Rsync Verbindung zur BackupHD verschlüsseln/en
Aus EUserv Wiki
Root (Diskussion | Beiträge) |
Svtr1 (Diskussion | Beiträge) |
||
| Zeile 7: | Zeile 7: | ||
'''Encrypt the Rsync connection to the BackupHD''' | '''Encrypt the Rsync connection to the BackupHD''' | ||
</div> | </div> | ||
| - | + | = General = | |
''Hint: To use rsync for your BackupHD, you have to activate the function in the customer center. To do so navigate to the menu-point "Verwaltung" after you have chosen your contract and make the tick under "Rsync active".'' | ''Hint: To use rsync for your BackupHD, you have to activate the function in the customer center. To do so navigate to the menu-point "Verwaltung" after you have chosen your contract and make the tick under "Rsync active".'' | ||
| Zeile 18: | Zeile 18: | ||
This instruction describes the setup of stunnel under Linux and Windows. | This instruction describes the setup of stunnel under Linux and Windows. | ||
| - | + | = Setup of stunnel | |
| - | + | == Linux == | |
First you have to install stunnel on your system. There should be a package available for your package manager. | First you have to install stunnel on your system. There should be a package available for your package manager. | ||
| + | '''Debian/Ubuntu''' | ||
| - | + | aptitude install stunnel | |
| - | + | '''CentOS''' | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | yum install centos | |
| - | + | '''Gentoo''' | |
| - | + | emerge stunnel | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | '''OpenSuse''' | |
| - | + | ||
| - | + | ||
| - | + | zypper install stunnel | |
| - | + | Now you have to create or call the stunnel configuration file | |
| + | |||
| + | vi /etc/stunnel/stunnel.conf | ||
| + | |||
| + | and edit the following changes: | ||
| + | |||
| + | <nowiki> | ||
| + | ; Certificate/key is needed in server mode and optional in client mode | ||
| + | ;cert = /etc/ssl/certs/stunnel.pem | ||
| + | ;key = /etc/ssl/certs/stunnel.pem | ||
| + | |||
| + | ; PID is created inside the chroot jail | ||
| + | pid = /stunnel.pid | ||
| + | |||
| + | ; Some performance tunings | ||
socket = l:TCP_NODELAY=1 | socket = l:TCP_NODELAY=1 | ||
socket = r:TCP_NODELAY=1 | socket = r:TCP_NODELAY=1 | ||
| - | + | ;compression = zlib | |
| + | |||
| + | ; Some debugging stuff useful for troubleshooting | ||
| + | debug = 5 | ||
| + | output = /var/log/stunnel/stunnel.log | ||
| + | |||
| + | ; Use it for client mode | ||
| + | client = yes | ||
| + | |||
| + | Service-level configuration | ||
| + | |||
| + | [pop3s] | ||
| + | accept = 995 | ||
| + | connect = 110 | ||
| + | |||
| + | [imaps] | ||
| + | accept = 993 | ||
| + | connect = 143 | ||
| + | |||
| + | [ssmtp] | ||
| + | accept = 465 | ||
| + | connect = 25 | ||
| + | |||
| + | ;[https] | ||
| + | ;accept = 443 | ||
| + | ;connect = 80 | ||
| + | ;TIMEOUTclose = 0 | ||
| - | |||
[ssync] | [ssync] | ||
accept = 873 | accept = 873 | ||
connect = rsync1.euserv.de:273 | connect = rsync1.euserv.de:273 | ||
| + | </nowiki> | ||
| - | + | Generating the stunnel certificate and private key (pem): | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem | |
| + | Enter the necessary information: | ||
| + | |||
| + | <nowiki> | ||
| + | Country Name: | ||
| + | State or Province name: | ||
| + | Locality: | ||
| + | Organization Name: | ||
| + | Organizational Unit Name: | ||
| + | Common Name (FQDN): | ||
| + | </nowiki> | ||
| + | |||
| + | Finally edit the following file: | ||
| + | |||
| + | vi /etc/default/stunnel | ||
| + | |||
| + | and change the following line: | ||
| + | |||
| + | <nowiki> | ||
| + | # Change to one to enable stunnel automatic startup | ||
| + | ENABLED=1 | ||
| + | </nowiki> | ||
| + | |||
| + | Now you can start stunnel with the following command: | ||
| + | |||
| + | stunnel /etc/stunnel/stunnel.conf<br> | ||
The use of rsync: | The use of rsync: | ||
For an stunnel encrypred through the rsync-connection you can specify localhost as server: | For an stunnel encrypred through the rsync-connection you can specify localhost as server: | ||
| - | |||
for example | for example | ||
| - | + | rsync -avuz /dev/zero ftpbackup-1234@localhost::ftpbackup-1234 | |
Exiting stunnel: | Exiting stunnel: | ||
| - | + | killall stunnel | |
| - | + | ||
| - | == | + | == Windows == |
You can also set stunnel manually in Windows. | You can also set stunnel manually in Windows. | ||
Version vom 10:08, 6. Mai 2013
Encrypt the Rsync connection to the BackupHD
Inhaltsverzeichnis |
Encrypt the Rsync connection to the BackupHD
General
Hint: To use rsync for your BackupHD, you have to activate the function in the customer center. To do so navigate to the menu-point "Verwaltung" after you have chosen your contract and make the tick under "Rsync active".
Then click on the button "Ändern". Your BackupHD will be activated within 24 hours for rsync.
If you want to encrypt the rsync-connection to your BackupHD, you have the possibility to set an stunnel.
By that the connection to your BackupHD will be encrypted via SSL.
This instruction describes the setup of stunnel under Linux and Windows.
= Setup of stunnel
Linux
First you have to install stunnel on your system. There should be a package available for your package manager.
Debian/Ubuntu
aptitude install stunnel
CentOS
yum install centos
Gentoo
emerge stunnel
OpenSuse
zypper install stunnel
Now you have to create or call the stunnel configuration file
vi /etc/stunnel/stunnel.conf
and edit the following changes:
; Certificate/key is needed in server mode and optional in client mode ;cert = /etc/ssl/certs/stunnel.pem ;key = /etc/ssl/certs/stunnel.pem ; PID is created inside the chroot jail pid = /stunnel.pid ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;compression = zlib ; Some debugging stuff useful for troubleshooting debug = 5 output = /var/log/stunnel/stunnel.log ; Use it for client mode client = yes Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 ;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0 [ssync] accept = 873 connect = rsync1.euserv.de:273
Generating the stunnel certificate and private key (pem):
openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem
Enter the necessary information:
Country Name: State or Province name: Locality: Organization Name: Organizational Unit Name: Common Name (FQDN):
Finally edit the following file:
vi /etc/default/stunnel
and change the following line:
# Change to one to enable stunnel automatic startup ENABLED=1
Now you can start stunnel with the following command:
stunnel /etc/stunnel/stunnel.conf
The use of rsync:
For an stunnel encrypred through the rsync-connection you can specify localhost as server:
for example
rsync -avuz /dev/zero ftpbackup-1234@localhost::ftpbackup-1234
Exiting stunnel:
killall stunnel
Windows
You can also set stunnel manually in Windows.
The necessary program can be downloaded at http://www.stunnel.org/.
Now you just have to edit the configuration file. You can find a link in the start menu .
Ensure that the option client=yes is not commented out.
client = yes
[ssync]
accept = 873
connect = rsync1.euserv.de:273
Now you can start stunnel from the start menu.
You can use Rsync under Windows e.g. with the free tool DeltaCopy.
