$ sudo useradd -d /home/backup -m backup
$ sudo su - backup
$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/backup/.ssh/id_rsa):
Created directory '/home/backup/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/backup/.ssh/id_rsa.
Your public key has been saved in /home/backup/.ssh/id_rsa.pub.
The key fingerprint is:
05:8c:df:24:18:a9:9e:22:87:08:49:5b:11:7c:2f:f1 backup@host
You now need to put the public key onto your server for the root user (or if you want, a user with sudo role – its more secure though you will need to change your rsync commands to take account of that)
$ scp .ssh/id_rsa.pub root@your.cpanel.server.com:/root/.ssh/authorized_keys
Now once that done you can test out the key is working by SSH’ing in. If you dont get asked for a password, your SSH key is setup:
$ ssh root@your.cpanel.server.com
root@your.cpanel.server.com:$
Configuring the backup
So now you have SSH key access from your backup machine to the Cpanel/WHM server(s) its just a case of setting up a cron job to grab your data!
$ mkdir /home/backup/server1
$ crontab -e
In crontab, add the following entry (adjust the time the job runs to ensure that your Cpanel/WHM server(s) have enough time to do thier backups. for example, i know my cpanel backups finish around 3:30 am, so I set my rsync to run at 4.30 am). You can adjust bwlimit to something you prefer. I set it to 5000KB/sec (just under 50 mbps, so 50% of my available bandwdith) to ensure my regular users aren’t inconvenienced because something is chewing up all of the servers bandwidth. I also dont backup the spamassasin bloat. This should all be on one line:
30 4 * * * rsync -av --bwlimit=5000 --progress -e ssh --exclude '*spamass*' root@your.cpanel.server.com:/backup/cpbackup /home/backup/server1/ > /home/backup/server1.results.txt 2>&1
Finishing up
That should be all you need. Check back the following day and look look in the /home/backup/server1.results.txt file, it should look something like this:
backup@host:~$ tail server1.results.txt
up 8 100% 0.04kB/s 0:00:00 (xfer#2755, to-check=32/437710)
cpbackup/daily/user/mysql/horde.sql
3156258 100% 4.47MB/s 0:00:00 (xfer#2756, to-check=24/437710)
cpbackup/daily/user/resellerconfig/resellers
0 100% 0.00kB/s 0:00:00 (xfer#2757, to-check=20/437710)
cpbackup/daily/user/resellerconfig/resellers-nameservers
0 100% 0.00kB/s 0:00:00 (xfer#2758, to-check=19/437710)
sent 3351898 bytes received 329706615 bytes 476137.97 bytes/sec
total size is 34722766009 speedup is 104.25
Wednesday, February 27, 2013
How to make automatic backup in cPanel
Using the script* provided below you will be able to make automatic backup of your hosting account (domains and MySQL databases). This backup script includes SSL support. This is not necessary if you run the script on the server for which you are generating the backup; but the SSL support could be important if you are running the script somewhere else to connect to your cPanel hosting account.
<?php// PHP script to allow periodic cPanel backups automatically, optionally to a remote FTP server.
// This script contains passwords. It is important to keep access to this file secure (we would suggest you to place it in your home directory, not public_html)
// You need create 'backups' folder in your home directory ( or any other folder that you would like to store your backups in ).
// ********* THE FOLLOWING ITEMS NEED TO BE CONFIGURED *********
// Information required for cPanel access
$cpuser = "username"; // Username used to login to cPanel
$cppass = "password"; // Password used to login to cPanel
$domain = "example.com";// Your main domain name
$skin = "x"; // Set to cPanel skin you use (script will not work if it does not match). Most people run the default "x" theme or "x3" theme
// Information required for FTP host
$ftpuser = "ftpusername"; // Username for FTP account
$ftppass = "ftppassword"; // Password for FTP account
$ftphost = "ip_address"; // IP address of your hosting account
$ftpmode = "passiveftp"; // FTP mode
// Notification information $notifyemail = "any@example.com"; // Email address to send results
// Secure or non-secure mode $secure = 0; // Set to 1 for SSL (requires SSL support), otherwise will use standard HTTP
// Set to 1 to have web page result appear in your cron log $debug = 0;
// *********** NO CONFIGURATION ITEMS BELOW THIS LINE *********
$ftpport = "21";
$ftpdir = "/backups/"; // Directory where backups stored (make it in your /home/ directory). Or you can change 'backups' to the name of any other folder created for the backups;
if ($secure) {
$url = "ssl://".$domain;
$port = 2083;
} else {
$url = $domain;
$port = 2082;
}
$socket = fsockopen($url,$port);
if (!$socket) { echo "Failed to open socket connection... Bailing out!n"; exit; }
// Encode authentication string
$authstr = $cpuser.":".$cppass;
$pass = base64_encode($authstr);
$params = "dest=$ftpmode&email=$notifyemail&server=$ftphost&user=$ftpuser&pass=$ftppass&port=$ftpport&rdir=$ftpdir&submit=Generate Backup";
// Make POST to cPanel
fputs($socket,"POST /frontend/".$skin."/backup/dofullbackup.html?".$params." HTTP/1.0\r\n");
fputs($socket,"Host: $domain\r\n");
fputs($socket,"Authorization: Basic $pass\r\n");
fputs($socket,"Connection: Close\r\n");
fputs($socket,"\r\n");
// Grab response even if we do not do anything with it.
while (!feof($socket)) {
$response = fgets($socket,4096); if ($debug) echo $response;
}
fclose($socket);
?>
To schedule the script to run regularly, save it as fullbackup.php in your home directory and enter a new cron job** like the following:
00 2 * * 1 /usr/local/bin/php /home/youraccount/fullbackup.php
(Runs every Sunday night at 2:00 a.m.)
<?php// PHP script to allow periodic cPanel backups automatically, optionally to a remote FTP server.
// This script contains passwords. It is important to keep access to this file secure (we would suggest you to place it in your home directory, not public_html)
// You need create 'backups' folder in your home directory ( or any other folder that you would like to store your backups in ).
// ********* THE FOLLOWING ITEMS NEED TO BE CONFIGURED *********
// Information required for cPanel access
$cpuser = "username"; // Username used to login to cPanel
$cppass = "password"; // Password used to login to cPanel
$domain = "example.com";// Your main domain name
$skin = "x"; // Set to cPanel skin you use (script will not work if it does not match). Most people run the default "x" theme or "x3" theme
// Information required for FTP host
$ftpuser = "ftpusername"; // Username for FTP account
$ftppass = "ftppassword"; // Password for FTP account
$ftphost = "ip_address"; // IP address of your hosting account
$ftpmode = "passiveftp"; // FTP mode
// Notification information $notifyemail = "any@example.com"; // Email address to send results
// Secure or non-secure mode $secure = 0; // Set to 1 for SSL (requires SSL support), otherwise will use standard HTTP
// Set to 1 to have web page result appear in your cron log $debug = 0;
// *********** NO CONFIGURATION ITEMS BELOW THIS LINE *********
$ftpport = "21";
$ftpdir = "/backups/"; // Directory where backups stored (make it in your /home/ directory). Or you can change 'backups' to the name of any other folder created for the backups;
if ($secure) {
$url = "ssl://".$domain;
$port = 2083;
} else {
$url = $domain;
$port = 2082;
}
$socket = fsockopen($url,$port);
if (!$socket) { echo "Failed to open socket connection... Bailing out!n"; exit; }
// Encode authentication string
$authstr = $cpuser.":".$cppass;
$pass = base64_encode($authstr);
$params = "dest=$ftpmode&email=$notifyemail&server=$ftphost&user=$ftpuser&pass=$ftppass&port=$ftpport&rdir=$ftpdir&submit=Generate Backup";
// Make POST to cPanel
fputs($socket,"POST /frontend/".$skin."/backup/dofullbackup.html?".$params." HTTP/1.0\r\n");
fputs($socket,"Host: $domain\r\n");
fputs($socket,"Authorization: Basic $pass\r\n");
fputs($socket,"Connection: Close\r\n");
fputs($socket,"\r\n");
// Grab response even if we do not do anything with it.
while (!feof($socket)) {
$response = fgets($socket,4096); if ($debug) echo $response;
}
fclose($socket);
?>
To schedule the script to run regularly, save it as fullbackup.php in your home directory and enter a new cron job** like the following:
00 2 * * 1 /usr/local/bin/php /home/youraccount/fullbackup.php
(Runs every Sunday night at 2:00 a.m.)
Cpanel /scripts/restorepkg in detail
restorepkg [--force] [--skipres] [--override] [--ip=(y|n|Custom IP)] -- [cpuser|/path/to/cpuser-file]
/scripts/restorepkg --force xxxxxxx
--force
If there's one thing I advise, it's to never use this flag unless you've exhausted normal means of restoring the account. Even then, I'd prefer you contact cPanel support instead so we can figure out what's going on. This option essentially instructs restorepkg to disregard all logic that we put in place to prevent conflicts when an account is being restored.
If the backup you're restoring does contain actual conflicts (domains owned by other users for example), then this sets you up for a world of hurt and unexpected behavior. I see all too often where a sysadmin has forced an account to be restored that conflicts with already existing accounts onto a box.
It does not terminate the account first; it just "shoe horn" restores it on top. The intention of this feature is if you're trying to reduce downtime or are trying to keep 'new' files (like email) that otherwise don't exist in the backup you're restoring from.
But, personally, I would never use --force on my own personal box just for the peace of mind. I'd perform a clean terminate/restore of an account and rest assured that our restorepkg logic has guaranteed me that there are no conflicts.
--skipres
This stands for "Skip Reseller Privileges". Pretty self-explanatory. Using this option will ensure that reseller privileges are NOT restored (if the account had them, that is). If it's not a reseller, this argument effectively does nothing.
--override
This allows you to override the stock cPanel restorepkg code with your own custom written restorepkg logic if you've written some.
Stock Code: /usr/local/cpanel/Whostmgr/Transfers.pm
If you desire to create your own customized version, you would place it at:
Override location: /var/cpanel/lib/Whostmgr/Transfers.pm
Then, when you use "--override" it will call upon the override location code in lieu of the stock code. Note that if you don't have an override setup at that location, the "--override" argument effectively does nothing at all.
--ip=(y|n|Custom IP)
Pretty much self-explanatory.
--ip=y
^-- Allocates the next available IP in the IP Pool to the account upon restore. If none available, uses shared IP.
--ip=n
^-- The same as leaving this flag absent. The account will restore using the shared IP of the box.
--ip=123.123.123.123 (Or any other valid IP)
^-- Attempts to allocate the specified IP to the account upon restore. If not available/does not exist, uses shared IP
cpuser|/path/to/cpuser-file
Self-explanitory again.
cpuser
Will search for archive in various common locations to try and automatically identify the backup you're requesting it to restore. If it cannot find it, it will instruct you where it looked and what it was trying to find.
/path/to/cpuser-file
Simply attempts to restore using the archive that the path specifies.
/scripts/restorepkg --force xxxxxxx
--force
If there's one thing I advise, it's to never use this flag unless you've exhausted normal means of restoring the account. Even then, I'd prefer you contact cPanel support instead so we can figure out what's going on. This option essentially instructs restorepkg to disregard all logic that we put in place to prevent conflicts when an account is being restored.
If the backup you're restoring does contain actual conflicts (domains owned by other users for example), then this sets you up for a world of hurt and unexpected behavior. I see all too often where a sysadmin has forced an account to be restored that conflicts with already existing accounts onto a box.
It does not terminate the account first; it just "shoe horn" restores it on top. The intention of this feature is if you're trying to reduce downtime or are trying to keep 'new' files (like email) that otherwise don't exist in the backup you're restoring from.
But, personally, I would never use --force on my own personal box just for the peace of mind. I'd perform a clean terminate/restore of an account and rest assured that our restorepkg logic has guaranteed me that there are no conflicts.
--skipres
This stands for "Skip Reseller Privileges". Pretty self-explanatory. Using this option will ensure that reseller privileges are NOT restored (if the account had them, that is). If it's not a reseller, this argument effectively does nothing.
--override
This allows you to override the stock cPanel restorepkg code with your own custom written restorepkg logic if you've written some.
Stock Code: /usr/local/cpanel/Whostmgr/Transfers.pm
If you desire to create your own customized version, you would place it at:
Override location: /var/cpanel/lib/Whostmgr/Transfers.pm
Then, when you use "--override" it will call upon the override location code in lieu of the stock code. Note that if you don't have an override setup at that location, the "--override" argument effectively does nothing at all.
--ip=(y|n|Custom IP)
Pretty much self-explanatory.
--ip=y
^-- Allocates the next available IP in the IP Pool to the account upon restore. If none available, uses shared IP.
--ip=n
^-- The same as leaving this flag absent. The account will restore using the shared IP of the box.
--ip=123.123.123.123 (Or any other valid IP)
^-- Attempts to allocate the specified IP to the account upon restore. If not available/does not exist, uses shared IP
cpuser|/path/to/cpuser-file
Self-explanitory again.
cpuser
Will search for archive in various common locations to try and automatically identify the backup you're requesting it to restore. If it cannot find it, it will instruct you where it looked and what it was trying to find.
/path/to/cpuser-file
Simply attempts to restore using the archive that the path specifies.
Subscribe to:
Posts (Atom)