In this tutorial I will show you step-by-step instructions how to make cheap and secure encrypted backups of you webserver (or any other dir) files on you linux server using Amazon Storage Service
Create Bucket and User at Amazon AWS
Some links that we will need
- Amazon Console link – https://aws.amazon.com/
- Amazon S3 – https://s3.console.aws.amazon.com/s3
- Amazon IAM – https://console.aws.amazon.com/iam
Firstly create an user at Amazon IAM managment console. Don’t forget to set permision – AmazonS3FullAccess. Copy your access and secret keys. You will need it later
Now create a bucket for a backups at Amazon S3. For testing you can leave all settings by default.
Install AWS CLI tools on your server machine
Now you can install Amazon AWS command line interface. For that you will need Python and Pip. If you don’t have it, you can found a very nice tutorial here .
pip install awscli --upgrade --user
You may need to export path where aws was installed .
# Try which aws /root/.local/bin/aws
Add the executable path to your PATH variable:
export PATH=~/.local/bin:$PATH source ~/.bash_profile
Configurate access to Amazon S3. Use your access keys from IAM. Also you will need Amazon region string. You can find it here
aws configure AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Default region name [None]: eu-central-1 Default output format [None]: json
Now you can test if you can copy any files to your bucket
# show available buckets aws s3 ls #copy file to bucket aws s3 cp test_file.txt s3://mybucketname
Creating Database and Webserver backup with encryption
Create a backup shell script file. If you get an error, try to run with sudo
curl -o /usr/local/bin/backup.sh https://gist.githubusercontent.com/grambas/6950da61b5ad31185931ddb2c0f9ecab/raw/backup.sh
Content of backup.sh
Set the excecution permision on backup.sh
chmod +x /usr/local/bin/backup.sh
Create log file (feel free to change the path) and open Crontab window
touch /srv/backup/cronlog.log crontrab -e
Add the following text to the end of crontab file (there is Crontab Generator, where you can easily set your execution schedule).
#crontab does not have path so we add it manualy SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/.local/bin #This is crontab entry CRONTAB example. Backup daily at 04:00 AM 0 4 * * * /usr/local/bin/backup.sh > /srv/backup/cronlog.log 2>&1
Just in case , test you script
Sure later you may need to decrypt it
gpg --output decrypted.tar.gz --decrypt encrypted.tar.gz.asc