(I develop http://libre.sh and the backup is for that, but could be applied to any docker host)
The current directory structure on server A is (the server to backup):
/data
/domains/
piwik.example.org
wordpress.example.org
The problem to solve is to make a backup of all these domains. A backup means:
I want to be able to rollback
I want to have a secure copy somewhere else in case of disaster (fire, data loss, vulnerability...)
So the first idea, would be to loop though the domains, and copy them to another server.
They have databases inside, so it means, we need to do a dump before copying.
the dump label
The idea is to add a labeldump that would contain instruction for the db on how to dump the data.
Then the script would loop though the containers to execute the dump command before copying the files.
secure the backup
The problem to solve is how to be sure the data are secured. There are many strategies, pull, push, append... I'm fascinated by the last one. But it is not really available. So here is the idea to make it somehow possible.
the distant server B is an ssh server.
For each domain:
I execute the dump command for every container that has the dump label
I duplicity the full content (live db + dump) to the remote ssh server
with duplicity I can use encrypted incremental :)
I log to this server with a unprivileged user
On the remote server, then we need to perform regularly the following:
clean old files
own them as root, and give only read access to the distant user
This way backup are secured.
If A get compromised, the attacker has access to the data, but can't erase the backups.
If B get compromised, the attacker doesn't have access to the data, and can't erase original data!
(I develop http://libre.sh and the backup is for that, but could be applied to any docker host) The current directory structure on server A is (the server to backup): /data /domains/ piwik.example.org wordpress.example.org
The problem to solve is to make a backup of all these domains. A backup means:
So the first idea, would be to loop though the domains, and copy them to another server. They have databases inside, so it means, we need to do a dump before copying.
the dump label
The idea is to add a label
dump
that would contain instruction for the db on how to dump the data. Then the script would loop though the containers to execute the dump command before copying the files.secure the backup
The problem to solve is how to be sure the data are secured. There are many strategies, pull, push, append... I'm fascinated by the last one. But it is not really available. So here is the idea to make it somehow possible.
the distant server B is an ssh server. For each domain:
On the remote server, then we need to perform regularly the following:
This way backup are secured. If A get compromised, the attacker has access to the data, but can't erase the backups. If B get compromised, the attacker doesn't have access to the data, and can't erase original data!