Posts Tagged ssl

Linux Backups for Servers and Desktops

Posted by on Thursday, 18 June, 2009

Everyone wants to back up right? Well you will once you have totally lost the last years worth of work on a website and somebody breaks things severely!

Heres a quick and nasty backup HOWTO.

Database Dumps

mysqldump -u root -p mydatabase > mydatabase.sql

This dumps a database into a file, you can modify this to dump it offsite using ssh with this command.

su postgres -c "pg_dumpall" > pgdatabase.psql

If you use postgres you can change this to something like this

mysqldump -u root -p mydatabase > mydatabase.sql | ssh username@backup.comain.com “dd of=mydatabase.sql”

If you want to dump the entire database you can use

mysqldump -A -u root -p >entiredatabase.sql

This may take some time. To put this in a shell script and dump multiple copies and keep track of things you can use something similar to this

date=`date +%m-%h-%Y`

mysqldump -A -u root -p >${date}-fulldatabase.sql

This will expand to dump it into something like

06-Jun-2009-fulldatabase.sql

File Backup

FTP

To run a regular interactive FTP session:

lftp -u 'username,password' backup.yourdomain.com

To backup one or more files:

lftp -u 'username,password' backup.yourdomain.com -e "set ftp:ssl-protect-data true; mput /local/dir/files* /remotedir; exit"

You need to set ftp:ssl-protect-data else you will not be able to store the file. If you want to make this a default option, add it to the lftp.conf file. e.g. :

grep -qai "set ftp:ssl-protect-data true" /etc/lftp.conf || echo "set ftp:ssl-protect-data true" >> /etc/lftp.conf

To restore a file from the FTP server to your Machine:

lftp -u 'username,password' backup.yourdomain.com -e "set ftp:ssl-protect-data true;mget /remotedir/files* -O /localdir; exit" .

The -O option is not required it you wish to store to the current local directory.

To mirror a whole directory to the FTP server:

lftp -u 'username,password' backup.yourdomain.com -e "set ftp:ssl-protect-data true;mirror --reverse /local/dir/name remotedirname; exit" .

--reverse means that the ‘mirroring’ is going in the reverse direction than ‘normal’. i.e. from your server to the backup server. If you run man lftp there are a few other options to choose from. e.g. --delete to delete files on the backup server that do not exist locally. Or --continue to continue a mirror job. Or --exclude files to exclude certain files from the transfer.

To restore a whole directory from the FTP server to your machine:

lftp -u 'username,password' backup.yourdomain.com -e "set ftp:ssl-protect-data true;mirror remotedirname /local/dir/name;exit"

To create a nightly cronjob that uploads a directory to the backup FTP server, create a /etc/crond.daily/ftpbackup file like this:


#!/bin/bash
lftp -u 'username,password' backup.yourdomain.com -e "set ftp:ssl-protect-data true;mirror --reverse /local/dir/name remotedirname;exit" > /dev/null

Run

chmod +x /etc/cron.daily/ftpbackup .

Then check the files have been mirrored as you expect the next day.

Rsync

Rsync is a better option in some ways as it checks the MD5 of files and updates them if they are out of date, rather than re-copying the entire lot. Short but easy shell script to copy things over

#!/bin/bash
EXCLUDE=” –exclude *.tmp \
–exclude *.temp”
USER=username
HOST=backup.domain.com
BACKUPPATH=/backups

rsync –archive -vv –rsh=ssh $EXCLUDE $USER@$HOST:/etc/ $BACKUPPATH/$HOST/etc

Rdiff-backup

This is better again than rsync as it does versioning control and only backs up the difference in files.

To backup files

rdiff-backup /some/local-dir hostname.net::/whatever/remote-dir

To restore

rdiff-backup --restore-as-of now host.net::/remote-dir/file local-dir/file
rdiff-backup -r now host.net::/remote-dir/file local-dir/file

The -r command is the same as –restore-as-of

The main advantage of rdiff-backup is that it keeps version history. This command restores host.net::/remote-dir/file as it was 10 days ago into a new location /tmp/file .

rdiff-backup -r 10D host.net::/remote-dir/file /tmp/file

Other acceptable time strings include 5m4s (5 minutes and 4 seconds) and 2002-03-05 (March 5th, 2002). For more information, see the TIME FORMATS section of the manual page.

More examples can be found at http://www.nongnu.org/rdiff-backup/examples.html

This tutorial was compiled from several others, and props go out to http://rimuhosting.com and http://www.howtoforge.com


How to create an SSL certificate for Apache

Posted by on Tuesday, 7 April, 2009

Ok heres a script which takes you through the annoying part

#!/bin/sh
SERVER=zeald.com
PRIVATE_KEY=$SERVER.private.key
CERTIFICATE_FILE=$SERVER.crt
SIGNING_REQUEST=$SERVER.signing.request
VALID_DAYS=365
echo Delete old private key
rm $PRIVATE_KEY
echo Create new private/public-keys without passphrase for server
openssl genrsa -out $PRIVATE_KEY 1024
echo Create file for signing request
rm $SIGNING_REQUEST
openssl req -new -days $VALID_DAYS -key $PRIVATE_KEY -out $SIGNING_REQUEST
echo Filename for signing request is: $SIGNING_REQUEST
echo Send the content of the file to the certification authority.
echo For example: Christian Heutger [c.heutger@psw.biz]
echo from http://www.ssl-certs.de
cat $SIGNING_REQUEST
echo You can check this request at
echo https://secure.comodo.net/utilities/decodeCSR.html

now chmod +x create_signing_request.sh

then ./create_signing_request.sh
it will go through asking you information about your company etc. You may need to do this several times to figure out what goes where. Then go to your SSL certificate provider, and use the CSR to request the ssl certificate. It may take an hour or two or even up too a couple days to get your SSL certificate.
Once you have it you need to add into your apache config a couple of lines similar to this

SSLCertificateFile /etc/apache/ssl.crt/yourdomain.crt
SSLCertificateKeyFile /etc/apache/ssl.key/yourdomain.key

Last-Modified: 2008-06-10 13:57:40