User Tools

Site Tools


freebsd_nginx_backuppc

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
freebsd_nginx_backuppc [2017/07/11 15:58]
k2patel [FCGI]
freebsd_nginx_backuppc [2020/08/10 02:35] (current)
Line 4: Line 4:
 Not going to discuss on setting up jail etc., this topic mainly focused on quick installation once your JAIL is setup. Not going to discuss on setting up jail etc., this topic mainly focused on quick installation once your JAIL is setup.
  
-==== Installation ====+Note: For Linux RHEL Based installation look ([[https://​wiki.k2patel.in/​doku.php?​id=centos_nginx_backuppc4.x | here ]]) 
 +===== Installation ​=====
 Installing packages required.\\ Installing packages required.\\
  
Line 13: Line 14:
 </​code>​ </​code>​
  
-I've built backuppc4, because i needed to choose more options than default.+I've built backuppc4, because i needed to choose more options than default.\\ 
 +But you can install using command ​
 <code bash> <code bash>
 cd /​usr/​ports/​sysutils/​backuppc4/​ cd /​usr/​ports/​sysutils/​backuppc4/​
Line 21: Line 23:
 </​code>​ </​code>​
  
-==== Configuration ==== +===== Configuration ​===== 
-===== Backuppc ​=====+==== Backuppc ====
 Enable backuppc daemon Enable backuppc daemon
 <code bash> <code bash>
Line 28: Line 30:
 </​code>​ </​code>​
  
-===== FCGI =====+Configure backuppc for first time 
 +<code bash> 
 +/​usr/​local/​etc/​backuppc/​update.sh 
 +</​code>​ 
 +==== FCGI ====
 Running Nginx going to use fcgiwrap package instead of CGI. Running Nginx going to use fcgiwrap package instead of CGI.
 Enable wrapper in rc.conf. Enable wrapper in rc.conf.
Line 38: Line 44:
 fcgiwrap_main_user="​backuppc"​ fcgiwrap_main_user="​backuppc"​
 </​code>​ </​code>​
 +
 +==== NGINX ====
 +Enable nginx after system reboot and allow it to run.
 +<code bash>
 +sysrc nginx_enable=YES
 +</​code>​
 +
 +Configuring nginx to work with fcgiwrap.
 +<WRAP prewrap>
 +<code bash /​usr/​local/​etc/​nginx/​nginx.conf>​
 +worker_processes ​ 1;
 +
 +events {
 +    worker_connections ​ 1024;
 +}
 +
 +http {
 +    include ​      ​mime.types;​
 +    default_type ​ application/​octet-stream;​
 +
 +    sendfile ​       on;
 +
 +    keepalive_timeout ​ 65;
 +
 +    gzip  on;
 +
 +    server {
 +        listen ​      80;
 +        server_name ​ <​hostname>;​
 +
 +        return 302 https://<​hostname>​$request_uri;​
 +
 +    }
 +
 +    server {
 +        listen ​      443 ssl http2;  ​
 +        server_name ​ <​hostname>;​
 +
 +        ssl on;
 +        ssl_certificate ​     /​usr/​local/​etc/​nginx/​ssl/<​domain>​.crt;​
 +        ssl_certificate_key ​ /​usr/​local/​etc/​nginx/​ssl/<​domain>​.key;​
 +        ssl_trusted_certificate /​usr/​local/​etc/​nginx/​ssl/<​domain>​.int.ca;​
 +
 +        # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
 +        add_header Strict-Transport-Security max-age=15768000;​
 +
 +        # OCSP Stapling ---
 +        # fetch OCSP records from URL in ssl_certificate and cache them
 +        ssl_stapling on;
 +        ssl_stapling_verify off;
 +
 +        # modern configuration. tweak to your needs.
 +        ssl_protocols TLSv1.2;
 +        ssl_ciphers '​ECDHE-ECDSA-AES256-GCM-SHA384:​ECDHE-RSA-AES256-GCM-SHA384:​ECDHE-ECDSA-CHACHA20-POLY1305:​ECDHE-RSA-CHACHA20-POLY1305:​ECDHE-ECDSA-AES128-GCM-SHA256:​ECDHE-RSA-AES128-GCM-SHA256:​ECDHE-ECDSA-AES256-SHA384:​ECDHE-RSA-AES256-SHA384:​ECDHE-ECDSA-AES128-SHA256:​ECDHE-RSA-AES128-SHA256';​
 +        ssl_prefer_server_ciphers on;
 +
 +        ssl_session_timeout 1d;
 +        ssl_session_cache shared:​SSL:​50m;​
 +        ssl_session_tickets off;
 +
 +        add_header Strict-Transport-Security max-age=63072000;​
 +        add_header X-Frame-Options DENY;
 +        add_header X-Content-Type-Options nosniff;
 +
 +        error_page ​  500 502 503 504  /50x.html;
 +        location = /50x.html {
 +            root   /​usr/​local/​www/​nginx-dist;​
 +        }
 +
 +        access_log ​ /​var/​log/​nginx/​backuppc.access.log;​
 +        error_log ​  /​var/​log/​nginx/​backuppc.error.log;​
 +
 +        location / {
 +          auth_basic "​Backup";​
 +          auth_basic_user_file /​usr/​local/​etc/​nginx/​backuppc.users;​
 +          root /​usr/​local/​www;​
 +          return 302 http://<​hostname>/​cgi-bin/​BackupPC_Admin;​
 +          index BackupPC.html;​
 +        }
 +
 +        location /backuppc {
 +           alias /​usr/​local/​www/​backuppc;​
 +           index BackupPC.html;​
 +        }
 +
 +        #location ~\.cgi$ {
 +        location ~ ^/​cgi-bin/​BackupPC_Admin(/​|$) {
 +          auth_basic "​Backup";​
 +          auth_basic_user_file /​usr/​local/​etc/​nginx/​backuppc.users;​
 +          gzip off;
 +          include /​usr/​local/​etc/​nginx/​fastcgi_params;​
 +          fastcgi_pass unix:/​var/​run/​fcgiwrap/​fcgiwrap.socket;​
 +
 +          fastcgi_param REMOTE_ADDR ​    ​$remote_addr;​
 +          fastcgi_param REMOTE_USER ​    ​$remote_user;​
 +          fastcgi_param SCRIPT_FILENAME /​usr/​local/​www/​cgi-bin/​BackupPC_Admin;​
 +        }
 +
 +        location ~ /\.ht {
 +            deny  all;
 +        }
 +    }
 +}
 +</​code>​
 +</​WRAP>​
 +
 +===== Outgoing Mail =====
 +In order to send notice and mail from backuppc i configured sendonly mail '​ssmtp'​.\\
 +
 +**installation:​**
 +<code bash>
 +pkg install ssmtp
 +</​code>​
 +
 +**Configuration:​**
 +This is simple but few points to remember:
 +  - It does not use /​etc/​aliases
 +  - change your mail configuration
 +  - You have to configure your aliases in `/​usr/​local/​etc/​ssmtp/​revaliases`
 +  - mail command does not read these aliases
 +
 +<code bash /​usr/​local/​etc/​ssmtp/​revaliases (optional)>​
 +# Alias look like this
 +root:​k2patel@hotmail.com:​smtp.k2patel.in
 +</​code>​
 +
 +<code bash /​usr/​local/​etc/​ssmtp/​ssmtp.conf>​
 +# This is simplified version of my configuraiton
 +root=k2patel@hotmail.com
 +mailhub=smtp.k2patel.in
 +rewriteDomain=backup.k2patel.in
 +hostname=_HOSTNAME_
 +</​code>​
 +
 +<code bash /​etc/​mail/​mailer.conf>​
 +# this is what my mailer.conf file looks like
 +sendmail /​usr/​local/​sbin/​ssmtp
 +send-mail /​usr/​local/​sbin/​ssmtp
 +mailq /​usr/​local/​sbin/​ssmtp
 +newaliases /​usr/​local/​sbin/​ssmtp
 +hoststat /​usr/​bin/​true
 +purgestat /​usr/​bin/​true
 +</​code>​
 +
 +<code bash /​etc/​mail.rc>​
 +# this change does not require, unless you want to send email using mail command and want aliases to work
 +set append dot save ask crt
 +ignore Received Message-Id Resent-Message-Id Status Mail-From Return-Path Via
 +alias root backup@k2patel.in
 +</​code>​
 +===== Troubleshooting =====
 +  - If there is any issue related to fcgiwrap
 +      - Check permission of '/​var/​run/​fcgiwrap/​fcgiwrap.socket',​ it should be owned by '​www'​.
 +  - Creating user for nginx '/​usr/​local/​etc/​nginx/​backuppc.users'​
 +      - openssl passwd -apr1
 +
freebsd_nginx_backuppc.1499788684.txt.gz · Last modified: 2020/08/10 02:30 (external edit)