Changes

From SME Server
Jump to navigationJump to search
no edit summary
Line 42: Line 42:  
  -F Fill in form field
 
  -F Fill in form field
 
  <url>
 
  <url>
+
 
 +
'''While this process works and illustrates the principle it does raise some security concerns and can be improved. (see below)'''
 
}}
 
}}
 
   
 
   
===Automating backups with cURL and cron===
+
===Scripting cURL and Improving Security===
   −
Now that we can pull a backup from an SME Server without any user interaction and without adding any software to the standard SME Server installation we can now automate backups by pulling the backups to our backup machine.  
+
Now that we have show that we can pull a backup from an SME Server without any user interaction and without adding any software to the standard SME Server installation we can now wrap the whole process up in a simple script.
   −
Automating the backups is simply a matter of automating the above commands on a calendar.
+
As the machine I was using to do the backup on was also a Linux machine, I have used sh but if your machine is Windows you could do something similar in a .bat file.
 
  −
As the machine I was using to do the backup was also a Linux machine, the simple solution was to use cron.
      
{{Note box|All the following is done on the machine doing the backup NOT the SME Server you are backing up. No changes are ever made to the SME Server.}}
 
{{Note box|All the following is done on the machine doing the backup NOT the SME Server you are backing up. No changes are ever made to the SME Server.}}
   −
Create a simple cronjob to perform the backup using crontab -e. Here I have a user smebackup that has the following cron entry:
+
On my backup machine I have a user smebackup (any user can be used) and in its home folder I have a bin folder to contain the do_backups script. This script contains some simple enhancements to the above cURL commands:
  −
45 21 * * * umask 077 && /home/smebackup/bin/do_backups
  −
 
  −
This starts a backup at 21:45 every day. The umask prevents other users on the machine reading the backups and is optional.
  −
 
  −
In smebackups home folder I have a bin folder to contain the do_backups script that is a simple modification to the commands above.
      
  #!/bin/sh
 
  #!/bin/sh
 
   
 
   
  curl -s -k -b ~/.sme_cookies -c ~/.sme_cookies -F username=admin -F password=your_password \
+
  curl -s -k -b ~/.sme_cookies -c ~/.sme_cookies -F username=admin -F "password=<~/bin/sme_password" \
 
         <nowiki>https://snoopy/server-common/cgi-bin/login</nowiki> && \
 
         <nowiki>https://snoopy/server-common/cgi-bin/login</nowiki> && \
 
  curl -f -s -k -b ~/.sme_cookies -F function=desktop-backup -F state=perform \
 
  curl -f -s -k -b ~/.sme_cookies -F function=desktop-backup -F state=perform \
 
         <nowiki>https://snoopy/server-manager/cgi-bin/backup > /home/smebackup/sme-snoopy-`/bin/date +\%d`.tgz</nowiki>
 
         <nowiki>https://snoopy/server-manager/cgi-bin/backup > /home/smebackup/sme-snoopy-`/bin/date +\%d`.tgz</nowiki>
 +
 +
 +
In this script we have combined the two curl commands via an && that way the second command will only run if the first succeeds.
 +
 +
The use of date in the filename will append the day of the month to the filename this will mean that a new backup will be created for every day of the month and overwrite them next month, obviously if the next month has fewer days you may be left with a couple of backups from last month. This is for use in automated backups (see below) This process can be further enhanced or changed as required.
   −
In this script we have combined the two curl commands via an && that way the second command will only run if the first succeeds.
+
This script has also been enhanced to read the password from the file sme_password also located in the bin folder. You will need to create the sme_password file in the bin folder. It should simply contain one line that is the password of your SME Server you wish to backup
  −
The use of date in the filename will append the day of the month to the filename this will mean that a new backup will be created for every day of the month and overwrite them next month, obviously if the next month has fewer days you may be left with a couple of backups from last month. This process can be enhanced or changed as required.
      
{{Warning box|There are a couple of security consideration that you should consider when using curl.  
 
{{Warning box|There are a couple of security consideration that you should consider when using curl.  
   −
1. The cookie jar ~/.sme_cookies should not be made world readable otherwise others could use your downloaded cookies.  
+
1. Your basic cURL command first used will cause the password to appear momentarily in the ps listing this is avoided in the above script by placing the password in a file and using -F <nowiki>"password=<your_password_file" </nowiki>.<br>
 +
2. The cookie jar ~/.sme_cookies should not be made world readable otherwise others could use your downloaded cookies. Likewise the password file should also be protected!}}
 +
 
 +
===Automating backups with cron===
 +
 
 +
Automating the backups is now simply a matter of creating cronjob to perform the backup using crontab -e. Here my smebackup user's cron entry is:
 +
 +
45 21 * * * umask 077 && /home/smebackup/bin/do_backups
   −
2. Your SME Server username and password will appear in the ps listing momentarily this can be avoided by placing the password in a file and using -F <nowiki>password="<your_password_file" </nowiki>if required.}}
+
This starts a backup at 21:45 every day. The umask prevents other users on the machine reading the backups.
    
===Other Extensions===
 
===Other Extensions===
35

edits

Navigation menu