Hetzner - DokuWiki

Backup/en
Zeile 1: Zeile 1:
 
{{Languages|Backup}}
 
{{Languages|Backup}}
  
== Applying for backup space ==
+
== Backup Space ==
  
In addition to your dedicated/virtual server you can acquire a backup space to use for your own backups. This backup space can be ordered via Robot. To do so, click on the Server menu on the left, select your server and then go to the "Backup" tab. Here you can order different sizes of backup space, as well as up/downgrading your current backup space. The available backup space options can be found in the table below (all prices include 19% VAT):
+
All dedicated/virtual server clients can order backup space with their server. Backup space can only be accessed from within the Hetzner network. Any server located at Hetzner can connect to the backup space.
 +
 
 +
The available backup space options, as well as their prices, can be found in the table below:
  
 
{| class="wikitable" style="margin-left: 10px"
 
{| class="wikitable" style="margin-left: 10px"
Zeile 32: Zeile 34:
 
|}
 
|}
  
<big>*</big>A server costing 49 Euros per month or more can get the 100 GB backup space for free.
+
<big>*</big>A server costing 49 euros per month or more can get 100 GB backup space for free.
  
'''Important:''' please note that the backup space can only be used from your server as access is only permitted from within the Hetzner network.
+
All prices include 19% VAT
  
== Functions in Robot ==
+
== Ordering Backup Space ==
  
In Robot (under the "Backup" tab) you can generate a new password for your backup space and also erase the content of the backup space. Furthermore, you can have your current backup usage displayed graphically. The data for this display is updated every 10 minutes.
+
Backup space can be ordered via the [[Robot/en|Robot]]. Under "Main Functions; Server" select the desired server and then open the tab "Backup". Here you can order different sizes of backup space, as well as up/downgrading your current backup space.
  
== Useful software ==
+
== Functions in the Robot ==
  
*Backup with [http://wertarbyte.de/tartarus.shtml '''Tartarus''']
+
Under the "Backup" tab of your server in the [[Robot/en|Robot]] you can complete the following tasks:
**"On-the-fly” backup on FTP server
+
* Order backup space
**Support of LVM snapshots
+
* Up/downgrade backup space
**Encryption (symmetrical or asymmetrical by key or password)
+
* Delete backup space
**Incremental security measures
+
* Generate a new password
**Based on prevalent Unix tools, enabling easy recovery from the [[Hetzner Rescue-System/en|Rescue-System]] (tar, bzip2, etc.)
+
* Graphically display the current usage (updated every 10 minutes)
**Profile configuration files
+
 
**Integrated "Hooks" make it suitable for special cases
+
== General Notes ==
**Removal of old security measures from the FTP server using the charon tool
+
 
**[[Tartarus Backup-Konfiguration/en|Tartarus backup configuration]] with examples and instructions
+
The upload speed for backup space is dependent on how many other clients are simultaneously accessing the same backup server. Consider running your backups at another time if you experience performance problems.
*Backup with '''[[Backup2l/en|Backup2l]]'''/gpg/ftp
+
 
*[http://duplicity.nongnu.org/ '''Duplicity'''] – GPG encrypted, compressed, incremental backup from untrustworthy media or unencrypted protocols such as the FTP offered exclusively by Hetzner to the backup server. Also works with rsync and ssh.
+
It is important to use the DNS names assigned to your backup space (<username>.your-backup.de) instead of the underlying IP address, as the IP address can change.
 +
 
 +
== Useful Software ==
 +
 
 +
*[http://wertarbyte.de/tartarus.shtml Tartarus]
 +
**[[Tartarus Backup-Konfiguration/en|Tartarus backup configuration]]
 +
*[http://backup2l.sourceforge.net/ Backup2l]
 +
**[[Backup2l/en|Backup2l backup configuration]]
 +
*[http://duplicity.nongnu.org/ Duplicity]
 
**A [[Duplicity Script/en|Duplicity Script]]
 
**A [[Duplicity Script/en|Duplicity Script]]
  
== General tips ==
+
== Accessing Backup Space ==
  
Please note that the upload speed for the backup account is dependent on how many other clients are simultaneously accessing the backup server. Consider running your backups at another time if you experience performance problems.
+
Backup space can be accessed via various different protocols.
  
It is also important to use the DNS names assigned to you (&lt;username&gt;.your-backup.de; only affects new backup space accounts) in place of the underlying IP address as the IP address can change.
+
=== FTP/SFTP/SCP ===
  
== FTP/SFTP/SCP ==
+
You can access your backup space by means of FTP, SFTP and SCP. Please use the host names assigned to you (<username>.your-backup.de) as well as your username and password.
  
You can access your backup space by means of FTP, SFTP and SCP. Please use the host names assigned to you (&lt;username&gt;.your-backup.de) as well as your username and password.
+
==== Public Key Authentication ====
  
For SFTP/SCP it is possible to authenticate yourself with a Public Key. You can provide a Public Key in RFC4716 format in the file '''.ssh/authorized_keys''' on your backup space. You can convert your Public Key into RFC4716 format with the “ssh-keygen” program with the parameters “-e” and “-f &lt;input pubkey&gt;”. It is important that the automatically inserted comment line be erased. You need to manually create the .ssh directory if required.
+
For SFTP/SCP it is possible to authenticate yourself with a Public Key. More information, as well as an example, can be found on the following wiki page: [[Backup Space SSH Keys/en|Backup Space SSH Keys]].
  
For example:
+
==== Restrictions ====
<pre>server# ssh-keygen
+
Generating public/private rsa key pair.
+
Enter file in which to save the key (/root/.ssh/id_rsa):
+
Enter passphrase (empty for no passphrase):
+
Enter same passphrase again:
+
Your identification has been saved in /root/.ssh/id_rsa.
+
Your public key has been saved in /root/.ssh/id_rsa.pub.
+
The key fingerprint is:
+
cb:3c:a0:39:69:39:ec:35:d5:66:f3:c5:92:99:2f:e1 root@server
+
The key's randomart image is:
+
+--[ RSA 2048]----+
+
|                |
+
|                |
+
|                |
+
|        .  =   |
+
|      . S = * o  |
+
|  . = = + + =   |
+
|    X o =   E .  |
+
|  o + . .  .  |
+
|    .            |
+
+-----------------+
+
  
server# ssh-keygen -e -f .ssh/id_rsa.pub | grep -v "Comment:" > .ssh/id_rsa_rfc.pub
+
It is not possible to create the folders "/etc" or "/lib" on backup space.
  
server# cat .ssh/id_rsa_rfc.pub
+
==== Connection Error ====
---- BEGIN SSH2 PUBLIC KEY ----
+
AAAAB3NzaC1yc2EAAAABIwAAAQEAz+fh731CVfH3FPM0vK5hX7NT5HogdBEQ4ryGJIeVMv
+
mCQJWwrFtdWh1pXMyXsYzXq1xbjILgCZGn+H0qUBKopJaa/Pzsw5U0UyRgiFhU2k0eiHUq
+
pkiixTbHcLsCj3kjAv5i07wZJ/ot246hLQD1PtSQtcX7nHvhdhenOTGO+ccpM2KEdX1E64
+
eaTtO9Bf7X4OTXnRxS7tjYH9sls5DOunpvoIZLvbmcVw1+wMdJBXOAU6/tnkN5N3mYE4Hu
+
JjnRtBAI9MS9Tt3DNAp1K/udUHA6hfYf08fxYs9uwsCM793b7FczmVvHEIwIKszG7Jwiwo
+
Dqit4EExR8bNNCeD6D3Q==
+
---- END SSH2 PUBLIC KEY ----
+
  
server# cat .ssh/id_rsa_rfc.pub >> backup_authorized_keys
+
11: Application Error
  
server# echo mkdir .ssh | sftp u15000@u15000.your-backup.de
+
If you receive this error when trying to connect via SFTP or SCP, then this could be the result of SSH Key Forwarding being activated. Please deactivate this for the backup space, and try connecting again.
Connecting to u15000.your-backup.de...
+
The authenticity of host 'u15000.your-backup.de (78.46.10.232)' can't be established.
+
RSA key fingerprint is 3d:7b:6f:99:5f:68:53:21:73:15:f9:2e:6b:3a:9f:e3.
+
Are you sure you want to continue connecting (yes/no)? yes
+
Warning: Permanently added 'u15000.your-backup.de ,78.46.10.232' (RSA) to the list of known hosts.
+
u15000@u15000.your-backup.de 's password:
+
sftp> mkdir .ssh
+
  
server# scp backup_authorized_keys u15000@u15000.your-backup.de:.ssh/authorized_keys
+
=== SAMBA/CIFS ===
u15000@u15000.your-backup.de's password:
+
backup_authorized_keys                                        100%  406    0.4KB/s
+
  
server# sftp u15000@u15000.your-backup.de
+
You have the option of integrating your backup space with Samba/Cifs. To do so, you can use the following UNC path:
Connecting to u15000.your-backup.de...
+
sftp> ls
+
sftp> exit
+
server#
+
</pre>
+
''Note:'' When uploading the Public Key you cannot use ssh-copy-id.
+
  
== SAMBA/CIFS ==
+
<pre>
 
+
\\<username>.your-backup.de\backup
You have the option of integrating your backup space with Samba/Cifs. To do so you can use the following UNC path:
+
<pre>\\<username>.your-backup.de\backup
+
 
mount.cifs -o user=USERNAME,pass=PASSWORD //USERNAME.your-backup.de/backup /PATH/FOLDER
 
mount.cifs -o user=USERNAME,pass=PASSWORD //USERNAME.your-backup.de/backup /PATH/FOLDER
 
</pre>
 
</pre>
Furthermore, with the following line of code in <code>/etc/fstab</code> the backup space will be mounted automatically during boot time (it is just one line of code!)
+
 
<pre>//<username>.your-backup.de/backup /mnt/backup-server      cifs    iocharset=utf8,rw,credentials=/etc/backup-credentials.txt,uid=<Systemkonto>,gid=<Systemgruppe>,file_mode=0660,dir_mode=0770 0      0
+
Furthermore, with the following line of code in '''/etc/fstab''' the backup space will be mounted automatically during boot time:
 +
 
 +
<pre>
 +
//<username>.your-backup.de/backup /mnt/backup-server      cifs    iocharset=utf8,rw,credentials=/etc/backup-credentials.txt,uid=<Systemkonto>,gid=<Systemgruppe>,file_mode=0660,dir_mode=0770 0      0
 
</pre>
 
</pre>
The file <code>/etc/backup-credentials.txt</code> (mode 0600) should contain the following two lines:
 
<pre>username=USERNAME
 
password=PASSWORD</pre>
 
On Debian-based distributions, the command is provided via the package cifs-utils (<code>apt-get install cifs-utils</code>).
 
  
== RSYNC ==
+
The file '''/etc/backup-credentials.txt''' (mode 0600) should contain the following two lines:
  
The direct use of rsync is not possible. The backup space can however be locally mounted using smbfs, sshfs or ftpfs, allowing a limited use of rsync. To take full advantage of rsync (such as incremental backups using hardlinks) an image file must be created, which should be mounted via loopback. In addition to this it is also possible to add encryption via encfs (Encrypted File System) to protect the data.
+
username=USERNAME
 +
password=PASSWORD
  
== IPv6 ==
+
On Debian-based distributions, the command is provided via the package cifs-utils
 +
 
 +
apt-get install cifs-utils
 +
 
 +
=== RSYNC ===
 +
 
 +
The direct use of rsync is not possible. Backup space can, however, be locally mounted using smbfs, sshfs or ftpfs, which allows a limited use of rsync. To take full advantage of rsync (such as incremental backups using hardlinks) an image file must be created, which should be mounted via loopback. In addition to this, it is also possible to add encryption via encfs (Encrypted File System) to protect the data.
 +
 
 +
=== IPv6 ===
 +
 
 +
You can access your backup space with the same hostname via IPv6.
  
You can also access your backup space with the same hostname via IPv6. To get the IPv6 address you can for example use the following command:
 
<pre>dig AAAA <username>.your-backup.de
 
</pre>
 
 
== Determining memory usage ==
 
== Determining memory usage ==
  
To find out how much free space you have (be it via backup scripts or status emails) you can use the "sftp" or "lftp" program:
+
To find out how much free space you have (be it via backup scripts or status emails) you can use the program "sftp":
  
 
  apt-get install sftp
 
  apt-get install sftp
Zeile 158: Zeile 129:
 
  echo "df -hi" | sftp USERNAME@BACKUPSERVER
 
  echo "df -hi" | sftp USERNAME@BACKUPSERVER
  
Under certain circumstances lftp can give you incorrect values, which is why sftp is recommended. Following is the variant with lftp:
+
"lftp" can also be used. However, under certain circumstances lftp can give you incorrect values, which is why sftp is recommended. The following is the variant with lftp:
  
 
  # apt-get install lftp
 
  # apt-get install lftp
 
Determining memory usage:
 
 
# echo du -s .  \
 
| lftp -u USERNAME,PASSWORD BACKUPSERVER
 
 
This is more readable with the parameter -h:
 
 
 
  # echo du -hs .  \
 
  # echo du -hs .  \
 
  | lftp -u USERNAME,PASSWORD BACKUPSERVER
 
  | lftp -u USERNAME,PASSWORD BACKUPSERVER
  
The following command allows you to use a hook to link with Tartarus, by inserting the following lines in the Tartarus configuration:
+
The following command allows you to use a hook to link with Tartarus by inserting the following lines in the Tartarus configuration:
  
 
  TARTARUS_POST_PROCESS_HOOK() {
 
  TARTARUS_POST_PROCESS_HOOK() {

Version vom 25. August 2014, 09:27 Uhr

Inhaltsverzeichnis

Backup Space

All dedicated/virtual server clients can order backup space with their server. Backup space can only be accessed from within the Hetzner network. Any server located at Hetzner can connect to the backup space.

The available backup space options, as well as their prices, can be found in the table below:

Backup Space Monthly Fee Setup Fee
100 GB* 4.90 €* 4.90 €*
500 GB 9.90 € 9.90 €
2,000 GB 19.90 € 19.90 €
5,000 GB 44.90 € 44.90 €
10,000 GB 79.90 € 79.90 €

*A server costing 49 euros per month or more can get 100 GB backup space for free.

All prices include 19% VAT

Ordering Backup Space

Backup space can be ordered via the Robot. Under "Main Functions; Server" select the desired server and then open the tab "Backup". Here you can order different sizes of backup space, as well as up/downgrading your current backup space.

Functions in the Robot

Under the "Backup" tab of your server in the Robot you can complete the following tasks:

  • Order backup space
  • Up/downgrade backup space
  • Delete backup space
  • Generate a new password
  • Graphically display the current usage (updated every 10 minutes)

General Notes

The upload speed for backup space is dependent on how many other clients are simultaneously accessing the same backup server. Consider running your backups at another time if you experience performance problems.

It is important to use the DNS names assigned to your backup space (<username>.your-backup.de) instead of the underlying IP address, as the IP address can change.

Useful Software

Accessing Backup Space

Backup space can be accessed via various different protocols.

FTP/SFTP/SCP

You can access your backup space by means of FTP, SFTP and SCP. Please use the host names assigned to you (<username>.your-backup.de) as well as your username and password.

Public Key Authentication

For SFTP/SCP it is possible to authenticate yourself with a Public Key. More information, as well as an example, can be found on the following wiki page: Backup Space SSH Keys.

Restrictions

It is not possible to create the folders "/etc" or "/lib" on backup space.

Connection Error

11: Application Error

If you receive this error when trying to connect via SFTP or SCP, then this could be the result of SSH Key Forwarding being activated. Please deactivate this for the backup space, and try connecting again.

SAMBA/CIFS

You have the option of integrating your backup space with Samba/Cifs. To do so, you can use the following UNC path:

\\<username>.your-backup.de\backup
mount.cifs -o user=USERNAME,pass=PASSWORD //USERNAME.your-backup.de/backup /PATH/FOLDER

Furthermore, with the following line of code in /etc/fstab the backup space will be mounted automatically during boot time:

//<username>.your-backup.de/backup /mnt/backup-server       cifs    iocharset=utf8,rw,credentials=/etc/backup-credentials.txt,uid=<Systemkonto>,gid=<Systemgruppe>,file_mode=0660,dir_mode=0770 0       0

The file /etc/backup-credentials.txt (mode 0600) should contain the following two lines:

username=USERNAME
password=PASSWORD

On Debian-based distributions, the command is provided via the package cifs-utils

apt-get install cifs-utils

RSYNC

The direct use of rsync is not possible. Backup space can, however, be locally mounted using smbfs, sshfs or ftpfs, which allows a limited use of rsync. To take full advantage of rsync (such as incremental backups using hardlinks) an image file must be created, which should be mounted via loopback. In addition to this, it is also possible to add encryption via encfs (Encrypted File System) to protect the data.

IPv6

You can access your backup space with the same hostname via IPv6.

Determining memory usage

To find out how much free space you have (be it via backup scripts or status emails) you can use the program "sftp":

apt-get install sftp
echo "df"     | sftp USERNAME@BACKUPSERVER
echo "df -h"  | sftp USERNAME@BACKUPSERVER
echo "df -hi" | sftp USERNAME@BACKUPSERVER

"lftp" can also be used. However, under certain circumstances lftp can give you incorrect values, which is why sftp is recommended. The following is the variant with lftp:

# apt-get install lftp
# echo du -hs .  \
| lftp -u USERNAME,PASSWORD BACKUPSERVER

The following command allows you to use a hook to link with Tartarus by inserting the following lines in the Tartarus configuration:

TARTARUS_POST_PROCESS_HOOK() {
echo "du" | /usr/bin/lftp -u "$STORAGE_FTP_USER,$STORAGE_FTP_PASSWORD" "$STORAGE_FTP_SERVER" | awk -v LIMIT=100 '$2=="." {print ((LIMIT*1024*1024)-$1)/1024 " MiB backup space remaining"}'
}


© 2019. Hetzner Online GmbH. Alle Rechte vorbehalten.