Compare commits
8 Commits
NextCloudB
...
master
Author | SHA1 | Date |
---|---|---|
Asif Bacchus | 8efaed6bb7 | |
Asif Bacchus | ec36c5ca12 | |
Asif Bacchus | 3b7722ab56 | |
Asif Bacchus | 26c5fc1f4f | |
Asif Bacchus | b5b52a3025 | |
Asif Bacchus | 2dce78adbe | |
Asif Bacchus | abb2a3983d | |
Asif Bacchus | 4dc34aa23d |
115
README.md
115
README.md
|
@ -25,36 +25,40 @@ This script automates the following tasks:
|
|||
- [Environment notes](#environment-notes)
|
||||
- [Why this script must be run as root](#why-this-script-must-be-run-as-root)
|
||||
- [Script parameters](#script-parameters)
|
||||
- [Required parameters](#required-parameters)
|
||||
- [NextCloud data directory: -d _/path/to/data/_](#nextcloud-data-directory--d-_pathtodata_)
|
||||
- [NextCloud webroot: -n _/path/to/nextcloud/_](#nextcloud-webroot--n-_pathtonextcloud_)
|
||||
- [webuser account: -w _accountName_](#webuser-account--w-_accountname_)
|
||||
- [Optional parameters](#optional-parameters)
|
||||
- [Path to 503 error page: -5 _/path/to/filename.html_](#path-to-503-error-page--5-_pathtofilenamehtml_)
|
||||
- [Path to borg details file: -b _/path/to/filename.file_](#path-to-borg-details-file--b-_pathtofilenamefile_)
|
||||
- [Desired log file location: -l _/path/to/filename.file_](#desired-log-file-location--l-_pathtofilenamefile_)
|
||||
- [Path to SQL details file: -s _/path/to/filename.file_](#path-to-sql-details-file--s-_pathtofilenamefile_)
|
||||
- [Verbose output from borg: -v (no arguments)](#verbose-output-from-borg--v-no-arguments)
|
||||
- [Path to webroot: -w _/path/to/webroot/_](#path-to-webroot--w-_pathtowebroot_)
|
||||
- [Required parameters](#required-parameters)
|
||||
- [NextCloud data directory: -d _/path/to/data/_](#nextcloud-data-directory--d-pathtodata)
|
||||
- [NextCloud webroot: -n _/path/to/nextcloud/_](#nextcloud-webroot--n-pathtonextcloud)
|
||||
- [webuser account: -w _accountName_](#webuser-account--w-accountname)
|
||||
- [Optional parameters](#optional-parameters)
|
||||
- [Path to 503 error page: -5 _/path/to/filename.html_](#path-to-503-error-page--5-pathtofilenamehtml)
|
||||
- [Path to borg details file: -b _/path/to/filename.file_](#path-to-borg-details-file--b-pathtofilenamefile)
|
||||
- [Desired log file location: -l _/path/to/filename.file_](#desired-log-file-location--l-pathtofilenamefile)
|
||||
- [Path to SQL details file: -s _/path/to/filename.file_](#path-to-sql-details-file--s-pathtofilenamefile)
|
||||
- [Verbose output from borg: -v (no arguments)](#verbose-output-from-borg--v-no-arguments)
|
||||
- [Path to webroot: -w _/path/to/webroot/_](#path-to-webroot--w-pathtowebroot)
|
||||
- [Borg details file](#borg-details-file)
|
||||
- [Protect your borg details file](#protect-your-borg-details-file)
|
||||
- [borg specific entries (lines 1-4)](#borg-specific-entries-lines-1-4)
|
||||
- [additional files/directories to backup](#additional-filesdirectories-to-backup)
|
||||
- [exclusion patterns](#exclusion-patterns)
|
||||
- [prune timeframe options](#prune-timeframe-options)
|
||||
- [borg remote location](#borg-remote-location)
|
||||
- [Examples](#examples)
|
||||
- [Protect your borg details file](#protect-your-borg-details-file)
|
||||
- [borg specific entries (lines 1-4)](#borg-specific-entries-lines-1-4)
|
||||
- [Line 1: Path to borg base directory](#line-1-path-to-borg-base-directory)
|
||||
- [Line 2: Path to SSH key for remote server](#line-2-path-to-ssh-key-for-remote-server)
|
||||
- [Line 3: Connection string to remote repo](#line-3-connection-string-to-remote-repo)
|
||||
- [Line 4: Password for borg repo/repo key](#line-4-password-for-borg-reporepo-key)
|
||||
- [additional files/directories to backup](#additional-filesdirectories-to-backup)
|
||||
- [exclusion patterns](#exclusion-patterns)
|
||||
- [prune timeframe options](#prune-timeframe-options)
|
||||
- [borg remote location](#borg-remote-location)
|
||||
- [Examples](#examples)
|
||||
- [SQL details file](#sql-details-file)
|
||||
- [Protect your sql details file](#protect-your-sql-details-file)
|
||||
- [Protect your sql details file](#protect-your-sql-details-file)
|
||||
- [503 functionality](#503-functionality)
|
||||
- [Conditional forwarding by your webserver](#conditional-forwarding-by-your-webserver)
|
||||
- [NGINX](#nginx)
|
||||
- [Apache](#apache)
|
||||
- [Disabling 503 functionality altogether](#disabling-503-functionality-altogether)
|
||||
- [Conditional forwarding by your webserver](#conditional-forwarding-by-your-webserver)
|
||||
- [NGINX](#nginx)
|
||||
- [Apache](#apache)
|
||||
- [Disabling 503 functionality altogether](#disabling-503-functionality-altogether)
|
||||
- [Scheduling: Cron](#scheduling-cron)
|
||||
- [The log file](#the-log-file)
|
||||
- [Using Logwatch](#using-logwatch)
|
||||
- [Remember to rotate your logs](#remember-to-rotate-your-logs)
|
||||
- [Using Logwatch](#using-logwatch)
|
||||
- [Remember to rotate your logs](#remember-to-rotate-your-logs)
|
||||
- [Final notes](#final-notes)
|
||||
|
||||
## Installation/copying
|
||||
|
@ -201,9 +205,9 @@ example entries. The file must have the following information in the following
|
|||
order:
|
||||
|
||||
1. path to borg base directory **(required)**
|
||||
2. path to ssh private key for repo **(required)**
|
||||
2. path to ssh private key for remote server **(required)**
|
||||
3. connection string to remote repo **(required)**
|
||||
4. password for ssh key/repo **(required)**
|
||||
4. password for borg repo/repo key **(required)**
|
||||
5. path to file listing additional files/directories to backup
|
||||
6. path to file containing borg-specific exclusion patterns
|
||||
7. prune timeframe options
|
||||
|
@ -226,10 +230,59 @@ chmod 600 nc_borg.details # restrict access to root only (read/write)
|
|||
|
||||
If you need help with these options, then you should consult the borg
|
||||
documentation or search my blog at
|
||||
[https://mytechiethoughts.com](https://mytechiethoughts.com) for borg. This is
|
||||
especially true if you want to understand why an SSH key and passphrase are
|
||||
preferred and why just a passphrase on it's own presents problems automating
|
||||
borg backups.
|
||||
[https://mytechiethoughts.com](https://mytechiethoughts.com) for borg. Here's a
|
||||
very brief overview:
|
||||
|
||||
#### Line 1: Path to borg base directory
|
||||
|
||||
This is primary directory on your local system where your borg configuration is
|
||||
located, **NOT* the path to your borg binary. The base directory contains the
|
||||
borg configuration, cache, security files and keys.
|
||||
|
||||
#### Line 2: Path to SSH key for remote server
|
||||
|
||||
This is the SSH key used to connect to your remote (backup) server where your
|
||||
borg repo is located. **This is NOT your borg repo key!**
|
||||
|
||||
> Please note: If you are planning on executing this script via cron or some
|
||||
> other form of automation, it is *highly recommended* that you use an SSH key
|
||||
> **without** a password! SSH is designed such that passwords cannot simply be
|
||||
> passed to it via environment variables, etc. so this is something not easily
|
||||
> automated by a script such as this for security reasons. As such, your
|
||||
> computer will sit and wait for you to enter the password and will NOT execute
|
||||
> the actual backup portion of the script until the SSH key password is provided.
|
||||
>
|
||||
> If you really want/need to use an SSH key password, you will have to look into
|
||||
> somethign like GNOME keyring or SSH-agent to provide a secure automated way to
|
||||
> provide that password to SSH and allow this script to continue.
|
||||
>
|
||||
> In practice, SSH keys without passwords are still quite safe since the key
|
||||
> must still be known in order to connect and most keys are quite long. In
|
||||
> addition, they key only connects to the remote server, your actual information
|
||||
> within the borg repository is still encrypted and secured with both a key and
|
||||
> password.
|
||||
|
||||
#### Line 3: Connection string to remote repo
|
||||
|
||||
This is the full server and path required to connect to your borg repo on the
|
||||
remote server. Very often it is the in the form of:
|
||||
|
||||
```
|
||||
user@servername.tld:repo-name/
|
||||
```
|
||||
|
||||
for rsync.net it is in the following form:
|
||||
|
||||
```
|
||||
username@server-number.rsync.net:repo-name/
|
||||
```
|
||||
|
||||
#### Line 4: Password for borg repo/repo key
|
||||
|
||||
This is the password needed to access and decrypt your *borg repo*. Assuming
|
||||
you set up your borg repo using recommended practices, this will actually be the
|
||||
password for your *borg repo private key*. **This is NOT your SSH key
|
||||
password!**
|
||||
|
||||
### additional files/directories to backup
|
||||
|
||||
|
|
|
@ -120,7 +120,7 @@ function quit {
|
|||
for errCode in "${exitError[@]}"; do
|
||||
errStamp="${errCode%%_*}"
|
||||
errValue="${errCode##*_}"
|
||||
echo -e "${err}${errStamp}-- [ERROR] ${errorExplain[$errValue]}" \
|
||||
echo -e "${err}${errStamp} -- [ERROR] ${errorExplain[$errValue]}" \
|
||||
"(code: ${errValue}) --${normal}" >> "$logFile"
|
||||
done
|
||||
exit 2
|
||||
|
@ -151,7 +151,7 @@ function checkExist {
|
|||
|
||||
### ncMaint - pass requested mode change type to NextCloud occ
|
||||
function ncMaint {
|
||||
sudo -u ${webUser} php ${ncRoot}/occ maintenance:mode --$1 \
|
||||
sudo -u "${webUser}" php "${ncRoot}/occ" maintenance:mode --"$1" \
|
||||
>> "$logFile" 2>&1
|
||||
maintResult="$?"
|
||||
return "$maintResult"
|
||||
|
@ -277,7 +277,7 @@ warningExplain[5032]="The specified webroot (-w parameter) could not be found"
|
|||
warningExplain[5033]="No 503 error page could be found. If not using the default located in the script directory, then check your -5 parameter"
|
||||
warningExplain[5035]="Error copying 503 error page to webroot"
|
||||
warn503="Web users will NOT be informed the server is down!"
|
||||
warningExplain[2111]="No password used for SSH keys or access to remote borg repo. This is an insecure configuration"
|
||||
warningExplain[2111]="No password used for access to remote borg repo. This is an insecure configuration"
|
||||
warningExplain[2112]="No remote borg instance specified. Operations will be slower in this configuration"
|
||||
warningExplain[2113]="The specified file containing extra files for inclusion in borgbackup could not be found"
|
||||
warningExplain[2114]="The specified file containing exclusion patterns for borgbackup could not be found. Backup was performed as though NO exclusions were defined"
|
||||
|
@ -381,8 +381,8 @@ if [ -z "$webUser" ]; then
|
|||
exit 1
|
||||
# Check if supplied webUser account exists
|
||||
elif [ -n "$webUser" ]; then
|
||||
user_exists=$(id -u $webUser > /dev/null 2>&1; echo $?)
|
||||
if [ $user_exists -ne 0 ]; then
|
||||
user_exists=$(id -u "$webUser" > /dev/null 2>&1; echo $?)
|
||||
if [ "$user_exists" -ne 0 ]; then
|
||||
echo -e "\n${err}The supplied webuser account (-u parameter) does not" \
|
||||
"exist.${normal}\n"
|
||||
exit 1
|
||||
|
@ -429,9 +429,9 @@ fi
|
|||
|
||||
|
||||
### Log start of script operations
|
||||
echo -e "${note}[$(stamp)]--- Start $scriptName execution ---${normal}" \
|
||||
echo -e "${note}[$(stamp)] --- Start $scriptName execution ---${normal}" \
|
||||
>> "$logFile"
|
||||
echo -e "${info}[$(stamp)]-- [INFO] Log file located at ${lit}${logFile}${info}" \
|
||||
echo -e "${info}[$(stamp)] -- [INFO] Log file located at ${lit}${logFile}${info}" \
|
||||
"--${normal}" >> "$logFile"
|
||||
|
||||
|
||||
|
@ -600,7 +600,7 @@ else
|
|||
fi
|
||||
# repo password
|
||||
if [ -n "${borgConfig[3]}" ]; then
|
||||
echo -e "${op}[$(stamp)] Borg SSH/REPO password... OK${normal}" >> "$logFile"
|
||||
echo -e "${op}[$(stamp)] Borg REPO password... OK${normal}" >> "$logFile"
|
||||
export BORG_PASSPHRASE="${borgConfig[3]}"
|
||||
else
|
||||
exitWarn+=("[$(stamp)]_2111")
|
||||
|
@ -706,17 +706,17 @@ if [ -z "$borgExclude" ]; then
|
|||
echo -e "${info}[$(stamp)] --[INFO] Executing borg without exclusions --" \
|
||||
"${normal}" >> "$logFile"
|
||||
borg --show-rc create ${borgCreateParams} ::`date +%Y-%m-%d_%H%M%S` \
|
||||
${xtraFiles[@]} \
|
||||
${sqlDumpDir} ${ncDataDir} \
|
||||
"${xtraFiles[@]}" \
|
||||
"${sqlDumpDir}" "${ncDataDir}" \
|
||||
2>> "$logFile"
|
||||
else
|
||||
# borgExclude is not empty
|
||||
echo -e "${info}[$(stamp)] --[INFO] Executing borg with exclusions --" \
|
||||
"${normal}" >> "$logFile"
|
||||
borg --show-rc create ${borgCreateParams} --exclude-from ${borgExclude} \
|
||||
borg --show-rc create ${borgCreateParams} --exclude-from "${borgExclude}" \
|
||||
::`date +%Y-%m-%d_%H%M%S` \
|
||||
${xtraFiles[@]} \
|
||||
${sqlDumpDir} ${ncDataDir} \
|
||||
"${xtraFiles[@]}" \
|
||||
"${sqlDumpDir}" "${ncDataDir}" \
|
||||
2>> "$logFile"
|
||||
fi
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
<path to borgbackup base directory> /var/borgbackup
|
||||
<path to SSH private key for repo> /var/borgbackup/sshPrivate.key
|
||||
<connection string to remote repo> user@server-number.rsync.net:repoName/
|
||||
<password for SSH key/repo> pAsSwOrd
|
||||
<path to file listing extra files> /root/NCscripts/xtraLocations.borg
|
||||
<path to file with exclusions> /root/NCscripts/excludeLocations.borg
|
||||
<purge timeframe options> --keep-within=7d --keep-daily=30 --keep-weekly=12 --keep-monthly=-1
|
||||
<location of borg remote instance> borg1
|
||||
<path to borgbackup base directory> /var/borgbackup
|
||||
<path to SSH private key for remote server> /var/borgbackup/sshPrivate.key
|
||||
<connection string to remote repo> user@servername.tld:repoName/
|
||||
<password for repo> pAsSwOrd
|
||||
<path to file listing extra files> /root/NCscripts/xtraLocations.borg
|
||||
<path to file with exclusions> /root/NCscripts/excludeLocations.borg
|
||||
<purge timeframe options> --keep-within=7d --keep-daily=30 --keep-weekly=12 --keep-monthly=-1
|
||||
<location of borg remote instance> borg1
|
|
@ -25,9 +25,9 @@
|
|||
/root/.ssh/
|
||||
/etc/mysql/my.cnf
|
||||
/etc/nginx/
|
||||
/etc/php/7.0/cli/php.ini
|
||||
/etc/php/7.0/fpm/php-fpm.conf
|
||||
/etc/php/7.0/fpm/php.ini
|
||||
/etc/php/7.0/fpm/pool.d/www.conf
|
||||
/etc/php/7.2/cli/php.ini
|
||||
/etc/php/7.2/fpm/php-fpm.conf
|
||||
/etc/php/7.2/fpm/php.ini
|
||||
/etc/php/7.2/fpm/pool.d/www.conf
|
||||
/etc/redis/redis.conf
|
||||
/usr/share/nginx/html/
|
Loading…
Reference in New Issue