
+      image: jkaninda/mysql-bkup
+      container_name: mysql-bkup
+      command: backup --storage remote -d database
+      volumes:
+         - ./id_ed25519:/tmp/id_ed25519
+      environment:
+         - DB_PORT=3306
+         - DB_HOST=mysql
+         - DB_NAME=database
+         - DB_USERNAME=username
+         - DB_PASSWORD=password
+         ## SSH Configuration
+         - SSH_HOST="hostname"
+         - SSH_PORT=22
+         - SSH_USER=user
+         - REMOTE_PATH=/home/jkaninda/backups
+         - SSH_IDENTIFY_FILE=/tmp/id_ed25519
+         ## Optional: Use password instead of private key (not recommended)
+         #- SSH_PASSWORD=password
+
+      # Ensure the mysql-bkup container is connected to the same network as your database
+      networks:
+         - web
 
-    # mysql-bkup container must be connected to the same network with your database
-    networks:
-      - web
 networks:
-  web:
+   web:
 ```
 
+---
+
+## Recurring Backups to SSH Remote Server
 
-### Recurring backups to SSH remote server
+To schedule recurring backups, you can use the `--cron-expression` flag or the `BACKUP_CRON_EXPRESSION` environment variable. 
+This allows you to define a cron schedule for automated backups.
 
-As explained above, you need just to add required environment variables and specify the storage type `--storage ssh`.
-You can use `--cron-expression "* * * * *"` or  `BACKUP_CRON_EXPRESSION=0 1 * * *` as described below.
+### Example: Recurring Backup Configuration
 
-```yml
+```yaml
 services:
-  mysql-bkup:
-    # In production, it is advised to lock your image tag to a proper
-    # release version instead of using `latest`.
-    # Check https://github.com/jkaninda/mysql-bkup/releases
-    # for a list of available releases.
+   mysql-bkup:
+    # In production, lock your image tag to a specific release version
+    # instead of using `latest`. Check https://github.com/jkaninda/mysql-bkup/releases
+    # for available releases.
     image: jkaninda/mysql-bkup
     container_name: mysql-bkup
-    command: backup -d database --storage ssh --cron-expression "0 1 * * *"
+    command: backup -d database --storage ssh --cron-expression "@daily"
     volumes:
-      - ./id_ed25519:/tmp/id_ed25519"
+      - ./id_ed25519:/tmp/id_ed25519
     environment:
       - DB_PORT=3306
-      - DB_HOST=mysql
+      - DB_HOST=postgres
       - DB_NAME=database
       - DB_USERNAME=username
       - DB_PASSWORD=password
-      ## SSH config
+      ## SSH Configuration
       - SSH_HOST="hostname"
       - SSH_PORT=22
       - SSH_USER=user
       - REMOTE_PATH=/home/jkaninda/backups
       - SSH_IDENTIFY_FILE=/tmp/id_ed25519
-     # - BACKUP_CRON_EXPRESSION=0 1 * * * # Optional
-      #Delete old backup created more than specified days ago
+      ## Optional: Delete old backups after a specified number of days
       #- BACKUP_RETENTION_DAYS=7
-      ## We advise you to use a private jey instead of password
+      ## Optional: Use password instead of private key (not recommended)
       #- SSH_PASSWORD=password
-     # mysql-bkup container must be connected to the same network with your database
+
+    # Ensure the mysql-bkup container is connected to the same network as your database
     networks:
       - web
+
 networks:
   web:
 ```
+
+---
+
+## Key Notes
+
+- **Cron Expression**: Use the `--cron-expression` flag or `BACKUP_CRON_EXPRESSION` environment variable to define the backup schedule. For example, `0 1 * * *` runs the backup daily at 1:00 AM.
+- **Backup Retention**: Optionally, use the `BACKUP_RETENTION_DAYS` environment variable to automatically delete backups older than a specified number of days.
+- **Security**: Always prefer private key authentication (`SSH_IDENTIFY_FILE`) over password-based authentication (`SSH_PASSWORD`) for enhanced security.
+
+---