Vous êtes ici

Backup a web site from a machine running Microsoft Windows and Cygwin

Adapting the backup procedure described here to Microsoft Windows XP and Cygwin gives:

  • install Cygwin. Most important packages to install: cron, openssh and rsnapshot. As I prefer emacs to vi, I add emacs as well.
  • on the machine running the web site, create the account backupapp (in my case, the machine runs Ubuntu 12.04, and the user backup already exists).
  • add this user to group www-data
  • in Cygwin, check that rsync works:
rsync -avz -e ssh backupapp@mywebsite.com:/var/www/website /home/myself/backup/website/

  • in Cygwin, create an ssh key pair. Do not set a passphrase (think twice at security consequences for your local computer).
mkdir rsync
ssh-keygen -t dsa -b 1024 -f rsync/mirror-rsync-key
  • move the public key to web site machine:
scp rsync/mirror-rsync-key.pub backupapp@mywebsite.com:/home/backupapp/
  • on web site machine, create he file authorized_keys, under backupapp account:
mkdir .ssh
chmod 700 .ssh
mv mirror-rsync-key.pub .ssh/.
cd .ssh/
touch authorized_keys
chmod 600 authorized_keys   
cat mirror-rsync-key.pub >> authorized_keys
  • add following clauses at start of authorized_keys file contents, so that only rsync connections will be accepted. Separate those clauses from what is already in the file, using a space character:
command="/home/backupapp/rsync/checkrsync",no-port-forwarding,no-X11-forwarding,no-pty
  • create file ~/rsync/checkrsync, with following contents:
#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
        *\&*)
                echo "Rejected"
                ;;
        *\(*)
                echo "Rejected"
                ;;
        *\{*)
                echo "Rejected"
                ;;
        *\;*)
                echo "Rejected"
                ;;
        *\<*)
                echo "Rejected"
                ;;
        *\`*)
                echo "Rejected"
                ;;
        rsync\ --server*)
                $SSH_ORIGINAL_COMMAND
                ;;
        *)
                echo "Rejected"
                ;;
esac
  • set up its protection:
chmod 700 ~/rsync/checkrsync
  • on local machine (PC running Windows), start cron in Cygwin (replace localuser by your local user name):
$ cron-config
Do you want to install the cron daemon as a service? (yes/no) yes
Enter the value of CYGWIN for the daemon: [ ] ntsec
You must decide under what account the cron daemon will run.
If you are the only user on this machine, the daemon can run as yourself.
   This gives access to all network drives but only allows you as user.
Otherwise cron should run under the local system account.
  It will be capable of changing to other users without requiring a
  password, using one of the three methods detailed in
  http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
Do you want the cron daemon to run as yourself? (yes/no) yes
Please enter the password for user 'localuser':
Reenter:
Running cron_diagnose ...
WARNING: You do not currently have a crontab file.
... no problem found.
Do you want to start the cron daemon as a service now? (yes/no) yes
OK. The cron daemon is now running.
In case of problem, examine the log file for cron,
/var/log/cron.log, and the Windows event log (using /usr/bin/cronevents)
for information about the problem cron is having.
Examine also any cron.log file in the HOME directory
(or the file specified in MAILTO) and cron related files in /tmp.
If you cannot fix the problem, then report it to cygwin@cygwin.com.
Please run the script /usr/bin/cronbug and ATTACH its output
(the file cronbug.txt) to your e-mail.
WARNING: PATH may be set differently under cron than in interactive shells.
         Names such as "find" and "date" may refer to Windows programs.
  • to be able to use emacs when editing crontab, add following line to .bash_profile:
export EDITOR=emacs
  • with the command crontab -e, edit crontab (remove newlines where appropriate):
HOME=/home/localuser
PATH=/usr/local/bin:/usr/bin:/bin:$PATH
00 05 * * * /usr/bin/rsync -avz --delete -e "ssh -i rsync/mirror-rsync-key"
backupapp@mywebsite.com:/var/www/website/
/home/myself/backup/website/
  • to test that cron works OK, add the entry below to crontab. File testfile should be created and its timestamp modified every minute, if cron works correctly.
* * * * * touch testfile