• Home
  • About Me
  • Contact Me
837 3750 ADS aix backup catalyst cisco cisco ios ftp hmc ibm ios juniper LDAP linux nas network nfs p-series password prestashop radius router sfu ssh steel belted tftp unix vpn windows
more tags
Home

Automatically Backing Up Remote Servers (e.g Web) with Qnap 109 NAS

Submitted by guvnor on Mon, 05/11/2009 - 18:50
  • backup
  • linux
  • nas
  • network attached storage
  • qnap
  • ssh

Introduction

If you run an important server such as web server you should of course take regular off site backups. Now everyone knows that backups are a total pain to do manually and more often than not get forgotten. However, using linux cron you can automate this task easily and be more confident of your ability to recover should anything go wrong with your server and you need to restore. If you have a decent connection speed at your home or office you can program a QNAP 109 NAS (network attached storage) to take care of this important task for you.

qnap 109 backup

Backing up like this has the following benefits

-It is off-site (assuming your qnap is at your home or office and the server you are backing up is in some data centre / ISP somewhere)

-It "pulls" the backups from the webserver. Keeping your qnap device behind a natted firewall means it is harder to be compromised as it will simply connect to the remote server then pull down a backup and then logoff. If you "pushed" the backup from the remote server to a remote host, most likley you would have to store some connection info and credentials on the remote server. This could be given away should your remote server be hacked. This means your server would be hacked and potentially your backups too. Nasty!

-Qnaps are very quiet and don't use much power. So rather than using a PC, that could technically do the job just as well, you can leave the qnap on 24/7 without it being too noisy or costly on electricity.

Install the QPKG
The QPKG is the qnap package manager that lets you expand your qnap's linux functions and software. We are going to need to replace the default Secure Shell that comes with the QNAP 109 with the OPENSSH package.
The following link describes this process:

http://wiki.qnap.com/wiki/Install_Optware_IPKG#Automatic_installation_via_QPKG

Replace the default qnap SSH
The following link describes this process. http://wiki.qnap.com/wiki/How_To_Replace_SSH_Daemon_With_OpenSSH

Prepare the Qnap and your remote server for Automated Backups

Create a user on your qnap an on your remote server
Choose a username and create that user on both your qnap and your remote server
in my example I am going to use the name "dave"

Login to the qnap as admin and run this command:

Add the user and set his home directory and password:

adduser -h /share/HDA_DATA/dave dave

Do the same with the remote server, in my example I am creating the users home directory on a remote redhat box under /home/dave

adduser -h /home/dave dave

Change the newly created users password
passwd dave

Create public/private key pair

Now let's create a public / private key pair to allow the qnap to log onto the remote redhat server without a password. This is perfect for automated (cron) backup scripts.

Logon to the Qnap as user dave (or your user) and type

ssh-keygen -t rsa

Which should return this:

Generating public/private rsa key pair.

And after a moment you will be asked where you wish to write your private key to

Enter file in which to save the key (/share/HDA_DATA/dave/.ssh/id_rsa):

You can except the default. Next will be the passphrase you wish to use with this key. For this example we want no passphrase.

Enter passphrase (empty for no passphrase):

Simply press enter or return. This will create a "phraseless" keypair.

This should complete and it will return the place where it has left your private and public keys.

Your identification has been saved in /share/HDA_DATA/dave/.ssh/id_rsa.
Your public key has been saved in /share/HDA_DATA/dave/.ssh/id_rsa.pub.

The private key (id_rsa) should always be kept safe - and as your qnap is hidden behind a natted firewall (it is I hope?) and that for securitys sake you don't allow any kind of remote access to the qnap from the internet you should be safeish.

Now we need to copy the public key up to the remote host under the "dave" user's we created earlier home directory. Normally something like this on a red hat box /home/dave/.ssh or for Solaris /export/home/daves.

This is done most simply by copying the file using scp.

Note! ensure there is a /home/dave/.ssh directory on the remote server first before trying the command. If there isn't just create one as normal (mkdir /home/dave/.ssh)

scp id_dsa.pub dave@www.myserver.com:/home/dave/.ssh/id_rsa.pub

Now that's copied login to the remote SSH server (in my example it is www.myserver.com)
and then append the id_rsa.pub file to the authorized_keys file.

cat /home/dave/.ssh/id_pub.pub >> authorized_keys

Don't forget to ensure the user dave .ssh directory and the authorised keys are set to permissions 700 on both the remote and local servers.

Now you can test it by running the following command from the QNAP

ssh dave@www.myserver.com

Now if it logs in without a password you have done it! If you are prompted for a password the best thing to do is double check that the permissions on the qnap and the remote servers .ssh directory and sub directories are set to 700.

Which looks like this:

drwx------ 2 dave dave 4096 May 14 18:14 .ssh


Example Backup Scripts

Now you can run backup scripts which can backup mysql databases and files as cron jobs. As the qnap can login remotely without and need for a passphrase to be entered cron jobs will succeed (they would fail if the cron scripts expected you to manually put in a password).

The following is an example script which you might want to run daily on your qnap that would backup a website directory. Naturally you need to alter some of the paths to suit your own environment.

#!/bin/sh
BACKUPDATE=`date +%Y-%m-%d`
#Optionally change mysitebackup to something which represents your server.
TARARCHIVE=mysitebackup.tar
#Optionally change the DATA to a path that represent your webserver (or any server you want to backup)
DATA=/var/www/html/mysiterootdir/

#==== Backup ====
# Create Tar. This will create a tar archive file which has the backupdate prefixed to the filename. This is the file you will securely copy off site to your Qnap.

ssh dave@www.myserver.com "tar -cvf $BACKUPDATE.$TARARCHIVE.tar $DATA"

#Zip Tar. Now you have tarred your files zip them up to speed up transfer and use less bandwidth.

ssh dave@www.myserver.com "gzip $BACKUPDATE.$TARARCHIVE.tar"

#Copy backup file to backup device

scp dave@www.myserver.com:/home/dave/$BACKUPDATE.$TARARCHIVE.tar.gz /share/HDA_DATA/dave/backups/files/

# Optionally send a SSH command to delete the backup tar from the remote server. (now you have it on your qnap you don't need it on your server taking up space)

ssh dave@www.myserver.com "rm -r -r /home/dave/$BACKUPDATE.$TARARCHIVE.tar.gz"

  • Add new comment

Copy public ssh key to targets authorized_keys

Submitted by Anonymous on Thu, 12/17/2009 - 03:55.

It's much easier to use ssh-copy-id than manually copy and merger the public key.

So first generate a ssh key for your local account, if you don't already done that.
ssh-keygen -t rsa

Then copy your public key to your target
ssh-copy-id dave@www.myserver.com

And now you are done!

  • reply

useful info

Submitted by guvnor on Thu, 12/31/2009 - 18:00.

I shall bear that little bit of info in mind - thank yuo for sharing!

  • reply

power

Submitted by Anonymous on Thu, 08/27/2009 - 17:14.

interesting article - how low is the power on a QNAP and are they really all that quiet?

-doug

  • reply

Pretty Quiet

Submitted by guvnor on Thu, 09/17/2009 - 09:13.

I have a qnap 109 and it is whisper quiet - as for the power consumption I would have to be honest and say i have not done any meaningful comparisons but i believe my model the 109 is 14 watts when busy but about 6 watts when idle.

  • reply
Tiaras Dog Harnesses