Re: Guide(s?) to backup philosophies
David Christensen wrote:
> On 03/17/2017 03:31 AM, Dan Purgert wrote:
>> David Christensen wrote:
>>> On 03/13/2017 05:38 AM, Dan Purgert wrote:
>>> [...]
>
> I should clarify that:
>
> "The backup server can be firewalled with no incoming ports and
> outgoing ports limited to SSH and other required ports".
>
>
> I still need to figure out the "other required outgoing ports".
> Suggestions and comments are welcome.
Unfortunately, pretty much "all ephemeral ports", if the server is
running things that initiate connections. Some programs allow you to
specify what ports they're connecting from, but not all.
>
>
>> Since the PCs are laptops, they're not always here, so I was never able
>> to figure out how to get pull to work with the condition that we were on
>> vacation (or the laptops were otherwise "not home").
>>
>> Though, yeah, the stuff that's statically here (desktop, server, etc.)
>> are rsync-by-pull.
>
> I haven't dealt with the "roaming laptop on the Internet" use-case yet,
> but I do have a desire to solve it. My idea has been, and remains, for
> the backup server to poll for a "job file" on the laptop, and to execute
> it when found (once; idempotent). This implies a network connection
> between the backup server and the laptop. OpenVPN is a technology that
> might be able to facilitate this.
VPN could work, but SSH into a jumpbox works just as well.
The push script checks /etc/resolv.conf for the local domain, if it's
mine, then backup to the backup-server directly.
If it's not mine, backup "critical files" to the jumpbox (which, in turn
is backed up to the backup-server). It's quite a bit smaller than the
full backups that're performed at home - just $HOME/vacation.
SSH with key-auth only is plenty secure, and so far has never been one
of those things that've been blocked at a hotel.
--
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281
Reply to: