Setting-up backups for an IdeaLoom server¶
Scripts are included to use Borg Backup (en encrypting, deduplicating archiver)
These instructions are for Ubuntu Linux, but Borg is cross-platform
Installing Borg Backup¶
Installing an up to date Borg Backup (https://borgbackup.github.io/borgbackup/) Ubuntu:
sudo apt-get install python3-pip libacl1-dev liblz4-dev libssl-dev
sudo pip3 install --upgrade borgbackup
Using¶
The script is in doc/borg_backup_script/idealoom_borg_backup.sh
It assumes:
borgbackup is installed on both the IdeaLoom server and the backup server
The user running the script has access over ssh to the backup server with key authentication (no passphrase). Typically, this will be the
www-datauser.The user running the script has access over ssh to itself with key authentication (no passphrase).
The script takes two environment variables:
IDEALOOM_PATH: the path to the idealoom installation to backup
REPOSITORY: the address of the borg backup repository to backup to
Create a script such as: /home/backups/backup_all_idealoom.sh
- ::
#!/bin/bash
export PATH=$PATH:/usr/local/bin export IDEALOOM_PATH=/home/www/idealoom_discussions_conversence_com export REPOSITORY=www-data@coeus.ca:/media/backup/idealoom_backups_conversence_discussions.borg bash ${IDEALOOM_PATH}/doc/borg_backup_script/idealoom_borg_backup.sh > $IDEALOOM_PATH/var/log/idealoom_backup.log 2>&1
You can then automate with cron. For example:
sudo su - www-data
crontab -e
0 3 * * * /bin/bash /home/backups/backup_all_idealoom.sh
All backups are encrypted. Make SURE you backup the keys (normally in
~/.borg/keys/) somewhere safe, otherwise your backups will be
useless!
To secure the user, use an extemely restricted permission in ~/.ssh/authorized_keys
# Allow an SSH keypair to only run |project_name|, and only have access to /media/backup.
# This will help to secure an automated remote backup system.
$ cat ~/.ssh/authorized_keys
command="borg serve --restrict-to-path /media/backup" ssh-rsa AAAAB3[...]
Restoring¶
TODO