[FAQ] How to automatically backing up remote servers to QNAP

Locked
User avatar
QNAPJason
QNAP Staff
Posts: 5389
Joined: Thu May 21, 2009 2:14 pm
Location: Taipei

[FAQ] How to automatically backing up remote servers to QNAP

Post by QNAPJason » Wed Jul 08, 2009 11:01 am

Thanks to the author from this article: http://www.davidstclair.co.uk/Automatically-Backing-Up-Remote-Servers-with-qnap-109

If you run an important server such as web server you should of course take regular off site backups. Now everyone knows that backups are a total pain to do manually and more often than not get forgotten. However, using linux cron you can automate this task easily and be more confident of your ability to recover should anything go wrong with your server and you need to restore. If you have a decent connection speed at your home or office you can program a QNAP 109 NAS to take care of this important task for you.

qnap 109 backup
Backing up like this has the following benefits

-It is off-site (assuming your qnap is at your home or office and the server you are backing up is in some data centre / ISP somewhere)

-It pulls the backups from the webserver. Keeping your qnap device behind a natted firewall means it is harder to be compromised as it will simply connect to the remote server then pull down a backup and then logoff. If you pushed the backup from the remote server to a remote host most likley you would have to store some connection info and credentials on the remote server which could be given away should your remote server be hacked. This means your server would be hacked and potentially your backups too. Nasty!

-Qnaps are very quiet and don't use much power. So rather than using a PC that could technically do the job just as well you can leave the qnap on 24/7 without it being too noisy or costly on electricity.

Install the QPKG
The QPKG is the qnap package manager that lets you expand your qnap's linux functions and software. We are going to need to replace the default Secure Shell that comes with the QNAP 109 with the OPENSSH package.
The following link describes this process:

http://wiki.qnap.com/wiki/Install_Optwa ... n_via_QPKG

Replace the default qnap SSH
The following link describes this process. http://wiki.qnap.com/wiki/How_To_Replac ... th_OpenSSH
Prepare the Qnap and your remote server for Automated Backups

Create a user on your qnap an on your remote server
Choose a username and create that user on both your qnap and your remote server
in my example I am going to use the name "dave"

Login to the qnap as admin and run this command:

Add the user and set his home directory an password:
adduser -h /share/HDA_DATA/dave dave

Do the same with the remote server, in my example I am creating the users home directory on a remote redhat box under /home/dave
adduser -h /home/dave dave

Change the newly created users password
passwd dave

Create public/private key pair

Now lets create a public / private key pair to allow the qnap to log onto the remote redhat server without a password. This is perfect for automated backup scripts.

Logon to the Qnap as user dave (or your user) and type
ssh-keygen -t rsa

Which should return this:
Generating public/private rsa key pair.

And after a moment you will be aske where you wish to write your private key to

Enter file in which to save the key (/share/HDA_DATA/dave/.ssh/id_rsa):

You can except this. Next will be the passphrase you wish to use with this key

Enter passphrase (empty for no passphrase):

Simply press enter or return. This will create a phraseless keypair.

This should complete and it will return the place where it has left your private and public keys.
Your identification has been saved in /share/HDA_DATA/dave/.ssh/id_rsa.
Your public key has been saved in /share/HDA_DATA/dave/.ssh/id_rsa.pub.

The private key (id_rsa) should always be kept safe - and as your qnap is hidden behind a natted firewall (it is I hope?) that you don't allow any kind of remote access to you should be safeish.
Now we need to copy the public key up to the remote host under the "dave" users we created earlier home directory normally something like this on a red hat box /home/dave/.ssh or for solaris /export/home/daves.

This is done simply by copying the file using scp.

Note ensure there is a /home/dave/.ssh directory on the remote server first before trying the command. If there isn't just create one as normal (mkdir /home/dave/.ssh)

scp id_dsa.pub dave@www.myserver.com:/home/dave/.ssh/id_rsa.pub

Now that's copied login to the remote SSH server (in my example it is http://www.myserver.com)
and then appending the id_rsa.pub file to the authorized_keys file.

cat /home/dave/.ssh/id_pub.pub >> authorized_keys

Don't forget to ensure the user dave .ssh directory and the authorised keys are set to permissions 700 on both the remote and local servers.

Now you can test it by running the following command from the QNAP
ssh dave@www.myserver.com

If it logs in without a password you have done it! If you are prompted for a password the best thing to do is double check that the permissions on the qnap and the remote servers .ssh directory and below is set to 700.

Which looks like this:

drwx------ 2 dave dave 4096 May 14 18:14 .ssh


Example Backup Scripts

Now you can run backup which can backup mysql databases and files.

The following is an example script which you might want to run daily woulld backup a website directory. Naturally you need to alter some of the paths to suit your own environment.

#!/bin/sh
BACKUPDATE=`date +%Y-%m-%d`
#Optionally change mysitebackup to something.
TARARCHIVE=mysitebackup
DATA=/var/www/html/mysiterootdir/

#==== Backup ====
# Create Tar
ssh dave@www.myserver.com "tar -cvf $BACKUPDATE.$TARARCHIVE.tar $DATA"

#Zip Tar

ssh dave@www.myserver.com "gzip $BACKUPDATE.$TARARCHIVE.tar"

#Copy backup file to backup device

scp dave@www.myserver.com:/home/dave/$BACKUPDATE.$TARARCHIVE.tar.gz /share/HDA_DATA/dave/backups/files/

ssh dave@www.myserver.com "rm -r -r /home/dave/$BACKUPDATE.$TARARCHIVE.tar.gz"

Locked

Return to “Frequently Asked Questions”