My current installation is inside JAIL, inside freenas.
Not going to discuss on setting up jail etc., this topic mainly focused on quick installation once your JAIL is setup.
Note: For Linux RHEL Based installation look ( here )
Installing packages required.
pkg install nginx pkg install rrdtool pkg install fcgiwrap
I've built backuppc4, because i needed to choose more options than default.
But you can install using command
cd /usr/ports/sysutils/backuppc4/ make config # Select options you want to install make -j4 make install
Enable backuppc daemon
sysrc backuppc_enable=YES
Configure backuppc for first time
/usr/local/etc/backuppc/update.sh
Running Nginx going to use fcgiwrap package instead of CGI. Enable wrapper in rc.conf.
fcgiwrap_enable="YES" fcgiwrap_profiles="main" fcgiwrap_socket_owner="www" fcgiwrap_main_socket="unix:/var/run/fcgiwrap/fcgiwrap.socket" fcgiwrap_main_user="backuppc"
Enable nginx after system reboot and allow it to run.
sysrc nginx_enable=YES
Configuring nginx to work with fcgiwrap. <WRAP prewrap>
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; gzip on; server { listen 80; server_name <hostname>; return 302 https://<hostname>$request_uri; } server { listen 443 ssl http2; server_name <hostname>; ssl on; ssl_certificate /usr/local/etc/nginx/ssl/<domain>.crt; ssl_certificate_key /usr/local/etc/nginx/ssl/<domain>.key; ssl_trusted_certificate /usr/local/etc/nginx/ssl/<domain>.int.ca; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify off; # modern configuration. tweak to your needs. ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; add_header Strict-Transport-Security max-age=63072000; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/www/nginx-dist; } access_log /var/log/nginx/backuppc.access.log; error_log /var/log/nginx/backuppc.error.log; location / { auth_basic "Backup"; auth_basic_user_file /usr/local/etc/nginx/backuppc.users; root /usr/local/www; return 302 http://<hostname>/cgi-bin/BackupPC_Admin; index BackupPC.html; } location /backuppc { alias /usr/local/www/backuppc; index BackupPC.html; } #location ~\.cgi$ { location ~ ^/cgi-bin/BackupPC_Admin(/|$) { auth_basic "Backup"; auth_basic_user_file /usr/local/etc/nginx/backuppc.users; gzip off; include /usr/local/etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.socket; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_USER $remote_user; fastcgi_param SCRIPT_FILENAME /usr/local/www/cgi-bin/BackupPC_Admin; } location ~ /\.ht { deny all; } } }
</WRAP>
In order to send notice and mail from backuppc i configured sendonly mail 'ssmtp'.
installation:
pkg install ssmtp
Configuration: This is simple but few points to remember:
# Alias look like this root:k2patel@hotmail.com:smtp.k2patel.in
# This is simplified version of my configuraiton root=k2patel@hotmail.com mailhub=smtp.k2patel.in rewriteDomain=backup.k2patel.in hostname=_HOSTNAME_
# this is what my mailer.conf file looks like sendmail /usr/local/sbin/ssmtp send-mail /usr/local/sbin/ssmtp mailq /usr/local/sbin/ssmtp newaliases /usr/local/sbin/ssmtp hoststat /usr/bin/true purgestat /usr/bin/true
# this change does not require, unless you want to send email using mail command and want aliases to work set append dot save ask crt ignore Received Message-Id Resent-Message-Id Status Mail-From Return-Path Via alias root backup@k2patel.in