1. Service environment
(1),WEBserver(192.168.10.130) ; BACKserver(192.168.10.129)
(2), BACKserver server deployment, install the required software, and start
(3), establish system backup user backup (both web server and backup server establish users)
[root@backsever ~]# useradd backup; echo backup:123456 |chpasswd
[root@backsever ~]# id backup
uid=1001(backup) gid=1001(backup) groups=1001(backup)
[root@backsever ~]# useradd backup; echo backup:123456 |chpasswd
[root@backsever ~]# id backup
uid=1001(backup) gid=1001(backup) groups=1001(backup)
(4), open the web server backup directory permissions to allow backup users to operate:
[root@webserver ~]# setfacl -R -m default:backup:rwx /var/www/html/
[root@webserver ~]# setfacl -R -m user:backup:rwx /var/www/html/
[root@webserver ~]# getfacl /var/www/html/
getfacl: Removing leading '/' from absolute path names
# file: var/www/html/
# owner: root
# group: root
user::rwx
user:backup:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:backup:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
(5), establish a storage service storage directory /web-back/, and open permissions to backup users
[root@backsever ~]# mkdir /web-back/
[root@backsever ~]# chown backup:backup /web-back/
(6) Copy all files in the /boot/ directory of the web server to the /var/www/html/ directory for push testing
(7), rsync -avz --delete /var/www/html/[email protected]:/web-back/command push test
Second, create virtual users on the backup server, and create user and password files for regular push backup.
(1) Modify the /etc/rsyncd.conf configuration file and add the following at the end:
uid = root #The identity of the running process
gid = root #The group that runs the process
address =192.168.10.129 #Monitor IP (backup server)
port =873 #Listening port
hosts allow =192.168.10.0/24 #Allow to synchronize the client's IP address, which can be a network segment, or use * to indicate all
use chroot = yes #Whether to jail, lock the home directory, after rsync is hacked, hackers cannot create files outside the home directory where rsync is running, the option is set to yes
max connections =5 #Maximum number of connections
pid file =/var/run/rsyncd.pid #Process PID, automatically generated
lock file =/var/run/rsyncd.lock #Refers to the lock file of the max connectios parameter
log file =/var/log/rsyncd.log #Log file location
motd file =/etc/rsyncd.motd #The message that pops up after the client logs in
[wwwroot] #shared module name
path =/web-back/ #Backup path
comment = used for web-data root #description
read only = false #Set the server file read and write permissions
list = yes #Whether to allow viewing module information
auth users = rsyncuser #Backup users, independent of system users, created virtual backup users
secrets file = /etc/rsync.passwd #Store the user's password file in the format username:password
(2), create a prompt file and user password
[root@backsever ~]# echo "Welcome to Backup Server" > /etc/motd
[root@backsever ~]# vim /etc/rsync.passwd
rsyncuser:password123
[root@backsever ~]# chmod 600 /etc/rsync.passwd #Password file permissions must be 600 or 700
(3) Start the service
[root@backsever ~]# systemctl start xinetd.service
[root@backsever ~]# systemctl enable xinetd
[root@backsever ~]# rsync --daemon --config=/etc/rsyncd.conf #Let the rsync service from the configuration file start
[root@backsever ~]# ps aux | grep rsync
root 1926 0.0 0.0 114652 316 ? Ss 07:02 0:00 rsync --daemon
root 2920 0.0 0.0 112660 972 pts/0 R+ 07:46 0:00 grep -- color=auto rsyn
[root@backsever ~]# kill -9 1926 #kill the rsync service process
[root@backsever ~]# ps aux | grep rsync
root 2922 0.0 0.0 112660 968 pts/0 R+ 07:48 0:00 grep --color= auto rsyn
[root@backsever ~]# rsync --daemon --config=/etc/rsyncd.conf #Read and start again from the configuration file
[root@backsever ~]# ps aux | grep rsync #View the started rsync process
root 2924 0.0 0.0 114652 504 ? Ss 07:48 0:00 rsync --daemon --config=/etc/rsyncd.conf
root 2926 0.0 0.0 112660 968 pts/0 R+ 07:48 0:00 grep --color=auto rsyn
(4), create a backup user password file on the web server, so that the push backup does not need to enter a password to run
[root@webserver ~]# vim /etc/rsync.passwd
[root@webserver ~]# cat !$
cat /etc/rsync.passwd
password123
[root@webserver ~]# chmod 600 /etc/rsync.passwd #The password file permission must be changed to 600 or 700 or it cannot be read
(5) The web server runs the command: rsync -avz --delete /var/www/html [email protected]::wwwroot --password-file=/etc/rsync.passwd for push backup test
(6), the test is successful, indicating that there is no problem with the configuration, and the writing timed task is automatically executed
[root@webserver ~]# vim autobackup.sh
[root@webserver ~]# cat !$
cat autobackup.sh
#!/bin/bash
rsync -avz --delete /var/www/html [email protected]:: wwwroot --password-file=/etc/rsync.passwd #--password-file must specify the absolute path of the web server password file, otherwise it cannot be read! ! ! !
echo "0 2 * * * sh /root/autoback.sh &" >> /var/spool/cron/root #Make scheduled tasks and execute push backup scripts regularly