Changes

Jump to navigation Jump to search

Backup SME Server Remotely Using cURL (view source)

Revision as of 18:43, 11 June 2017

836 bytes added ,  18:43, 11 June 2017
→‎Scripting cURL and Improving Security
Line 1: Line 1:  
===Introduction===
 
===Introduction===
   −
This HowTo describes a simple way to backup your SME Server remotely using cURL and requires no changes to your SME Server. Further, cURL requires no user interaction and can be scripted or automated using cron to perform regular backups.
+
This HowTo describes a simple way to backup your SME Server remotely using cURL and requires no changes to your SME Server. Further, cURL requires no user interaction and can be scripted or automated using cron to perform regular backups. If the file system the backup is sent to is large file enabled (not DOS) this is also a fairly reliable way to get a desktop style backup > 4GB.
 +
 
 +
The following is updated, tested and confirmed for SME Server 9
 +
 
 +
'''With an updated to SME Server 9.1 circa Q1 2017 it became necessary to add a -F back= argument to the login curl the below has been updated to reflect this.'''
    
===Pre-Requisites===
 
===Pre-Requisites===
Line 7: Line 11:  
There are two simple pre-requisites.
 
There are two simple pre-requisites.
   −
1) The machine performing the backup must have web access to the server-manager of the SME Server being backed up. That is, you must be able to get to the manual web backup page from a web browser on the machine that will do the backup.<br>
+
# The machine performing the backup must have web access to the server-manager of the SME Server being backed up. That is, you must be able to get to the manual web backup page from a web browser on the machine that will do the backup.<br>
2) The machine that will perform the backup must have a copy of curl installed on it.
+
# The machine that will perform the backup must have a copy of curl installed on it.
    
===The Basics===
 
===The Basics===
Line 14: Line 18:  
The basic concept is very simple. We will use the curl command to imitate the manual desktop backup procedure. During a manual desktop backup you do two things:
 
The basic concept is very simple. We will use the curl command to imitate the manual desktop backup procedure. During a manual desktop backup you do two things:
   −
1) Log on to the Server Manager. <br>
+
# Log on to the Server Manager. <br>
2) Perform a "Backup to Desktop" from the Backup and restore page.
+
# Perform a "Backup to Desktop" from the Backup and restore page.
    
These two actions map to the following cURL commands:
 
These two actions map to the following cURL commands:
   
   
 
   
  curl -s -k -b ~/.sme_cookies -c ~/.sme_cookies -F "username=admin" -F "password=your_password" \
+
  curl -s -k -b ~/.sme_cookies -c ~/.sme_cookies -F username='admin' -F password='your_password' -F <nowiki>back='https://your_sme_server/'</nowiki> \
 
         <nowiki>https://your_sme_server/server-common/cgi-bin/login</nowiki>
 
         <nowiki>https://your_sme_server/server-common/cgi-bin/login</nowiki>
 
   
 
   
  curl -f -s -k -b ~/.sme_cookies -F function=desktop-backup -F state=perform \
+
  curl -f -s -k -b ~/.sme_cookies -H 'Expect:' -F function=desktop-backup -F state=perform \
         <nowiki>https://your_sme_server/server-manager/cgi-bin/backup > backupfile.tar.gz</nowiki>
+
         <nowiki>https://your_sme_server/server-manager/cgi-bin/backup > backupfile.tar.gz</nowiki>  
+
Where:
Where:
+
* Each curl commands should be on one line and the \ removed
    Each curl commands should be on one line and the \ removed
+
* your_password    is replaced by your password
    your_password    is replaced by your password
+
* your_sme_server  is replaced with the name or IP number of the SME Server you wish to backup
    your_sme_server  is replaced with the name or IP number of the SME Server you wish to backup
+
* backupfile.tar.gz is the name you want to save the backup as
    backupfile.tar.gz is the name you want to save the backup as
      
{{Warning box|If you are sharing the machine doing the backup with others using <nowiki> -F "password=your_password"</nowiki> is not secure. Any user can see your password with ps if they can catch it while the command is running!
 
{{Warning box|If you are sharing the machine doing the backup with others using <nowiki> -F "password=your_password"</nowiki> is not secure. Any user can see your password with ps if they can catch it while the command is running!
Line 38: Line 40:  
  Then you can replace <nowiki>"password=your_password" in the above with "password=<~/sme_password"</nowiki>
 
  Then you can replace <nowiki>"password=your_password" in the above with "password=<~/sme_password"</nowiki>
 
}}
 
}}
   
{{Note box|Full information on cURL can be found in the [http://curl.haxx.se/docs/manpage.html cURL manual]
 
{{Note box|Full information on cURL can be found in the [http://curl.haxx.se/docs/manpage.html cURL manual]
   −
 
+
The options I used are:
The Options I used are:
+
* -f Fail silently
-f Fail silently
+
* -s Silent, I.E. don't show a progress meter
-s Silent, I.E. don't show a progress meter
+
* -k Don't insist on SSL certs signed by trusted CA's (most SME Servers use self signed certificates)
-k Don't insist on SSL certs signed by trusted CA's (most SME Servers use self signed certificates)
+
* -b <cookies> Send cookies to server
-b <cookies> Send cookies to server
+
* -c <cookies> Save cookies here, this is where it stashes your login credentials between step 1) and 2)
-c <cookies> Save cookies here, this is where it stashes your login credentials between step 1) and 2)
+
* -H Used to set the HTML Expect: header to blank (was not required prior to SME Server 9)
-F Fill in form field
+
* -F Fill in form field
<url>
+
* <url>
    
'''While this process works and illustrates the principle it does raise some security concerns and can be improved. (see below)'''
 
'''While this process works and illustrates the principle it does raise some security concerns and can be improved. (see below)'''
Line 66: Line 67:  
  #!/bin/sh
 
  #!/bin/sh
 
   
 
   
  curl -s -k -b ~/.sme_cookies -c ~/.sme_cookies -F username=admin -F "password=<~/sme_password" \
+
  curl -s -k -b ~/.sme_cookies -c ~/.sme_cookies -F username=admin -F "password=<~/sme_password" -F <nowiki>back='https://snoopy/'</nowiki> \
 
         <nowiki>https://snoopy/server-common/cgi-bin/login</nowiki> && \
 
         <nowiki>https://snoopy/server-common/cgi-bin/login</nowiki> && \
  curl -f -s -k -b ~/.sme_cookies -F function=desktop-backup -F state=perform \
+
  curl -f -s -k -b ~/.sme_cookies -H 'Expect:' -F function=desktop-backup -F state=perform \
 
         <nowiki>https://snoopy/server-manager/cgi-bin/backup > /home/smebackup/sme-snoopy-`/bin/date +\%d`.tgz</nowiki>
 
         <nowiki>https://snoopy/server-manager/cgi-bin/backup > /home/smebackup/sme-snoopy-`/bin/date +\%d`.tgz</nowiki>
  −
   
In this script we have combined the two curl commands via an && so that the second command will only run if the first command succeeds.
 
In this script we have combined the two curl commands via an && so that the second command will only run if the first command succeeds.
   Line 80: Line 79:  
{{Warning box|There are a couple of security considerations that you should consider when using curl.  
 
{{Warning box|There are a couple of security considerations that you should consider when using curl.  
   −
1. Your basic cURL command first used will cause the password to appear momentarily in the ps listing. As described above, this is best avoided by placing the password in a file and using -F <nowiki>"password=<your_password_file" </nowiki>.<br>
+
# Using <nowiki>"password=your_password"</nowiki> in cURL will cause the password to appear momentarily in the ps listing. As described above, this is best avoided by placing the password in a file and using -F <nowiki>"password=<your_password_file" </nowiki>.<br>
2. The cookie jar ~/.sme_cookies should not be made world readable otherwise others could use your downloaded cookies. Likewise the password file should also be protected!}}
+
# The cookie jar ~/.sme_cookies should not be made world readable otherwise others could use your downloaded cookies. Likewise the password file should also be protected!}}
    
===Automating backups with cron===
 
===Automating backups with cron===
Line 102: Line 101:  
  -x your_proxy_server:your_proxy_port
 
  -x your_proxy_server:your_proxy_port
   −
For Example:
+
For Example:
+
  curl -s -k -x stargate:3128 -b ~/.sme_cookies -c ~/.sme_cookies -F username=admin \
  curl -s -k -b -x stargate:3162 ~/.sme_cookies -c ~/.sme_cookies -F username=admin -F "password=<~/sme_password" \
+
        -F "password=<~/sme_password" <nowiki>-F back='https://snoopy/' https://snoopy/server-common/cgi-bin/login</nowiki> && \
         <nowiki>https://snoopy/server-common/cgi-bin/login</nowiki>
+
curl -f -s -k -x stargate:3128 -b ~/.sme_cookies -F function=desktop-backup -H "Expect:" -F state=perform \
 
+
         <nowiki>https://snoopy/server-manager/cgi-bin/backup > /home/smebackup/sme-snoopy-`/bin/date +\%d`.tgz</nowiki>
    
----
 
----
[[Category:Howto]] [[Category:Administration]]
+
[[Category:Howto]] [[Category:Backup]]
Dhalliday
35

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/12720...33525"

Navigation menu