Last active
January 16, 2019 09:51
-
-
Save jult/ccfb00fc1f3733188e7c to your computer and use it in GitHub Desktop.
Back-up files from server to server using ssh/rsync, and encrypt heavily using openssl before transfer because of insecure remote machine owned by other(s)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # backup files files from server to server using ssh/rsync | |
| # encrypt heavily using openssl before transfer to less secure location | |
| # create the files | |
| tar -zcpf /somepath/etc.tar.gz -C / etc | |
| # tar -cv --exclude='root/io'-f /somepath/root.tar -find /root ! -type l | |
| mysqldump --dump-date -uwp_admin -pSomedbpass -h localhost wordprass > /somepath/zichtbaar.sql | |
| # encode them with that cipher and strong password: | |
| openssl enc -aes-256-cbc -in /somepath/etc.tar.gz -out /somepath/etc.tar.gz.enc -pass pass:blabla | |
| # openssl enc -aes-256-cbc -in /somepath/root.tar.gz -out /somepath/root.tar.gz.enc -pass pass:blaaat | |
| openssl enc -aes-256-cbc -in /somepath/zichtbaar.sql -out /somepath/wordprass.sql.enc -pass pass:blabla | |
| rm -f /somepath/*.gz | |
| # send all encrypted files to remote less secure location | |
| ionice -c2 -n5 nice -n9 rsync -e 'ssh -p 5022' -quaxz --bwlimit=5600 /somepath/*.enc remotehost:/volume1/home/admin/backups/enc/ | |
| exit 0 |
/somepath/excluded content, i.e. the stuff you generally don't want or need to backup,
don't blindly use this before carefully looking at it, as it is used in combination with non-excluding rsync tasks:
*.sqlite*
*.!Sync
*.SyncOld
*.SyncPart
*.SyncTemp
*.bak
*.bts
*.crdownload
*.git
*.log
*.old
*.part
*.shm
*.svn
*.swp
*.sync
*.tmp
*.wal
*CACHE*
*Cache*
*S*Conflict*
*Temporary*
*TemporaryItems
*cache*
*s*conflict*
*~
.DS_Store
.Spotlight-V100
.SyncArchive
.SyncID
.SyncIgnore
.Trash*
._*
.cache
.git
.svn
Thumbs.db
a_writable
asset-cache
backend_dev.log
backend_prod.log
cache
captcha_tmp
checkouts
data/searchIndex
desktop.ini
ehthumbs.db
frontend_dev.log
frontend_prod.log
imgcache
searchIndex
staging.*
templates_c
tmp_uploads
nobackup/
dev/
media/
mnt/
proc/
ramm/
root/
run/
selinux/
sys/
tmp/
var/lib/lxcfs/
files_trashbin/
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
each night backup full server: