Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
deb10:backuppc [2022/08/15 19:11] – [Configuration on Server for remote hosts accessible through relais] Bernard Condraudeb10:backuppc [2023/02/03 14:21] – [Special host configurations] Bernard Condrau
Line 112: Line 112:
  
 ===== Apache Setup ===== ===== Apache Setup =====
-  * If you run a separate server and want to make the web interface available, you need to setup a VirtualHost proxy on your main apache server. How this is done is described in [[deb9:apache#proxy|Apache 2.4 and PHP 7.4]]+  * If you run a separate server and want to make the web interface available, you need to setup a VirtualHost proxy on your main apache server. Check my guide for [[deb9:apache#proxy|Debian 9]] or [[deb11:apache#proxy|Debian 11]] how this is done.
   * Add a redirect in BackupPC's apache configuration file /etc/apache2/conf-available/backuppc.conf to allow access from the local network:<code>RedirectMatch /backuppc /BackupPC_Admin</code>   * Add a redirect in BackupPC's apache configuration file /etc/apache2/conf-available/backuppc.conf to allow access from the local network:<code>RedirectMatch /backuppc /BackupPC_Admin</code>
   * Add an empty index.html to /var/www/html/BackupPC   * Add an empty index.html to /var/www/html/BackupPC
Line 178: Line 178:
 ==== Maintenance ==== ==== Maintenance ====
   * Delete a backup. If you delete several backups, delete non-filled backups which were taken after a filled backup first.<code>/usr/local/BackupPC/bin/BackupPC_backupDelete -h host -n num </code>[[http://backuppc.sourceforge.net/BackupPC-4.0.0.html#Other-Command-Line-Utilities|Other Command Line Utilities]] and [[https://github.com/backuppc/backuppc/blob/master/bin/BackupPC_backupDelete|BackupPC_backupDelete]]   * Delete a backup. If you delete several backups, delete non-filled backups which were taken after a filled backup first.<code>/usr/local/BackupPC/bin/BackupPC_backupDelete -h host -n num </code>[[http://backuppc.sourceforge.net/BackupPC-4.0.0.html#Other-Command-Line-Utilities|Other Command Line Utilities]] and [[https://github.com/backuppc/backuppc/blob/master/bin/BackupPC_backupDelete|BackupPC_backupDelete]]
 +===== Move V4 data to new storage =====
 +  - prepare new storage using [[deb9:mdadm|RAID - mdadm (Software RAID)]]
 +  - mount existing storage to ''/backup'' and new storage to ''/new-backup''
 +  - copy with ''%%rsync -axHAWXS --numeric-ids --info=progress2 /backup /new-backup%%''
 +  * [[https://superuser.com/questions/307541/copy-entire-file-system-hierarchy-from-one-drive-to-another#answer-1185401|Copy entire file system hierarchy from one drive to another]]
 +
 ===== Host Setup ===== ===== Host Setup =====
 All hosts are setup with rsync through ssh. For Windows 10 hosts I use the [[win10:wsl|Windows Subsystem for Linux]] which allows to setup a Debian layer to access the host. To backup the localhost we need a small tweak which is explained below. All hosts are setup with rsync through ssh. For Windows 10 hosts I use the [[win10:wsl|Windows Subsystem for Linux]] which allows to setup a Debian layer to access the host. To backup the localhost we need a small tweak which is explained below.
Line 239: Line 245:
  
 ==== Configuration on Server for remote hosts accessible through relais ==== ==== Configuration on Server for remote hosts accessible through relais ====
-  * Modify ping command in host access configuration:<code>$Conf{PingCmd} = '/bin/ssh -p <port> -o ConnectTimeout=2 $host echo "1 packets transmitted, 1 received, 0% packet loss, time 0ms"';</code>+  * Modify ping command in host access configuration (note: $sshPath is not resolved for PingCmd):<code>$Conf{PingCmd} = '/bin/ssh -p <port> -o ConnectTimeout=2 $host echo "1 packets transmitted, 1 received, 0% packet loss, time 0ms"';</code>
  
 ==== Configuration on Hosts ==== ==== Configuration on Hosts ====
-  Windows 10: Install [[win10:wsl|Windows Subsystem for Linux]] on Windows 10 hosts, which installs a //Debian// command line layer on top of your Windows 10 installation +  Windows 10: Install [[win10:wsl|Windows Subsystem for Linux]] on Windows 10 hosts, which installs a //Debian// command line layer on top of your Windows 10 installation 
-  Install ssh and rsync:<code>sudo apt install ssh rsync</code> +  Install ssh and rsync:<code>sudo apt install ssh rsync</code> 
-  Harden [[deb9:ssh#Settings|SSH]] and restart the service. +  Harden [[deb9:ssh#Settings|SSH]] and restart the service. 
-  Create user backuppc with a restricted shell, not able to do local but only remote logins (do not expire the user):<code>sudo adduser --shell /bin/rbash --disabled-password backuppc</code> +  Create user backuppc with a restricted shell, not able to do local but only remote logins (do not expire the user):<code>sudo adduser --shell /bin/rbash --disabled-password backuppc</code> 
-  Copy the Server's backuppc id_rsa.pub file to the Host's backuppc authorized_keys file. The authorized_keys file should contain further restrictions to prevent e.g. port forwarding, preceed the ssh-rsa string with 'restrict,from="local.domain.subnet.ip"':<code>restrict,from="local.domain.subnet.ip" ssh-rsa <BASE64-PUBKEY-REPRESENTATION> backuppc</code>It should further be owned by root and being read- but not writable by the backuppc user, to prevent removal of SSH restrictions. In older SSH versions you must enter the following instead of restrict:<code>no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="local.domain.subnet.ip" ssh-rsa <BASE64-PUBKEY-REPRESENTATION> backuppc</code> +  Copy the Server's backuppc id_rsa.pub file to the Host's backuppc authorized_keys file. The authorized_keys file should contain further restrictions to prevent e.g. port forwarding, preceed the ssh-rsa string with 'restrict,from="local.domain.subnet.ip"':<code>restrict,from="local.domain.subnet.ip" ssh-rsa <BASE64-PUBKEY-REPRESENTATION> backuppc</code>It should further be owned by root and being read- but not writable by the backuppc user, to prevent removal of SSH restrictions. In older SSH versions you must enter the following instead of restrict:<code>no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="local.domain.subnet.ip" ssh-rsa <BASE64-PUBKEY-REPRESENTATION> backuppc</code> 
-  Allow user backuppc to run rsync as root, add the following line after %sudo:<code>sudo visudo+  Allow user backuppc to run rsync as root, add the following line after %sudo:<code>sudo visudo
 %sudo ALL=(ALL:ALL) ALL %sudo ALL=(ALL:ALL) ALL
 backuppc ALL=(root:root) NOPASSWD: /usr/bin/rsync</code> backuppc ALL=(root:root) NOPASSWD: /usr/bin/rsync</code>
 +  - Test rsync access as root with the following command from user ''backuppc'' on the BackupPC Server:<code>ssh <new host> sudo rsync --version</code>
   * [[https://superuser.com/questions/1481318/allowing-automatic-command-execution-as-root-on-linux-using-ssh#answer-1483701|Allowing automatic command execution as root on Linux using SSH]]   * [[https://superuser.com/questions/1481318/allowing-automatic-command-execution-as-root-on-linux-using-ssh#answer-1483701|Allowing automatic command execution as root on Linux using SSH]]
   * [[https://man.openbsd.org/OpenBSD-current/man8/sshd.8#AUTHORIZED_KEYS_FILE_FORMAT|authorized_keys]]   * [[https://man.openbsd.org/OpenBSD-current/man8/sshd.8#AUTHORIZED_KEYS_FILE_FORMAT|authorized_keys]]
Line 285: Line 292:
       '*.mkv',       '*.mkv',
 ];</code> ];</code>
-  * Synology DSM6 host share configuration:<code>$Conf{RsyncShareName} = ['/', '/volume1'];+  * Synology DSM6 host share configuration. <color red>**IMPORTANT: you need to exclude any encrypted shared folders containing the encrypted physical files from the backup.**</color>. If you have a shared folder named ''documents'' then add the line as shown below in the sample config file:<code>$Conf{RsyncShareName} = ['/', '/volume1'];
 $Conf{BackupFilesExclude} = [ $Conf{BackupFilesExclude} = [
       '/proc',       '/proc',
Line 292: Line 299:
       '*.mkv',       '*.mkv',
       '*.vdi',       '*.vdi',
 +      # exclude any shared folders here
 +      '@documents@',
 ];</code> ];</code>
   * Synology DSM6 host access configuration:<code>$Conf{RsyncClientPath} = 'sudo /var/services/homes/backuppc/bin/rsync';</code>   * Synology DSM6 host access configuration:<code>$Conf{RsyncClientPath} = 'sudo /var/services/homes/backuppc/bin/rsync';</code>

Know How

© 2007-2024 Bernard Condrau - Powered by DokuWiki