Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision | ||
encrypted_backups_to_the_cloud [13.08.2017 13:17] – [The solution I am aiming for] Pascal Suter | encrypted_backups_to_the_cloud [15.08.2017 08:06] – [the script] Pascal Suter | ||
---|---|---|---|
Line 60: | Line 60: | ||
gocryptfs --version | gocryptfs --version | ||
==== setup the mount points ==== | ==== setup the mount points ==== | ||
+ | ''/ | ||
+ | mkdir -p / | ||
+ | now we can initialize ''/ | ||
+ | gocryptfs --init --reverse / | ||
+ | enter your desired password when prompted. | ||
+ | now mount the crypted directory: | ||
+ | gocryptfs --reverse / | ||
+ | you will be prompted for your password and it will show you your master key.. NOTE THAT KEY! it will be your only way to access your offsite Backup once your main server is gone! make sure you safe it somewhere where you still have access even when you lost all your data you are backing up here ;) | ||
+ | |||
+ | ==== the script ==== | ||
+ | now this is the script that i will run daily in a cron job. the script assumes that the gfscrypt directory will always be left mounted. this way there is no need to safe the password on the server, instead you will need to manually mount gocryptfs after a reboot of the server. if you forget that, the backup script will inform you by mail the next time it runs that it could not do the backup because the mount was not there. | ||
+ | |||
+ | in case you want to mount the gocryptfs mount automatically and unmount it after each backup you can do that by using the '' | ||
+ | |||
+ | <code bash offsiteBackup.sh> | ||
+ | # | ||
+ | |||
+ | # (c) 2017 Pascal Suter, Version 0.10 Beta | ||
+ | # this script creates an enecrypted offsite backup of a locally kept backup. | ||
+ | # ideally suited to work with rubi (http:// | ||
+ | # for a full description and setup instructions read | ||
+ | # http:// | ||
+ | # uses gocryptfs (https:// | ||
+ | # you may use, modify and re-distribute this script AT YOUR OWN RISK free of charge. | ||
+ | |||
+ | CRYPTED="/ | ||
+ | TARGET="/ | ||
+ | LATEST=$(cat / | ||
+ | PLAINDIR="/ | ||
+ | PLAINMOUNT=" | ||
+ | RECIPIENTS=" | ||
+ | LOCKFILE="/ | ||
+ | RSYNCOPTS="" | ||
+ | # | ||
+ | |||
+ | function fail { | ||
+ | echo " | ||
+ | exit 1 | ||
+ | } | ||
+ | |||
+ | function success { | ||
+ | ( echo "the offsite backup was successfully updated to backup version $LATEST" | ||
+ | echo "here are the last lines of the rsync process:" | ||
+ | tail -n 3 / | ||
+ | umount $PLAINMOUNT 2>/ | ||
+ | exit 0 | ||
+ | } | ||
+ | |||
+ | me=`basename " | ||
+ | |||
+ | # get a lock and run me embedded | ||
+ | if [ " | ||
+ | echo " | ||
+ | flock -E 66 -n ${LOCKFILE} $0 --embedded | tee / | ||
+ | state=$? | ||
+ | if [ $state -eq 66 ]; then | ||
+ | fail "there was another offsiteBackup process still running, so we skipped this round" | ||
+ | fi | ||
+ | exit $state | ||
+ | fi | ||
+ | |||
+ | # make sure our crypted directory is mounted | ||
+ | grep " | ||
+ | if [ $? -gt 0 ]; then | ||
+ | fail " | ||
+ | fi | ||
+ | |||
+ | # unmount any previous bind mounts to $PLAINMOUNT and check it is no longer mounted | ||
+ | umount $PLAINMOUNT 2>/ | ||
+ | grep " | ||
+ | if [ $? -eq 0 ]; then | ||
+ | fail "There seems to be a stale mount on $PLAINMOUNT, | ||
+ | fi | ||
+ | |||
+ | # mount the latest backup: | ||
+ | mount -B " | ||
+ | if [ $? -gt 0 ]; then | ||
+ | fail "there was a problem mounting the latest backup from $LATEST to $PLAIMOUNT" | ||
+ | fi | ||
+ | |||
+ | # rsync to offsite location | ||
+ | rsync -AaHvXx --delete $RSYNCOPTS " | ||
+ | res=$? | ||
+ | if [ $res -gt 0 ]; then | ||
+ | if [ $res -eq 24 ]; then | ||
+ | #some files vanished during the backup, that's not a failure of the backup, so send the success message | ||
+ | success | ||
+ | else | ||
+ | fail "there was a problem with the offsite backup, check / | ||
+ | fi | ||
+ | else | ||
+ | success | ||
+ | fi | ||
+ | </ | ||
+ | === Known Issues === | ||
+ | For some reason gocryptfs seems to generate some files like '' | ||
+ | |||
+ | ===== Restoring Files ===== | ||
+ | to restore files you could use '' | ||
+ | sshfs user@remote.server:/ | ||
+ | and now use gocryptfs to uncrypt the contents and restore some files: | ||
+ | gocryptfs / | ||
+ | now you should see all your files in / | ||
+ | |||
+ | unmount both mounts once you are done. |