Home > Support > HOWTO List > Linux > Backup FTP Server

Working with Linux howtos

Backupspace Server: Offsite Backups that You Control

RimuHosting performs full backups of your VPS file system each week. In addition all recent VPSs run on RAID file systems that protect your data in the event of a drive failure.

If you would like to make an offsite backup of key files or database dumps you can use our backup server. backupspace.rimuhosting.com is running vsftpd (the same FTP server used by Linux's kernel.org). As well as FTP, it also runs SSH that can be used for tools like rsync, scp and SFTP (and more, see below). Each RimuHosting customer is allocated a 300MB file space quota on this server (you can purchase more space if you need it).

Our vsftpd server uses TLS/SSL to encrypt all backup traffic between it and your VPS. Not all FTP clients support this TLS/SSL. lftp does. And we recommend it highly for its powerful scripting capabilities.

Getting Started with Backupspace

To get started, first create an FTP account from the RimuHosting control panel. Then decide if you want to use the SSH features, or FTP and follow the notes below.

Backupspace SSH Features

Customers can access their data via ssh-based tools (like rsync, scp and sshfs), rather than just via FTP.

Some of the things you can do with SSH include...

MySQL dump directly to backupspace:
mysqldump -u root -p mydatabase | ssh username@backupspace.rimuhosting.com "dd of=mydatabase.sql"

View list of files:
ssh username@backupspace.rimuhosting.com "ls -la"

Check the integrity of your backups:
ssh username@backupspace.rimuhosting.com "md5 -c backups.md5"

SSH keys can be added to '.ssh' for automated backups etc e.g.:
scp .ssh/id_rsa.pub username@backupspace.rimuhosting.com:.ssh/authorized_keys

The RSA key fingerprint of backupspace.rimuhosting.com is:
65:b7:7e:e3:fb:fd:4b:60:fa:f9:d6:60:2f:32:03:1a

Use rsync to perform backups:
rsync --rsh=ssh --archive backupdata username@backupspace.rimuhosting.com:

sshfs is supported. So you can mount the backupspace inside your RimuHosting server. For example:


$ mkdir sshmnt
$ sshfs username@backupspace.rimuhosting.com: sshmnt
$ cd sshmnt
$ ls -la
total 12
drwx------  1 1048 1048 4096 2008-10-28 15:55 .
drwxr-xr-x 11 carl carl 4096 2008-10-28 15:37 ..
drwx------  1 1048 1048 4096 2008-10-28 15:02 .ssh

$ df -h sshmnt
Filesystem            Size  Used Avail Use% Mounted on
username@backupspace.rimuhosting.com:
                     1000G     0 1000G   0% /path/to/sshmnt

If you get errors when trying to use sshfs (e.g. 'fuse: device not found') make sure /dev/fuse exists. If not, create it with:

mknod /dev/fuse -m 0666 c 10 229

For following binaries are available to the chroot-ed backupspace users:
/usr/lib/openssh/sftp-server, /usr/bin/rsync, /usr/bin/scp, /bin/ls, /bin/rm, /bin/mv, /bin/dd, /bin/cp, /bin/mkdir, /bin/rmdir, /bin/echo, /bin/ln, /bin/chmod, /bin/chown, /usr/bin/md5sum, /usr/bin/sha256sum

Remote SSHFS and Rdiff-backup

Due to the number of requests we now have written a backup script you can use. You can find that here

Remote FTP Backup Recipe

To run a regular interactive FTP session:

lftp -u 'username,password' backupspace.rimuhosting.com

To backup one or more files:

lftp -u 'username,password' backupspace.rimuhosting.com -e "set ftp:ssl-protect-data true; mput /local/dir/files* /remotedir; exit"

You need to set ftp:ssl-protect-data else you will not be able to store the file. If you want to make this a
default option, add it to the lftp.conf file. e.g. :

grep -qai "set ftp:ssl-protect-data true" /etc/lftp.conf || echo "set ftp:ssl-protect-data true" >> /etc/lftp.conf

To restore a file from the FTP server to your VPS:

lftp -u 'username,password' backupspace.rimuhosting.com  -e "set ftp:ssl-protect-data true;mget /remotedir/files* -O /localdir; exit"

The -O option is not required it you wish to store to the current local directory.

To mirror a whole directory to the FTP server:

lftp -u 'username,password' backupspace.rimuhosting.com \
-e "set ftp:ssl-protect-data true;mirror --reverse /local/dir/name remotedirname; exit"

The --reverse means that the 'mirroring' is going in the reverse direction than 'normal'. i.e. from your server to the backup server. If you run man lftp there are a few other options to choose from. e.g. --delete to delete files on the backup server that do not exist locally. Or --continue to continue a mirror job. Or --exclude files to exclude certain files from the transfer.

To restore a whole directory from the FTP server to your VPS:

lftp -u 'username,password' backupspace.rimuhosting.com -e "set ftp:ssl-protect-data true;mirror remotedirname /local/dir/name;exit"

To create a nightly cronjob that uploads a directory to the backup FTP server, create a /etc/crond.daily/ftpbackup file like this:


#!/bin/bash
lftp -u 'username,password' backupspace.rimuhosting.com -e "set ftp:ssl-protect-data true;mirror --reverse /local/dir/name remotedirname;exit" > /dev/null

Run chmod +x /etc/cron.daily/ftpbackup. Then check the files have been mirrored as you expect the next day.

Creating a daily postgres backup

In order to create backup of your postgres databases you can do the following:


cat >/etc/cron.daily/backup_pgsql <<EOF
#!/bin/bash

cd /var/spool/backup
su postgres -c "pg_dumpall" > backup-\`date +'%Y%m%d%H%M%S'\`

for i in \`ls /var/spool/backup --sort=time | tail -n +10\`; do rm -rf \$i; done

lftp -u username,password backupspace.rimuhosting.com -e "set ftp:ssl-protect-data true; mirror --reverse --delete /var/spool/backup postgresbackup; exit"
EOF
mkdir /var/spool/backup
lftp -u username,password backupspace.rimuhosting.com -e "mkdir postgresbackup; exit"
chmod +x /etc/cron.daily/backup_pgsql

This will create daily backups keeping the 10 most recent backups at any time.

Troubleshooting the Backup FTP

If the files you upload end up as 0 byte files, check you have not exceeded your quota by looking at your usage in the control panel.

If you are running into problems run debug 9 from inside an interactive lftp session. That will output log information that may help you determine the problem.

If you are using an FTP client other than lftp and cannot log into the FTP server, check it supports FTP over TLS/SSL. If not consider using lftp.

Resolving 'Access failed: 521 Data connections must be encrypted': Our vsftpd FTP server daemon will only transfer data that is encrypted over TSL/SSL. You need to set the ftp:ssl-protect-data option on lftp (see above).

Resolving Certificate Verification Error Messages

Do you get an error like this?


WARNING: Certificate verification: unable to get local issuer certificate

WARNING: Certificate verification: certificate not trusted

WARNING: Certificate verification: unable to verify the first certificate

In that case you need to add the signer of our backupspace.rimuhosting.com certificate (Equifax Secure Inc.) to your certificate list. Paste the following certificate to the end of /usr/share/ssl/certs/ca-bundle.crt:

(There is a set ssl:verify-certificate no lftp option which should obviate the need for this change, however that setting does not appear to work. At least on the lftp versions we tested.)

Debian's lftp

Debian has put out versions of lftp without ssl support. If you do not have ssl support enabled, then you can build your own lftp with SSL support (e.g. see http://shnoo.gr/articles/2006/02/22/apt-get-and-building-from-source

Things to keep backups of

all website files,
monitoring history (eg cacti or munin graphs)
all databases (including users and permissions tables)
scheduled tasks (custom cron jobs, user crontabs, atd tasks etc)
(all?) configuration files from /etc
user account files (stuff in /home and /root)
custom tools (eg things in /usr/local, /opt)
list of installed packages (rpm -qa | sort -n > packagelist)
repositories (git, svn, cvs etc)

launchtimevps.com - Cloud VM servers from RimuHosting