lotetreemedia Posted February 25, 2019 Share Posted February 25, 2019 On 2/24/2019 at 2:43 AM, maxse said: Oh mannn @yusuflimz you are THE man! I didn't know why I didnt think of that! I've always had unraid running stock, never bothered to create a user or password or anything like that. Completely forgot that I could set it up that way! Thank you soooo much for showing me everything with the pictures, etc... awesome! Would I be able to try this out to see if it works with both of the servers on my own network? I think it should still work if minio is set up right? And also, in terms of security and letsencrypt/ngenx and forwarding one port to the server, is that still secure? I set up ombi at one point when I was playing around with it, but actually took it down because people said it's not good to open ports to unraid, etc... Not sure if that also applies to this set up, etc... I'm not exactly sure how the reverse proxies work and if it's considered still secure to do it this way? Thank you soooo much!!! It's your data chief Full disclosure, All of this is uncharted territory (for me personally) and I'd have zero liability if something went wrong. If I were you id test, test, and then test. try doing a proof of concept. Use the cloudberry trial to backup some small data to minio on your LAN. Change the data (Add some files , remove some files, update some files)without doing a backup Take that machine to your friend place, setup port forwarding to minio and duckDNS. Update your cloudberry container to point to duckDNS. Run the update task again on your source machine. Expected behavior should be: Added files are now present in the backup and it didn't re-run the entire backup. updated files are updated in the backup. you're able to restore the files you deleted. Hopefully your friend isn't located on the other side of the pond! Quote Link to comment
tr0910 Posted February 27, 2019 Share Posted February 27, 2019 Hidden shares at your friends house is only secure if your friend doesn't change the shares back to visible. In effect, whoever owns the server and has access to the web ui for server maintenance has visibility to your files in whatever shape Cloudberry leaves them in. Sent from my chisel, carved into granite Quote Link to comment
maxse Posted March 6, 2019 Author Share Posted March 6, 2019 On 2/27/2019 at 6:44 PM, tr0910 said: Hidden shares at your friends house is only secure if your friend doesn't change the shares back to visible. In effect, whoever owns the server and has access to the web ui for server maintenance has visibility to your files in whatever shape Cloudberry leaves them in. Sent from my chisel, carved into granite Oh yeah true. Silly question, but can the webui be password protected by setting a user password? ive never bothered setting up users or any passwords in the past 5 years on unraid 5. But I was the only user and didn’t open it up to the internet and never had backups. Quote Link to comment
lotetreemedia Posted March 6, 2019 Share Posted March 6, 2019 You are a security nightmare Ofcourse you can set a username and password for the UI. It's the root user. Go to Users > Root Set the password for that account. Next time you login: Quote Link to comment
maxse Posted March 6, 2019 Author Share Posted March 6, 2019 Lol. You guys rock! btw, with this method having cloudberry connect to minio for incremental backups... Do you guys think I’ll still need to learn btrfs and how to do the snapshots to protect against crypto? I’m concerned if I inadvertently do a backup with a crypto virus without realizing it and it runs to the remote backup server... or is this not really in issue because no files will be actually run on the remote backup server since it’s only storing files? I’m thinking worst case I wipe main server. Re-install unraid with cloudberry. Then run cloudberry restore to restore all the files, etc... from an incremental backup some time before the crypto. But I just don’t want to have an issue if the crypto is going to encrypt EVERYthing on the backup server to the point that cloudberry won’t be able to read the previous backups... Quote Link to comment
maxse Posted March 8, 2019 Author Share Posted March 8, 2019 (edited) So I've had more time this week and continued to read everything I could here and on the different reddit groups... 2 Big things come to mind and I pretty much narrowed it down I think... Few questions: MAIN UNRAID 1) Any downsides to setting up Minio to connect to remote unraid for backups, as opposed the SSH method mentioned earlier in this thread that was used with rsync? 2) Borg program came up. Does pretty much everything I need it to and obfuscates and encrypts the file names also (unlike cloudberry). Only downside of borg seems that I would have to back it up on the local network first and THEN transfer that backup to the remote server. This could also be done with Minio it seems, but wonder if for this part I could use rsync with SSH, would it be easier without having to install minio, reverse proxies, etc?? -- issue with this is, I may have 40tb to back up... If using borg, I see it does compression, but does that mean I would in effect have to have double the space available? So 40tb to back up, I would need roughly additional 40tb free on the machine just for this backup, and then use another method to then transfer that new backup to the remote server.. 3) Duplicacy (NOT duplicati): Seems actually perfect because can backup and transfer right away without the need to have the extra space available on the main machine... but seems more involved.. But this seems like it can also encrypt filenames and can work with Minio as well? I wonder if I can substitute Duplicacy instead of rsync, and use Duplicacy+SSH??? ------- REMOTE UNRAID Lastly, for the big protection against crypto. The remote must be set up with BTRFS file system with snapshot configured.... This is something that I would need on the remote server no matter what backup option I choose to protect against possible crypto virus spreading since the snapshots are read-protected (correct?). Is this difficult to set up? Snapshots seam like a wonderful tool and Im surprised why it's not recommended to even run on a bread and butter machine. I did read that the btrfs still has bugs and sometimes people couldn't recover their filesss? But that seems more to do with its own inherent RAID function, which is not even going to be used in the unraid application... So can I count on this? Thoughts? *Again, I just want to make sure I select the definitive method before spending a tong of time then learning about that workflow thatI select. I'm also reading up on how to utilize my supermicro 24bay I bought 5 years ago that's still in the box that will be used for this. Lots of things going on haha. Looking forward to hearing from you guys. Everyone is so amazing, love this place! Edited March 8, 2019 by maxse Quote Link to comment
maxse Posted March 11, 2019 Author Share Posted March 11, 2019 So now that I pretty much figured out the method. Minio on remote server, then cloudberry to Minio, done... I call my buddy to confirm again that it's likely going to be a 4U case, so then he starts asking me about electricity, etc... I honestly had no idea this would even be an issue nor any clue how much it would cost... I figured a "low power" Xeon from one of JDM Waat's builds on reddit, could cost maybe $200 a year to be on 24/7... Well then things got weird because he started calculating that it's gonna cost $16/month for no reason, etc... So I don't even know now, looking not to even do this thing. I mean I guess $16/month my buddy would pay because of me is not that small amount. Adds up for sure! So I'm thinking of just figuring out a way to back up to external 10tb easy stores and be done. Just need a strategy (made a separate post). But did I get the costs about right? There's no way to get it cheaper for electricity right? I guess I can see why people would prefer to have a Synology if it uses half the power... Quote Link to comment
Hoopster Posted March 11, 2019 Share Posted March 11, 2019 2 hours ago, maxse said: But did I get the costs about right? There's no way to get it cheaper for electricity right? Of course, it depends upon your local electricity costs. My local costs are $.11 per kWh. My main server is on 24/7 and consumes about 30w at idle and about 70 watts under a typical load (I am rounding up). At idle, it would cost me about $2.37 a month and under a typical load about $5.57. The reality is it is somewhere in between because it neither idles nor is under load 24/7 for a month. What it will cost your/your buddy depends on your electricity costs and typical wattage consumption on your server. Quote Link to comment
JonathanM Posted March 11, 2019 Share Posted March 11, 2019 6 hours ago, Hoopster said: What it will cost your/your buddy depends on your electricity costs and typical wattage consumption on your server. It gets more complicated than that. If the local climate is such that air conditioning is called for a majority of the year, the cost is increased even more because all the power consumed by the computer is released as heat that needs to be removed. If, on the other hand, extra heat is needed during the year, the cost of the power the computer uses is offset by the reduced use of the heating system. If the location uses electrical resistance heat all year round, the net cost of the computer power is zero. Quote Link to comment
John_M Posted March 11, 2019 Share Posted March 11, 2019 12 hours ago, maxse said: I figured a "low power" Xeon from one of JDM Waat's builds on reddit, could cost maybe $200 a year to be on 24/7... Well then things got weird because he started calculating that it's gonna cost $16/month for no reason, etc... It's the same, pretty much. $200/year is $16.67/month, so maybe no so weird. Quote Link to comment
maxse Posted March 11, 2019 Author Share Posted March 11, 2019 I mean that the conversation with my buddy got weird when $$$ fell into the equation. That was unexpected since he was originally okay with it.. Quick question. Is it possible to have unraid turn off and then turn back on, on a schedule of sorts? I'm thinking to just have the server on at night from say 2am-8am for backup to complete. But it needs to be reliably turn itself on and off so that minio docker and cloudberry will be able to connect to it. Maybe some kind of a solution with raspberry pis sending a signal to each other with an IPMI motherboard or somehting? Quote Link to comment
Hoopster Posted March 11, 2019 Share Posted March 11, 2019 20 minutes ago, maxse said: Is it possible to have unraid turn off and then turn back on, on a schedule of sorts? Yes, it's possible. That what I do with my backup server through a script and ipmitool with my backup server with IPMI. The server powers on to receive the backup and powers off when done. As explained in this thread @tr0910 has an RPi to create a VPN to a remote IPMI server for backup. Quote Link to comment
maxse Posted March 12, 2019 Author Share Posted March 12, 2019 Niceee! I thought I remembered reading it. But it's part of the rsync script. Since I'm going to be using minio and cloudberry, how will cloudberry know when it can get started that the remote server has been powered on? Is cloudberry just something that could be part of a script like you guys did with rsync ssh? How would unraid know that cloudberry is finished backing up and to send the shut down command? Hoopster could you give me more details on what I need to do please? Where could I read about the IPMI tool and how to set it up. I guess I could figure out the PiVPN, but wouldn't know what to do after, and how to have the main unraid connect to that vpn to send the proper commands? I also saw in that thread that he switched to pure SSH and ditched the VPN, but I'm not sure if he was specifically referring to the rsync transfer being over SSH and he was still using the rpi VPN for the turning on and off. Quote Link to comment
Hoopster Posted March 12, 2019 Share Posted March 12, 2019 (edited) 50 minutes ago, maxse said: But it's part of the rsync script. Since I'm going to be using minio and cloudberry, how will cloudberry know when it can get started that the remote server has been powered on? Is cloudberry just something that could be part of a script like you guys did with rsync ssh? How would unraid know that cloudberry is finished backing up and to send the shut down command? I don't use Cloudberry and really know nothing about it so I do not know if it can be initiated by a script. If any of its functions are "scriptable" then, yes, you could just replace the rsync specific portions of the script with Cloudberry commands. I do not know if Cloudberry just automatically runs in the background when the server is up (like CrashPlan does) or if there is any way to start/stop it on command. At a minimum, you could have a script that starts your backup server and then just waits a few hours while, hopefully, Cloudberry does its thing, and then powers down the server after X amount of time. The only negative is that perhaps if there is a large backup Cloudberry will not finish. However, it should pickup where it left off the next time it runs. IPMItool is included in the Nerd Tools plugin. It is an easy command line method of controlling IPMI functions on the server. I use it to power on the server before the backup begins and then to do a soft shutdown (the normal way an unRAID server is shutdown) of the server when the backup complete. Here is the power on server command: ipmitool -I lan -H 192.168.1.16 -U xxxx -P xxxxx chassis power on And the shutdown command: ipmitool -I lan -H 192.168.1.16 -U xxxx -P xxxxx chassis power soft The xxxxx represent the IPMI admin user name and password. Of course on a local LAN I am not too concerned about passing username and password in the command line. Remotely over the Internet you would probably want that secured. Mine is on a local lan so you would have to use WAN commands/IP addresses. More on IPMItool can be found here. Edited March 12, 2019 by Hoopster Quote Link to comment
maxse Posted March 12, 2019 Author Share Posted March 12, 2019 Hoopster, you're the man! Thank you sooo much, will read more. I'm not too familiar with what IPMI is but understand it a way that a BIOS could even be controlled via a LAN connection. So the IPMI interface will have its own separate ethernet power and it's own separate IP address on the network, correct? Now what do you use to initiate a connection from your main unraid server into the rpi vpn to then be able to send the command? Also, do you know if the vpn and duckdns could both be running on the rpi at the same time, or is it part of the rpi vpn OS that will be installed on the rpi? I would need a dynamic dns, so running that also on the rpi would be ideal since the rpi will always be on and is super low power. Wow I love this! Learning so much, thank you SOOO much everyone. Love this community Quote Link to comment
maxse Posted March 12, 2019 Author Share Posted March 12, 2019 Hoopster, I just had a breakthrough! The dealbreaker with rsync originally for me was that I can't do encryption so an always-on server, someone at my buddies' place could see files since the drives are unlocked... Well, if I do it the way you're saying with the SSH and rsync, powering on and off when done. Then the contents will pretty much always be encrypted right? Is there any difference in security of the encrypted drive shut off, vs. cloudberry encrypting the live files themselves? And then also, with the SSH rsync method (again I dont know much about it since I went in another direction due to the encryption) can the key to unlock the drive also be passed in the SSH command? Or is that something that would be passed in the "separate" part via the VPN on the rpi that will signal unraid to turn on in the first place... ------ Also, again in that post it says he switched to just SSH and abandoned the rpi vpn, was he referring that the you could now also turn on and shut down unraid with just the SSH? Again if the encryption thing of the drive (since it will be enabled after backup is down with the shutdown command) is equivalent to having a file encrypted by cloudberry? Here we goooooo, haha. Looking more like the original suggestion of SSH w/ rsync is the winner lol Quote Link to comment
Hoopster Posted March 13, 2019 Share Posted March 13, 2019 @maxse You might also want to take a look at Zerotier. There is a docker container for it on unRAID and many users are using it rather than a VPN to access remote servers or connect to their server from remote clients. From what I understand it makes WAN devices look like they are on a local LAN and encrypts all traffic which would greatly simplify any scripting/rsync you may want to do. Quote Link to comment
maxse Posted March 13, 2019 Author Share Posted March 13, 2019 When the unraid is powered off isn’t that going to prevent zerotier from working since dockers are off? i think I’ve got the answer with the powering on and off of unraid with encrypted drives. Just need help answering the questions above about encryption and if drive encryption would be enough... and also how would I initiate the connection from main to remote server to start it? Can you you help me with the step by step please? If the encryption of the drive is as secure as having live files encrypted (and since I’m gonna send comments tk shut down array after rsync so drive will go back to being encrypted) then I’d like to use the SSH method with rsync which seems most reliable and doesn’t require additional software. Should I start a new thread asking about this specific method? I don’t even know where to go to set this up or how Quote Link to comment
maxse Posted March 14, 2019 Author Share Posted March 14, 2019 @Hoopster do you send the IPMI commands now via SSH also along with the rsync commands or is a separate vpn solution on a raspberry pi still needed for this (assuming the rpi will just run duckdns on it and the ip address of the remote unraid server is known). Quote Link to comment
Hoopster Posted March 14, 2019 Share Posted March 14, 2019 21 hours ago, maxse said: @Hoopster do you send the IPMI commands now via SSH also along with the rsync commands or is a separate vpn solution on a raspberry pi still needed for this (assuming the rpi will just run duckdns on it and the ip address of the remote unraid server is known). Below is the script I am using so you can get an idea how it works for me. I do not use an always-on Raspberry Pi in this scenario, but, other users have done so on the remote side of an over-the-Internet VPN connection. I would not be the best person for giving you a step by step for something I have not done. Again, my servers are both on the local LAN. The source server is on 24x7 and the destination server has IPMI and is powered on and off as needed for backups: !/bin/bash #description=This script backs up shares on MediaNAS to BackupNAS #arrayStarted=true echo "Starting Sync to BackupNAS" echo "Starting Sync $(date)" >> /boot/logs/cronlogs/BackupNAS_Summary.log # Power On BackupNAS ipmitool -I lan -H 192.168.1.16 -U admin -P xxxxxxxx chassis power on # Wait for 3 minutes echo "Waiting for BackupNAS to power up..." sleep 3m echo "Host is up" sleep 10s # Set up email header echo To: [email protected] >> /boot/logs/cronlogs/BackupNAS_Summary.log echo From: [email protected] >> /boot/logs/cronlogs/BackupNAS_Summary.log echo Subject: MediaNAS to BackupNAS rsync summary >> /boot/logs/cronlogs/BackupNAS_Summary.log echo >> /boot/logs/cronlogs/BackupNAS_Summary.log # Backup Pictures Share echo "Copying new files to Pictures share ===== $(date)" echo "Copying new files to Pictures share ===== $(date)" >> /boot/logs/cronlogs/BackupNAS_Summary.log echo "Copying new files to Pictures share ===== $(date)" >> /boot/logs/cronlogs/BackupNAS_Pictures.log rsync -avu --stats --numeric-ids --progress -e "ssh -i /root/.ssh/id_rsa -T -o Compression=no -x" /mnt/user/Pictures/ [email protected]:/mnt/user/Pictures/ >> /boot/logs/cronlogs/BackupNAS_Pictures.log # Backup Videos Share echo "Copying new files to Videos share ===== $(date)" echo "Copying new files to Videos share ===== $(date)" >> /boot/logs/cronlogs/BackupNAS_Summary.log echo "Copying new files to Videos share ===== $(date)" >> /boot/logs/cronlogs/BackupNAS_Videos.log rsync -avu --stats --numeric-ids --progress -e "ssh -i /root/.ssh/id_rsa -T -o Compression=no -x" /mnt/user/Videos/ [email protected]:/mnt/user/Videos/ >> /boot/logs/cronlogs/BackupNAS_Videos.log # Backup Movies Share echo "Copying new files to Movies share ===== $(date)" echo "Copying new files to Movies share ===== $(date)" >> /boot/logs/cronlogs/BackupNAS_Summary.log echo "Copying new files to Movies share ===== $(date)" >> /boot/logs/cronlogs/BackupNAS_Movies.log rsync -avu --stats --numeric-ids --progress -e "ssh -i /root/.ssh/id_rsa -T -o Compression=no -x" /mnt/user/Movies/ [email protected]:/mnt/user/Movies/ >> /boot/logs/cronlogs/BackupNAS_Movies.log # Backup TVShows Share echo "Copying new files to TVShows share ===== $(date)" echo "Copying new files to TVShows share ===== $(date)" >> /boot/logs/cronlogs/BackupNAS_Summary.log echo "Copying new files to TVShows share ===== $(date)" >> /boot/logs/cronlogs/BackupNAS_TVShows.log rsync -avu --stats --numeric-ids --progress -e "ssh -i /root/.ssh/id_rsa -T -o Compression=no -x" /mnt/user/TVShows/ [email protected]:/mnt/user/TVShows/ >> /boot/logs/cronlogs/BackupNAS_TVShows.log # Backup OtherVids Share echo "Copying new files to OtherVids share ===== $(date)" echo "Copying new files to OtherVids share ===== $(date)" >> /boot/logs/cronlogs/BackupNAS_Summary.log echo "Copying new files to OtherVids share ===== $(date)" >> /boot/logs/cronlogs/BackupNAS_OtherVids.log rsync -avu --stats --numeric-ids --progress -e "ssh -i /root/.ssh/id_rsa -T -o Compression=no -x" /mnt/user/OtherVids/ [email protected]:/mnt/user/OtherVids/ >> /boot/logs/cronlogs/BackupNAS_OtherVids.log # Backup Documents Share echo "Copying new files to Documents share ===== $(date)" echo "Copying new files to Documents share ===== $(date)" >> /boot/logs/cronlogs/BackupNAS_Summary.log echo "Copying new files to Documents share ===== $(date)" >> /boot/logs/cronlogs/BackupNAS_Documents.log rsync -avu --stats --numeric-ids --progress -e "ssh -i /root/.ssh/id_rsa -T -o Compression=no -x" /mnt/user/Documents/ [email protected]:/mnt/user/Documents/ >> /boot/logs/cronlogs/BackupNAS_Documents.log echo "moving to end ===== $(date)" echo "moving to end ===== $(date)" >> /boot/logs/cronlogs/BackupNAS_Summary.log # Add in the summaries cd /boot/logs/cronlogs/ echo ===== > Pictures.log echo ===== > Videos.log echo ===== > Movies.log echo ===== > TVShows.log echo ===== > OtherVids.log echo ===== > Documents.log echo Pictures >> Pictures.log echo Videos >> Videos.log echo Movies >> Movies.log echo TVShows >> TVShows.log echo OtherVids >> OtherVids.log echo Documents >> Documents.log tac BackupNAS_Pictures.log | sed '/^Number of files: /q' | tac >> Pictures.log tac BackupNAS_Videos.log | sed '/^Number of files: /q' | tac >> Videos.log tac BackupNAS_Movies.log | sed '/^Number of files: /q' | tac >> Movies.log tac BackupNAS_TVShows.log | sed '/^Number of files: /q' | tac >> TVShows.log tac BackupNAS_OtherVids.log | sed '/^Number of files: /q' | tac >> OtherVids.log tac BackupNAS_Documents.log | sed '/^Number of files: /q' | tac >> Documents.log # now add all the other logs to the end of this email summary cat BackupNAS_Summary.log Pictures.log Videos.log Movies.log TVShows.log OtherVids.log Documents.log > allshares.log zip BackupNAS BackupNAS_*.log # Send email of summary of results ssmtp [email protected] < /boot/logs/cronlogs/allshares.log cd /boot/logs/cronlogs mv BackupNAS.zip "$(date +%Y%m%d_%H%M)_BackupNAS.zip" rm *.log #Power off BackupNAS gracefully sleep 30s ipmitool -I lan -H 192.168.1.16 -U admin -P xxxxxxx chassis power soft 1 Quote Link to comment
maxse Posted March 16, 2019 Author Share Posted March 16, 2019 This is awesome. Thanks bud! i just got a node 804 case shopping for used server parts now I’ll set this up on my local network first to make sure it’s working. Thank you so much! btw, do you do anything for versioning to protect from ransomware? Like if you accidentally get a crypto type of locker on your main server l, wouldn’t it then encrypt the backup as well when rsync runs? Then both servers are screwed? Quote Link to comment
strike Posted March 16, 2019 Share Posted March 16, 2019 (edited) To protect from ransomware I use the chattr +i command. https://en.wikipedia.org/wiki/Chattr Which means the files cannot be edited, renamed or deleted,even by the root user. I use this on both my servers. On the backup server I'm not going to edit or do anything anyway as it just powers on for backup purposes, so I run the command on all files. On my main server, I run it on all my media, like movies and tv shows, I just specify to run it on files larger than 10 MB. As metadata can easily be downloaded again anyway. So on the backup server I run this at the end of the backup script before it powers down: find /mnt/disk1/Media/ -type f -exec chattr +i "{}" \; Repeat this line for all disks as it only works on disk shares not user shares. And on the Main server I run this once a week: find /mnt/disk1/Media/ -type f -size +10M -exec chattr +i "{}" \; And again repeat for all disks. If I need to edit,rename or delete something I just run the same command but with "chattr -i" instead. I use the user script plugin to run this of course. So it's all done automatically or with a button click if I need to do it manually. Taken from this thread: https://forums.unraid.net/topic/46256-ransomware-resistance/?page=5 Edited March 16, 2019 by strike Quote Link to comment
maxse Posted March 18, 2019 Author Share Posted March 18, 2019 Nice! That's a great idea @strike Guys quick question. I am looking at a Supermicro X8SIL-F with an X3470 But I just saw something that the Supermicro X8 boards IPMI is not supported in unraid? So this means I won't be able to use IPMI tools to remote power on with IPMI? I think I read this for an IPMI plugin for unraid 6.1+. I'm not sure if support for the XSIL-F had been added since? Or if it even applies to me in this case? Quote Link to comment
strike Posted March 18, 2019 Share Posted March 18, 2019 On 3/13/2019 at 5:47 AM, maxse said: Just need help answering the questions above about encryption and if drive encryption would be enough... and also how would I initiate the connection from main to remote server to start it? Can you you help me with the step by step please? If the encryption of the drive is as secure as having live files encrypted (and since I’m gonna send comments tk shut down array after rsync so drive will go back to being encrypted) then I’d like to use the SSH method with rsync which seems most reliable and doesn’t require additional software. I haven't read all the posts in this thread but I think I saw something about this server was gonna be at a remote location? So assuming nobody at the remote location are having your root password to the server then yes, encrypting the drives can be as secure as encrypting the files itself. You can make a key file to unlock the encrypted drives and save that key file on your local server. Then you can make a connection from your remote server before unraid starts to your local server (or a local pi or something that's always on) and download the key file which unlocks the disks. Once the disks are unlocked the key file sits in ram, but you can delete that on array start/stop if you want. So IF someone were to know your root password they can't get to the key file. All this can be scripted. There is a thread that discusses this, but I don't have it handy right now. I can find it for you later though. Quote Link to comment
strike Posted March 18, 2019 Share Posted March 18, 2019 So here is the thread I was talking about: https://forums.unraid.net/topic/61973-encryption-and-auto-start/ So basically you make 3 scripts. One to fetch the keyfile from your local server, one to remove the keyfile once the array is started and one to call the first two scripts at the right time. The first two scripts need to be stored on the remote servers flash drive and the third scripts have to be put at the beginning of the go file, also located on the flash drive. All of this requires that you have ssh keys setup and have forwarded a port for ssh on your local router. Which you'll need to do anyway if you're going to use rsync over ssh. Be sure to not use the standard ssh port as your server will be hit by a boatload of connections trying to get in, all the time. There will still be some connection attempts even if you change port but not nearly as much. But they won't get in anyway if you disable password login and only allow keys. You can use the ssh plugin to configure port and disable password login. Here are the scripts I'm using: fetch_key script: #!/bin/bash if [[ ! -e /root/keyfile ]]; then scp -P 65331 [email protected]:/path/to/keyfile /root/keyfile. fi Change the port number in the above scp command according to your config. And the rest of the line obviously. delete_key script: #!/bin/bash rm -f /root/keyfile and the relevant part my go file: #!/bin/bash # auto unlock array mkdir -p /usr/local/emhttp/webGui/event/starting mkdir -p /usr/local/emhttp/webGui/event/started mkdir -p /usr/local/emhttp/webGui/event/stopped cp -f /boot/custom/bin/fetch_key /usr/local/emhttp/webGui/event/starting cp -f /boot/custom/bin/delete_key /usr/local/emhttp/webGui/event/started cp -f /boot/custom/bin/fetch_key /usr/local/emhttp/webGui/event/stopped # Start the Management Utility /usr/local/sbin/emhttp & Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.