Differences

This shows you the differences between two versions of the page.

--- freebsd_nginx_backuppc [2017/07/11 16:01] – [Configuration] k2patel
+++ freebsd_nginx_backuppc [2020/08/10 02:35] (current) – external edit 127.0.0.1
@@ Line 4: / Line 4: @@
 Not going to discuss on setting up jail etc., this topic mainly focused on quick installation once your JAIL is setup.
-==== Installation ====
+Note: For Linux RHEL Based installation look ([[https://wiki.k2patel.in/doku.php?id=centos_nginx_backuppc4.x | here ]])
+===== Installation =====
 Installing packages required.\\
@@ Line 13: / Line 14: @@
 </code>
-I've built backuppc4, because i needed to choose more options than default.
+I've built backuppc4, because i needed to choose more options than default.\\
+But you can install using command
 <code bash>
 cd /usr/ports/sysutils/backuppc4/
@@ Line 28: / Line 30: @@
 </code>
+Configure backuppc for first time
+<code bash>
+/usr/local/etc/backuppc/update.sh
+</code>
 ==== FCGI ====
 Running Nginx going to use fcgiwrap package instead of CGI.
@@ Line 38: / Line 44: @@
 fcgiwrap_main_user="backuppc"
 </code>
+==== NGINX ====
+Enable nginx after system reboot and allow it to run.
+<code bash>
+sysrc nginx_enable=YES
+</code>
+Configuring nginx to work with fcgiwrap.
+<WRAP prewrap>
+<code bash /usr/local/etc/nginx/nginx.conf>
+worker_processes  1;
+events {
+    worker_connections  1024;
+}
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    sendfile        on;
+    keepalive_timeout  65;
+    gzip  on;
+    server {
+        listen       80;
+        server_name  <hostname>;
+        return 302 https://<hostname>$request_uri;
+    }
+    server {
+        listen       443 ssl http2;
+        server_name  <hostname>;
+        ssl on;
+        ssl_certificate      /usr/local/etc/nginx/ssl/<domain>.crt;
+        ssl_certificate_key  /usr/local/etc/nginx/ssl/<domain>.key;
+        ssl_trusted_certificate /usr/local/etc/nginx/ssl/<domain>.int.ca;
+        # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
+        add_header Strict-Transport-Security max-age=15768000;
+        # OCSP Stapling ---
+        # fetch OCSP records from URL in ssl_certificate and cache them
+        ssl_stapling on;
+        ssl_stapling_verify off;
+        # modern configuration. tweak to your needs.
+        ssl_protocols TLSv1.2;
+        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+        ssl_prefer_server_ciphers on;
+        ssl_session_timeout 1d;
+        ssl_session_cache shared:SSL:50m;
+        ssl_session_tickets off;
+        add_header Strict-Transport-Security max-age=63072000;
+        add_header X-Frame-Options DENY;
+        add_header X-Content-Type-Options nosniff;
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/local/www/nginx-dist;
+        }
+        access_log  /var/log/nginx/backuppc.access.log;
+        error_log   /var/log/nginx/backuppc.error.log;
+        location / {
+          auth_basic "Backup";
+          auth_basic_user_file /usr/local/etc/nginx/backuppc.users;
+          root /usr/local/www;
+          return 302 http://<hostname>/cgi-bin/BackupPC_Admin;
+          index BackupPC.html;
+        }
+        location /backuppc {
+           alias /usr/local/www/backuppc;
+           index BackupPC.html;
+        }
+        #location ~\.cgi$ {
+        location ~ ^/cgi-bin/BackupPC_Admin(/|$) {
+          auth_basic "Backup";
+          auth_basic_user_file /usr/local/etc/nginx/backuppc.users;
+          gzip off;
+          include /usr/local/etc/nginx/fastcgi_params;
+          fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.socket;
+          fastcgi_param REMOTE_ADDR     $remote_addr;
+          fastcgi_param REMOTE_USER     $remote_user;
+          fastcgi_param SCRIPT_FILENAME /usr/local/www/cgi-bin/BackupPC_Admin;
+        }
+        location ~ /\.ht {
+            deny  all;
+        }
+    }
+}
+</code>
+</WRAP>
+===== Outgoing Mail =====
+In order to send notice and mail from backuppc i configured sendonly mail 'ssmtp'.\\
+**installation:**
+<code bash>
+pkg install ssmtp
+</code>
+**Configuration:**
+This is simple but few points to remember:
+  - It does not use /etc/aliases
+  - change your mail configuration
+  - You have to configure your aliases in `/usr/local/etc/ssmtp/revaliases`
+  - mail command does not read these aliases
+<code bash /usr/local/etc/ssmtp/revaliases (optional)>
+# Alias look like this
+root:k2patel@hotmail.com:smtp.k2patel.in
+</code>
+<code bash /usr/local/etc/ssmtp/ssmtp.conf>
+# This is simplified version of my configuraiton
+root=k2patel@hotmail.com
+mailhub=smtp.k2patel.in
+rewriteDomain=backup.k2patel.in
+hostname=_HOSTNAME_
+</code>
+<code bash /etc/mail/mailer.conf>
+# this is what my mailer.conf file looks like
+sendmail	/usr/local/sbin/ssmtp
+send-mail	/usr/local/sbin/ssmtp
+mailq		/usr/local/sbin/ssmtp
+newaliases	/usr/local/sbin/ssmtp
+hoststat	/usr/bin/true
+purgestat	/usr/bin/true
+</code>
+<code bash /etc/mail.rc>
+# this change does not require, unless you want to send email using mail command and want aliases to work
+set append dot save ask crt
+ignore Received Message-Id Resent-Message-Id Status Mail-From Return-Path Via
+alias root backup@k2patel.in
+</code>
+===== Troubleshooting =====
+  - If there is any issue related to fcgiwrap
+      - Check permission of '/var/run/fcgiwrap/fcgiwrap.socket', it should be owned by 'www'.
+  - Creating user for nginx '/usr/local/etc/nginx/backuppc.users'
+      - openssl passwd -apr1