Backup SME Server Remotely Using cURL

From SME Server
Jump to navigation Jump to search

Introduction

This HowTo describes a simple way to backup your SME Server remotely using cURL and requires no changes to your SME Server. Further, cURL requires no user interaction and can be scripted or automated using cron to perform regular backups.

Pre-Requisites

There are two simple pre-requisites.

1) The machine performing the backup must have web access to the server-manager of the SME Server being backed up. That is, you must be able to get to the manual web backup page from a web browser on the machine that will do the backup.
2) The machine that will perform the backup must have a copy of curl installed on it.

The Basics

The basic concept is very simple. We will use the curl command to imitatate the manual desktop backup procedure. During a manual desktop backup you do two things:

1) Log on to the Server Manager.
2) Perform a "Backup to Desktop" from the Backup and restore page.

These two actions map to the following cURL commands:


curl -s -k -b ~/.sme_cookies -c ~/.sme_cookies -F username=admin -F password=your_password \
        https://your_sme_server/server-common/cgi-bin/login

curl -f -s -k -b ~/.sme_cookies -F function=desktop-backup -F state=perform \
        https://your_sme_server/server-manager/cgi-bin/backup > backupfile.tar.gz

Where:
    Each curl commands should be on one line and the \ removed
    your_password     is replaced by your password
    your_sme_server   is replaced with the name or IP number of the SME Server you wish to backup
    backupfile.tar.gz is the name you want to save the backup as


  Note:
Full information on cURL can be found in the cURL manual
The Options I used are:
-f Fail silently
-s Silent, I.E. don't show a progress meter
-k Don't insist on SSL certs signed by trusted CA's (most SME Servers use self signed certificates)
-b <cookies> Send cookies to server
-c <cookies> Save cookies here, this is where it stashes your login credentials between step 1) and 2)
-F Fill in form field
<url>

While this process works and illustrates the principle it does raise some security concerns and can be improved. (see below)


Scripting cURL and Improving Security

Now that we have show that we can pull a backup from an SME Server without any user interaction and without adding any software to the standard SME Server installation we can now wrap the whole process up in a simple script.

As the machine I was using to do the backup on was also a Linux machine, I have used sh but if your machine is Windows you could do something similar in a .bat file.


  Note:
All the following is done on the machine doing the backup NOT the SME Server you are backing up. No changes are ever made to the SME Server.


On my backup machine I have a user smebackup (any user can be used) and in its home folder I have a bin folder to contain the do_backups script. This script contains some simple enhancements to the above cURL commands:

#!/bin/sh

curl -s -k -b ~/.sme_cookies -c ~/.sme_cookies -F username=admin -F "password=<~/bin/sme_password" \
        https://snoopy/server-common/cgi-bin/login && \
curl -f -s -k -b ~/.sme_cookies -F function=desktop-backup -F state=perform \
        https://snoopy/server-manager/cgi-bin/backup > /home/smebackup/sme-snoopy-`/bin/date +\%d`.tgz


In this script we have combined the two curl commands via an && that way the second command will only run if the first succeeds.

The use of date in the filename will append the day of the month to the filename this will mean that a new backup will be created for every day of the month and overwrite them next month, obviously if the next month has fewer days you may be left with a couple of backups from last month. This is for use in automated backups (see below) This process can be further enhanced or changed as required.

This script has also been enhanced to read the password from the file sme_password also located in the bin folder. You will need to create the sme_password file in the bin folder. It should simply contain one line that is the password of your SME Server you wish to backup


  Warning:
There are a couple of security consideration that you should consider when using curl.

1. Your basic cURL command first used will cause the password to appear momentarily in the ps listing this is avoided in the above script by placing the password in a file and using -F "password=<your_password_file" .
2. The cookie jar ~/.sme_cookies should not be made world readable otherwise others could use your downloaded cookies. Likewise the password file should also be protected!


Automating backups with cron

Automating the backups is now simply a matter of creating cronjob to perform the backup using crontab -e. My smebackup user's cron entry is:

45 21 * * * umask 077 && /home/smebackup/bin/do_backups

This starts a backup at 21:45 every day. The umask prevents other users on the machine reading the backups.

Other Extensions

In my case several of the machines I backup are behind firewalls and can not be accessed via ssh or alternative methods. This however is not a problem for cURL if the firewalls allow http/https traffic even if a proxy needs to be used.

To use a proxy with cURL you can simply add:

-x your_proxy_server:your_proxy_port