User Tools

Site Tools


freebsd_nginx_backuppc

Setting up backuppc on freebsd with nginx

My current installation is done inside jail using FreeNAS.
But Jail is currently setup with FreeBSD 11.

Required Packages

Install following packages.

pkg install nginx
pkg install rrdtool
pkg install fcgiwrap
cd /usr/ports/sysutils/backuppc4/
make config ## I've selected all except SMB ( since i am not planning to use SMB )

BackupPC

Configure Backuppc in following directory:

/usr/local/etc/backuppc/update.sh ( select New installation )

Nginx

Nginx configure using following. ( replace <server_name> with your hostname or domain )

worker_processes  1;
 
events {
    worker_connections  1024;
}
 
http {
    include       mime.types;
    default_type  application/octet-stream;
 
    sendfile        on;
 
    keepalive_timeout  65;
 
    gzip  on;
 
    server {
        listen       80;
        server_name  <server_name>;
 
        return 302 https://<server_name>$request_uri;
        }
 
    server {
        listen       443 ssl http2;
        server_name  <server_name>;
 
        ssl on;
        ssl_certificate      /usr/local/etc/nginx/ssl/domain.crt;
        ssl_certificate_key  /usr/local/etc/nginx/ssl/domain.key;
        ssl_trusted_certificate /usr/local/etc/nginx/ssl/ssl_provider.ca;
 
        # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
        add_header Strict-Transport-Security max-age=15768000;
 
        # OCSP Stapling ---
        # fetch OCSP records from URL in ssl_certificate and cache them
        ssl_stapling on;
        ssl_stapling_verify on;
 
        # modern configuration. tweak to your needs.
        ssl_protocols TLSv1.2;
        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
        ssl_prefer_server_ciphers on;
 
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
 
        add_header Strict-Transport-Security max-age=63072000;
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;
 
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;
        }
 
        access_log  /var/log/nginx/backuppc.access.log;
        error_log   /var/log/nginx/backuppc.error.log;
 
        location / {
          auth_basic "Backup";
          auth_basic_user_file /usr/local/etc/nginx/backuppc.users;
          root /usr/local/www;
          return 302 http://<server_name>/cgi-bin/BackupPC_Admin;
          index BackupPC.html;
        }
 
        location /backuppc {
           alias /usr/local/www/backuppc;
           index BackupPC.html;
        }
 
        #location ~\.cgi$ {
        location ~ ^/cgi-bin/BackupPC_Admin(/|$) {
          auth_basic "Backup";
          auth_basic_user_file /usr/local/etc/nginx/backuppc.users;
          gzip off;
          include /usr/local/etc/nginx/fastcgi_params;
          fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.socket;
 
          fastcgi_param REMOTE_ADDR     $remote_addr;
          fastcgi_param REMOTE_USER     $remote_user;
          fastcgi_param SCRIPT_FILENAME /usr/local/www/cgi-bin/BackupPC_Admin;
        }
 
        location ~ /\.ht {
            deny  all;
        }
    }
}

Nginx User

To create password for user you can use htpasswd binary which require to install apache.
I simply used openssl which provide you the password hash and you can create your user file.

Format for user file:

<user>:<password_hash>:comment

To generate password hash:

openssl passwd -apr1

This conclude the installation.

freebsd_nginx_backuppc.txt · Last modified: 2017/06/04 15:28 by k2patel