Compare commits
No commits in common. "26c5fc1f4f27f1833abaa2513c5efbe1dd220674" and "b8f96227cc18b29353c261bb4c109c12057c7d24" have entirely different histories.
26c5fc1f4f
...
b8f96227cc
115
README.md
115
README.md
@ -25,40 +25,36 @@ This script automates the following tasks:
|
||||
- [Environment notes](#environment-notes)
|
||||
- [Why this script must be run as root](#why-this-script-must-be-run-as-root)
|
||||
- [Script parameters](#script-parameters)
|
||||
- [Required parameters](#required-parameters)
|
||||
- [NextCloud data directory: -d _/path/to/data/_](#nextcloud-data-directory--d-pathtodata)
|
||||
- [NextCloud webroot: -n _/path/to/nextcloud/_](#nextcloud-webroot--n-pathtonextcloud)
|
||||
- [webuser account: -w _accountName_](#webuser-account--w-accountname)
|
||||
- [Optional parameters](#optional-parameters)
|
||||
- [Path to 503 error page: -5 _/path/to/filename.html_](#path-to-503-error-page--5-pathtofilenamehtml)
|
||||
- [Path to borg details file: -b _/path/to/filename.file_](#path-to-borg-details-file--b-pathtofilenamefile)
|
||||
- [Desired log file location: -l _/path/to/filename.file_](#desired-log-file-location--l-pathtofilenamefile)
|
||||
- [Path to SQL details file: -s _/path/to/filename.file_](#path-to-sql-details-file--s-pathtofilenamefile)
|
||||
- [Verbose output from borg: -v (no arguments)](#verbose-output-from-borg--v-no-arguments)
|
||||
- [Path to webroot: -w _/path/to/webroot/_](#path-to-webroot--w-pathtowebroot)
|
||||
- [Required parameters](#required-parameters)
|
||||
- [NextCloud data directory: -d _/path/to/data/_](#nextcloud-data-directory--d-_pathtodata_)
|
||||
- [NextCloud webroot: -n _/path/to/nextcloud/_](#nextcloud-webroot--n-_pathtonextcloud_)
|
||||
- [webuser account: -w _accountName_](#webuser-account--w-_accountname_)
|
||||
- [Optional parameters](#optional-parameters)
|
||||
- [Path to 503 error page: -5 _/path/to/filename.html_](#path-to-503-error-page--5-_pathtofilenamehtml_)
|
||||
- [Path to borg details file: -b _/path/to/filename.file_](#path-to-borg-details-file--b-_pathtofilenamefile_)
|
||||
- [Desired log file location: -l _/path/to/filename.file_](#desired-log-file-location--l-_pathtofilenamefile_)
|
||||
- [Path to SQL details file: -s _/path/to/filename.file_](#path-to-sql-details-file--s-_pathtofilenamefile_)
|
||||
- [Verbose output from borg: -v (no arguments)](#verbose-output-from-borg--v-no-arguments)
|
||||
- [Path to webroot: -w _/path/to/webroot/_](#path-to-webroot--w-_pathtowebroot_)
|
||||
- [Borg details file](#borg-details-file)
|
||||
- [Protect your borg details file](#protect-your-borg-details-file)
|
||||
- [borg specific entries (lines 1-4)](#borg-specific-entries-lines-1-4)
|
||||
- [Line 1: Path to borg base directory](#line-1-path-to-borg-base-directory)
|
||||
- [Line 2: Path to SSH key for remote server](#line-2-path-to-ssh-key-for-remote-server)
|
||||
- [Line 3: Connection string to remote repo](#line-3-connection-string-to-remote-repo)
|
||||
- [Line 4: Password for borg repo/repo key](#line-4-password-for-borg-reporepo-key)
|
||||
- [additional files/directories to backup](#additional-filesdirectories-to-backup)
|
||||
- [exclusion patterns](#exclusion-patterns)
|
||||
- [prune timeframe options](#prune-timeframe-options)
|
||||
- [borg remote location](#borg-remote-location)
|
||||
- [Examples](#examples)
|
||||
- [Protect your borg details file](#protect-your-borg-details-file)
|
||||
- [borg specific entries (lines 1-4)](#borg-specific-entries-lines-1-4)
|
||||
- [additional files/directories to backup](#additional-filesdirectories-to-backup)
|
||||
- [exclusion patterns](#exclusion-patterns)
|
||||
- [prune timeframe options](#prune-timeframe-options)
|
||||
- [borg remote location](#borg-remote-location)
|
||||
- [Examples](#examples)
|
||||
- [SQL details file](#sql-details-file)
|
||||
- [Protect your sql details file](#protect-your-sql-details-file)
|
||||
- [Protect your sql details file](#protect-your-sql-details-file)
|
||||
- [503 functionality](#503-functionality)
|
||||
- [Conditional forwarding by your webserver](#conditional-forwarding-by-your-webserver)
|
||||
- [NGINX](#nginx)
|
||||
- [Apache](#apache)
|
||||
- [Disabling 503 functionality altogether](#disabling-503-functionality-altogether)
|
||||
- [Conditional forwarding by your webserver](#conditional-forwarding-by-your-webserver)
|
||||
- [NGINX](#nginx)
|
||||
- [Apache](#apache)
|
||||
- [Disabling 503 functionality altogether](#disabling-503-functionality-altogether)
|
||||
- [Scheduling: Cron](#scheduling-cron)
|
||||
- [The log file](#the-log-file)
|
||||
- [Using Logwatch](#using-logwatch)
|
||||
- [Remember to rotate your logs](#remember-to-rotate-your-logs)
|
||||
- [Using Logwatch](#using-logwatch)
|
||||
- [Remember to rotate your logs](#remember-to-rotate-your-logs)
|
||||
- [Final notes](#final-notes)
|
||||
|
||||
## Installation/copying
|
||||
@ -205,9 +201,9 @@ example entries. The file must have the following information in the following
|
||||
order:
|
||||
|
||||
1. path to borg base directory **(required)**
|
||||
2. path to ssh private key for remote server **(required)**
|
||||
2. path to ssh private key for repo **(required)**
|
||||
3. connection string to remote repo **(required)**
|
||||
4. password for borg repo/repo key **(required)**
|
||||
4. password for ssh key/repo **(required)**
|
||||
5. path to file listing additional files/directories to backup
|
||||
6. path to file containing borg-specific exclusion patterns
|
||||
7. prune timeframe options
|
||||
@ -230,59 +226,10 @@ chmod 600 nc_borg.details # restrict access to root only (read/write)
|
||||
|
||||
If you need help with these options, then you should consult the borg
|
||||
documentation or search my blog at
|
||||
[https://mytechiethoughts.com](https://mytechiethoughts.com) for borg. Here's a
|
||||
very brief overview:
|
||||
|
||||
#### Line 1: Path to borg base directory
|
||||
|
||||
This is primary directory on your local system where your borg configuration is
|
||||
located, **NOT* the path to your borg binary. The base directory contains the
|
||||
borg configuration, cache, security files and keys.
|
||||
|
||||
#### Line 2: Path to SSH key for remote server
|
||||
|
||||
This is the SSH key used to connect to your remote (backup) server where your
|
||||
borg repo is located. **This is NOT your borg repo key!**
|
||||
|
||||
> Please note: If you are planning on executing this script via cron or some
|
||||
> other form of automation, it is *highly recommended* that you use an SSH key
|
||||
> **without** a password! SSH is designed such that passwords cannot simply be
|
||||
> passed to it via environment variables, etc. so this is something not easily
|
||||
> automated by a script such as this for security reasons. As such, your
|
||||
> computer will sit and wait for you to enter the password and will NOT execute
|
||||
> the actual backup portion of the script until the SSH key password is provided.
|
||||
>
|
||||
> If you really want/need to use an SSH key password, you will have to look into
|
||||
> somethign like GNOME keyring or SSH-agent to provide a secure automated way to
|
||||
> provide that password to SSH and allow this script to continue.
|
||||
>
|
||||
> In practice, SSH keys without passwords are still quite safe since the key
|
||||
> must still be known in order to connect and most keys are quite long. In
|
||||
> addition, they key only connects to the remote server, your actual information
|
||||
> within the borg repository is still encrypted and secured with both a key and
|
||||
> password.
|
||||
|
||||
#### Line 3: Connection string to remote repo
|
||||
|
||||
This is the full server and path required to connect to your borg repo on the
|
||||
remote server. Very often it is the in the form of:
|
||||
|
||||
```
|
||||
user@servername.tld:repo-name/
|
||||
```
|
||||
|
||||
for rsync.net it is in the following form:
|
||||
|
||||
```
|
||||
username@server-number.rsync.net:repo-name/
|
||||
```
|
||||
|
||||
#### Line 4: Password for borg repo/repo key
|
||||
|
||||
This is the password needed to access and decrypt your *borg repo*. Assuming
|
||||
you set up your borg repo using recommended practices, this will actually be the
|
||||
password for your *borg repo private key*. **This is NOT your SSH key
|
||||
password!**
|
||||
[https://mytechiethoughts.com](https://mytechiethoughts.com) for borg. This is
|
||||
especially true if you want to understand why an SSH key and passphrase are
|
||||
preferred and why just a passphrase on it's own presents problems automating
|
||||
borg backups.
|
||||
|
||||
### additional files/directories to backup
|
||||
|
||||
|
@ -277,7 +277,7 @@ warningExplain[5032]="The specified webroot (-w parameter) could not be found"
|
||||
warningExplain[5033]="No 503 error page could be found. If not using the default located in the script directory, then check your -5 parameter"
|
||||
warningExplain[5035]="Error copying 503 error page to webroot"
|
||||
warn503="Web users will NOT be informed the server is down!"
|
||||
warningExplain[2111]="No password used for access to remote borg repo. This is an insecure configuration"
|
||||
warningExplain[2111]="No password used for SSH keys or access to remote borg repo. This is an insecure configuration"
|
||||
warningExplain[2112]="No remote borg instance specified. Operations will be slower in this configuration"
|
||||
warningExplain[2113]="The specified file containing extra files for inclusion in borgbackup could not be found"
|
||||
warningExplain[2114]="The specified file containing exclusion patterns for borgbackup could not be found. Backup was performed as though NO exclusions were defined"
|
||||
@ -600,7 +600,7 @@ else
|
||||
fi
|
||||
# repo password
|
||||
if [ -n "${borgConfig[3]}" ]; then
|
||||
echo -e "${op}[$(stamp)] Borg REPO password... OK${normal}" >> "$logFile"
|
||||
echo -e "${op}[$(stamp)] Borg SSH/REPO password... OK${normal}" >> "$logFile"
|
||||
export BORG_PASSPHRASE="${borgConfig[3]}"
|
||||
else
|
||||
exitWarn+=("[$(stamp)]_2111")
|
||||
|
@ -1,8 +1,8 @@
|
||||
<path to borgbackup base directory> /var/borgbackup
|
||||
<path to SSH private key for remote server> /var/borgbackup/sshPrivate.key
|
||||
<connection string to remote repo> user@servername.tld:repoName/
|
||||
<password for repo> pAsSwOrd
|
||||
<path to file listing extra files> /root/NCscripts/xtraLocations.borg
|
||||
<path to file with exclusions> /root/NCscripts/excludeLocations.borg
|
||||
<purge timeframe options> --keep-within=7d --keep-daily=30 --keep-weekly=12 --keep-monthly=-1
|
||||
<location of borg remote instance> borg1
|
||||
<path to borgbackup base directory> /var/borgbackup
|
||||
<path to SSH private key for repo> /var/borgbackup/sshPrivate.key
|
||||
<connection string to remote repo> user@server-number.rsync.net:repoName/
|
||||
<password for SSH key/repo> pAsSwOrd
|
||||
<path to file listing extra files> /root/NCscripts/xtraLocations.borg
|
||||
<path to file with exclusions> /root/NCscripts/excludeLocations.borg
|
||||
<purge timeframe options> --keep-within=7d --keep-daily=30 --keep-weekly=12 --keep-monthly=-1
|
||||
<location of borg remote instance> borg1
|
@ -25,9 +25,9 @@
|
||||
/root/.ssh/
|
||||
/etc/mysql/my.cnf
|
||||
/etc/nginx/
|
||||
/etc/php/7.2/cli/php.ini
|
||||
/etc/php/7.2/fpm/php-fpm.conf
|
||||
/etc/php/7.2/fpm/php.ini
|
||||
/etc/php/7.2/fpm/pool.d/www.conf
|
||||
/etc/php/7.0/cli/php.ini
|
||||
/etc/php/7.0/fpm/php-fpm.conf
|
||||
/etc/php/7.0/fpm/php.ini
|
||||
/etc/php/7.0/fpm/pool.d/www.conf
|
||||
/etc/redis/redis.conf
|
||||
/usr/share/nginx/html/
|
Loading…
Reference in New Issue
Block a user