Automatically Backing Up Remote Servers (e.g Web) with Qnap 109 NAS

Introduction

If you run an important server such as web server you should of course take regular off site backups. Now everyone knows that backups are a total pain to do manually and more often than not get forgotten. However, using linux cron you can automate this task easily and be more confident of your ability to recover should anything go wrong with your server and you need to restore. If you have a decent connection speed at your home or office you can program a QNAP 109 NAS (network attached storage) to take care of this important task for you.

Backing up like this has the following benefits

-It is off-site (assuming your qnap is at your home or office and the server you are backing up is in some data centre / ISP somewhere) -It "pulls" the backups from the webserver. Keeping your qnap device behind a natted firewall means it is harder to be compromised as it will simply connect to the remote server then pull down a backup and then logoff. If you "pushed" the backup from the remote server to a remote host, most likely you would have to store some connection info and credentials on the remote server. This could be given away should your remote server be hacked. This means your server would be hacked and potentially your backups too. Nasty! -Qnaps are very quiet and don't use much power. So rather than using a PC, that could technically do the job just as well, you can leave the qnap on 24/7 without it being too noisy or costly on electricity.

Install the QPKG

The QPKG is the qnap package manager that lets you expand your qnap's linux functions and software. We are going to need to replace the default Secure Shell that comes with the QNAP 109 with the OPENSSH package. The following link describes this process: http://wiki.qnap.com/wiki/Install_Optware_IPKG#Automatic_installation_via_QPKG Replace the default qnap SSH The following link describes this process. http://wiki.qnap.com/wiki/How_To_Replace_SSH_Daemon_With_OpenSSH

Prepare the Qnap and your remote server for Automated Backups

Create a user on your qnap an on your remote server Choose a username and create that user on both your qnap and your remote server in my example I am going to use the name "dave" Login to the qnap as admin and run this command: Add the user and set his home directory and password: Do the same with the remote server, in my example I am creating the users home directory on a remote redhat box under /home/dave Change the newly created users password Create public/private key pair Now let's create a public / private key pair to allow the qnap to log onto the remote redhat server without a password. This is perfect for automated (cron) backup scripts. Logon to the Qnap as user dave (or your user) and type Which should return this: And after a moment you will be asked where you wish to write your private key to You can accept the default. Next will be the passphrase you wish to use with this key. For this example we want no passphrase. Simply press enter or return. This will create a "phraseless" keypair. This should complete and it will return the place where it has left your private and public keys. The private key (id_rsa) should always be kept safe - and as your qnap is hidden behind a natted firewall (it is I hope?) and that for security's sake you don't allow any kind of remote access to the qnap from the internet you should be safe-ish. Now we need to copy the public key up to the remote host under the "dave" user's we created earlier home directory. Normally something like this on a red hat box /home/dave/.ssh or for Solaris /export/home/daves. This is done most simply by copying the file using scp. Note! Ensure there is a /home/dave/.ssh directory on the remote server first before trying the command. If there isn't just create one as normal (mkdir /home/dave/.ssh) Now that's copied login to the remote SSH server (in my example it is www.myserver.com) and then append the id_rsa.pub file to the authorized_keys file. Don't forget to ensure the user dave .ssh directory and the authorised keys are set to permissions 700 on both the remote and local servers. Now you can test it by running the following command from the QNAP Now if it logs in without a password you have done it! If you are prompted for a password the best thing to do is double check that the permissions on the qnap and the remote servers .ssh directory and sub directories are set to 700. Which looks like this:

Example Backup Scripts

Now you can run backup scripts which can backup mysql databases and files as cron jobs. As the qnap can login remotely without any need for a password to be entered cron jobs will succeed (they would fail if the cron scripts expected you to manually put in a password). The following is an example script which you might want to run daily on your qnap that would backup a website directory. Naturally you need to alter some of the paths to suit your own environment.