vamp
March 23, 2021, 11:24pm
1
Hello there,
I will plan that i use restic to backup my datas between two location. (WAN connected, VPN)
I read a lot of good thing this method (deduplication, encrypt, etc…)
The source system a nethserver 7.9.2009, the destination is a CentOS 7 (mininal) that run a restic REST server (via Docker container)
First i try to set this up on web GUI, but the restic REST server option is missing, when i use wizard.
Now use this command (from official docu.):
db backups set test restic VFSType rest BackupTime '* * * * *' CleanupOlderThan never Notify error NotifyTo 'email' status enabled RestDirectory test RestHost 'hostame' RestPassword 'password' RestPort 5675 RestProtocol http RestUser 'user'
signal-event nethserver-backup-data-save test
It working well, but not so comfortable (especially if i would like to change someting after creation)
It possible to somehow integrate this feature to the GUI?
giacomo
March 24, 2021, 10:52am
2
You’re the first one asking for it
Since you’re target is a CentOS, may I suggest to setup a different server? Something like SFTP, Minio, etc.
vamp
March 24, 2021, 11:38am
3
@giacomo
Yes, of course the SFTP is simple, but e read the Restic documentation , that the REST server is more efficient like SFTP.
I will also try Minio,it seems not so complicated to install it, run similar like REST (Docker container)
vamp
March 24, 2021, 3:11pm
4
@giacomo
Well i try minio, but every time i get this:
Try mc client to test the connection and seems it working well. I try all of combitnation the link, but not work.
Do you know the right link format?
giacomo
March 24, 2021, 3:25pm
5
I guess you have to use the virtualhost format: bucketname.mini.server
I’ve tried Minio some years ago, maybe something is changed in the meanwhile.
vamp
March 24, 2021, 3:58pm
6
@giacomo
try this, but not working.
vamp
March 24, 2021, 9:25pm
7
@giacomo
Well, i try this command:
db backups set test2 restic VFSType s3 BackupTime '15 7 * * *' CleanupOlderThan never Notify error NotifyTo root@localhost status enabled Prune always S3AccessKey admin S3Bucket test S3Host http://hun400-29v.hft.rosenberger.local:9000 S3SecretKey 'password' status enabled
and yes… it working well
So i’m very similar situation with rest server… no option to create or modify it via GUI…
OK, i see, “use command line” but possible that sometimes it easy o use the GUI. (or there is some “evolved on windows” collegues
mrmarkuz
March 24, 2021, 9:36pm
8
Please try the following to get a more detailed error:
You could try to test the connection with curl:
You may edit /usr/libexec/nethserver/api/system-backup/check-s3 and change curl -s to curl -v and run the script manually to see if it produces errors:
/usr/libexec/nethserver/api/system-backup/check-s3 <ACCESS_KEY> <SECRET_KEY> <BUCKET> <HOST>
1 Like
vamp
March 24, 2021, 10:19pm
9
@mrmarkuz
[root@hun25-09v ~]# /usr/libexec/nethserver/api/system-backup/check-s3 admin password test2 hun400-29v.hft.rosenberger.local:9000
* Could not resolve host: test2.hun400-29v.hft.rosenberger.local; Unknown error
* Closing connection 0
curl: (6) Could not resolve host: test2.hun400-29v.hft.rosenberger.local; Unknown error
Hmm i think it is the problem:
Hello @mrmarkuz and Nethserver forum,
I’ve provided Markus with a test S3 account from my S3 provider. Markus confirmed that Nethserver uses ‘subdomain style’ - https://{BUCKET}.{HOST}/${file_to_upload} connect to S3. My S3 provider uses ‘Path Style’ for S3 connections so this is the reason that Nethserver backup GUI cannot connect to my S3.
Nextcloud allows for both types of S3 connections so my hope is that Nethserver is able to update the backup GUI to also allow for both S3 connection…
I also hope so
vamp
March 25, 2021, 12:54am
10
@mrmarkuz @giacomo
Well… OK.
Now i able to work it, but it need some tweak.
First is minio side
Add this Env. variable to docker container:
MINIO_DOMAIN=mydomain.com
See this:
https://docs.min.io/docs/minio-server-configuration-guide.html
and set https (nethserver check srcipt is hard coded to https, not accept http, if i write it to the GUI). I use self-signed one (it is a local network), unfortunately it will cause problem, see above.
next, create a new DNS entry on nethserver with wildcard, that point to the minio server hostname.
and last, need to rewrite the /usr/libexec/nethserver/api/system-backup/check-s3, because curl default not support the self-signed cert, so need to add --insecure switch.
first is not part of this theme (my fault) but this and the second one it would be good that you write it to the documentation.
the third one: my suggestion that put a little checkbox on gui that set that it use self-signed cert. (i think not so frequent use signed-cert with minio server in local network)
1 Like
vamp
March 25, 2021, 12:03pm
11
…and one step is missing
Need to add the generated certs to the nethserver cert manager.
My last question is:
I modify the check-s3 file (add --insecure flag) it will cause any problem that i update the nethserver or it generate automatically? How to resolve this a “better and pretty” way?
mrmarkuz
March 25, 2021, 12:24pm
12
Maybe the check-s3 file will be updated in the future but there should be no problem with an already configured backup.
1 Like
