# TISBackup This is the repository of the TISBackup project, licensed under GPLv3. TISBackup is a python script to backup servers. It runs at regular intervals to retrieve different data types on remote hosts such as database dumps, files, virtual machine images and metadata. ## Install using Compose Clone that repository and build the pod image using the provided `Dockerfile` ```bash docker build . -t tisbackup:latest ``` In another folder, create subfolders as following ```bash mkdir -p /var/tisbackup/{backup/log,config,ssh}/ ``` Expected structure ``` /var/tisbackup/ └─backup/ <-- backup location └─config/ ├── tisbackup-config.ini <-- backups config └── tisbackup_gui.ini <-- tisbackup config └─ssh/ ├── id_ed25519 <-- SSH Private Key (Ed25519 recommended) └── id_ed25519.pub <-- SSH Public Key compose.yaml ``` Adapt the compose.yml file to suits your needs, one pod act as the WebUI front end and the other as the crond scheduler ```yaml services: tisbackup_gui: container_name: tisbackup_gui image: "tisbackup:latest" build: . volumes: - ./config/:/etc/tis/ - ./backup/:/backup/ - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro environment: # SECURITY: Set a unique secret key for Flask session security # Generate with: python3 -c "import secrets; print(secrets.token_hex(32))" - TISBACKUP_SECRET_KEY=your-secret-key-here-change-me restart: unless-stopped ports: - 9980:8080 tisbackup_cron: container_name: tisbackup_cron image: "tisbackup:latest" build: . volumes: - ./config/:/etc/tis/ - ./ssh/:/config_ssh/ - ./backup/:/backup/ - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro restart: always command: "/bin/bash /opt/tisbackup/cron.sh" ``` ## Configuration ### SSH Keys * **Generate SSH keys** (Ed25519 recommended): ```bash # Ed25519 (most secure, recommended) ssh-keygen -t ed25519 -f ./ssh/id_ed25519 -C "tisbackup@yourserver" # Or ECDSA (also secure) ssh-keygen -t ecdsa -b 521 -f ./ssh/id_ecdsa -C "tisbackup@yourserver" # Or RSA (legacy, minimum 2048 bits) ssh-keygen -t rsa -b 4096 -f ./ssh/id_rsa -C "tisbackup@yourserver" ``` **⚠️ Note:** DSA keys are no longer supported due to security vulnerabilities * Copy public key to remote servers: ```bash ssh-copy-id -i ./ssh/id_ed25519.pub root@remote-server ``` ### Configuration Files * Setup config files in the `./config` directory * **SECURITY**: Generate and set a secure Flask secret key: ```bash # Generate a secure random secret key python3 -c "import secrets; print(secrets.token_hex(32))" ``` Then add it to your `compose.yml` as the `TISBACKUP_SECRET_KEY` environment variable **tisbackup-config.ini** ```ini [global] backup_base_dir = /backup/ # backup retention in days backup_retention_time=90 # for nagios check in hours maximum_backup_age=30 [srvads-poudlard-samba] type=rsync+ssh server_name=srvads.poudlard.lan remote_dir=/var/lib/samba/ compression=True ;exclude_list="/proc/**","/sys/**","/dev/**" # Use Ed25519 key (recommended), or ECDSA/RSA (DSA not supported) private_key=/config_ssh/id_ed25519 ssh_port = 22 ``` **tisbackup_gui.ini** ```ini [general] config_tisbackup= /etc/tis/tisbackup-config.ini sections= ADMIN_EMAIL=josebove@internet.fr base_config_dir= /etc/tis/ backup_base_dir=/backup/ ``` Run! ```bash docker compose up -d ``` ## NGINX reverse-proxy Sample config file ```nginx server { listen 443 ssl http2; # Remove '#' in the next line to enable IPv6 # listen [::]:443 ssl http2; server_name tisbackup.poudlard.lan; ssl_certificate /etc/letsencrypt/live/tisbackup.poudlard.lan/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/tisbackup.poudlard.lan/privkey.pem; # managed by Certbot location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_pass http://localhost:9980/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } ``` ## About [Tranquil IT](contact_at_tranquil_it) is the original author of TISBackup. The documentation is provided under the license CC-BY-SA and can be found on [readthedoc](https://tisbackup.readthedocs.io/en/latest/index.html).