Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
deb10:backuppc [2022/08/15 15:32] – [Special host configurations] Bernard Condraudeb10:backuppc [2024/04/29 12:38] (current) Bernard Condrau
Line 112: Line 112:
  
 ===== Apache Setup ===== ===== Apache Setup =====
-  * If you run a separate server and want to make the web interface available, you need to setup a VirtualHost proxy on your main apache server. How this is done is described in [[deb9:apache#proxy|Apache 2.4 and PHP 7.4]]+  * If you run a separate server and want to make the web interface available, you need to setup a VirtualHost proxy on your main apache server. Check my guide for [[deb9:apache#proxy|Debian 9]] or [[deb11:apache#proxy|Debian 11]] how this is done.
   * Add a redirect in BackupPC's apache configuration file /etc/apache2/conf-available/backuppc.conf to allow access from the local network:<code>RedirectMatch /backuppc /BackupPC_Admin</code>   * Add a redirect in BackupPC's apache configuration file /etc/apache2/conf-available/backuppc.conf to allow access from the local network:<code>RedirectMatch /backuppc /BackupPC_Admin</code>
   * Add an empty index.html to /var/www/html/BackupPC   * Add an empty index.html to /var/www/html/BackupPC
Line 178: Line 178:
 ==== Maintenance ==== ==== Maintenance ====
   * Delete a backup. If you delete several backups, delete non-filled backups which were taken after a filled backup first.<code>/usr/local/BackupPC/bin/BackupPC_backupDelete -h host -n num </code>[[http://backuppc.sourceforge.net/BackupPC-4.0.0.html#Other-Command-Line-Utilities|Other Command Line Utilities]] and [[https://github.com/backuppc/backuppc/blob/master/bin/BackupPC_backupDelete|BackupPC_backupDelete]]   * Delete a backup. If you delete several backups, delete non-filled backups which were taken after a filled backup first.<code>/usr/local/BackupPC/bin/BackupPC_backupDelete -h host -n num </code>[[http://backuppc.sourceforge.net/BackupPC-4.0.0.html#Other-Command-Line-Utilities|Other Command Line Utilities]] and [[https://github.com/backuppc/backuppc/blob/master/bin/BackupPC_backupDelete|BackupPC_backupDelete]]
 +===== Move V4 data to new storage =====
 +  - prepare new storage using [[deb9:mdadm|RAID - mdadm (Software RAID)]]
 +  - mount existing storage to ''/backup'' and new storage to ''/new-backup''
 +  - copy with ''%%rsync -axHAWXS --numeric-ids --info=progress2 /backup /new-backup%%''
 +  * [[https://superuser.com/questions/307541/copy-entire-file-system-hierarchy-from-one-drive-to-another#answer-1185401|Copy entire file system hierarchy from one drive to another]]
 +
 ===== Host Setup ===== ===== Host Setup =====
 All hosts are setup with rsync through ssh. For Windows 10 hosts I use the [[win10:wsl|Windows Subsystem for Linux]] which allows to setup a Debian layer to access the host. To backup the localhost we need a small tweak which is explained below. All hosts are setup with rsync through ssh. For Windows 10 hosts I use the [[win10:wsl|Windows Subsystem for Linux]] which allows to setup a Debian layer to access the host. To backup the localhost we need a small tweak which is explained below.
Line 239: Line 245:
  
 ==== Configuration on Server for remote hosts accessible through relais ==== ==== Configuration on Server for remote hosts accessible through relais ====
-  * Modify ping command in host access configuration:<code>$Conf{PingCmd} = '$sshPath -p <port> -o ConnectTimeout=2 $host echo "1 packets transmitted, 1 received, 0% packet loss, time 0ms"';</code>+  * Modify ping command in host access configuration (note: $sshPath is not resolved for PingCmd):<code>$Conf{PingCmd} = '/bin/ssh -p <port> -o ConnectTimeout=2 $host echo "1 packets transmitted, 1 received, 0% packet loss, time 0ms"';</code>
  
 ==== Configuration on Hosts ==== ==== Configuration on Hosts ====
-  Windows 10: Install [[win10:wsl|Windows Subsystem for Linux]] on Windows 10 hosts, which installs a //Debian// command line layer on top of your Windows 10 installation +  Windows 10: Install [[win10:wsl|Windows Subsystem for Linux]] on Windows 10 hosts, which installs a //Debian// command line layer on top of your Windows 10 installation 
-  Install ssh and rsync:<code>sudo apt install ssh rsync</code> +  Install ssh and rsync:<code>sudo apt install ssh rsync</code> 
-  Harden [[deb9:ssh#Settings|SSH]] and restart the service. +  Harden [[deb9:ssh#Settings|SSH]] and restart the service. 
-  Create user backuppc with a restricted shell, not able to do local but only remote logins (do not expire the user):<code>sudo adduser --shell /bin/rbash --disabled-password backuppc</code> +  Create user backuppc with a restricted shell, not able to do local but only remote logins (do not expire the user):<code>sudo adduser --shell /bin/rbash --disabled-password backuppc</code> 
-  Copy the Server's backuppc id_rsa.pub file to the Host's backuppc authorized_keys file. The authorized_keys file should contain further restrictions to prevent e.g. port forwarding, preceed the ssh-rsa string with 'restrict,from="local.domain.subnet.ip"':<code>restrict,from="local.domain.subnet.ip" ssh-rsa <BASE64-PUBKEY-REPRESENTATION> backuppc</code>It should further be owned by root and being read- but not writable by the backuppc user, to prevent removal of SSH restrictions. In older SSH versions you must enter the following instead of restrict:<code>no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="local.domain.subnet.ip" ssh-rsa <BASE64-PUBKEY-REPRESENTATION> backuppc</code> +  Copy the Server's backuppc id_rsa.pub file to the Host's backuppc authorized_keys file. The authorized_keys file should contain further restrictions to prevent e.g. port forwarding, preceed the ssh-rsa string with 'restrict,from="local.domain.subnet.ip"':<code>restrict,from="local.domain.subnet.ip" ssh-rsa <BASE64-PUBKEY-REPRESENTATION> backuppc</code>It should further be owned by root and being read- but not writable by the backuppc user, to prevent removal of SSH restrictions. In older SSH versions you must enter the following instead of restrict:<code>no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="local.domain.subnet.ip" ssh-rsa <BASE64-PUBKEY-REPRESENTATION> backuppc</code> 
-  Allow user backuppc to run rsync as root, add the following line after %sudo:<code>sudo visudo+  Allow user backuppc to run rsync as root, add the following line after %sudo:<code>sudo visudo
 %sudo ALL=(ALL:ALL) ALL %sudo ALL=(ALL:ALL) ALL
 backuppc ALL=(root:root) NOPASSWD: /usr/bin/rsync</code> backuppc ALL=(root:root) NOPASSWD: /usr/bin/rsync</code>
 +  - Test rsync access as root with the following command from user ''backuppc'' on the BackupPC Server:<code>ssh <new host> sudo rsync --version</code>
   * [[https://superuser.com/questions/1481318/allowing-automatic-command-execution-as-root-on-linux-using-ssh#answer-1483701|Allowing automatic command execution as root on Linux using SSH]]   * [[https://superuser.com/questions/1481318/allowing-automatic-command-execution-as-root-on-linux-using-ssh#answer-1483701|Allowing automatic command execution as root on Linux using SSH]]
   * [[https://man.openbsd.org/OpenBSD-current/man8/sshd.8#AUTHORIZED_KEYS_FILE_FORMAT|authorized_keys]]   * [[https://man.openbsd.org/OpenBSD-current/man8/sshd.8#AUTHORIZED_KEYS_FILE_FORMAT|authorized_keys]]
Line 285: Line 292:
       '*.mkv',       '*.mkv',
 ];</code> ];</code>
-  * Synology DSM6 host share configuration:<code>$Conf{RsyncShareName} = ['/', '/volume1'];+  * Synology DSM6 host share configuration. <color red>**IMPORTANT: you need to exclude any encrypted shared folders containing the encrypted physical files from the backup.**</color>. If you have a shared folder named ''documents'' then add the line as shown below in the sample config file:<code>$Conf{RsyncShareName} = ['/', '/volume1'];
 $Conf{BackupFilesExclude} = [ $Conf{BackupFilesExclude} = [
       '/proc',       '/proc',
Line 292: Line 299:
       '*.mkv',       '*.mkv',
       '*.vdi',       '*.vdi',
 +      # exclude any shared folders here
 +      '@documents@',
 ];</code> ];</code>
   * Synology DSM6 host access configuration:<code>$Conf{RsyncClientPath} = 'sudo /var/services/homes/backuppc/bin/rsync';</code>   * Synology DSM6 host access configuration:<code>$Conf{RsyncClientPath} = 'sudo /var/services/homes/backuppc/bin/rsync';</code>
Line 311: Line 320:
   * [[https://linuxconfig.org/how-to-setup-the-rsync-daemon-on-linux|How to setup the rsync daemon on Linux]]   * [[https://linuxconfig.org/how-to-setup-the-rsync-daemon-on-linux|How to setup the rsync daemon on Linux]]
   * [[https://www.computerhope.com/unix/rsync.htm|Linux rsync command]]   * [[https://www.computerhope.com/unix/rsync.htm|Linux rsync command]]
 +
 +===== Special commands =====
 +==== Delete specific files ====
 +  * [[https://sourceforge.net/p/backuppc/mailman/message/27543908/|How to delete specific files from backups?]]
  

Know How

© 2007-2024 Bernard Condrau - Powered by DokuWiki