I have always been an advocate for using a control panel when dealing with multi site hosting. In my case I use VestaCP, which is a great, simple, free alternative to the big boys like Plesk and cPanel. The only issue though, is space for backups. On the server I normally have 3 to 5 days backed up, which is great, however if you find out your site had been hacked 7 days ago, all your backups on the server are tainted. This happened to me a few years back, and one of my sites was hacked for almost a month before I found out.
It was because of this I created a simply python script to make offsite backups. I am lucky enough to have myself a desktop NAS (Network Area Storage) in my home office with 10TB of space, more then enough for storing more than 3-5 days of backups. As I rely on this I figured maybe others could use this script as well.
Prerequisites not covered in this post:
- Dynamic DNS for home network access (will be covered in another post to come)
Preparing for backups:
Before we get to the script, you will need to make sure that your VestaCP server can authenticate with the remote backup server for passwordless authentications, after all this is an automated script, so you need to be able to transfer data without having to manually enter a password. To do this we need to generate an RSA key pair on the VestaCP server, AND transfer the public key to the offsite backup server.
To do this, as ROOT you can use the following command:
|
1 |
ssh-keygen -t rsa -b 4096 -C "VestaCP Backups" |
This will generate an RSA keypair with 4096 bit encryption and a comment relative to what the key is used for. At the prompts you will have some choices to make, including the name of key pair (if you do not have any others, you can use the default id_rsa), if you wish to have a password (select no, as you need this to be fully automated).
Now that we have our key generated, we need to get the public key onto the offsite backup server:
|
1 |
ssh-copy-id -i ~/.ssh/id_rsa user@host |
Note: although the on the server you need to run these commands as ROOT due to permissions on the backup folders and commands used in the next section, the user you upload this too does not need to be a root account. The user and host used in the above command will also be used in the following script as sshUser and sshHost
The Code:
Create a file called backup-to-nas.py in a folder like /opt/scripts
|
1 |
vi /opt/scripts/backup-to-nas.py |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
import os import datetime as dt ### Variables to edit sshUser = "someUser" sshHost = "your.offsite.host.com" sshPort = "22" sshDir = "backups" # located in /home/someUser/ ### Variables you do not edit now = dt.datetime.now() year = dt.date.today().year month = str(dt.date.today().month).zfill(2) day = str(dt.date.today().day).zfill(2) ago = now-dt.timedelta(hours=24) backup=[] today = dt.date.today() ### Get a list of files to backup. In this case, the last 24 hours for root, dirs,files in os.walk('/home/backup/'): for fname in files: path = os.path.join(root, fname) st = os.stat(path) mtime = dt.datetime.fromtimestamp(st.st_mtime) if mtime > ago: backup.append(fname) ### Create Directory cmd = "ssh {0}@{1} -p{2} 'mkdir -p /home/{0}/{3}/{4}/{5}/{6}'".format(sshUser, sshHost, sshPort, sshDir, year, month, day) os.system(cmd) ## Send it for backupFile in backup: cmd = "scp -P{2} /home/backup/{7} {0}@{1}:/home/{0}/{3}/{4}/{5}/{6}/{7}".format(sshUser, sshHost, sshPort, sshDir, year, month, day, backupFile) os.system(cmd) |
call it via the crontab (as root type “crontab -e“)
|
1 2 |
# backup of the server 0 6 * * * /usr/bin/python /opt/scripts/backup-to-nas.py |
Then every day at 6am, it will take all your site backups and move it to your offline backup server.