Compare commits

...

5 Commits

Author SHA1 Message Date
Asif Bacchus
26c5fc1f4f cleared up sample notation for remote server 2019-01-30 09:59:02 -07:00
Asif Bacchus
b5b52a3025 updated readme to clarify ssh vs borg key passwd 2019-01-30 09:58:41 -07:00
Asif Bacchus
2dce78adbe updated sample PHP paths for version 7.2 in xtraLocations 2019-01-30 09:14:00 -07:00
Asif Bacchus
abb2a3983d removed confusing ssh/repo notation in sample nc_borg file 2019-01-30 09:13:15 -07:00
Asif Bacchus
4dc34aa23d removed confusing ssh/repo password references in script 2019-01-30 09:11:51 -07:00
4 changed files with 98 additions and 45 deletions

View File

@ -26,19 +26,23 @@ This script automates the following tasks:
- [Why this script must be run as root](#why-this-script-must-be-run-as-root) - [Why this script must be run as root](#why-this-script-must-be-run-as-root)
- [Script parameters](#script-parameters) - [Script parameters](#script-parameters)
- [Required parameters](#required-parameters) - [Required parameters](#required-parameters)
- [NextCloud data directory: -d _/path/to/data/_](#nextcloud-data-directory--d-_pathtodata_) - [NextCloud data directory: -d _/path/to/data/_](#nextcloud-data-directory--d-pathtodata)
- [NextCloud webroot: -n _/path/to/nextcloud/_](#nextcloud-webroot--n-_pathtonextcloud_) - [NextCloud webroot: -n _/path/to/nextcloud/_](#nextcloud-webroot--n-pathtonextcloud)
- [webuser account: -w _accountName_](#webuser-account--w-_accountname_) - [webuser account: -w _accountName_](#webuser-account--w-accountname)
- [Optional parameters](#optional-parameters) - [Optional parameters](#optional-parameters)
- [Path to 503 error page: -5 _/path/to/filename.html_](#path-to-503-error-page--5-_pathtofilenamehtml_) - [Path to 503 error page: -5 _/path/to/filename.html_](#path-to-503-error-page--5-pathtofilenamehtml)
- [Path to borg details file: -b _/path/to/filename.file_](#path-to-borg-details-file--b-_pathtofilenamefile_) - [Path to borg details file: -b _/path/to/filename.file_](#path-to-borg-details-file--b-pathtofilenamefile)
- [Desired log file location: -l _/path/to/filename.file_](#desired-log-file-location--l-_pathtofilenamefile_) - [Desired log file location: -l _/path/to/filename.file_](#desired-log-file-location--l-pathtofilenamefile)
- [Path to SQL details file: -s _/path/to/filename.file_](#path-to-sql-details-file--s-_pathtofilenamefile_) - [Path to SQL details file: -s _/path/to/filename.file_](#path-to-sql-details-file--s-pathtofilenamefile)
- [Verbose output from borg: -v (no arguments)](#verbose-output-from-borg--v-no-arguments) - [Verbose output from borg: -v (no arguments)](#verbose-output-from-borg--v-no-arguments)
- [Path to webroot: -w _/path/to/webroot/_](#path-to-webroot--w-_pathtowebroot_) - [Path to webroot: -w _/path/to/webroot/_](#path-to-webroot--w-pathtowebroot)
- [Borg details file](#borg-details-file) - [Borg details file](#borg-details-file)
- [Protect your borg details file](#protect-your-borg-details-file) - [Protect your borg details file](#protect-your-borg-details-file)
- [borg specific entries (lines 1-4)](#borg-specific-entries-lines-1-4) - [borg specific entries (lines 1-4)](#borg-specific-entries-lines-1-4)
- [Line 1: Path to borg base directory](#line-1-path-to-borg-base-directory)
- [Line 2: Path to SSH key for remote server](#line-2-path-to-ssh-key-for-remote-server)
- [Line 3: Connection string to remote repo](#line-3-connection-string-to-remote-repo)
- [Line 4: Password for borg repo/repo key](#line-4-password-for-borg-reporepo-key)
- [additional files/directories to backup](#additional-filesdirectories-to-backup) - [additional files/directories to backup](#additional-filesdirectories-to-backup)
- [exclusion patterns](#exclusion-patterns) - [exclusion patterns](#exclusion-patterns)
- [prune timeframe options](#prune-timeframe-options) - [prune timeframe options](#prune-timeframe-options)
@ -201,9 +205,9 @@ example entries. The file must have the following information in the following
order: order:
1. path to borg base directory **(required)** 1. path to borg base directory **(required)**
2. path to ssh private key for repo **(required)** 2. path to ssh private key for remote server **(required)**
3. connection string to remote repo **(required)** 3. connection string to remote repo **(required)**
4. password for ssh key/repo **(required)** 4. password for borg repo/repo key **(required)**
5. path to file listing additional files/directories to backup 5. path to file listing additional files/directories to backup
6. path to file containing borg-specific exclusion patterns 6. path to file containing borg-specific exclusion patterns
7. prune timeframe options 7. prune timeframe options
@ -226,10 +230,59 @@ chmod 600 nc_borg.details # restrict access to root only (read/write)
If you need help with these options, then you should consult the borg If you need help with these options, then you should consult the borg
documentation or search my blog at documentation or search my blog at
[https://mytechiethoughts.com](https://mytechiethoughts.com) for borg. This is [https://mytechiethoughts.com](https://mytechiethoughts.com) for borg. Here's a
especially true if you want to understand why an SSH key and passphrase are very brief overview:
preferred and why just a passphrase on it's own presents problems automating
borg backups. #### Line 1: Path to borg base directory
This is primary directory on your local system where your borg configuration is
located, **NOT* the path to your borg binary. The base directory contains the
borg configuration, cache, security files and keys.
#### Line 2: Path to SSH key for remote server
This is the SSH key used to connect to your remote (backup) server where your
borg repo is located. **This is NOT your borg repo key!**
> Please note: If you are planning on executing this script via cron or some
> other form of automation, it is *highly recommended* that you use an SSH key
> **without** a password! SSH is designed such that passwords cannot simply be
> passed to it via environment variables, etc. so this is something not easily
> automated by a script such as this for security reasons. As such, your
> computer will sit and wait for you to enter the password and will NOT execute
> the actual backup portion of the script until the SSH key password is provided.
>
> If you really want/need to use an SSH key password, you will have to look into
> somethign like GNOME keyring or SSH-agent to provide a secure automated way to
> provide that password to SSH and allow this script to continue.
>
> In practice, SSH keys without passwords are still quite safe since the key
> must still be known in order to connect and most keys are quite long. In
> addition, they key only connects to the remote server, your actual information
> within the borg repository is still encrypted and secured with both a key and
> password.
#### Line 3: Connection string to remote repo
This is the full server and path required to connect to your borg repo on the
remote server. Very often it is the in the form of:
```
user@servername.tld:repo-name/
```
for rsync.net it is in the following form:
```
username@server-number.rsync.net:repo-name/
```
#### Line 4: Password for borg repo/repo key
This is the password needed to access and decrypt your *borg repo*. Assuming
you set up your borg repo using recommended practices, this will actually be the
password for your *borg repo private key*. **This is NOT your SSH key
password!**
### additional files/directories to backup ### additional files/directories to backup

View File

@ -277,7 +277,7 @@ warningExplain[5032]="The specified webroot (-w parameter) could not be found"
warningExplain[5033]="No 503 error page could be found. If not using the default located in the script directory, then check your -5 parameter" warningExplain[5033]="No 503 error page could be found. If not using the default located in the script directory, then check your -5 parameter"
warningExplain[5035]="Error copying 503 error page to webroot" warningExplain[5035]="Error copying 503 error page to webroot"
warn503="Web users will NOT be informed the server is down!" warn503="Web users will NOT be informed the server is down!"
warningExplain[2111]="No password used for SSH keys or access to remote borg repo. This is an insecure configuration" warningExplain[2111]="No password used for access to remote borg repo. This is an insecure configuration"
warningExplain[2112]="No remote borg instance specified. Operations will be slower in this configuration" warningExplain[2112]="No remote borg instance specified. Operations will be slower in this configuration"
warningExplain[2113]="The specified file containing extra files for inclusion in borgbackup could not be found" warningExplain[2113]="The specified file containing extra files for inclusion in borgbackup could not be found"
warningExplain[2114]="The specified file containing exclusion patterns for borgbackup could not be found. Backup was performed as though NO exclusions were defined" warningExplain[2114]="The specified file containing exclusion patterns for borgbackup could not be found. Backup was performed as though NO exclusions were defined"
@ -600,7 +600,7 @@ else
fi fi
# repo password # repo password
if [ -n "${borgConfig[3]}" ]; then if [ -n "${borgConfig[3]}" ]; then
echo -e "${op}[$(stamp)] Borg SSH/REPO password... OK${normal}" >> "$logFile" echo -e "${op}[$(stamp)] Borg REPO password... OK${normal}" >> "$logFile"
export BORG_PASSPHRASE="${borgConfig[3]}" export BORG_PASSPHRASE="${borgConfig[3]}"
else else
exitWarn+=("[$(stamp)]_2111") exitWarn+=("[$(stamp)]_2111")

View File

@ -1,7 +1,7 @@
<path to borgbackup base directory> /var/borgbackup <path to borgbackup base directory> /var/borgbackup
<path to SSH private key for repo> /var/borgbackup/sshPrivate.key <path to SSH private key for remote server> /var/borgbackup/sshPrivate.key
<connection string to remote repo> user@server-number.rsync.net:repoName/ <connection string to remote repo> user@servername.tld:repoName/
<password for SSH key/repo> pAsSwOrd <password for repo> pAsSwOrd
<path to file listing extra files> /root/NCscripts/xtraLocations.borg <path to file listing extra files> /root/NCscripts/xtraLocations.borg
<path to file with exclusions> /root/NCscripts/excludeLocations.borg <path to file with exclusions> /root/NCscripts/excludeLocations.borg
<purge timeframe options> --keep-within=7d --keep-daily=30 --keep-weekly=12 --keep-monthly=-1 <purge timeframe options> --keep-within=7d --keep-daily=30 --keep-weekly=12 --keep-monthly=-1

View File

@ -25,9 +25,9 @@
/root/.ssh/ /root/.ssh/
/etc/mysql/my.cnf /etc/mysql/my.cnf
/etc/nginx/ /etc/nginx/
/etc/php/7.0/cli/php.ini /etc/php/7.2/cli/php.ini
/etc/php/7.0/fpm/php-fpm.conf /etc/php/7.2/fpm/php-fpm.conf
/etc/php/7.0/fpm/php.ini /etc/php/7.2/fpm/php.ini
/etc/php/7.0/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/www.conf
/etc/redis/redis.conf /etc/redis/redis.conf
/usr/share/nginx/html/ /usr/share/nginx/html/