Configuration of Server
If you are interested in accessing BackupPC from another computer on the network, edit the Firewall with your tool of choice and allow port 80 through it
Additionally, you will need to edit the apache BackupPC configuration file
Edit: /etc/httpd/conf.d/BackupPC.conf
Add the two lines below containing the IP address of the local network that needs access. Add identical lines below them, as needed, for any other network that needs web access to the server.
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAll>
Require valid-user
<RequireAny>
Require local
Require ip 192.168.1 # Add this line
</RequireAny>
</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
allow from 127.0.0.1
allow from 192.168.1 # Add this line
require valid-user
</IfModule> Sometimes, I have run into trouble where the temporary folder doesn’t exist, gets deleted, or otherwise, disappears, so I wrote a startup script to check it and create it, if not found. This is optional, but is something I do, just in case.
First, create a file. I’ll put this one in the root folder and call it backuppccheck.sh:
# vi /root/backuppccheck.shPaste the following in the file:
if [ -d /var/run/BackupPC ]; then
logger "BackupPC temp folder exists"
else
mkdir -p /var/run/BackupPC
chown backuppc:backuppc /var/run/BackupPC
logger "BackupPC temp folder created"
fiThis will check if the folder exists and create it, if needed. Either way, it will write a note to the logfile what it does.
Make the file executable:
# chmod u=rwx /root/backuppccheck.shMake the service file that will execute this file on startup:
# vi /etc/systemd/system/backuppccheck.servicePaste the following in the file, changing the file name and location as needed:
[Unit]
Description=Check if BackupPC Temp Folder Exists on startup
After=network.target
[Service]
Type=simple
ExecStart=/root/backuppccheck.sh
TimeoutStartSec=0
[Install]
WantedBy=default.targetStart and Enable the service:
# systemctl start backuppccheck.service
# systemctl enable backuppccheck.serviceTo have the BackupPC server find and ping other computers, you’ll need to configure the Router and/or the BackupPC Server
Depending on how you’re network is configured, you may have to tell the router AND the backuppc server where to find computers on the network that you want to back up. To do this, you need to assign static IP addresses in the router configuration. For example, I want to back up the following workstations and I’m assigning the corresponding IP addresses. Each router is different, but search the internet how to do this for your specific router, if needed.
MY EXAMPLE:
- MyPCLaptop is assigned 192.168.1.50
- MyLinuxLaptop is assigned 192.168.1.55
- MyMacLaptop is assigned 192.168.1.60
- MyDesktop is assigned 192.168.1.70
Once you have these IP addresses entered in the router, go to the BackupPC server and find the hosts file.
In CentOS, it is located in the following file: /etc/hosts
Edit the Hosts file and add the same IP addresses and Hostnames as you did in the Router
# vi /etc/hostsAdd the same hostnames and IP addresses
127.0.0.1 localhost
::1 localhost
192.168.1.50 MyPCLaptop
192.168.1.55 MyLinuxLaptop
192.168.1.60 MyMacLaptop
192.168.1.70 MyDesktop After adding these to the BackupPC server, you should be able to PING these computers. For fun, you can ping as the backuppc user.
As root, type:
# sudo -u backuppc ping MyPCLaptopSending test Email
- As root, type:
# sudo -u backuppc /usr/share/BackupPC/bin/BackupPC_sendEmail -u Email@Address.comIf the email doesn’t send, you should be able to see the errors and/or troubleshoot the problem. There are many resources on the internet to help with sendmail.
One, last, optional, thing you can do on the Server:
Encrypt the BackupPC Data
This is a little advanced and I won’t go into great detail on how to encrypt a drive as there is plenty of CentOS information to be found, but once the drive is formatted and encrypted, mount the drive where you want BackupPC to store the data and configure the drive as shown in Part 1. So, for example, if I have an encrypted drive mounted at /media/encBackup, I run through all the parts and get BackupPC working. Since the whole point of the encryption is to keep it secure, the encrypted drive is not automatically mounted at startup so, if the computer is restarted, you will have to manually mount the drive and start the backuppc services.
With the script below, the only thing you’ll do when the computer is restarted is (1) login as root, (2) run the script, (3) type the password to unlock the drive.
I put the script in the /root folder so when I login as root, all I have to do is run the script, but you can put it anywhere. It’s really easy. First, we need to get the encrypted drive information.
Unlock the Encrypted Drive and, from root, type:
blkidLocate the Encrypted Drive’s:
Device Name (ex. /dev/sdb)
UUID (ex. fc3333f1-1bf3-3333-af33-333a333f33af)
Device Name after being unlocked
(ex. /dev/mapper/fc3333f1-1bf3-3333-af33-333a333f33af)
[root@localhost ~]# blkid
...
/dev/sdb: UUID="fc3333f1-1bf3-3333-af33-333a333f33af" TYPE="crypto_LUKS"
... /dev/mapper/fc3333f1-1bf3-3333-af33-333a333f33af: LABEL="Backups" UUID="fc8888f1-1bf8-8888-af88-888a888f88af" TYPE="ext4" Once the above information has been determined, create a file…I’ll call mine: start_backuppc.sh
# vi /root/start_backuppc.shPaste the following information in the file and replace the Device and UUID information with your Encrypted drive information.
#!/bin/bash
# Device Name of locked drive and UUID
cryptsetup luksOpen /dev/sdb "fc3333f1-1bf3-3333-af33-333a333f33af"
# Mount encrypted drive after unlocking it
# mount /dev/mapper/UUID /mount/point
mount /dev/mapper/fc3333f1-1bf3-3333-af33-333a333f33af /media/encBackup
#Restart BackupPC service
systemctl restart backuppc.service Save the file and make it executable
# chmod -u=rwx /root/start_backuppc.shNow, once the computer has been restarted, login as root and type
# sh start_backuppc.shType the Encrypted Drive’s Password and logout. If there were no errors, BackupPC starts.
Congrats! You should have a working BackupPC server…whether it is encrypted or not.
To add different hosts, jump to Part 3