VM backup and download

The following code snippet will let you create a backup image of a Linux server, encrypt it, and then make it available for download. It requires PHP, and makes use of PHP's built in HTTP server. You will need sufficient disk space on your VM image to create the download. The file is compressed, so the backup will typically be smaller than the disk space used on the VM.

# typically needed on the restore side
apt-get -y install rsync
# random password of letters and digits
password="$(</dev/urandom tr -dc A-Z0-9 | head -c10)"
# create a backup directory
[ ! -d /root/backup.$$ ] && mkdir /root/backup.$$
# date like 2021-06-28-1624846640
dt="$(date +%Y-%m-%d-%s)"
cd /root/backup.$$
# exclude mysql and log files, but keep directory structure
find /var/log /var/cache/apt/archives -type f > /root/excludefiles.log
#find /var/lib/mysql -type f > /root/excludefiles.log
# exclude sockets
find / -type s -print 2>/dev/null >> /root/excludefiles.log
# create a tar file, exclude certain directories
# encrypt the data using openssh with the provided password
tar --numeric-owner --create --preserve-permissions --gzip --file - \
--exclude-from=/root/excludefiles.log \
--exclude=/root/backup.* \
--exclude=/restore* \
--exclude=/proc \
--exclude=/tmp \
--exclude=/mnt \
--exclude=/dev \
--exclude=/sys \
--exclude=/run \
--exclude=/media \
--exclude=/usr/src/linux-headers* \
--exclude=/home/*/.gvfs \
--exclude=/home/*/.cache \
--exclude=/home/*/.local/share/Trash / | openssl enc -aes-256-cbc  -md sha256 -pass "pass:$password"  > /root/backup.$$/backup-$dt.tar.gz.enc

# save password details
echo "<meta charset="utf-8">openssl enc -d -aes-256-cbc  -md sha256 -pass "pass:$password" -in backup-$dt.tar.gz.enc -out backup-$dt.tar.gz" >> /root/backupcredentials.log

#zip --encrypt --password "$password" backup.zip $directorytozip

# output a message about how to access and use the file 
ip=$(ifconfig eth0 | grep 'inet ' | sed 's/inet addr:/inet /' | awk '{print $2}')
echo "The backup file is created at /root/backup.$$/backup-$dt.tar.gz.enc.  

Download your backup from http://$ip:32956/backup-$dt.tar.gz.enc

Download your backup with scp using: scp root@$ip:/root/backup.$$/backup-$dt.tar.gz.enc 

Extract your backup on a target host with scp using: mkdir /restore.$$; cd /restore.$$; scp root@$ip:/root/backup.$$/backup-$dt.tar.gz.enc /dev/stdout | openssl enc -d -aes-256-cbc  -md sha256 -pass "pass:$password" | tar xz

Unencrypt the backup with: openssl enc -d -aes-256-cbc  -md sha256 -pass "pass:$password" -in backup-$dt.tar.gz.enc -out backup-$dt.tar.gz

Should you need openssl for windows, you may download that.  For example from https://curl.se/windows/

The backup includes mysql databases.  You may prefer to exclude them, and run a MySQL database dump instead.

# offer the file for download.  Kill this process off after you have downloaded the file.  
# PHP has a built in web server
# at job to kill off process after 24h?
nohup php -S $ip:32956 &

To decrypt the backup you will need openssl. This is typically available on most Linux installs. There are also Windows binaries available, e.g. from https://curl.se/windows/

You may wish to skip the encryption step if you are scp-ing the file directly and not offering it via a public download URL.

The backup skips the mysql directory. You could include that if you wished (be sure to stop the mysql server while the files are being copied). Alternatively you could create a mysql database dump prior to creating the backup image.

About Peter Bryant

Peter founded RimuHosting in 2003
This entry was posted in Rimuhosting and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *