====== freebsd + nginx + backuppc ======
My current installation is inside JAIL, inside freenas.\\
Not going to discuss on setting up jail etc., this topic mainly focused on quick installation once your JAIL is setup.
Note: For Linux RHEL Based installation look ([[https://wiki.k2patel.in/doku.php?id=centos_nginx_backuppc4.x | here ]])
===== Installation =====
Installing packages required.\\
pkg install nginx
pkg install rrdtool
pkg install fcgiwrap
I've built backuppc4, because i needed to choose more options than default.\\
But you can install using command
cd /usr/ports/sysutils/backuppc4/
make config # Select options you want to install
make -j4
make install
===== Configuration =====
==== Backuppc ====
Enable backuppc daemon
sysrc backuppc_enable=YES
Configure backuppc for first time
/usr/local/etc/backuppc/update.sh
==== FCGI ====
Running Nginx going to use fcgiwrap package instead of CGI.
Enable wrapper in rc.conf.
fcgiwrap_enable="YES"
fcgiwrap_profiles="main"
fcgiwrap_socket_owner="www"
fcgiwrap_main_socket="unix:/var/run/fcgiwrap/fcgiwrap.socket"
fcgiwrap_main_user="backuppc"
==== NGINX ====
Enable nginx after system reboot and allow it to run.
sysrc nginx_enable=YES
Configuring nginx to work with fcgiwrap.
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
server {
listen 80;
server_name ;
return 302 https://$request_uri;
}
server {
listen 443 ssl http2;
server_name ;
ssl on;
ssl_certificate /usr/local/etc/nginx/ssl/.crt;
ssl_certificate_key /usr/local/etc/nginx/ssl/.key;
ssl_trusted_certificate /usr/local/etc/nginx/ssl/.int.ca;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
access_log /var/log/nginx/backuppc.access.log;
error_log /var/log/nginx/backuppc.error.log;
location / {
auth_basic "Backup";
auth_basic_user_file /usr/local/etc/nginx/backuppc.users;
root /usr/local/www;
return 302 http:///cgi-bin/BackupPC_Admin;
index BackupPC.html;
}
location /backuppc {
alias /usr/local/www/backuppc;
index BackupPC.html;
}
#location ~\.cgi$ {
location ~ ^/cgi-bin/BackupPC_Admin(/|$) {
auth_basic "Backup";
auth_basic_user_file /usr/local/etc/nginx/backuppc.users;
gzip off;
include /usr/local/etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.socket;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SCRIPT_FILENAME /usr/local/www/cgi-bin/BackupPC_Admin;
}
location ~ /\.ht {
deny all;
}
}
}
===== Outgoing Mail =====
In order to send notice and mail from backuppc i configured sendonly mail 'ssmtp'.\\
**installation:**
pkg install ssmtp
**Configuration:**
This is simple but few points to remember:
- It does not use /etc/aliases
- change your mail configuration
- You have to configure your aliases in `/usr/local/etc/ssmtp/revaliases`
- mail command does not read these aliases
# Alias look like this
root:k2patel@hotmail.com:smtp.k2patel.in
# This is simplified version of my configuraiton
root=k2patel@hotmail.com
mailhub=smtp.k2patel.in
rewriteDomain=backup.k2patel.in
hostname=_HOSTNAME_
# this is what my mailer.conf file looks like
sendmail /usr/local/sbin/ssmtp
send-mail /usr/local/sbin/ssmtp
mailq /usr/local/sbin/ssmtp
newaliases /usr/local/sbin/ssmtp
hoststat /usr/bin/true
purgestat /usr/bin/true
# this change does not require, unless you want to send email using mail command and want aliases to work
set append dot save ask crt
ignore Received Message-Id Resent-Message-Id Status Mail-From Return-Path Via
alias root backup@k2patel.in
===== Troubleshooting =====
- If there is any issue related to fcgiwrap
- Check permission of '/var/run/fcgiwrap/fcgiwrap.socket', it should be owned by 'www'.
- Creating user for nginx '/usr/local/etc/nginx/backuppc.users'
- openssl passwd -apr1