Yet another small how-to that will work mainly as a way for myself to remember how I did setup a QNAP NAS Appliance to use rsync with ssh and make backup of a VPS. This is very useful whenever you want to have your NAS working over the night and make a duplicate of data of something important from your VPS.
I am not going to cover how to setup rsync and what commands to use. This is out of scope. I am more concerned about the setup in QNAP.
Enable SSH on your QNAP
Let’s make sure we have Qnap accessible via SSH. You can use whatever non-standard port for it. I personally do not have it exposed on the Web so it does not really matter:
You can decide also what used will be enabled to access SSH and I recommend to have a standard user to do so as well as the root/admin one. Unfortunately to use the command “cronatb -e” (we will need it later) you need to be root.
We now want to access via SSH to our QNAP NAS and start the setup there. I am used to do everything with admin user and run some of the needed commands from standard user with the “sudo -u” option.
Setup User and Rsync on QNAP
Once logged in as admin you will need as first step to create the SSH key pair for your user in order to be able to login on your VPS without being asked for a password. Let’s do it:
sudo -u <your_standard_user> ssh-keygen -b 4096
If you want to avoid to create passwords using your root/admin account you can login with your standard user and run the following commands without prepending sudo -u <your_user>.
It will take a while to generate the pair and you will be then asked to decide where to store the key pair as well as what passphrase to use. As we do not want to be promoted for a password we do not want to use any passphrase:
# sudo -u <your_user> ssh-keygen -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/share/homes/<your_user>/.ssh/id_rsa):
/share/homes/<your_user>/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /share/homes/<your_user>/.ssh/id_rsa.
Your public key has been saved in /share/homes/<your_user>/.ssh/id_rsa.pub.
The key fingerprint is:
The key’s randomart image is:
As you can see above I already had the keys and I decided to overwrite them.
You should be already have the possibility to use rsync on your QNAP NAS, if not it should be just a matter of enabling backup/restore options.
Safely copy your new pub-key to your VPS
It is now time to copy the newly created ssh pub key to your VPS. You need to do it in a secure way and at this point in time I believe your only option is to use scp commands as I do not expect you have any other option to access your VPS. So let’s do it.
From your NAS, being connected via SSH with standard user, let’s run the command to copy the public key to VPS:
$ cd /share/homes/<your_user>/.ssh
$ cat id_rsa.pub | ssh <vps_user>@<your_VPS_IP> ‘cat >> .ssh/authorized_keys’
Of course you will be asked to provide a password to upload the public key to the authorized ones, but this will be only this time.
One critical info is that you now need to make sure you have correct permissions on the directory and files related to your keys on NAS, otherwise the private key will not be used to connect and you will be prompted for the password again. This will make all our efforts completely un-useful to automate the process of the backup!
Once again form the NAS cli, standard user:
$ chmod 700 /share/homes/<your_user>/.ssh
$ chmod 600 /share/homes/<your_user>/.ssh/id_rsa
You can now test if you can login to your VPS without typing a password!
If you are going to backup files that require root privileges you will need to add your NAS SSH Public key also to the root user of your VPS. You can do it simply repeating steps above to copy the public key to your root user.
Prepare folders for your backups and use crontab to automate rsync
You are now ready to leverage rsync in order to login into your VPS and sync remote folders with local ones. First step you will need is to create folders on NAS where you will store the remote data as well as a shell file that will call the command we will need to run. It’s absolutely up to you to decide where you will create this folder but it has to be in a place where the user that will be calling rsync has read and write permissions.
Next and critical step is to actually prepare the shell file you will use to launch the rsync commands. The most important aspect of it is that you will have to call it from NAS root user while leveraging sudo to tell the NAS to laucnh the rsync from your standard user.
Once again from the NAS cli, standard user, let’s create the shell file(s) to launch our backup:
$ cd /share/<your_user>/<your_backup_folder>
$ vi my_vps_backup.sh
You can now enter in vi Input mode typing “i” and you can add something like the following:
sudo -u <your_nas_standard_user> rsync -avzh –delete -e ‘ssh’ <your_vps_user>@<your_vps_IP>:/<folder_to_backup> /share/<your_NAS_user>/<your_backup_folder>
note the utilization of sudo -u. Please bear in mind that the options of rsync I mention above need to be tested on your side, I am not responsible of any issue caused by them, you have been warned!! If you are curious about what they do man pages of rsync will be of a big help but for simplicity I mention that they do following:
This would recursively transfer all files from the directory <folder_to_backup> of the remote VPS into the /share/<your_NAS_user>/<your_backup_folder> of the NAS. The files are transferred in “archive” mode, which ensures that symbolic links, devices, attributes, permissions, ownerships, etc. are preserved in the transfer. Additionally, compression will be used to reduce the size of data portions of the transfer.
After you finish creating the file you can click the sequence “ESC –> : –> x” to save and exit the file. I strongly recommend to test if this file will be doing what you expect and most important I warn you for the second time to be absolutely careful with what you do with Rsync!!
Modify crontab on NAS to automate the VPS backup as per your needs
This is last step of this guide. If you followed till here you already have access to your VPS from NAS via SSH without typing a password and your rsync command is ready to be used. Now is time to configure crontab on Qnap NAS. This is something you can do only form the admin/root user of the NAS as crontab is only available to it (as far as I am aware).
Then login into your NAS CLI as admin user and type the command crontab -e.
Crontab will open in edit mode. It is essentially the configuration file of crontab wirthin VI editor. All you need to do is to add a new line to call the script you created before at the time and with frequency that most fits your needs. So, click the “i” letter to enter in edit mode and add your line similar to this one:
10 4 * * 2 /share/<your_user>/<your_Backup_folder>/my_vps_backup.sh
I am not going to explain what the above means as it is a standard cron line 😛
That’s it, enjoy now your automated backup!!