Rsync Verbindung zur BackupHD verschlüsseln/en
Aus EUserv Wiki
Encrypt the Rsync connection to the BackupHD
Inhaltsverzeichnis |
Encrypt the Rsync connection to the BackupHD
General
Hint: To use rsync for your BackupHD, you have to activate the function in the customer center. To do so navigate to the menu-point "Verwaltung" after you have chosen your contract and make the tick under "Rsync active".
Then click on the button "Ändern". Your BackupHD will be activated within 24 hours for rsync.
If you want to encrypt the rsync-connection to your BackupHD, you have the possibility to set an stunnel.
By that the connection to your BackupHD will be encrypted via SSL.
This instruction describes the setup of stunnel under Linux and Windows.
= Setup of stunnel
Linux
First you have to install stunnel on your system. There should be a package available for your package manager.
CentOS
yum install stunnel
Now you have to create the stunnel configuration file
vi /etc/stunnel/stunnel.conf
and edit the following changes:
; Certificate/key is needed in server mode and optional in client mode ;cert = /etc/ssl/certs/stunnel.pem ;key = /etc/ssl/certs/stunnel.pem ; PID is created inside the chroot jail pid = /stunnel.pid ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;compression = zlib ; Some debugging stuff useful for troubleshooting debug = 5 output = /var/log/stunnel/stunnel.log ; Use it for client mode client = yes Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 ;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0 [ssync] accept = 873 connect = rsync1.euserv.de:273
Now you can start stunnel with the following command:
stunnel /etc/stunnel/stunnel.conf
The use of rsync:
For an stunnel encrypred through the rsync-connection you can specify localhost as server:
for example
rsync -avuz /dev/zero ftpbackup-1234@localhost::ftpbackup-1234
Exiting stunnel:
killall stunnel
Debian/Ubuntu
aptitude install stunnel
Now you have to edit the stunnel configuration file
vi /etc/stunnel/stunnel.conf
and make the following changes:
; Certificate/key is needed in server mode and optional in client mode ;cert = /etc/ssl/certs/stunnel.pem ;key = /etc/ssl/certs/stunnel.pem ; PID is created inside the chroot jail pid = /stunnel.pid ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;compression = zlib ; Some debugging stuff useful for troubleshooting debug = 5 output = /var/log/stunnel/stunnel.log ; Use it for client mode client = yes Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 ;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0 [ssync] accept = 873 connect = rsync1.euserv.de:273
Generating the stunnel certificate and private key (pem):
openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem
Enter the necessary information:
Country Name: State or Province name: Locality: Organization Name: Organizational Unit Name: Common Name (FQDN):
Finally edit the following file:
vi /etc/default/stunnel
and change the following line:
# Change to one to enable stunnel automatic startup ENABLED=1
Now you can start stunnel with the following command:
stunnel /etc/stunnel/stunnel.conf
The use of rsync:
For an stunnel encrypred through the rsync-connection you can specify localhost as server:
for example
rsync -avuz /dev/zero ftpbackup-1234@localhost::ftpbackup-1234
Exiting stunnel:
killall stunnel
OpenSuse
Download the .rpm file with the following command:
wget http://mirror.geht-schon.de/packman.links2linux.de/suse/12.3/Extra/x86_64/stunnel-4.36-1.1.x86_64.rpm
and install stunnel:
zypper install stunnel-4.36-1.1.x86_64.rpm
Now you have to edit the stunnel configuration file
vi /etc/stunnel/stunnel.conf
and make the following changes:
# client = yes | no # client mode (remote service uses SSL) # default: no (server mode) client = yes pid = /var/run/stunnel.pid # debugging # debug = 5 output = stunnel.log # Some performance tunings # # disable Nagle algorithm (a.k.a. tinygram prevention, see man 7 tcp) socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 #compression = rle #cert = /etc/stunnel/stunnel.pem [ssync] accept = 873 connect = rsync1.euserv.de:273
Now you can start stunnel with the following command:
stunnel /etc/stunnel/stunnel.conf
The use of rsync:
For an stunnel encrypred through the rsync-connection you can specify localhost as server:
for example
rsync -avuz /dev/zero ftpbackup-1234@localhost::ftpbackup-1234
Exiting stunnel:
killall stunnel
Windows
You can also set stunnel manually in Windows.
The necessary program can be downloaded at http://www.stunnel.org/.
Now you just have to edit the configuration file. You can find a link in the start menu .
Ensure that the option client=yes is not commented out.
client = yes
[ssync]
accept = 873
connect = rsync1.euserv.de:273
Now you can start stunnel from the start menu.
You can use Rsync under Windows e.g. with the free tool DeltaCopy.
