README.md 7.0 KB

backup-server

Backup and download scripts to compress with:

  • Gzip (DEFLATE)
  • Bzip2 (BWT)
  • XZ (LZMA2)
  • 7Z (LZMA)

The backup script (backup-server) backup the following server configuration:

  • Web Sites (/var/www)
  • SQL Databases (MySQL or MariaDB)
  • HTTP Server Configuration (Nginx)
  • Let's Encrypt Certificates
  • Home Directory (/home)
  • GOGS Git Repository
  • Mail Mailboxes (/var/mail)
  • Postfix MTA Configuration (SMTP mail server)
  • Dovecot MDA Configuration (POP3/IMAP server)
  • OpenDKIM Configuration (Anti email spoofing)
  • postfix-policyd-spf-python Configuration (Anti email spoofing)
  • OpenDMARC Configuration (Anti email spoofing)
  • Amavis Configuration (Antivirus)
  • SPAM Assasin (AntiSPAM)

Also it's:

  • Autoremove old backups
  • Set backup dir
  • Encrypt backup (gpg2)
  • Create SHA512 Hash (to check integrity)

Instalation

# curl "https://code.castanedo.es/guzman/backup-server/archive/2.1.tar.gz" | tar -xz

# cp ./backup-server/backup-server /usr/local/bin/backup-server

# cp ./backup-server/scripts/cron.d/backup-server /etc/cron.d/backup-server

# cp ./backup-server/scripts/logrotate.d/backup-server /etc/logrotate.d/backup-server

# rm -R ./backup-server

Edit /etc/cron.d/backup-server to automatic backups as desired.

Usage

# backup-server [options]... -z|-j|-J|-7 [backupdir]

Backup Directory:
  • backupdir: argument to set to directory to save the backup
    • Default: /var/www/backup
Backup Options:
  • -p, --prefix name: prefix for the name of the backup
    • Default: backup-'hostname'
  • --postfix name: postfix for the name of the backup.
    • To unset default postfix: --postfix ""
    • Default: prefix-yyyy-mm-dd(date)-XXXXXX(random)
  • --no-remove: no remove old files
    • Default: false
  • --remove-days number: set number of days to considere a backup old
    • Default: 15
  • -u, --user uid: name of the user owner of the backup
    • Default: www-data
  • -g, --group gid: name of the group owner of the backup
    • Default: www-data
  • --permision-mask number: octal mask to set accesss permision of the backup
    • Default: 640
Compression Options:
  • -z, --gzip: compress using gzip (tar.gz or tar.gz.gpg)
  • -j, --bzip2: compress using bzip2 (tar.bz2 or tar.bz2.gpg)
  • -J, --xz: compress using xz (tar.xz or tar.xz.gpg)
  • -7, --7zip: compress using 7z (7z)
Encryption Options:
  • -k, --key-id ID: set gpg2 public key-id used for encryption
    • Use with Gzip, Bzip2 or XZ compression
  • --no-encryption: disable the encryption of the backup
    • Default: false
  • --7z-password password: set password (ONLY for 7z)
    • INSECURE Method
Web Options:
  • --web-dir dir: set web pages directory to backup
    • Default: /var/www
  • --no-web: disable backup of web pages
    • Default: false
SQL Options:
  • --no-sql: disable MySQL/MariaDB backup
    • Default: false
  • --sql-user username: set MySQL/MariaDB username
    • Default: root
  • --sql-password password: set MySQL/MariaDB password
    • INSECURE Method
Nginx Options:
  • --nginx-dir dir: set nginx configuration directory to backup
    • Default: /etc/nginx
  • --no-nginx: disable Nginx backup
    • Default: false
Let's Encrypt Options:
  • --letsencrypt-dir dir: set Let's Encrypt configuration directory to backup
    • Default: /etc/letsencrypt
  • --no-letsencrypt: disable Let's Encrypt backup
    • Default: false
Mail Options:
  • --mail-dir dir: set Mailboxes directory to backup
    • Default: /var/mail
  • --no-mail: disable mailboxes backup
    • Default: false
Home Options:
  • --home-dir dir: set home directories to backup
    • Default: /home
  • --no-home: disable home directory backup
    • Default: false
GOGS Options:
  • --gogs-dir dir: set GOGS Git Repository to backup
    • Default: /opt/gogs
  • --no-gogs: disable gogs backup
    • Default: false
Postfix Options:
  • --postfix-dir dir: set Postfix configuration directory to backup
    • Default: /etc/postfix
  • --no-postfix: disable Postfix backup
    • Default: false
Dovecot Options:
  • --dovecot-dir dir: set Dovecot configuration directory to backup
    • Default: /etc/dovecot
  • --no-dovecot: disable Dovecot backup
    • Default: false
OpenDKIM Options:
  • --opendkim-conf file: set OpenDKIM configuration file to backup
    • Default: /etc/opendkim.conf
  • --opendkim-default file: set OpenDKIM socket configuration file to backup
    • Default: /etc/default/opendkim
  • --opendkim-keys dir: set OpenDKIM keys dir to backup
    • Default: /etc/dkimkeys
  • --no-opendkim: disable OpenDKIM backup
    • Default: false
SPF Options:
  • --spf-dir dir: set SPF configuration directory to backup
    • Default: /etc/postfix-policyd-spf-python
  • --no-spf: disable SPF backup
    • Default: false
OpenDMARC Options:
  • --opendmarc-conf file: set OpenDMARC configuration file to backup
    • Default: /etc/opendmarc.conf
  • --opendmarc-default file: set OpenDMARC socket configuration file to backup
    • Default: /etc/default/opendmarc
  • --no-opendmarc: disable OpenDMARC backup
    • Default: false
Amavis Options:
  • --amavis-dir dir: set Amavis configuration directory to backup
    • Default: /etc/amavis
  • --no-amavis: disable Amavis backup
    • Default: false
SPAM Assassin Options:
  • --spamassassin-dir dir: set SPAM Assassin configuration directory to backup
    • Default: /etc/spamassasin
  • --no-spamassassin: disable SPAM Assassin backup
    • Default: false
Other Options:
  • --no-sha512: not calculate SHA512 hash (to check integrity)
  • -h, --help: shows this message and exit

Examples

  • backup-server --xz -k ABCDEFG -p backup-example.com --no-sql /var/backup
    • Make a backup in /var/backup compressed with XZ and encrypted with GPG2 Public Key (backup-example.com-2018-03-19-a1b2c3.tar.xz.gpg)
    • Disable SQL backup
  • backup-server -7 --7z-password 7zpass --sql-user root --sql-password toor /var/www/backup
    • Make a backup in /var/www/backup compressed with 7Zip and encrypted (backup-castanedo.es-2018-03-19-abcedf.7z)
  • backup-server -z --no-encryption --no-sql /var/backup
    • Make a backup in /var/backup compressed with GZip and not encrypted (backup-castanedo.es-2018-03-19-qwerty.tar.gz)

Automatic Backups (Cron.d)

It's possible to make backups automatic creating a cron.d task (/etc/cron.d/backup-server).

There are an example in scripts folder.

Download scripts

The download script (download-backup-http) download all the compressed files in a remote machine, via http/https (with Auth Basic Aunthentication).

The download script (download-backup-sftp) download all the compressed files in a remote machine, via sftp (SSH File Transfer Protocol).

Autodownload

To autodownload the backups from another machine there are multiple solutions.

  • Create autostart desktop file: to download backup when you login (examples).
  • Create a cron.d job: to download backups periodically.