mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 02:35:12 +00:00
Merge pull request 'USB device backup removed from easyinstall folder' (#39) from dragondaddy/streams:easyinstall into dev
Reviewed-on: https://codeberg.org/streams/streams/pulls/39
This commit is contained in:
commit
861b0bf2d3
3 changed files with 1 additions and 194 deletions
|
@ -18,7 +18,6 @@ Before you start, make sure you have the following:
|
|||
+ Create a database for your website
|
||||
+ Run certbot to have a secure connection (http*s*)
|
||||
+ Create a script for daily maintenance:
|
||||
- backup to external disk (certificates, database, /var/www/) - Optional
|
||||
- renew certfificate (Let’s Encrypt)
|
||||
- update of your website software (git)
|
||||
- update of your Debian operating system
|
||||
|
@ -40,12 +39,6 @@ If you plan to run your website on a computer at home, you may have to deal with
|
|||
|
||||
- selfHOST.de is a german (and german speaking only) registrar. If you have an account and buy a domain there, you will need to provide an ID & password to use the setup script’s DDNS configuration.
|
||||
|
||||
### USB drive backup
|
||||
|
||||
As of April 2022, this is the only automated backup system you can configure with the setup-script. It is only accessible if you use the manually edited config file method (hopefully it should soon be available in the beginner-friendly interface).
|
||||
|
||||
This only works if you have physical access to the machine where your website is running, you can not use this backup system with a distant computer/server. A solution for distant backups would certainly be a good idea, feel free to work on this if you have the skills to do so.
|
||||
|
||||
### Note on Rasperry Pi install
|
||||
|
||||
It is recommended to run the Raspi without graphical frontend. Use the following command to boot the Raspi in console mode only:
|
||||
|
|
|
@ -71,63 +71,6 @@ ddns_id=
|
|||
ddns_password=
|
||||
|
||||
|
||||
###############################################
|
||||
### OPTIONAL - Backup to external device ######
|
||||
#
|
||||
# The script can use an external device for the daily backup.
|
||||
# The file system of the device (USB stick for example) must be compatible with
|
||||
#
|
||||
# - encrypted LUKS + ext4, or
|
||||
# - ext4
|
||||
#
|
||||
# You should test to mount the device before you run the script
|
||||
# (server-setup.sh).
|
||||
# How to find your (pluged-in) devices?
|
||||
#
|
||||
# fdisk -l
|
||||
#
|
||||
# Provided your device was listed as is /dev/sdb1. You could check with:
|
||||
#
|
||||
# blkid | grep /dev/sdb1
|
||||
#
|
||||
# Try to decrypt
|
||||
# (You might install cryptsetup befor using apt-get install.
|
||||
#
|
||||
# apt-get install cryptsetup
|
||||
# cryptsetup luksOpen /dev/sdb1 cryptobackup
|
||||
#
|
||||
# Try to mount
|
||||
# You might create the directory /media/hubzilla_backup it it does not exist
|
||||
# using mkdir.
|
||||
#
|
||||
# mkdir /media/hubzilla_backup
|
||||
# mount /dev/mapper/cryptobackup /media/hubzilla_backup
|
||||
#
|
||||
# Unmounting device goes like this
|
||||
#
|
||||
# umount /media/hubzilla_backup
|
||||
# cryptsetup luksClose cryptobackup
|
||||
#
|
||||
# To check if still mounted
|
||||
#
|
||||
# lsof /media/hubzilla_backup
|
||||
#
|
||||
# If you leave the following parameters
|
||||
#
|
||||
# - "backup_device_name" and
|
||||
# - "backup_device_pass"
|
||||
#
|
||||
# empty the script will create daily backups on the internal disk (which could
|
||||
# save you as well).
|
||||
#
|
||||
# Example: backup_device_name=/dev/sdc1
|
||||
#
|
||||
# Leave "backup_device_pass=" empty if the external device is not encrypted.
|
||||
#
|
||||
backup_device_name=
|
||||
backup_device_pass=
|
||||
|
||||
|
||||
###############################################
|
||||
### OPTIONAL - do not mess with things below ##
|
||||
# (...if you are not certain)
|
||||
|
|
|
@ -34,7 +34,6 @@
|
|||
# * "Run.php" for regular background processes of your website
|
||||
# * "apt-get update" and "apt-get dist-upgrade" and "apt-get autoremove" to keep linux up-to-date
|
||||
# * optionally run command to keep the IP up-to-date > DynDNS provided by selfHOST.de or freedns.afraid.org
|
||||
# * optionally backup your server's database and files (rsync)
|
||||
# - run letsencrypt to create, register and use a certifacte for https
|
||||
#
|
||||
#
|
||||
|
@ -45,25 +44,6 @@
|
|||
# - The script runs into installation errors for phpmyadmin if it uses
|
||||
# different passwords. For the sake of simplicity one single password.
|
||||
#
|
||||
# Daily backup
|
||||
# ------------
|
||||
#
|
||||
# The installation
|
||||
# - writes a shell script in /var/www/
|
||||
# - creates a daily cron that runs this script
|
||||
#
|
||||
# The script makes a (daily) backup of all relevant files
|
||||
# - /var/lib/mysql/ > database
|
||||
# - /var/www/ > your websites
|
||||
# - /etc/letsencrypt/ > certificates
|
||||
#
|
||||
# The backup will be written on an external disk compatible to LUKS+ext4 (see server-config.txt)
|
||||
#
|
||||
# How to restore from backup
|
||||
# --------------------------
|
||||
#
|
||||
# (Some explanations here would certainly be useful)
|
||||
#
|
||||
#
|
||||
# Credits
|
||||
# -------
|
||||
|
@ -108,47 +88,6 @@ function check_config {
|
|||
then
|
||||
die "le_domain not set in $configfile"
|
||||
fi
|
||||
# backup is important and should be checked
|
||||
if [ -n "$backup_device_name" ]
|
||||
then
|
||||
if [ ! -d "$backup_mount_point" ]
|
||||
then
|
||||
mkdir "$backup_mount_point"
|
||||
fi
|
||||
device_mounted=0
|
||||
if fdisk -l | grep -i "$backup_device_name.*linux"
|
||||
then
|
||||
print_info "ok - filesystem of external device is linux"
|
||||
if [ -n "$backup_device_pass" ]
|
||||
then
|
||||
echo "$backup_device_pass" | cryptsetup luksOpen $backup_device_name cryptobackup
|
||||
if mount /dev/mapper/cryptobackup /media/server_backup
|
||||
then
|
||||
device_mounted=1
|
||||
print_info "ok - could encrypt and mount external backup device"
|
||||
umount /media/server_backup
|
||||
else
|
||||
print_warn "backup to external device will fail because encryption failed"
|
||||
fi
|
||||
cryptsetup luksClose cryptobackup
|
||||
else
|
||||
if mount $backup_device_name /media/server_backup
|
||||
then
|
||||
device_mounted=1
|
||||
print_info "ok - could mount external backup device"
|
||||
umount /media/server_backup
|
||||
else
|
||||
print_warn "backup to external device will fail because mount failed"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
print_warn "backup to external device will fail because filesystem is either not linux or 'backup_device_name' is not correct in $configfile"
|
||||
fi
|
||||
if [ $device_mounted == 0 ]
|
||||
then
|
||||
die "backup device not ready"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
function die {
|
||||
|
@ -560,16 +499,6 @@ function install_website {
|
|||
print_info "installed addons"
|
||||
}
|
||||
|
||||
function install_rsync {
|
||||
print_info "installing rsync..."
|
||||
nocheck_install "rsync"
|
||||
}
|
||||
|
||||
function install_cryptosetup {
|
||||
print_info "installing cryptsetup..."
|
||||
nocheck_install "cryptsetup"
|
||||
}
|
||||
|
||||
function configure_daily_update {
|
||||
echo "#!/bin/sh" >> /var/www/$daily_update
|
||||
echo "#" >> /var/www/$daily_update
|
||||
|
@ -596,7 +525,6 @@ function configure_cron_daily {
|
|||
# Run external script daily at 05:30
|
||||
# - stop apache/nginx and mysql-server
|
||||
# - renew the certificate of letsencrypt
|
||||
# - backup db, files ($install_path), certificates if letsencrypt
|
||||
# - update repository core and addon
|
||||
# - update and upgrade linux
|
||||
# - reboot is done by "shutdown -h now" because "reboot" hangs sometimes depending on the system
|
||||
|
@ -618,59 +546,6 @@ function configure_cron_daily {
|
|||
echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$cron_job
|
||||
echo "certbot renew --noninteractive" >> /var/www/$cron_job
|
||||
echo "#" >> /var/www/$cron_job
|
||||
echo "# backup" >> /var/www/$cron_job
|
||||
echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$cron_job
|
||||
echo "backup_device_name=$backup_device_name" >> /var/www/$cron_job
|
||||
echo "backup_device_pass=$backup_device_pass" >> /var/www/$cron_job
|
||||
echo "backup_mount_point=$backup_mount_point" >> /var/www/$cron_job
|
||||
echo "device_mounted=0" >> /var/www/$cron_job
|
||||
echo "if [ -n \"\$backup_device_name\" ]" >> /var/www/$cron_job
|
||||
echo "then" >> /var/www/$cron_job
|
||||
echo " if blkid | grep $backup_device_name" >> /var/www/$cron_job
|
||||
echo " then" >> /var/www/$cron_job
|
||||
if [ -n "$backup_device_pass" ]
|
||||
then
|
||||
echo " echo \"decrypting backup device...\"" >> /var/www/$cron_job
|
||||
echo " echo "\"$backup_device_pass\"" | cryptsetup luksOpen $backup_device_name cryptobackup" >> /var/www/$cron_job
|
||||
fi
|
||||
echo " if [ ! -d $backup_mount_point ]" >> /var/www/$cron_job
|
||||
echo " then" >> /var/www/$cron_job
|
||||
echo " mkdir $backup_mount_point" >> /var/www/$cron_job
|
||||
echo " fi" >> /var/www/$cron_job
|
||||
echo " echo \"mounting backup device...\"" >> /var/www/$cron_job
|
||||
if [ -n "$backup_device_pass" ]
|
||||
then
|
||||
echo " if mount /dev/mapper/cryptobackup $backup_mount_point" >> /var/www/$cron_job
|
||||
else
|
||||
echo " if mount $backup_device_name $backup_mount_point" >> /var/www/$cron_job
|
||||
fi
|
||||
echo " then" >> /var/www/$cron_job
|
||||
echo " device_mounted=1" >> /var/www/$cron_job
|
||||
echo " echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$cron_job
|
||||
echo " rsync -a --delete /var/lib/mysql/ /media/repository_backup/mysql" >> /var/www/$cron_job
|
||||
echo " rsync -a --delete /var/www/ /media/repository_backup/www" >> /var/www/$cron_job
|
||||
echo " rsync -a --delete /etc/letsencrypt/ /media/repository_backup/letsencrypt" >> /var/www/$cron_job
|
||||
echo " echo \"\$(date) - disk sizes...\"" >> /var/www/$cron_job
|
||||
echo " df -h" >> /var/www/$cron_job
|
||||
echo " echo \"\$(date) - db size...\"" >> /var/www/$cron_job
|
||||
echo " du -h $backup_mount_point | grep mysql/repository" >> /var/www/$cron_job
|
||||
echo " echo \"unmounting backup device...\"" >> /var/www/$cron_job
|
||||
echo " umount $backup_mount_point" >> /var/www/$cron_job
|
||||
echo " else" >> /var/www/$cron_job
|
||||
echo " echo \"failed to mount device $backup_device_name\"" >> /var/www/$cron_job
|
||||
echo " fi" >> /var/www/$cron_job
|
||||
if [ -n "$backup_device_pass" ]
|
||||
then
|
||||
echo " echo \"closing decrypted backup device...\"" >> /var/www/$cron_job
|
||||
echo " cryptsetup luksClose cryptobackup" >> /var/www/$cron_job
|
||||
fi
|
||||
echo " fi" >> /var/www/$cron_job
|
||||
echo "fi" >> /var/www/$cron_job
|
||||
echo "if [ \$device_mounted == 0 ]" >> /var/www/$cron_job
|
||||
echo "then" >> /var/www/$cron_job
|
||||
echo " echo \"device could not be mounted $backup_device_name. No backup written.\"" >> /var/www/$cron_job
|
||||
echo "fi" >> /var/www/$cron_job
|
||||
echo "#" >> /var/www/$cron_job
|
||||
echo "echo \"\$(date) - db size...\"" >> /var/www/$cron_job
|
||||
echo "du -h /var/lib/mysql/ | grep mysql/" >> /var/www/$cron_job
|
||||
echo "#" >> /var/www/$cron_job
|
||||
|
@ -678,7 +553,7 @@ function configure_cron_daily {
|
|||
echo "for f in *-daily.sh; do \"./\${f}\"; done" >> /var/www/$cron_job
|
||||
echo "echo \"\$(date) - updating linux...\"" >> /var/www/$cron_job
|
||||
echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$cron_job
|
||||
echo "echo \"\$(date) - Backup and update finished. Rebooting...\"" >> /var/www/$cron_job
|
||||
echo "echo \"\$(date) - Update finished. Rebooting...\"" >> /var/www/$cron_job
|
||||
echo "#" >> /var/www/$cron_job
|
||||
echo "shutdown -r now" >> /var/www/$cron_job
|
||||
|
||||
|
@ -727,7 +602,6 @@ selfhostdir=/etc/selfhost
|
|||
selfhostscript=selfhost-updater.sh
|
||||
cron_job="cron_job.sh"
|
||||
daily_update="${le_domain}-daily.sh"
|
||||
backup_mount_point="/media/repository_backup"
|
||||
|
||||
#set -x # activate debugging from here
|
||||
|
||||
|
@ -808,9 +682,6 @@ if [[ "$le_domain" =~ $domain_regex ]]
|
|||
then
|
||||
install_letsencrypt
|
||||
check_https
|
||||
|
||||
install_cryptosetup
|
||||
install_rsync
|
||||
else
|
||||
print_info "Local domain is used - skipped https configuration, and installation of cryptosetup"
|
||||
fi
|
||||
|
|
Loading…
Reference in a new issue