Koozali.org: home of the SME Server

Secure SME backup to a NFS/SSH-accessible NAS

Offline Michail Pappas

  • *
  • 339
  • +1/-0
Secure SME backup to a NFS/SSH-accessible NAS
« on: April 25, 2019, 08:12:36 AM »
I've got a WD Mycloud EX4100 NAS, which provides some "plain" (ie no kerb5 encryption) NFS. It also provides SSH access and has rsync installed. This NAS is not on my location, so my problem is to avoid eavesdropping when backing up my SME box?

AFAIK, the built-in backup functionality does not provide any way to encrypt the files. If it did, I would backup via NFS.

Any idea on what could be used here? Something that could utilise SSH (and rsync perhaps) for the transfer?

EDIT: I've seen something mentioning a SSHFS. From what I've read, it requires nothing apart some changes on the SME box (wiki at https://wiki.contribs.org/FUSE_-_Filesystem_in_Userspace but not sure if it is current).
« Last Edit: April 25, 2019, 09:00:09 AM by Michail Pappas »

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: Secure SME backup to a NFS/SSH-accessible NAS
« Reply #1 on: April 25, 2019, 12:05:39 PM »
You can use Affa to manage a backup system using rsync and ssh.

If Affa looks like overkill, or the remote NAS does not support hardlinks, or if you want to roll your own, you can get a list of the files and folders that SME includes by default when it does a restore:
Code: [Select]
perl -e 'use esmith::Backup;$b=new esmith::Backup;print join("\n",$b->restore_list)."\n"'
If you need the data to be encrypted at rest on the remote NAS you may want to create encrypted backup files locally then send those to the remote NAS.


Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: Secure SME backup to a NFS/SSH-accessible NAS
« Reply #2 on: April 25, 2019, 12:28:08 PM »
I forgot to mention - if you roll your own you should:

* run signal-event pre-backup before doing the backup to generate mysqldump backups of your databases in /home/e-smith/db
(Affa will do this if you have 'SMEServer=yes' in your job config)

* include /opt if you have installed any contrib that uses it (PHP or Mysql software collections, for example)
(Affa will do this if you have 'Include=/opt' in your job config)

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Secure SME backup to a NFS/SSH-accessible NAS
« Reply #3 on: April 25, 2019, 05:54:58 PM »
I'd agree that unless you seriously want to reinvent the wheel or have some specific reasons why you can't use it, then Affa is one of the neatest bits of code at contribs.

It hides its light under a bushel :-)

Worth spending a bit of time testing it.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Michail Pappas

  • *
  • 339
  • +1/-0
Re: Secure SME backup to a NFS/SSH-accessible NAS
« Reply #4 on: April 25, 2019, 06:20:44 PM »
No contribs apart from some let's encrypt hacks. So Affa it will be then, thanks!

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Secure SME backup to a NFS/SSH-accessible NAS
« Reply #5 on: April 25, 2019, 06:31:40 PM »
No contribs apart from some let's encrypt hacks. So Affa it will be then, thanks!

Good decision IMHO :-)

Shout if you get stuck....
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline brianr

  • *
  • 988
  • +2/-0
Re: Secure SME backup to a NFS/SSH-accessible NAS
« Reply #6 on: April 29, 2019, 11:20:43 AM »
The other option might well be rclone:

https://wiki.contribs.org/Rclone

Brian j Read
(retired, for a second time, still got 2 installations though)
The instrument I am playing is my favourite Melodeon.
.........