libresh / libre.sh

Moved to https://lab.libreho.st/libre.sh/compose.libre.sh
GNU Affero General Public License v3.0
189 stars 22 forks source link

Better backup! #141

Closed pierreozoux closed 6 years ago

pierreozoux commented 7 years ago

(I develop http://libre.sh and the backup is for that, but could be applied to any docker host) The current directory structure on server A is (the server to backup): /data /domains/ piwik.example.org wordpress.example.org

The problem to solve is to make a backup of all these domains. A backup means:

So the first idea, would be to loop though the domains, and copy them to another server. They have databases inside, so it means, we need to do a dump before copying.

the dump label

The idea is to add a label dump that would contain instruction for the db on how to dump the data. Then the script would loop though the containers to execute the dump command before copying the files.

secure the backup

The problem to solve is how to be sure the data are secured. There are many strategies, pull, push, append... I'm fascinated by the last one. But it is not really available. So here is the idea to make it somehow possible.

the distant server B is an ssh server. For each domain:

On the remote server, then we need to perform regularly the following:

This way backup are secured. If A get compromised, the attacker has access to the data, but can't erase the backups. If B get compromised, the attacker doesn't have access to the data, and can't erase original data!

pascalandy commented 7 years ago

+1 :)

pierreozoux commented 6 years ago

I now switched to borg, and I'm really happy so far! https://git.indie.host/meta/borg-server/