You are here

Home

How to backup a web site

Created on 26-Jan-2013 - Updated on 11-Oct-2014 - 9729 views

Requirement

To backup a web site on a periodic basis (say once per night), onto my own computer, running Linux. Web site computer runs Linux as well.

Domain name of the web site computer is supposed to be mywebsite.com. Web site files are supposed to be in /var/www/website directory.

Backup directory on my own computer is supposed to be /home/myself/backup.

Solution

Overview

We will use rsync over ssh to copy files from the web site to the local computer. ssh will be configured to use the public/private keys authentication mechanism, so that no password will be used.

The rsync command will be run every night thanks to cron.

This method is largely inspired by this article (additionnally, this article describes how to replicate a mySQL database...).

Detailed steps

  • on the computer running the web site, create the unprivileged user backup. Add it to www-data group (if the web server uses this group).
  • test that rsync works:
rsync -avz -e ssh backup@mywebsite.com:/var/www/website /home/myself/backup/website/
  • on local computer, create an ssh key pair. Do not set a passphrase (think twice at security consequences for your local computer).
sudo mkdir /root/rsync
sudo ssh-keygen -t dsa -b 1024 -f /root/rsync/mirror-rsync-key
  • move the public key to the web site computer:
sudo scp /root/rsync/mirror-rsync-key.pub backup@mywebsite.com:/home/backup/
  • on the web site computer, create the file authorized_keys, under backup username:
mkdir .ssh
chmod 700 .ssh
mv mirror-rsync-key.pub .ssh/.
cd .ssh/
touch authorized_keys
chmod 600 authorized_keys   
cat mirror-rsync-key.pub >> authorized_keys
  • add following clauses at start of authorized_keys file contents, so that only rsync connections will be accepted. Separate those clauses from what is already in the file, using a space character:
command="/home/backup/rsync/checkrsync",no-port-forwarding,no-X11-forwarding,no-pty
  • create file ~/rsync/checkrsync, with following contents:
#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
        *\&*)
                echo "Rejected"
                ;;
        *\(*)
                echo "Rejected"
                ;;
        *\{*)
                echo "Rejected"
                ;;
        *\;*)
                echo "Rejected"
                ;;
        *\<*)
                echo "Rejected"
                ;;
        *\`*)
                echo "Rejected"
                ;;
        rsync\ --server*)
                $SSH_ORIGINAL_COMMAND
                ;;
        *)
                echo "Rejected"
                ;;
esac
  • set up its protection:
chmod 700 ~/rsync/checkrsync  
  • on local machine, add following line into super user crontab  (sudo crontab -e):
00 05 * * * /usr/bin/rsync -avz --delete -e "ssh -i /root/rsync/mirror-rsync-key" \
    backup@mywebsite.com:/var/www/website/ \
    /home/myself/backup/website/ 

This will start the rsync copy every night, at 5 AM.