David Christensen wrote:
On 03/17/2017 03:31 AM, Dan Purgert wrote:
David Christensen wrote:
On 03/13/2017 05:38 AM, Dan Purgert wrote:
[...]
I should clarify that:
"The backup server can be firewalled with no incoming ports and
outgoing ports limited to SSH and other required ports".
I still need to figure out the "other required outgoing ports".
Suggestions and comments are welcome.
Unfortunately, pretty much "all ephemeral ports", if the server is
running things that initiate connections. Some programs allow you to
specify what ports they're connecting from, but not all.
Since the PCs are laptops, they're not always here, so I was never able
to figure out how to get pull to work with the condition that we were on
vacation (or the laptops were otherwise "not home").
Though, yeah, the stuff that's statically here (desktop, server, etc.)
are rsync-by-pull.
I haven't dealt with the "roaming laptop on the Internet" use-case yet,
but I do have a desire to solve it. My idea has been, and remains, for
the backup server to poll for a "job file" on the laptop, and to execute
it when found (once; idempotent). This implies a network connection
between the backup server and the laptop. OpenVPN is a technology that
might be able to facilitate this.
VPN could work, but SSH into a jumpbox works just as well.
The push script checks /etc/resolv.conf for the local domain, if it's
mine, then backup to the backup-server directly.
If it's not mine, backup "critical files" to the jumpbox (which, in turn
is backed up to the backup-server). It's quite a bit smaller than the
full backups that're performed at home - just $HOME/vacation.