blanchet
Guru
- Joined
- Apr 17, 2018
- Messages
- 516
BackupPC is an agent-less backup software that retrieves files from Windows or Linux computer with smbclient or rsync.
Since FreeNAS 11.2, there is an official plugin for BackupPC but it is broken (the web management interface is missing),
therefore I propose this is step-by-step guide to install BackupPC on FreeNAS to have an all-in-one backup solution.
This guide has been tested on
1/ Create a dataset for the backup data
I prefer to save the backup files outside the jail in a separated dataset (but it is not mandatory)
So create a new dataset
2/ Create the jail with the web interface
In this tutortial, I use a jail without VNET.
(If you need VNET (for example for DHCP) with a virtualized FreeNAS do not forget to activate promiscuous mode on the Ethernet interface)
The jail needs auto-start and allow.raw_sockets (for ping)
You can use the shell jail from the web interface but it is more convenient to login with SSH to freenas first and then connect with iocage
6/ Check the ping in the jail
7/ Check the mount point
8/ Install the packages
9/ Setup Samba
Create the file
Check configuration
10/ Configure backuppc
Run the
The configuration script has created directories in
Edit
Allow backuppc user to edit configuration file
Setup autostart for backuppc
11/ Configure Apache for the web management interface
Create a password for apache access
Create symbolic link for
Create the file
[CODE
Start apache automatically
Try to open http://192.168.0.144/bpc
Enter the login and password (see the
Login: backuppc
Passwd: foobar
OK we have the admin interface
12/ Setup email
In the page http://192.168.0.144/bpc/backuppc.pl?action=editConfig
In the Email tab setup
Now go back to the shell to setup sendmail
Edit
Compile the file and overwrite sendmail configuration
Start sendmail automatically
Test email configuration
If you want to test email configuration you have to enable the backuppc user first because it uses the nologin shell
Conclusion
Now you have a jail with BackupPC 4.
Enjoy!
To configure the software use the web interface at http://192.168.0.144/bpc
but BackupPC is pretty complex to setup, so you really need to read the documentation first.
Since FreeNAS 11.2, there is an official plugin for BackupPC but it is broken (the web management interface is missing),
therefore I propose this is step-by-step guide to install BackupPC on FreeNAS to have an all-in-one backup solution.
This guide has been tested on
- Hardware: VirtualBox virtual machine
- FreeNAS 11.3u5 (hostname: freenas)
- pool name: tank1
1/ Create a dataset for the backup data
I prefer to save the backup files outside the jail in a separated dataset (but it is not mandatory)
So create a new dataset
Code:
root@freenas:~ # zfs create tank1/backuppc
2/ Create the jail with the web interface
In this tutortial, I use a jail without VNET.
(If you need VNET (for example for DHCP) with a virtualized FreeNAS do not forget to activate promiscuous mode on the Ethernet interface)
- Go to ui/jail
- Activate pool tank1 for jails
- Click ADD
- 1- Name Jail and Choose FreeBSD Release
Jail Name: backuppc4
Release: 11.4-RELEASE
NEXT
- 2- Configure Networking
IPv4 Interface: vtnet0 (the exact name depends on your hardware)
IPv4 Address: 192.168.0.144
IPv4 Netmask: 24
NEXT
- 3- Confirm Options
Jail Summary
Jail Name : backuppc4
Release : 11.4-RELEASE
DHCP Autoconfigure IPv4 : No
VNET Virtual Networking : No
IPv4 Address : vtnet0|192.168.0.144/24
Confirm these settings.
SUBMIT
The jail needs auto-start and allow.raw_sockets (for ping)
- Select the Jail 'backuppc4'
EDIT
Basic Properties
[x] Auto-start
Jail Properties
[x] allow.raw_sockets
SAVE
- Select the Jail 'backuppc4'
MOUNT POINT
ACTION | Add Mount Point
Source: /mnt/tank1/backuppc
Destination: /var/db/BackupPC
- Select the Jail 'backuppc4'
START
You can use the shell jail from the web interface but it is more convenient to login with SSH to freenas first and then connect with iocage
Code:
root@freenas:~ # iocage console backuppc4 root@backuppc4:~ #
6/ Check the ping in the jail
Code:
root@backuppc4:~ # ping freenas.org
7/ Check the mount point
Code:
root@backuppc4:~ # df -h /var/db/BackupPC/ Filesystem Size Used Avail Capacity Mounted on /mnt/tank1/backuppc 20G 88K 20G 0% [restricted]
8/ Install the packages
Code:
root@backuppc4:~# pkg install samba412 rsync rsync-bpc rrdtool par2cmdline p5-XML-RSS backuppc4 apache24
9/ Setup Samba
Create the file
/usr/local/etc/smb4.conf
Code:
[global] client min protocol = SMB2 client max protocol = SMB3
Check configuration
Code:
root@backuppc4:~ # testparm -s Load smb config files from /usr/local/etc/smb4.conf Loaded services file OK. Server role: ROLE_STANDALONE # Global parameters [global] client max protocol = SMB3 client min protocol = SMB2 idmap config * : backend = tdb root@backuppc4:~ #
10/ Configure backuppc
Run the
update.sh
script to create the configuration file (Press Enter everytime to accept the default)Code:
root@backuppc4:~ # /usr/local/etc/backuppc/update.sh Is this a new installation or upgrade for BackupPC? If this is an upgrade please tell me the full path of the existing BackupPC configuration file (eg: /usr/local/etc/backuppc/config.pl). Otherwise, just hit return. --> Full path to existing main config.pl []? I found the following locations for these programs: bzip2 => /usr/bin/bzip2 cat => /bin/cat df => /bin/df gtar/tar => /usr/bin/tar gzip => /usr/bin/gzip hostname => /bin/hostname nmblookup => /usr/local/bin/nmblookup par2 => /usr/local/bin/par2 perl => /usr/local/bin/perl ping => /sbin/ping ping6 => /sbin/ping6 rrdtool => /usr/local/bin/rrdtool rsync => /usr/local/bin/rsync rsync_bpc => /usr/local/bin/rsync_bpc sendmail => /usr/sbin/sendmail smbclient => /usr/local/bin/smbclient split => /usr/bin/split ssh/ssh2 => /usr/bin/ssh --> Are these paths correct? [y]? Please tell me the hostname of the machine that BackupPC will run on. --> BackupPC will run on host [backuppc4]? BackupPC should run as a dedicated user with limited privileges. You need to create a user. This user will need read/write permission on the main data directory and read/execute permission on the install directory (these directories will be setup shortly). The primary group for this user should also be chosen carefully. The data directories and files will have group read permission, so group members can access backup files. --> BackupPC should run as user [backuppc]? Please specify an install directory for BackupPC. This is where the BackupPC scripts, library and documentation will be installed. --> Install directory (full path) [/usr/local]? Please specify a data directory for BackupPC. This is where all the PC backup data is stored. This file system needs to be big enough to accommodate all the PCs you expect to backup (eg: at least several GB per machine). --> Data directory (full path) [/var/db/BackupPC]? BackupPC has SCGI and CGI perl interfaces that run under Apache. You need to pick which one to run. For SCGI, Apache uses the scgi_mod module to communicate with BackupPC_Admin_SCGI, which handles the requests. This allows Apache to run as a different user as backuppc. To use SCGI you need to set SCGIServerPort to any spare non-privileged TCP port number. A negative value disables SCGI. Important security warning!! The SCGIServerPort must not be accessible by anyone untrusted. That means you can't allow untrusted users access to the BackupPC server, and you should block the SCGIServerPort TCP port from network access. The traditional alternative is to use CGI. In this case, an executable needs to be installed Apache's cgi-bin directory. This executable needs to run as set-uid backuppc, or it can be run under mod_perl with Apache running as user backuppc. --> SCGI port (-1 to disable) [-1]? --> CGI bin directory (full path, or empty for no CGI) [/usr/local/www/cgi-bin]? BackupPC's CGI and SCGI script need to display various PNG/GIF images that should be stored where Apache can serve them. They should be placed somewhere under Apache's DocumentRoot. BackupPC also needs to know the URL to access these images. Example: Apache image directory: /var/www/htdocs/BackupPC URL for image directory: /BackupPC The URL for the image directory should start with a slash. --> Apache image directory (full path, or empty for no S/CGI) [/usr/local/www/backuppc]? --> URL for image directory (omit http://host; starts with '/', or empty for no S/CGI) [/backuppc]? Ok, we're about to: - create/update the config.pl file /usr/local/etc/backuppc/config.pl --> Do you want to continue? [y]? Installing config.pl and hosts in /usr/local/etc/backuppc Ok, it looks like we are finished. There are several more things you will need to do: - Browse through the config file, /usr/local/etc/backuppc/config.pl, and make sure all the settings are correct. In particular, you will need to set $Conf{CgiAdminUsers} so you have administration privileges in the CGI interface. - Edit the list of hosts to backup in /usr/local/etc/backuppc/hosts. - Read the documentation in /usr/local/doc/BackupPC.html. Please pay special attention to the security section. - Verify that the CGI script BackupPC_Admin runs correctly. You might need to change the permissions or group ownership of BackupPC_Admin. If this is an upgrade and you are using mod_perl, you will need to restart Apache. Otherwise it will have stale code. - BackupPC should be ready to start. Don't forget to run it as user backuppc! The installation also contains a systemd/backuppc.service script that can be installed so that BackupPC can auto-start on boot. This will also enable administrative users to start the server from the CGI interface. See systemd/README. Enjoy! root@backuppc4:~ #
The configuration script has created directories in
/var/db/BackupPC
Code:
root@backuppc4:~ # ls /var/db/BackupPC/ cpool pc pool
Edit
/usr/local/etc/backuppc/config.pl
to define backuppc as the administrator user on line 2023Code:
root@backuppc4:~ # ee /usr/local/etc/backuppc/config.pl $Conf{CgiAdminUsers} = 'backuppc';
Allow backuppc user to edit configuration file
Code:
[root@backuppc4 ~]# chown -R backuppc:backuppc /usr/local/etc/backuppc/
Setup autostart for backuppc
Code:
root@backuppc4:~ # echo 'backuppc_enable="YES"' >> /etc/rc.conf root@backuppc4:~ # service backuppc start Starting backuppc. root@backuppc4:~ #
11/ Configure Apache for the web management interface
Create a password for apache access
Code:
[root@backuppc4 ~]# htpasswd -c /usr/local/etc/backuppc/htpasswd backuppc New password: foobar Re-type new password: foobar Adding password for user backuppc
Create symbolic link for
backuppc.pl
Code:
root@backuppc4:~ # ln -s /usr/local/www/cgi-bin/BackupPC_Admin /usr/local/www/cgi-bin/backuppc.pl
Create the file
/usr/local/etc/apache24/Includes/backuppc.conf
[CODE
Code:
############################### BEGIN ############################ # Set ServerName ServerName backuppc4.localdomain:80 # Run Apache24 as 'backuppc:backuppc' User backuppc Group backuppc # Load CGI modules LoadModule cgid_module libexec/apache24/mod_cgid.so LoadModule cgi_module libexec/apache24/mod_cgi.so ScriptAlias /bpc /usr/local/www/cgi-bin/ <Directory /usr/local/www/cgi-bin/> AllowOverride None Allow from all # Uncomment the line below to ensure that nobody can sniff important # info from network traffic during editing of the BackupPC config or # when browsing/restoring backups. # Requires that you have your webserver set up for SSL (https) access. #SSLRequireSSL Options +ExecCGI -MultiViews +FollowSymlinks DirectoryIndex backuppc.pl AuthUserFile /usr/local/etc/backuppc/htpasswd AuthType basic AuthName "BackupPC admin" require valid-user </Directory> Alias /backuppc /usr/local/www/backuppc/ <Directory /usr/local/www/backuppc/ > # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # AllowOverride FileInfo AuthConfig Limit # AllowOverride None # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # # # Controls who can get stuff from this server. # Require all granted DirectoryIndex BackupPC.html </Directory> ############################### END ##############################
Start apache automatically
Code:
root@backuppc4:~ # echo 'apache24_enable="YES"' >> /etc/rc.conf root@backuppc4:~ # service apache24 start Performing sanity check on apache24 configuration: Syntax OK Starting apache24.
Try to open http://192.168.0.144/bpc
Enter the login and password (see the
htpasswd
command before)Login: backuppc
Passwd: foobar
OK we have the admin interface
12/ Setup email
In the page http://192.168.0.144/bpc/backuppc.pl?action=editConfig
In the Email tab setup
- EMailFromUserName = frommyname@example.com
- EMailAdminUserName = tomyothername@example.com
Now go back to the shell to setup sendmail
Edit
/etc/mail/freebsd.mc
to add at the bottomCode:
root@backuppc4:~ # ee /etc/mail/freebsd.mc define(`SMART_HOST',`[smtp.example.com.]')
Compile the file and overwrite sendmail configuration
Code:
root@backuppc4:~ # cd /etc/mail root@backuppc4:/etc/mail # make freebsd.cf /usr/bin/m4 -D_CF_DIR_=/usr/share/sendmail/cf/ /usr/share/sendmail/cf/m4/cf.m4 freebsd.mc > freebsd.cf root@backuppc4:/etc/mail # cp freebsd.cf sendmail.cf
Start sendmail automatically
Code:
root@backuppc4:~ # echo 'sendmail_enable="YES"' >> /etc/rc.conf root@backuppc4:~ # echo 'sendmail_msp_queue_enable="YES"' >> /etc/rc.conf root@backuppc4:~ # service sendmail start Starting sendmail. Starting sendmail_msp_queue. root@backuppc4:~ #
Test email configuration
If you want to test email configuration you have to enable the backuppc user first because it uses the nologin shell
Code:
root@backuppc4:~ # finger backuppc Login: backuppc Name: BackupPC pseudo-user Directory: /nonexistent Shell: /usr/sbin/nologin No Mail. No Plan. root@backuppc4:~ # chsh -s /bin/csh backuppc chsh: user information updated root@backuppc4:~ # su backuppc % /usr/local/bin/BackupPC_sendEmail -u tomyothername@example.com % exit exit root@backuppc4:~ # chsh -s /usr/sbin/nologin backuppc chsh: user information updated root@backuppc4:~ # finger backuppc Login: backuppc Name: BackupPC pseudo-user Directory: /nonexistent Shell: /usr/sbin/nologin No Mail. No Plan.
Conclusion
Now you have a jail with BackupPC 4.
Enjoy!
To configure the software use the web interface at http://192.168.0.144/bpc
but BackupPC is pretty complex to setup, so you really need to read the documentation first.
Last edited: