Last active
October 20, 2021 17:02
-
-
Save ilyaevseev/e6e7e0a0be77e86537ab316ddf8550ff to your computer and use it in GitHub Desktop.
Copy Kerio Connect backups to Hetzner backup server.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh -e | |
LOGDIR="/var/log/${0##*/}" | |
TSTAMP="$(date +%Y-%m-%d-%H%M)" | |
mkdir -p "$LOGDIR" | |
VERBOSE=1 /root/kerio-backup/kerio-backups-to-hetzner > "$LOGDIR/$TSTAMP.log" 2>&1 | |
find "$LOGDIR/" -name "*.log" -type f -mtime +7 -delete |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
KERIO_BACKUP_DIR="/opt/kerio/mailserver/store/backup" | |
CONFIG="$(dirname "$0")/hetzner-backup-account-info.txt" | |
TOTAL_LIMIT="$(expr 100 '*' 1024 '*' 1024 '*' 1024)" # ..100 GB | |
#### Functions ############################################### | |
Fail() { | |
echo "$@" | mail -s "${0##*/} failed" admins | |
logger -p user.err -t "${0##*/}" -s -- "$@" | |
exit 1 | |
} | |
Verbose() { test -n "$VERBOSE" && echo "$@"; } | |
LFTP() { lftp -e "$*; quit" $USER:$PASS@$HOST || Fail "lftp failed"; } | |
Getfiles_for_backup() { | |
# Global vars: assign FILES | |
FILES="$(find "$KERIO_BACKUP_DIR/" -type f -name '*.zip' -mtime -1)" | |
test -n "$FILES" && return 0 | |
Verbose "nothing to do." | |
exit 0 | |
} | |
Check_files_are_not_toobig() { | |
local SUMSIZE="$(du -b $FILES | awk '{ sum += $1 } END { print sum }')" | |
test "$SUMSIZE" -ge "$TOTAL_LIMIT" && | |
Fail "New files are too big for backup: limit = $TOTAL_LIMIT, files size = $SUMSIZE" | |
} | |
Check_file_isnot_toobig() { | |
# Global vars: read FILE and TOTAL_LIMIT, assign SIZE | |
SIZE="$(stat -c '%s' "$FILE")" | |
test "$SIZE" -ge "$TOTAL_LIMIT" && | |
Fail "New file $FILE is too big for backup: limit = $TOTAL_LIMIT, filesize = $SIZE" | |
} | |
Need_free() { | |
# Global vars: read TOTAL_LIMIT, SIZE | |
local USED="$(LFTP cls -s --block-size=1 | awk '{ sum += $1 } END { print sum }')" | |
test -n "$USED" || Fail "LFTP failed, cannot get usage summary." | |
local FREE="$(expr "$TOTAL_LIMIT" - "$USED")" | |
test "$SIZE" -lt "$FREE" && return 1 # ..dont need to delete old files | |
Verbose "size=$SIZE, used=$USED, free=$FREE, need_free=YES" | |
return 0 | |
} | |
Delete_oldest() { | |
local OLDEST="$(LFTP cls --sort=date | head -1)" | |
Verbose "oldest = $OLDEST" | |
test -n "$OLDEST" && LFTP rm "$OLDEST" | |
} | |
#### Main #################################################### | |
test -s "$CONFIG" || Fail "$CONFIG is missing or empty" | |
. "$CONFIG" | |
which lftp >/dev/null 2>&1 || Fail "missing lftp" | |
Getfiles_for_backup | |
Check_files_are_not_toobig # ..needed because Kerio splits large backups to multiple 2GB files | |
for FILE in $FILES; do | |
Check_file_isnot_toobig # ..actually not needed because overloaded by Check_files_are_not_toobig | |
while Need_free; do Delete_oldest; done | |
Need_free && Fail "cannot free space on backup storage" | |
Verbose "put $FILE" | |
LFTP put "$FILE" | |
done | |
exit 0 | |
## END ## |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
listen [::]:80; | |
server_name mail.remotesrv.ru; | |
location /.well-known { alias /var/www/letsencrypt/.well-known; } | |
location / { return 308 https://mail.remotesrv.ru$request_uri; } | |
} | |
server { | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
server_name mail.remotesrv.ru; | |
## Initial: | |
# ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; | |
# ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; | |
## LetsEncrypt: | |
ssl_certificate /etc/LetsEncrypt/current/fullchain.pem; | |
ssl_certificate_key /etc/LetsEncrypt/current/key.pem; | |
location / { | |
proxy_pass https://localhost:8843; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Remote-Port $remote_port; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_redirect off; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh -e | |
KERIO_SSLDIR="/opt/kerio/mailserver/sslcert" | |
TOPDIR="/etc/LetsEncrypt" | |
TSTAMP="$(date +%Y-%m-%d-%H%M)" | |
NEWDIR="$TOPDIR/$TSTAMP" | |
CURDIR="$TOPDIR/current" | |
Update_current() { cd "$TOPDIR/" && ln -nfs "$TSTAMP" current; } | |
mkdir -p "$NEWDIR" | |
test -e "$CURDIR" && cmd="renew" || cmd="issue" | |
/home/acme.sh/acme.sh \ | |
--$cmd \ | |
--force \ | |
--domain mail.remotesrv.ru \ | |
--webroot /var/www/letsencrypt/ \ | |
--log "$NEWDIR/acme.log" \ | |
--cert-file "$NEWDIR/cert.pem" \ | |
--key-file "$NEWDIR/key.pem" \ | |
--ca-file "$NEWDIR/ca.pem" \ | |
--fullchain-file "$NEWDIR/fullchain.pem" \ | |
--reloadcmd "touch $NEWDIR/success.flag" | |
test -s "$NEWDIR/success.flag" || exit 1 | |
Update_current | |
cp -p "$NEWDIR/fullchain.pem" "$KERIO_SSLDIR/LetsEncrypt.crt" | |
cp -p "$NEWDIR/key.pem" "$KERIO_SSLDIR/LetsEncrypt.key" | |
systemctl reload nginx | |
systemctl restart kerio-connect.service | |
## END ## |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment