UrBackup: Difference between revisions

From miki
Jump to navigation Jump to search
Line 49: Line 49:
</source>
</source>


By default, server connects to client using ports 35621, 35622, 35623. For this to work, we must add the following '''ufw''' rules:
Must also configure the '''ufw''' rules:
<source lang="diff">
<source lang="diff">
--- a/ufw/user.rules
--- a/ufw/user.rules
Line 80: Line 80:
### tuple ### allow tcp 135,139,445 ::/0 any ::/0 in
### tuple ### allow tcp 135,139,445 ::/0 any ::/0 in
-A ufw6-user-input -p tcp -m multiport --dports 135,139,445 -j ACCEPT
-A ufw6-user-input -p tcp -m multiport --dports 135,139,445 -j ACCEPT
</source>
However, this means that any device can connect and read the files on the client! So, on untrusted network, it is recommended to enable '''Internet only''' mode [https://urbackup.atlassian.net/wiki/display/US/Headless+Linux+client+setup]):
<source lang="bash">
echo "internet_server=example.com
internet_server_port=55415
internet_authkey=foobar
internet_mode_enabled=true" > /usr/local/var/urbackup/data/settings.cfg
</source>
</source>



Revision as of 06:13, 8 May 2017

References

Install on Ubuntu

Server
sudo add-apt-repository ppa:uroni/urbackup
sudo apt update
sudo apt install urbackup-server
Client
TF=`mktemp` && wget "https://hndl.urbackup.org/Client/2.1.15/UrBackup%20Client%20Linux%202.1.15.sh" -O $TF && sh $TF; rm $TF
# Verifying archive integrity... All good.
# Uncompressing UrBackup Client Installer for Linux  100%  
# Installation of UrBackup Client 2.1.15 to /usr/local ... Proceed ? [Y/n]
# y
# Uncompressing install data...
# Detected Debian (derivative) system
# Detected systemd
# Detected architecture x86_64-linux-glibc
# Installed daemon configuration at /etc/default/urbackupclient...
# Info: Restoring from web interface is disabled per default. Enable by modifying /etc/default/urbackupclient.
# Installing systemd unit...
# Created symlink from /etc/systemd/system/multi-user.target.wants/urbackupclientbackend.service to /lib/systemd/system/urbackupclientbackend.service.
# Starting UrBackup Client service...
# Successfully started client service. Installation complete.
# +Detected Ubuntu LTS. Dattobd supported
# 
# -Detected no btrfs filesystem
# +Detected LVM volumes
# Please select the snapshot mechanism to be used for backups:
# 1) dattobd volume snapshot kernel module from https://github.com/datto/dattobd
# 2) LVM - Logical Volume Manager snapshots
# 4) Use no snapshot mechanism
# 1
# Configured dattobd. Please install dattobd following the instructions at https://github.com/datto/dattobd
# Configured snapshot mechanism via /usr/local/etc/urbackup/snapshot.cfg

# Install dattobd
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 29FF164C
echo "deb https://cpkg.datto.com/repositories $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/datto-linux-agent.list
sudo apt-get update
sudo apt-get install dattobd-dkms dattobd-utils

By default, server connects to client using ports 35621, 35622, 35623. For this to work, we must add the following ufw rules:

--- a/ufw/user.rules
+++ b/ufw/user.rules
@@ -17,6 +17,12 @@
 :ufw-user-limit-accept - [0:0]
 ### RULES ###
 
+### tuple ### allow tcp 35621,35623 0.0.0.0/0 any 0.0.0.0/0 in
+-A ufw-user-input -p tcp -m multiport --dports 35621,35623 -j ACCEPT
+
+### tuple ### allow udp 35622 0.0.0.0/0 any 0.0.0.0/0 in
+-A ufw-user-input -p udp --dport 35622 -j ACCEPT
+
 ### tuple ### allow tcp 135,139,445 0.0.0.0/0 any 0.0.0.0/0 in
 -A ufw-user-input -p tcp -m multiport --dports 135,139,445 -j ACCEPT
 
--- a/ufw/user6.rules
+++ b/ufw/user6.rules
@@ -17,6 +17,12 @@
 :ufw6-user-limit-accept - [0:0]
 ### RULES ###
 
+### tuple ### allow tcp 35621,35623 ::/0 any ::/0 in
+-A ufw6-user-input -p tcp -m multiport --dports 35621,35623 -j ACCEPT
+
+### tuple ### allow udp 35622 ::/0 any ::/0 in
+-A ufw6-user-input -p udp --dport 35622 -j ACCEPT
+
 ### tuple ### allow tcp 135,139,445 ::/0 any ::/0 in
 -A ufw6-user-input -p tcp -m multiport --dports 135,139,445 -j ACCEPT

However, this means that any device can connect and read the files on the client! So, on untrusted network, it is recommended to enable Internet only mode [1]):

echo "internet_server=example.com
internet_server_port=55415
internet_authkey=foobar
internet_mode_enabled=true" > /usr/local/var/urbackup/data/settings.cfg

UrBackup client is not installed as a package. Files are found here:

/etc/default/urbackupclient
/etc/systemd/system/multi-user.target.wants/urbackupclientbackend.service
/lib/systemd/system/urbackupclientbackend.service
/usr/local/bin/urbackupclientctl
/usr/local/etc/urbackup
/usr/local/sbin/uninstall_urbackupclient
/usr/local/sbin/urbackupclientbackend
/usr/local/share/urbackup
/usr/local/var/urbackup
/var/log/urbackupclient.log