Hetzner - DokuWiki

Backup/en
(Encrypt SAMBA connection)
 
(42 dazwischenliegende Versionen von 10 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
 
{{Languages|Backup}}
 
{{Languages|Backup}}
  
== Applying for backup space ==
+
==Backup Space==
  
In addition to your dedicated/virtual server you can acquire a backup space to use for your own backups. This backup space can be ordered via Robot. To do so, click on the Server menu on the left, select your server and then go to the "Backup" tab. Here you can order different sizes of backup space, as well as up/downgrading your current backup space. The available backup space options can be found in the table below (all prices include 19% VAT):
+
All dedicated/virtual server customers can order backup space with their dedicated root servers or virtual servers. If you as a customer have backup space, you can only access it from within the Hetzner network. You can use any server located at Hetzner to connect to the backup space.
  
{| style="width: 490px; height: 66px" border="1" cellpadding="1" cellspacing="1"
+
You can see an overview of the backup space sizes and prices in the table below.
 +
 
 +
{| class="wikitable" style="margin-left: 10px;"
 +
|-
 +
!|Backup Space
 +
!|Monthly price
 
|-
 
|-
!
+
||100 GB<big>*
! Monthly
+
||€2.90<big>*</big>
! Setup
+
 
|-
 
|-
| 100 GB [[#free|[*]]]
+
||500 GB
| 4.90 € [[#free|[*]]]
+
||€4.90
| 4.90 € [[#free|[*]]]
+
 
|-
 
|-
| 500 GB
+
||1,000 GB
| 9.90 €
+
||€7.90
| 9.90
+
 
|-
 
|-
| 2,000 GB
+
||2,000 GB
| 19.90 €
+
||€9.90
| 19.90
+
 
|-
 
|-
| 5,000 GB
+
||5,000 GB
| 44.90 €
+
||€21.90
| 44.90
+
 
|-
 
|-
| 10,000 GB
+
||10,000 GB
| 79.90 €
+
||€39.90
| 79.90
+
 
|}
 
|}
  
<br/><span id="free">* Clients with EQ, EX or XS servers can get the 100 GB backup space for free.</span>
+
Customers with dedicated root servers with prices at or higher than €39 a month can get 100GB of backup space free of cost.
  
'''Important:''' please note that the backup space can only be used from your server as access is only permitted from within the Hetzner network.
+
<span style="color: #008000;">[[Payment_FAQ#Welchen_Umsatzsteuersatz_muss_ich_zahlen.3F|Prices shown here do not include VAT. Click here to see what VAT you should pay.]]</span>
  
== Functions in Robot ==
+
==Ordering backup space==
  
In Robot (under the "Backup" tab) you can generate a new password for your backup space and also erase the content of the backup space. Furthermore, you can have your current backup usage displayed graphically. The data for this display is updated every 10 minutes.
+
You can order backup space via your account on [[Robot]]. Under "Main Functions" -> "Server", select the server and then open the tab "Backup". Here you can order different sizes of backup space, and you can upgrade or downgrade your current backup space.
  
== Useful software ==
+
==Backup space operations on Robot==
  
*Backup with [http://wertarbyte.de/tartarus.shtml '''Tartarus''']
+
Under the "Backup" tab of your server on Robot, you can do the following:
**"On-the-fly” backup on FTP server
+
**Support of LVM snapshots
+
**Encryption (symmetrical or asymmetrical by key or password)
+
**Incremental security measures
+
**Based on prevalent Unix tools, enabling easy recovery from the rescue system (tar, bzip2, etc.)
+
**Profile configuration files
+
**Integrated "Hooks" make it suitable for special cases
+
**Removal of old security measures from the FTP server using the charon tool
+
**[[Tartarus Backup-Konfiguration/en|Tartarus backup configuration]] with examples and instructions
+
*Backup with '''[[Backup2l/en|Backup2l]]'''/gpg/ftp
+
*[http://duplicity.nongnu.org/ '''Duplicity'''] – GPG encrypted, compressed, incremental backup from untrustworthy media or unencrypted protocols such as the FTP offered exclusively by Hetzner to the backup server. Also works with rsync and ssh.
+
**A [[Duplicity Script/en|Duplicity Script]]
+
  
== General tips ==
+
*Order backup space
 +
*Upgrade/downgrade backup space
 +
*Delete backup space
 +
*Generate a new password
 +
*Graphically display the current amount of space used (updated every 10 minutes)
  
Please note that the speed of backup is dependant on how many other clients are simultaneously accessing the backup server. Consider running your backups at another time if you experience performance problems.
+
==Resilience/Reliability==
  
It is also important to use the DNS names assigned to you (&lt;username&gt;.your-backup.de; only affects new backup space accounts) in place of the underlying IP address as the IP address can change.
+
The backup accounts are protected by a RAID array, which can tolerate a failure of several hard disks. Thus the chance of data loss is relatively small. Please note, however, that you are still responsible for your data and that Hetzner provides no guarantees whatsoever regarding possible data loss. The data is not mirrored on other servers.
  
== FTP/SFTP/SCP ==
+
In addition, checksums for the individual data blocks are used to detect and correct bit errors.
  
You can access your backup space by means of FTP, SFTP and SCP. Please use the host names assigned to you (&lt;username&gt;.your-backup.de) as well as your username and password.
+
==General Notes==
  
For SFTP/SCP it is possible to authenticate yourself with a Public Key. You can provide a Public Key in RFC4716 format in the file '''.ssh/authorized_keys''' on your backup space. You can convert your Public Key into RFC4716 format with the “ssh-keygen” program with the parameters “-e” and “-f &lt;input pubkey&gt;”. It is important that the automatically inserted comment line be erased. You need to manually create the .ssh directory if required.
+
The upload speed for backup space is dependent on how many other clients are simultaneously accessing the same backup server. Consider running your backups at another time if you experience performance problems.
  
For example:
+
It is important to use the DNS names assigned to your backup space (<username>.your-backup.de) instead of the underlying IP address, as the IP address can change.
<pre>server# ssh-keygen
+
Generating public/private rsa key pair.
+
Enter file in which to save the key (/root/.ssh/id_rsa):
+
Enter passphrase (empty for no passphrase):
+
Enter same passphrase again:
+
Your identification has been saved in /root/.ssh/id_rsa.
+
Your public key has been saved in /root/.ssh/id_rsa.pub.
+
The key fingerprint is:
+
cb:3c:a0:39:69:39:ec:35:d5:66:f3:c5:92:99:2f:e1 root@server
+
The key's randomart image is:
+
+--[ RSA 2048]----+
+
|                |
+
|                |
+
|                |
+
|        .   =  |
+
|      . S = * o  |
+
|  . = = + + =  |
+
|    X o =  E .  |
+
|  o + . .  .  |
+
|    .            |
+
+-----------------+
+
  
server# ssh-keygen -e -f .ssh/id_rsa.pub | grep -v "Comment:" > .ssh/id_rsa_rfc.pub
+
There is a connections limit: 10 connections per account.
  
server# cat .ssh/id_rsa_rfc.pub
+
==Important reminders==
---- BEGIN SSH2 PUBLIC KEY ----
+
AAAAB3NzaC1yc2EAAAABIwAAAQEAz+fh731CVfH3FPM0vK5hX7NT5HogdBEQ4ryGJIeVMv
+
mCQJWwrFtdWh1pXMyXsYzXq1xbjILgCZGn+H0qUBKopJaa/Pzsw5U0UyRgiFhU2k0eiHUq
+
pkiixTbHcLsCj3kjAv5i07wZJ/ot246hLQD1PtSQtcX7nHvhdhenOTGO+ccpM2KEdX1E64
+
eaTtO9Bf7X4OTXnRxS7tjYH9sls5DOunpvoIZLvbmcVw1+wMdJBXOAU6/tnkN5N3mYE4Hu
+
JjnRtBAI9MS9Tt3DNAp1K/udUHA6hfYf08fxYs9uwsCM793b7FczmVvHEIwIKszG7Jwiwo
+
Dqit4EExR8bNNCeD6D3Q==
+
---- END SSH2 PUBLIC KEY ----
+
  
server# cat .ssh/id_rsa_rfc.pub >> backup_authorized_keys
+
Please note that the executable right is required for the home directory. If you remove the executable right, you will not longer be able to log in.
  
server# echo mkdir .ssh | sftp u15000@u15000.your-backup.de
+
Please also note that FTP and SAMBA connections may be unencrypted in some circumstances. Some Windows versions and FTP clients, however, use encryption by default. Instructions on how to encrypt your SAMBA connection can be found [[#Encrypt_SAMBA_connection|here]].
Connecting to u15000.your-backup.de...
+
The authenticity of host 'u15000.your-backup.de (78.46.10.232)' can't be established.
+
RSA key fingerprint is 3d:7b:6f:99:5f:68:53:21:73:15:f9:2e:6b:3a:9f:e3.
+
Are you sure you want to continue connecting (yes/no)? yes
+
Warning: Permanently added 'u15000.your-backup.de ,78.46.10.232' (RSA) to the list of known hosts.
+
u15000@u15000.your-backup.de 's password:
+
sftp> mkdir .ssh
+
  
server# scp backup_authorized_keys u15000@u15000.your-backup.de:.ssh/authorized_keys
+
Using CNAME records for the assigned DNS name does not work with WebDAV.
u15000@u15000.your-backup.de's password:
+
backup_authorized_keys                                        100%  406    0.4KB/s
+
  
server# sftp u15000@u15000.your-backup.de
+
Before using any of the services listed below, please check your Robot account to see whether or not the setting is activated.
Connecting to u15000.your-backup.de...
+
sftp> ls
+
sftp> exit
+
server#
+
</pre>
+
''Note:'' When uploading the Public Key you cannot use ssh-copy-id.
+
  
== SAMBA/CIFS ==
+
Use Robot to generate the password for your backup account. Robot will only display the generated password once. You cannot use your password for Hetzner Accounts for your backup account.
  
You have the option of integrating your backup space with Samba/Cifs. To do so you can use the following UNC path:
+
====Restriction====
  
<pre>\\<username>.your-backup.de\backup
+
It is not possible to create the folders "/etc" or "/lib" on the backup space.
mount.cifs -o user=USERNAME,pass=PASSWORD //USERNAME.your-backup.de/backup /PATH/FOLDER
+
</pre>
+
  
Furthermore, with the following line of code in <code>/etc/fstab</code> the backup space will be mounted automatically during boot time (it is just one line of code!)
+
==Useful software==
  
<pre>//<username>.your-backup.de/backup /mnt/backup-server      cifs    iocharset=utf8,rw,credentials=/etc/backup-credentials.txt,uid=<Systemkonto>,gid=<Systemgruppe>,file_mode=0660,dir_mode=0770 0      0
+
* [http://wertarbyte.de/tartarus.shtml Tartarus]
</pre>
+
** <span style="color: #008000;">[[Tartarus Backup-Konfiguration]]</span>
 +
* [http://backup2l.sourceforge.net/ Backup2l]
 +
** [[Backup2l|Backup2l Backup-Konfiguration]]
 +
* [http://duplicity.nongnu.org/ Duplicity]
 +
** A [[Duplicity Script]]
  
The file <code>/etc/backup-credentials.txt</code> (mode 0600) should contain the following two lines:
+
==Accessing Backup Space==
  
<pre>username=USERNAME
+
=== Overview ===
password=PASSWORD</pre>
+
  
On Debian-based distributions, the command is provided via the package cifs-utils (<code>apt-get install cifs-utils</code>).
+
Please note that the username '''u00000''' is only used as example. Please replace it with the username of your backup space.
  
== RSYNC ==
+
{| class="wikitable"  width="100%"
 +
|-
 +
! |Protocol
 +
! |Address
 +
! |Username
 +
! |Port
 +
|-
 +
|style="border-bottom:solid 2px black;" |FTP / FTPS
 +
|style="border-bottom:solid 2px black;" |u00000.your-backup.de
 +
|style="border-bottom:solid 2px black;" |u00000
 +
|style="border-bottom:solid 2px black;" |21
 +
|-
 +
|style="border-bottom:solid 2px black;" |SFTP / SCP
 +
|style="border-bottom:solid 2px black;" |u00000.your-backup.de
 +
|style="border-bottom:solid 2px black;" |u00000
 +
|style="border-bottom:solid 2px black;" |22
 +
|-
 +
|style="border-bottom:solid 2px black;" |Rsync / BorgBackup / SFTP / SCP*
 +
|style="border-bottom:solid 2px black;" |u00000.your-backup.de
 +
|style="border-bottom:solid 2px black;" |u00000
 +
|style="border-bottom:solid 2px black;" |23
 +
|-
 +
|style="border-bottom:solid 2px black;" |SMB / CIFS*
 +
|style="border-bottom:solid 2px black;" |'''Windows:'''<br><code>\\u00000.your-backup.de\backup</code><br>'''Linux:'''<br><code>//u00000.your-backup.de/backup</code>
 +
|style="border-bottom:solid 2px black;" |u00000
 +
|style="border-bottom:solid 2px black;" |445
 +
|-
 +
|HTTPS / WebDAV*
 +
|<pre>https://u00000.your-storagebox.de</pre>
 +
|u00000
 +
|443
 +
|-
 +
|}
  
The direct use of rsync is not possible. The backup space can however be locally mounted using smbfs, sshfs or ftpfs, allowing a limited use of rsync. To take full advantage of rsync (such as incremental backups using hardlinks) an image file must be created, which should be mounted via loopback. In addition to this it is also possible to add encryption via encfs (Encrypted File System) to protect the data.
 
  
== IPv6 ==
+
<nowiki>*</nowiki> This service can be activated without charge in the Robot
  
You can also access your backup space with the same hostname via IPv6. To get the IPv6 address you can for example use the following command:
+
===FTP/FTPS===
<pre>dig AAAA <username>.your-backup.de
+
</pre>
+
== Determining memory usage ==
+
  
To find out how much free space you have (be it via backup scripts or status emails) you can use the "sftp" or "lftp" program:
+
You can access your backup space by means of FTP. Please use the host names assigned to you (<username>.your-backup.de) as well as your username and password. Important note: FTP connections are not encrypted. Only FTPS (FTP+TLS) is encryped.
  
apt-get install sftp
+
====Active and passive modes====
echo "df"    | sftp USERNAME@BACKUPSERVER
+
echo "df -h"  | sftp USERNAME@BACKUPSERVER
+
echo "df -hi" | sftp USERNAME@BACKUPSERVER
+
  
Under certain circumstances lftp can give you incorrect values, which is why sftp is recommended. Following is the variant with lftp:
+
FTP protocol is based on two connections: one connection via port 21 for all commands and a second connection for the transferred file content. For the second connection, a distinction is made between active and passive mode.
  
# apt-get install lftp
+
In the active mode, the backup server tries to establish the connection to the client (Server -> Client). However, this can be blocked by a firewall of the client, and then a timeout occurs.
  
Determining memory usage:
+
The passive mode can be used as a solution. The client establishes a connection to the server (Client -> Server). The activation of the passive mode differs between different client programs. Therefore, please refer to your program's help menu.
  
# echo du -s .  \
+
====Instructions====
| lftp -u USERNAME,PASSWORD BACKUPSERVER
+
  
This is more readable with the parameter -h:
+
'''Windows'''
  
 +
In Windows, you can add your backup space as a network address via FTP as follows:
 +
 +
#Open Windows Explorer.
 +
#'''Windows 7''': Click on "Computer" and then on "Add network address" above.<br />'''Windows 8/10''': Click on "This PC". Then click on "Computer" above and then on "Add network address".
 +
#In the dialog window that appears, click twice on 2 "Next".
 +
#Now enter "ftp://<username>.your-backup.de" in the text field and then click on "Next".
 +
#Remove the checkmark next to "Login anonymously" and enter the name of your backup account.
 +
#Click 2 more times on "Next" and then on "Complete".
 +
#In the window that opens, enter your username and password. You can also choose to save your password in Windows.
 +
#After you click on "Log in", you will be able to access your backup space by going to "This PC" (Windows 8.1/10) or "Computer" (Windows 7/8).
 +
 +
====Software====
 +
 +
Please note that there is only a limited selection of software that can be used for this protocol.
 +
 +
'''Windows'''
 +
 +
* Windows Explorer
 +
* FileZilla
 +
* WinSCP
 +
 +
'''Linux'''
 +
 +
* FileZilla
 +
* ftp
 +
* ncftp
 +
* lftp
 +
 +
===SFTP/SCP===
 +
 +
You can access your backup space by means of SFTP and SCP. This method of accessing your backup space is completely encrypted.
 +
 +
====Public Key Authentication====
 +
 +
For SFTP/SCP it is possible to authenticate yourself with a public key. You can find more information for how to do this, as well as an example, on the following wiki page: [[Backup Space SSH Keys]].
 +
 +
====Connection Error====
 +
 +
11: Application Error
 +
 +
If you receive this error when trying to connect via SFTP or SCP, then this could be the result of SSH key forwarding being activated. Please deactivate this for the backup space, and try connecting again.
 +
 +
====Software====
 +
 +
Please note that there is only a limited selection of software that can be used for this protocol.
 +
 +
'''Windows'''
 +
 +
* WinSCP (SFTP)
 +
* FileZilla (SFTP)
 +
 +
'''Linux'''
 +
 +
* scp
 +
* sftp
 +
* FileZilla (SFTP)
 +
 +
===SAMBA/CIFS===
 +
 +
You have the option of linking your backup space with Samba/CIFS. To do so, you can use the following UNC path.
 +
 +
If you are using your main account, the share name is '''backup'''.
 +
 +
'''Linux/Unix:'''
 +
 +
//<username>.your-backup.de/<share name>
 +
 +
'''Windows'''
 +
 +
\\<username>.your-backup.de\<share name>
 +
 +
====Instructions====
 +
 +
'''Linux'''
 +
 +
With Linux, you can use the following command from the command line to integrate the backup space in the local file system:
 +
 +
mount.cifs -o user=<username>,pass=<password> //<username>.your-backup.de/backup /PATH/FOLDER
 +
 +
You can also use the following line in /etc/fstab to automate the mount at each system start. (It is a single line!)
 +
 +
//<username>.your-backup.de/backup /mnt/backup-server      cifs    iocharset=utf8,rw,credentials=/etc/backup-credentials.txt,uid=<system_user>,gid=<system_group>,file_mode=0660,dir_mode=0770 0      0
 +
 +
The file /etc/backup-credentials.txt (mode 0600) should contain two lines as follows:
 +
 +
username=<username>
 +
password=<password>
 +
 +
On Debian-based distributions, the command is provided via the cifs-utils package.
 +
 +
apt-get install cifs-utils
 +
 +
On Debian Wheezy based systems, edit the parameters as follows if you are having problems:
 +
 +
rsize=65536,wsize=130048
 +
 +
You should also add the following lines to /etc/rc.local:
 +
 +
modprobe cifs
 +
echo 0 > /proc/fs/cifs/OplockEnabled
 +
 +
'''FreeBSD'''
 +
 +
On FreeBSD, you can mount the backup space as follows:
 +
 +
Add the following line to /etc/fstab
 +
 +
//<username>@<username>/backup /mnt/backup-space smbfs rw,-N 0      0
 +
 +
Replace username with the Robot-assigned username. Also you need to use 'mkdir' to create /mnt/backup-space if it does not already exist.
 +
 +
Add the following lines to /etc/nsmb.conf
 +
 +
[<username>]
 +
charsets=UTF8:cp850
 +
addr=<username>.your-backup.de
 +
[<username>:<username>]
 +
password=$crypt-string
 +
 +
Create the crypt-string with 'smbutil crypt'.
 +
 +
In FreeBSD 10.1, the necessary packages are already pre-installed.
 +
 +
'''Windows'''
 +
 +
In Windows, use the following instructions to connect your backup space as a network drive with its own drive letter:
 +
 +
# Open Windows Explorer.
 +
# Windows 7: On the left, click on "Computer" and then at the top on "Map network drive".<br />Windows 8/10: On the left, click on "This PC". And then at the top click on "Computer" and then on "Map network drive".
 +
# In the new dialog, select a network drive letter of your choice and enter „\\<username>.your-backup.de\backup“ for the folder. Enter a check next to "Reconnect at login" if you want to automatically establish a connection upon starting the system.
 +
# When you are asked for login information, you should here enter the username and password you used for your backup space. You also have the option of saving the login information in Windows.
 +
# The setup of your backup space as a network drive is now finished and can be found as separate drive under "This PC" (Windows 8.1/10) or "Computer" (Windows 7/8).
 +
 +
====Error with files larger than 4 GB====
 +
 +
If there are errors when copying files that are 4 GB or larger, then it can help to deactivate caching. To do so, the backup space must be mounted with the extra parameter '-o cache=none'.
 +
 +
====Encrypt SAMBA connection====
 +
 +
To encrypt a SAMBA connection, add the following option to your mount command: '''seal'''
 +
 +
Example:
 +
 +
mount.cifs -o seal,user=<username>,pass=<passwort> //<username>.your-backup.de/backup /PATH/FOLDER
 +
 +
Please note that this feature is only available in newer Linux versions (e.g. starting with Ubuntu 18.04).
 +
 +
===WebDAV===
 +
 +
You can access your backup space by using WebDAV; it is encrypted through this connection.
 +
 +
By default, WebDAV is deactivated for your backup space. You can activate it for free via  Robot. Please note that it can take a few minutes after the activation before your backup space will be accessible via WebDAV.
 +
 +
Unfortunately, the WebDAV protocol does not support the output of the available memory and it may produce false values. Please use sftp instead as is described in [[#Determine_available_backup_space|Determining available memory]].
 +
 +
With Windows servers, it may be necessary to install the "Desktop View" or "Desktop Experience" feature.
 +
 +
====Instructions====
 +
 +
'''Linux'''
 +
 +
To create a link to the WebDAV directory, use the following command:
 +
 +
mount -t davfs https://<username>.your-backup.de /MOUNTPOINT
 +
 +
By adding the following line to /etc/fstab, your system will automatically mount the file system at boot:
 +
 +
https://<username>.your-backup.de /MOUNTPOINT davfs rw,uid=<system_user>,gid=<system_group>,file_mode=0660,dir_mode=0770,_netdev 0 0
 +
 +
To automatically mount the WebDAV directory, enter the following line in the file /etc/davfs2/secrets:
 +
 +
https://<username>.your-backup.de <username> <password>
 +
 +
In Debian-based distributions, the command davfs is provided via a package of the same name:
 +
 +
apt-get install davfs2
 +
 +
'''Windows'''
 +
 +
In Windows, use the following instructions to connect to your backup space via WebDAV:
 +
# Open Windows Explorer.
 +
# '''Windows 7''': On the left, click on "Computer" and then at the top on "Map network drive".<br />'''Windows 8/10''': On the left, click on "This PC". And then at the top click on "Computer" and then on "Map network drive".
 +
# Click on "Connect to a web site that you can use to store your documents and pictures".
 +
# In the new assistent, click on "Next".
 +
# Select "Choose a custom network location" and click on "Next".
 +
# Under "Internet or network address" enter the address of your backup space with the protocol https (For example: https://<username>.your-backup.de) and click on "Next".
 +
# Now you can assign a new name for the network address under the one that should be visible in Windows. Then, click on "Next".
 +
# Now click on "Finish".
 +
# Now enter the user name and password of your backup space in the login dialog.
 +
# The setup of your backup space as a network address is now finished. You can now find it under "This PC" (Windows 8.1/10) or "Computer" (Windows 7/8).
 +
 +
===SSH / rsync / BorgBackup===
 +
 +
You can access your backup space via an SSH connection to use rsync and BorgBackup there. Use port 23 to access your backup space for this purpose.
 +
 +
To create an SSH connection on your backup space, first select the correct backup space on your account on Robot and then activate the SSH support setting for it.
 +
 +
Important note: For SSH key authentication, you must save a public SSH key in normal OpenSSH format on your backup space. Do not save the key in RFC4716 format. For a more detailed guide, please see our Wiki page Backup Space SSH Keys.
 +
 +
Important note: For SSH key authentication, you must save a public SSH key in normal OpenSSH format on your backup space. Do not save the key in RFC4716 format. For a more detailed guide, please see our Wiki page [[Backup Space SSH Keys/en|Backup Space SSH Keys]].
 +
 +
Please also note that only the directory '''/home/''' is writable on the backup space. To address directories or files on the backup space, we therefore recommend that you use relative paths. For example, to download the file /server1/full_backup.tar.gz from the backup space, you can use the following file paths:
 +
 +
server1/full_backup.tar.gz
 +
./server1/full_backup.tar.gz
 +
 +
Interactive SSH access is not allowed.
 +
 +
====BorgBackup====
 +
 +
With BorgBackup, you can save encrypted and duplicate backups on your backup account. You can find a guide for how to do this at [[BorgBackup/en]].
 +
 +
====rsync====
 +
 +
You can use rsync to synchronize the current state of your file directories to your backup space. For example, to synchronize a local directory to the backup space, you can use rsync as follows:
 +
 +
rsync --progress -e 'ssh -p23' --recursive <local directory> <username>@<username>.your-backup.de:./<target directory>
 +
 +
To re-download a directory from the backup space, you only need to swap the directories:
 +
 +
rsync --progress -e 'ssh -p23' --recursive <username>@<username>.your-backup.de:./<directory> <local directory>
 +
 +
Please note that it is not possible to customize the user and group ID of the uploaded files.
 +
 +
====SCP via port 23====
 +
 +
You can also use SCP via port 23. To upload a file via SCP, you can execute the following command:
 +
 +
scp -P 23 <local file> <username>@<username>.your-backup.de:<remote file>
 +
 +
To download the file again, you only have to swap the target and source files:
 +
 +
scp -P 23 <username>@<username>.your-backup.de:<remote file> <local file>
 +
 +
====SFTP====
 +
 +
Accessing your backup space via SFTP is similar to accessing it with an FTP client. To start an SFTP session, please execute the following command:
 +
 +
sftp -P 23 <username>@<username>.your-backup.de
 +
 +
You can then upload files using '''put''' and download them using '''get'''. With '''ls''' you get a directory listing:
 +
 +
sftp> put 100MB.file
 +
Uploading 100MB.file to /home/100MB.file
 +
100MB.file                          100%  100MB  78.7MB/s  00:01
 +
sftp> ls -ahl
 +
drwxr-xr-x    0 12345      12345    16B  Mar 28 10:55 .
 +
dr-x--x--x    0 0          0        10B  Mar 27 12:16 ..
 +
-rw-r--r--    0 12345      12345    100M Mar 28 11:34 100MB.file
 +
sftp> get 100MB.file
 +
Fetching /home/100MB.file to 100MB.file
 +
/home/100MB.file                    100%  100MB 110.6MB/s  00:00
 +
sftp> quit
 +
 +
===IPv6===
 +
 +
You can also reach your backup space under the same DNS name via IPv6.
 +
 +
==Determine available backup space==
 +
 +
To find out how much backup space is still available (be it in backup scripts or status emails), you can use the 'sftp' program:
 +
 +
apt-get install sftp
 +
echo "df"    | sftp <username>@BACKUPSERVER
 +
echo "df -h"  | sftp <username>@BACKUPSERVER
 +
echo "df -hi" | sftp <username>@BACKUPSERVER
 +
 +
Under certain circumstances, lftp can return wrong values; therefore it is better to use the variant with sftp. Below is the variant with lftp:
 +
 +
# apt-get install lftp
 
  # echo du -hs .  \
 
  # echo du -hs .  \
  | lftp -u USERNAME,PASSWORD BACKUPSERVER
+
  | lftp -u <username>,<password> BACKUPSERVER
  
The following command allows you to use a hook to link with Tartarus, by inserting the following lines in the Tartarus configuration:
+
You can also embed the command in Tartarus using a hook. To do this, insert the following lines into the Tartarus configuration:
  
 
  TARTARUS_POST_PROCESS_HOOK() {
 
  TARTARUS_POST_PROCESS_HOOK() {
 
  echo "du" | /usr/bin/lftp -u "$STORAGE_FTP_USER,$STORAGE_FTP_PASSWORD" "$STORAGE_FTP_SERVER" | awk -v LIMIT=100 '$2=="." {print ((LIMIT*1024*1024)-$1)/1024 " MiB backup space remaining"}'
 
  echo "du" | /usr/bin/lftp -u "$STORAGE_FTP_USER,$STORAGE_FTP_PASSWORD" "$STORAGE_FTP_SERVER" | awk -v LIMIT=100 '$2=="." {print ((LIMIT*1024*1024)-$1)/1024 " MiB backup space remaining"}'
 
  }
 
  }
 +
 +
In order to always get a reliable value, we recommend that you use Robot to display the amount of occupied backup space.
  
 
[[Kategorie:Dedizierte Server]]
 
[[Kategorie:Dedizierte Server]]
Zeile 188: Zeile 432:
 
[[Kategorie:Dedi-Optionale Features]]
 
[[Kategorie:Dedi-Optionale Features]]
 
[[Kategorie:Robot]]
 
[[Kategorie:Robot]]
 +
[[Kategorie:Backup]]

Aktuelle Version vom 3. Juli 2019, 12:06 Uhr

Inhaltsverzeichnis

Backup Space

All dedicated/virtual server customers can order backup space with their dedicated root servers or virtual servers. If you as a customer have backup space, you can only access it from within the Hetzner network. You can use any server located at Hetzner to connect to the backup space.

You can see an overview of the backup space sizes and prices in the table below.

Backup Space Monthly price
100 GB* €2.90*
500 GB €4.90
1,000 GB €7.90
2,000 GB €9.90
5,000 GB €21.90
10,000 GB €39.90

Customers with dedicated root servers with prices at or higher than €39 a month can get 100GB of backup space free of cost.

Prices shown here do not include VAT. Click here to see what VAT you should pay.

Ordering backup space

You can order backup space via your account on Robot. Under "Main Functions" -> "Server", select the server and then open the tab "Backup". Here you can order different sizes of backup space, and you can upgrade or downgrade your current backup space.

Backup space operations on Robot

Under the "Backup" tab of your server on Robot, you can do the following:

  • Order backup space
  • Upgrade/downgrade backup space
  • Delete backup space
  • Generate a new password
  • Graphically display the current amount of space used (updated every 10 minutes)

Resilience/Reliability

The backup accounts are protected by a RAID array, which can tolerate a failure of several hard disks. Thus the chance of data loss is relatively small. Please note, however, that you are still responsible for your data and that Hetzner provides no guarantees whatsoever regarding possible data loss. The data is not mirrored on other servers.

In addition, checksums for the individual data blocks are used to detect and correct bit errors.

General Notes

The upload speed for backup space is dependent on how many other clients are simultaneously accessing the same backup server. Consider running your backups at another time if you experience performance problems.

It is important to use the DNS names assigned to your backup space (<username>.your-backup.de) instead of the underlying IP address, as the IP address can change.

There is a connections limit: 10 connections per account.

Important reminders

Please note that the executable right is required for the home directory. If you remove the executable right, you will not longer be able to log in.

Please also note that FTP and SAMBA connections may be unencrypted in some circumstances. Some Windows versions and FTP clients, however, use encryption by default. Instructions on how to encrypt your SAMBA connection can be found here.

Using CNAME records for the assigned DNS name does not work with WebDAV.

Before using any of the services listed below, please check your Robot account to see whether or not the setting is activated.

Use Robot to generate the password for your backup account. Robot will only display the generated password once. You cannot use your password for Hetzner Accounts for your backup account.

Restriction

It is not possible to create the folders "/etc" or "/lib" on the backup space.

Useful software

Accessing Backup Space

Overview

Please note that the username u00000 is only used as example. Please replace it with the username of your backup space.

Protocol Address Username Port
FTP / FTPS u00000.your-backup.de u00000 21
SFTP / SCP u00000.your-backup.de u00000 22
Rsync / BorgBackup / SFTP / SCP* u00000.your-backup.de u00000 23
SMB / CIFS* Windows:
\\u00000.your-backup.de\backup
Linux:
//u00000.your-backup.de/backup
u00000 445
HTTPS / WebDAV*
https://u00000.your-storagebox.de
u00000 443


* This service can be activated without charge in the Robot

FTP/FTPS

You can access your backup space by means of FTP. Please use the host names assigned to you (<username>.your-backup.de) as well as your username and password. Important note: FTP connections are not encrypted. Only FTPS (FTP+TLS) is encryped.

Active and passive modes

FTP protocol is based on two connections: one connection via port 21 for all commands and a second connection for the transferred file content. For the second connection, a distinction is made between active and passive mode.

In the active mode, the backup server tries to establish the connection to the client (Server -> Client). However, this can be blocked by a firewall of the client, and then a timeout occurs.

The passive mode can be used as a solution. The client establishes a connection to the server (Client -> Server). The activation of the passive mode differs between different client programs. Therefore, please refer to your program's help menu.

Instructions

Windows

In Windows, you can add your backup space as a network address via FTP as follows:

  1. Open Windows Explorer.
  2. Windows 7: Click on "Computer" and then on "Add network address" above.
    Windows 8/10: Click on "This PC". Then click on "Computer" above and then on "Add network address".
  3. In the dialog window that appears, click twice on 2 "Next".
  4. Now enter "ftp://<username>.your-backup.de" in the text field and then click on "Next".
  5. Remove the checkmark next to "Login anonymously" and enter the name of your backup account.
  6. Click 2 more times on "Next" and then on "Complete".
  7. In the window that opens, enter your username and password. You can also choose to save your password in Windows.
  8. After you click on "Log in", you will be able to access your backup space by going to "This PC" (Windows 8.1/10) or "Computer" (Windows 7/8).

Software

Please note that there is only a limited selection of software that can be used for this protocol.

Windows

  • Windows Explorer
  • FileZilla
  • WinSCP

Linux

  • FileZilla
  • ftp
  • ncftp
  • lftp

SFTP/SCP

You can access your backup space by means of SFTP and SCP. This method of accessing your backup space is completely encrypted.

Public Key Authentication

For SFTP/SCP it is possible to authenticate yourself with a public key. You can find more information for how to do this, as well as an example, on the following wiki page: Backup Space SSH Keys.

Connection Error

11: Application Error

If you receive this error when trying to connect via SFTP or SCP, then this could be the result of SSH key forwarding being activated. Please deactivate this for the backup space, and try connecting again.

Software

Please note that there is only a limited selection of software that can be used for this protocol.

Windows

  • WinSCP (SFTP)
  • FileZilla (SFTP)

Linux

  • scp
  • sftp
  • FileZilla (SFTP)

SAMBA/CIFS

You have the option of linking your backup space with Samba/CIFS. To do so, you can use the following UNC path.

If you are using your main account, the share name is backup.

Linux/Unix:

//<username>.your-backup.de/<share name>

Windows

\\<username>.your-backup.de\<share name>

Instructions

Linux

With Linux, you can use the following command from the command line to integrate the backup space in the local file system:

mount.cifs -o user=<username>,pass=<password> //<username>.your-backup.de/backup /PATH/FOLDER

You can also use the following line in /etc/fstab to automate the mount at each system start. (It is a single line!)

//<username>.your-backup.de/backup /mnt/backup-server       cifs    iocharset=utf8,rw,credentials=/etc/backup-credentials.txt,uid=<system_user>,gid=<system_group>,file_mode=0660,dir_mode=0770 0       0

The file /etc/backup-credentials.txt (mode 0600) should contain two lines as follows:

username=<username>
password=<password>

On Debian-based distributions, the command is provided via the cifs-utils package.

apt-get install cifs-utils

On Debian Wheezy based systems, edit the parameters as follows if you are having problems:

rsize=65536,wsize=130048

You should also add the following lines to /etc/rc.local:

modprobe cifs
echo 0 > /proc/fs/cifs/OplockEnabled

FreeBSD

On FreeBSD, you can mount the backup space as follows:

Add the following line to /etc/fstab

//<username>@<username>/backup /mnt/backup-space smbfs rw,-N 0       0

Replace username with the Robot-assigned username. Also you need to use 'mkdir' to create /mnt/backup-space if it does not already exist.

Add the following lines to /etc/nsmb.conf

[<username>]
charsets=UTF8:cp850
addr=<username>.your-backup.de
[<username>:<username>]
password=$crypt-string

Create the crypt-string with 'smbutil crypt'.

In FreeBSD 10.1, the necessary packages are already pre-installed.

Windows

In Windows, use the following instructions to connect your backup space as a network drive with its own drive letter:

  1. Open Windows Explorer.
  2. Windows 7: On the left, click on "Computer" and then at the top on "Map network drive".
    Windows 8/10: On the left, click on "This PC". And then at the top click on "Computer" and then on "Map network drive".
  3. In the new dialog, select a network drive letter of your choice and enter „\\<username>.your-backup.de\backup“ for the folder. Enter a check next to "Reconnect at login" if you want to automatically establish a connection upon starting the system.
  4. When you are asked for login information, you should here enter the username and password you used for your backup space. You also have the option of saving the login information in Windows.
  5. The setup of your backup space as a network drive is now finished and can be found as separate drive under "This PC" (Windows 8.1/10) or "Computer" (Windows 7/8).

Error with files larger than 4 GB

If there are errors when copying files that are 4 GB or larger, then it can help to deactivate caching. To do so, the backup space must be mounted with the extra parameter '-o cache=none'.

Encrypt SAMBA connection

To encrypt a SAMBA connection, add the following option to your mount command: seal

Example:

mount.cifs -o seal,user=<username>,pass=<passwort> //<username>.your-backup.de/backup /PATH/FOLDER

Please note that this feature is only available in newer Linux versions (e.g. starting with Ubuntu 18.04).

WebDAV

You can access your backup space by using WebDAV; it is encrypted through this connection.

By default, WebDAV is deactivated for your backup space. You can activate it for free via Robot. Please note that it can take a few minutes after the activation before your backup space will be accessible via WebDAV.

Unfortunately, the WebDAV protocol does not support the output of the available memory and it may produce false values. Please use sftp instead as is described in Determining available memory.

With Windows servers, it may be necessary to install the "Desktop View" or "Desktop Experience" feature.

Instructions

Linux

To create a link to the WebDAV directory, use the following command:

mount -t davfs https://<username>.your-backup.de /MOUNTPOINT

By adding the following line to /etc/fstab, your system will automatically mount the file system at boot:

https://<username>.your-backup.de /MOUNTPOINT davfs rw,uid=<system_user>,gid=<system_group>,file_mode=0660,dir_mode=0770,_netdev 0 0

To automatically mount the WebDAV directory, enter the following line in the file /etc/davfs2/secrets:

https://<username>.your-backup.de <username> <password>

In Debian-based distributions, the command davfs is provided via a package of the same name:

apt-get install davfs2

Windows

In Windows, use the following instructions to connect to your backup space via WebDAV:

  1. Open Windows Explorer.
  2. Windows 7: On the left, click on "Computer" and then at the top on "Map network drive".
    Windows 8/10: On the left, click on "This PC". And then at the top click on "Computer" and then on "Map network drive".
  3. Click on "Connect to a web site that you can use to store your documents and pictures".
  4. In the new assistent, click on "Next".
  5. Select "Choose a custom network location" and click on "Next".
  6. Under "Internet or network address" enter the address of your backup space with the protocol https (For example: https://<username>.your-backup.de) and click on "Next".
  7. Now you can assign a new name for the network address under the one that should be visible in Windows. Then, click on "Next".
  8. Now click on "Finish".
  9. Now enter the user name and password of your backup space in the login dialog.
  10. The setup of your backup space as a network address is now finished. You can now find it under "This PC" (Windows 8.1/10) or "Computer" (Windows 7/8).

SSH / rsync / BorgBackup

You can access your backup space via an SSH connection to use rsync and BorgBackup there. Use port 23 to access your backup space for this purpose.

To create an SSH connection on your backup space, first select the correct backup space on your account on Robot and then activate the SSH support setting for it.

Important note: For SSH key authentication, you must save a public SSH key in normal OpenSSH format on your backup space. Do not save the key in RFC4716 format. For a more detailed guide, please see our Wiki page Backup Space SSH Keys.

Important note: For SSH key authentication, you must save a public SSH key in normal OpenSSH format on your backup space. Do not save the key in RFC4716 format. For a more detailed guide, please see our Wiki page Backup Space SSH Keys.

Please also note that only the directory /home/ is writable on the backup space. To address directories or files on the backup space, we therefore recommend that you use relative paths. For example, to download the file /server1/full_backup.tar.gz from the backup space, you can use the following file paths:

server1/full_backup.tar.gz
./server1/full_backup.tar.gz

Interactive SSH access is not allowed.

BorgBackup

With BorgBackup, you can save encrypted and duplicate backups on your backup account. You can find a guide for how to do this at BorgBackup/en.

rsync

You can use rsync to synchronize the current state of your file directories to your backup space. For example, to synchronize a local directory to the backup space, you can use rsync as follows:

rsync --progress -e 'ssh -p23' --recursive <local directory> <username>@<username>.your-backup.de:./<target directory>

To re-download a directory from the backup space, you only need to swap the directories:

rsync --progress -e 'ssh -p23' --recursive <username>@<username>.your-backup.de:./<directory> <local directory>

Please note that it is not possible to customize the user and group ID of the uploaded files.

SCP via port 23

You can also use SCP via port 23. To upload a file via SCP, you can execute the following command:

scp -P 23 <local file> <username>@<username>.your-backup.de:<remote file>

To download the file again, you only have to swap the target and source files:

scp -P 23 <username>@<username>.your-backup.de:<remote file> <local file>

SFTP

Accessing your backup space via SFTP is similar to accessing it with an FTP client. To start an SFTP session, please execute the following command:

sftp -P 23 <username>@<username>.your-backup.de

You can then upload files using put and download them using get. With ls you get a directory listing:

sftp> put 100MB.file
Uploading 100MB.file to /home/100MB.file
100MB.file                           100%  100MB  78.7MB/s   00:01
sftp> ls -ahl
drwxr-xr-x    0 12345      12345     16B  Mar 28 10:55 .
dr-x--x--x    0 0          0         10B  Mar 27 12:16 ..
-rw-r--r--    0 12345      12345     100M Mar 28 11:34 100MB.file
sftp> get 100MB.file
Fetching /home/100MB.file to 100MB.file
/home/100MB.file                     100%  100MB 110.6MB/s   00:00
sftp> quit

IPv6

You can also reach your backup space under the same DNS name via IPv6.

Determine available backup space

To find out how much backup space is still available (be it in backup scripts or status emails), you can use the 'sftp' program:

apt-get install sftp
echo "df"     | sftp <username>@BACKUPSERVER
echo "df -h"  | sftp <username>@BACKUPSERVER
echo "df -hi" | sftp <username>@BACKUPSERVER

Under certain circumstances, lftp can return wrong values; therefore it is better to use the variant with sftp. Below is the variant with lftp:

# apt-get install lftp
# echo du -hs .  \
| lftp -u <username>,<password> BACKUPSERVER

You can also embed the command in Tartarus using a hook. To do this, insert the following lines into the Tartarus configuration:

TARTARUS_POST_PROCESS_HOOK() {
echo "du" | /usr/bin/lftp -u "$STORAGE_FTP_USER,$STORAGE_FTP_PASSWORD" "$STORAGE_FTP_SERVER" | awk -v LIMIT=100 '$2=="." {print ((LIMIT*1024*1024)-$1)/1024 " MiB backup space remaining"}'
}

In order to always get a reliable value, we recommend that you use Robot to display the amount of occupied backup space.



© 2019. Hetzner Online GmbH. Alle Rechte vorbehalten.