Table of Contents
freebsd + nginx + backuppc
My current installation is inside JAIL, inside freenas.
Not going to discuss on setting up jail etc., this topic mainly focused on quick installation once your JAIL is setup.
Note: For Linux RHEL Based installation look ( here )
Installation
Installing packages required.
pkg install nginx pkg install rrdtool pkg install fcgiwrap
I've built backuppc4, because i needed to choose more options than default.
But you can install using command
cd /usr/ports/sysutils/backuppc4/ make config # Select options you want to install make -j4 make install
Configuration
Backuppc
Enable backuppc daemon
sysrc backuppc_enable=YES
Configure backuppc for first time
/usr/local/etc/backuppc/update.sh
FCGI
Running Nginx going to use fcgiwrap package instead of CGI. Enable wrapper in rc.conf.
- /etc/rc.conf
fcgiwrap_enable="YES" fcgiwrap_profiles="main" fcgiwrap_socket_owner="www" fcgiwrap_main_socket="unix:/var/run/fcgiwrap/fcgiwrap.socket" fcgiwrap_main_user="backuppc"
NGINX
Enable nginx after system reboot and allow it to run.
sysrc nginx_enable=YES
Configuring nginx to work with fcgiwrap. <WRAP prewrap>
- /usr/local/etc/nginx/nginx.conf
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; gzip on; server { listen 80; server_name <hostname>; return 302 https://<hostname>$request_uri; } server { listen 443 ssl http2; server_name <hostname>; ssl on; ssl_certificate /usr/local/etc/nginx/ssl/<domain>.crt; ssl_certificate_key /usr/local/etc/nginx/ssl/<domain>.key; ssl_trusted_certificate /usr/local/etc/nginx/ssl/<domain>.int.ca; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify off; # modern configuration. tweak to your needs. ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; add_header Strict-Transport-Security max-age=63072000; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/www/nginx-dist; } access_log /var/log/nginx/backuppc.access.log; error_log /var/log/nginx/backuppc.error.log; location / { auth_basic "Backup"; auth_basic_user_file /usr/local/etc/nginx/backuppc.users; root /usr/local/www; return 302 http://<hostname>/cgi-bin/BackupPC_Admin; index BackupPC.html; } location /backuppc { alias /usr/local/www/backuppc; index BackupPC.html; } #location ~\.cgi$ { location ~ ^/cgi-bin/BackupPC_Admin(/|$) { auth_basic "Backup"; auth_basic_user_file /usr/local/etc/nginx/backuppc.users; gzip off; include /usr/local/etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.socket; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_USER $remote_user; fastcgi_param SCRIPT_FILENAME /usr/local/www/cgi-bin/BackupPC_Admin; } location ~ /\.ht { deny all; } } }
</WRAP>
Outgoing Mail
In order to send notice and mail from backuppc i configured sendonly mail 'ssmtp'.
installation:
pkg install ssmtp
Configuration: This is simple but few points to remember:
- It does not use /etc/aliases
- change your mail configuration
- You have to configure your aliases in `/usr/local/etc/ssmtp/revaliases`
- mail command does not read these aliases
- /usr/local/etc/ssmtp/revaliases (optional)
# Alias look like this root:k2patel@hotmail.com:smtp.k2patel.in
- /usr/local/etc/ssmtp/ssmtp.conf
# This is simplified version of my configuraiton root=k2patel@hotmail.com mailhub=smtp.k2patel.in rewriteDomain=backup.k2patel.in hostname=_HOSTNAME_
- /etc/mail/mailer.conf
# this is what my mailer.conf file looks like sendmail /usr/local/sbin/ssmtp send-mail /usr/local/sbin/ssmtp mailq /usr/local/sbin/ssmtp newaliases /usr/local/sbin/ssmtp hoststat /usr/bin/true purgestat /usr/bin/true
- /etc/mail.rc
# this change does not require, unless you want to send email using mail command and want aliases to work set append dot save ask crt ignore Received Message-Id Resent-Message-Id Status Mail-From Return-Path Via alias root backup@k2patel.in
Troubleshooting
- If there is any issue related to fcgiwrap
- Check permission of '/var/run/fcgiwrap/fcgiwrap.socket', it should be owned by 'www'.
- Creating user for nginx '/usr/local/etc/nginx/backuppc.users'
- openssl passwd -apr1