Well I finally took a leap and decided to attempt my own automated backup of my web server. I thought it may take me a while before I would have a working version of it, but not for the reasons it did. Here are the steps I took to get my web sever backing up automagically (meaning it does not ask for a password when using SSH nor SCP) to my off site backup server at my home.
Here is the script I used to set up as a crontab. I found this useful script here:
http://www.cyberciti.biz/faq/how-to-back-up-a-web-server/
#!/bin/bash # A Simple Shell Script to Backup Red Hat / CentOS / Fedora / Debian / Ubuntu Apache Webserver and SQL Database # Path to backup directories DIRS="/home/vivek/ /var/www/html/ /etc" # Store todays date NOW=$(date +"%F") # Store backup path BACKUP="/backup/$NOW" # Backup file name hostname.time.tar.gz BFILE="$(hostname).$(date +'%T').tar.gz" PFILE="$(hostname).$(date +'%T').pg.sql.gz" MFILE="$(hostname).$(date +'%T').mysql.sq.gz" # Set Pgsql username PGSQLUSER="vivek" # Set MySQL username and password MYSQLUSER="vivek" MYSQLPASSWORD="myPassword" # Remote SSH server setup SSHSERVER="backup.example.com" # your remote ssh server SSHUSER="vivek" # username SSHDUMPDIR="/backup/remote" # remote ssh server directory to store dumps # Paths for binary files TAR="/bin/tar" PGDUMP="/usr/bin/pg_dump" MYSQLDUMP="/usr/bin/mysqldump" GZIP="/bin/gzip" SCP="/usr/bin/scp" SSH="/usr/bin/ssh" LOGGER="/usr/bin/logger" # make sure backup directory exists [ ! -d $BACKUP ] && mkdir -p ${BACKUP} # Log backup start time in /var/log/messages $LOGGER "$0: *** Backup started @ $(date) ***" # Backup websever dirs $TAR -zcvf ${BACKUP}/${BFILE} "${DIRS}" # Backup PgSQL $PGDUMP -x -D -U${PGSQLUSER} | $GZIP -c > ${BACKUP}/${PFILE} # Backup MySQL $MYSQLDUMP -u ${MYSQLUSER} -h localhost -p${MYSQLPASSWORD} --all-databases | $GZIP -9 > ${BACKUP}/${MFILE} # Dump all local files to failsafe remote UNIX ssh server / home server $SSH ${SSHUSER}@${SSHSERVER} mkdir -p ${SSHDUMPDIR}/${NOW} $SCP -r ${BACKUP}/* ${SSHUSER}@${SSHSERVER}:${SSHDUMPDIR}/${NOW} # Log backup end time in /var/log/messages $LOGGER "$0: *** Backup Ended @ $(date) ***" |
This section has been generated by some great help from this website:
http://www.cyberciti.biz/faq/how-to-back-up-a-web-server/
First, you need root access to the server you want to back up. Log in as any other user (not root), then sudo log in as root. Type this command:
$ ssh-keygen -t dsa |
Now, just press the enter key to save the key. When it asks for a password, press enter twice (since we are automating it we do not want to use a password). It will look something like this:
Enter file in which to save the key (/root/.ssh/id_dsa): Press [Enter] key Enter passphrase (empty for no passphrase): Press [Enter] key Enter same passphrase again: Press [Enter] key Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01 user@user-desktop |
Note: IMPORTANT, never, under any circumstances, do you ever give out your private key!
Next, lets make sure the .ssh directory has the correct permissions:
$ cd /root/ $ chmod 755 .ssh |
The time is now when we need to copy the public key to the server that will house our backups.
$ scp ~/.ssh/id_dsa.pub user@backupserver.com:.ssh/authorized_keys |
It is time to log on to the server that will house our backups and make some changes. IMPORTANT! Log in as the user that will accept the SCP transfer! First we need to make sure our permissions are set correctly to our authorized_keys file:
$ chmod 600 ~/.ssh/authorized_keys |
This is the next gem of the whole thing. While still logged in on the server you are going to backup, type these commands in order:
$ exec /usr/bin/ssh-agent $SHELL $ ssh-add |
You may get this:
Enter passphrase for /root/.ssh/id_dsa: Identity added: /root/.ssh/id_dsa (/root/.ssh/id_dsa) |
If you do, just press enter when asked for a passphrase.
That’s it… I have a feeling I will be doing this with a Windows machine in the near future. When the the feat is accomplished I shall update this post!
