# backup-server Backup and download scripts to compress with: * Gzip (DEFLATE) * Bzip2 (BWT) * XZ (LZMA2) The backup script (**backup-server**) backup the following server configuration: * Web Sites (/var/www) * SQL Databases (MySQL or MariaDB) * HTTP Server Configuration (Nginx) * Let's Encrypt Certificates * Home Directory (/home) * GOGS Git Repository * Mail Mailboxes (/var/mail) * Postfix MTA Configuration (SMTP mail server) * Dovecot MDA Configuration (POP3/IMAP server) * OpenDKIM Configuration (Anti email spoofing) * postfix-policyd-spf-python Configuration (Anti email spoofing) * OpenDMARC Configuration (Anti email spoofing) * Amavis Configuration (Antivirus) * SPAM Assasin (AntiSPAM) Also it's: * Autoremove old backups * Set backup dir * Encrypt backup (gpg2) * Create SHA512 Hash (to check integrity) ## Instalation `# curl "https://code.castanedo.es/guzman/backup-server/archive/2.2.tar.gz" | tar -xz` `# cp ./backup-server/backup-server /usr/local/bin/backup-server` `# cp ./backup-server/scripts/cron.d/backup-server /etc/cron.d/backup-server` `# cp ./backup-server/scripts/logrotate.d/backup-server /etc/logrotate.d/backup-server` `# rm -R ./backup-server` Edit `/etc/cron.d/backup-server` to automatic backups as desired. ## Usage `# backup-server [options]... -z|-j|-J [backupdir]` ###### Backup Directory: * `backupdir`: argument to set to directory to save the backup * Default: /var/backup ###### Backup Options: * `-p`, `--prefix name`: prefix for the name of the backup * Default: backup-'hostname' * `--postfix name`: postfix for the name of the backup. * To unset default postfix: `--postfix ""` * Default: prefix-yyyy-mm-dd(date)-XXXXXX(random) * `--no-remove`: no remove old files * Default: false * `--remove-days number`: set number of days to considere a backup old * Default: 15 * `-u`, `--user uid`: name of the user owner of the backup * Default: www-data * `-g`, `--group gid`: name of the group owner of the backup * Default: www-data * `--permision-mask number`: octal mask to set accesss permision of the backup * Default: 640 * `-e`, `--exclude file1[,file2,[file3,[...]]]`: files to be excluded of backup * Separate files with commas "," * Default: "" ###### Compression Options: * `-z`, `--gzip`: compress using gzip (tar.gz or tar.gz.gpg) * `-j`, `--bzip2`: compress using bzip2 (tar.bz2 or tar.bz2.gpg) * `-J`, `--xz`: compress using xz (tar.xz or tar.xz.gpg) ###### Encryption Options: * `-k`, `--key-id ID`: set gpg2 public key-id used for encryption * Use with Gzip, Bzip2 or XZ compression * `--no-encryption`: disable the encryption of the backup * Default: false ###### Web Options: * `--web-dir dir`: set web pages directory to backup * Default: /var/www * `--no-web`: disable backup of web pages * Default: false ###### SQL Options: * `--no-sql`: disable MySQL/MariaDB backup * Default: false * `--sql-user username`: set MySQL/MariaDB username * Default: root * `--sql-password password`: set MySQL/MariaDB password * INSECURE Method ###### Nginx Options: * `--nginx-dir dir`: set nginx configuration directory to backup * Default: /etc/nginx * `--no-nginx`: disable Nginx backup * Default: false ###### Let's Encrypt Options: * `--letsencrypt-dir dir`: set Let's Encrypt configuration directory to backup * Default: /etc/letsencrypt * `--no-letsencrypt`: disable Let's Encrypt backup * Default: false ###### Mail Options: * `--mail-dir dir`: set Mailboxes directory to backup * Default: /var/mail * `--no-mail`: disable mailboxes backup * Default: false ###### Home Options: * `--home-dir dir`: set home directories to backup * Default: /home * `--no-home`: disable home directory backup * Default: false ###### GOGS Options: * `--gogs-dir dir`: set GOGS Git Repository to backup * Default: /opt/gogs * `--no-gogs`: disable gogs backup * Default: false ###### Postfix Options: * `--postfix-dir dir`: set Postfix configuration directory to backup * Default: /etc/postfix * `--no-postfix`: disable Postfix backup * Default: false ###### Dovecot Options: * `--dovecot-dir dir`: set Dovecot configuration directory to backup * Default: /etc/dovecot * `--no-dovecot`: disable Dovecot backup * Default: false ###### OpenDKIM Options: * `--opendkim-conf file`: set OpenDKIM configuration file to backup * Default: /etc/opendkim.conf * `--opendkim-default file`: set OpenDKIM socket configuration file to backup * Default: /etc/default/opendkim * `--opendkim-keys dir`: set OpenDKIM keys dir to backup * Default: /etc/dkimkeys * `--no-opendkim`: disable OpenDKIM backup * Default: false ###### SPF Options: * `--spf-dir dir`: set SPF configuration directory to backup * Default: /etc/postfix-policyd-spf-python * `--no-spf`: disable SPF backup * Default: false ###### OpenDMARC Options: * `--opendmarc-conf file`: set OpenDMARC configuration file to backup * Default: /etc/opendmarc.conf * `--opendmarc-default file`: set OpenDMARC socket configuration file to backup * Default: /etc/default/opendmarc * `--no-opendmarc`: disable OpenDMARC backup * Default: false ###### Amavis Options: * `--amavis-dir dir`: set Amavis configuration directory to backup * Default: /etc/amavis * `--no-amavis`: disable Amavis backup * Default: false ###### SPAM Assassin Options: * `--spamassassin-dir dir`: set SPAM Assassin configuration directory to backup * Default: /etc/spamassasin * `--no-spamassassin`: disable SPAM Assassin backup * Default: false ###### Other Options: * `--no-sha512`: not calculate SHA512 hash (to check integrity) * `-h`, `--help`: shows this message and exit ## Examples * `backup-server --xz -k ABCDEFG -p backup-example.com --no-sql /var/backup` * Make a backup in `/var/backup` compressed with XZ and encrypted with GPG2 Public Key (`backup-example.com-2018-03-19-a1b2c3.tar.xz.gpg`) * Disable SQL backup * `backup-server -j -k ABCDEFG --sql-user root --sql-password toor /var/www/backup` * Make a backup in `/var/www/backup` compressed with BZip2 and encrypted (`backup-castanedo.es-2018-03-19-abcedf.tar.bz2.gpg`) * `backup-server -z --no-encryption --no-sql /var/backup` * Make a backup in `/var/backup` compressed with GZip and not encrypted (`backup-castanedo.es-2018-03-19-qwerty.tar.gz`) ## Automatic Backups (Cron.d) It's possible to make backups automatic creating a cron.d task (`/etc/cron.d/backup-server`). There are an [example](https://code.castanedo.es/guzman/backup-server/src/master/scripts/cron.d/backup-server) in `scripts` folder. ## Download scripts The download script (**download-backup-http**) download all the compressed files in a remote machine, via http/https (with Auth Basic Aunthentication). The download script (**download-backup-sftp**) download all the compressed files in a remote machine, via sftp (SSH File Transfer Protocol). ### Autodownload To autodownload the backups from another machine there are multiple solutions. * Create autostart desktop file: to download backup when you login ([examples](https://code.castanedo.es/guzman/backup-server/src/master/scripts/autostart)). * Create a cron.d job: to download backups periodically.