diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..314f02b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.txt \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..371ebb0 --- /dev/null +++ b/README.md @@ -0,0 +1,112 @@ +******# Wordpress Backup with Borgbackup + +Bash script that simplifies Borg backup for Wordpress websites. + +## Purpose +Make backup easy for a server running multiple Wordpress websites. + +_borg_ is amazing backup solution, but if you have multiple websites running on the same server - you might have to create a script each for each of those websites. You would also need to spend sometime manually initializing a new repo for each of those websites, generate a passphrase, copy the passphrase immediately, _export_ the passphrase in a new script. + +This script is designed specifically to ease those issues. You provide where your Wordpress is installed and where you want the backup to be stored and a unique name for the website - the script takes care of the rest. It'll create a strong enough passphrase, initialize the repo, then perform the actual backup. + +On subsequent executions, it'll read the passphrase file and perform an incremental backup. + +## Status + +TESTED ON DEBIAN 10. +NEEDS FURTHER TESTING. + +## Usage + +### Prerequisites +- Any Linux distribution that support "_apt_" +- A user having _sudo_ access to the server + +### Examples + +```console +$ wget -q https://raw.githubusercontent.com/pratiktri/wordpress_borg_backup +/master/wp_borg_backup.sh -O wp_borg_backup.sh && chmod u+x wp_borg_backup.sh | tee sudo bash ./wp_borg_backup.sh --project-name "example.com" --wp-source-dir "/var/www/example.com" --backup-dir "/home/me/backup/example.com" --storage-quota 15G --passphrase-dir "/home/user/.config/borg" + + +$ wget -q https://raw.githubusercontent.com/pratiktri/wordpress_borg_backup +/master/wp_borg_backup.sh -O wp_borg_backup.sh && chmod u+x wp_borg_backup.sh | tee sudo bash ./wp_borg_backup.sh -pname "example.com" -wp-src "/var/www/example.com" --backup-dir "/home/me/backup/example.com" +``` + +### Available Options + +Run the script with below option (--help or -h) to see all available options:- + +```console +$ sudo ./wp_borg_backup.sh --help + +Usage: + sudo ./wp_borg_backup.sh --project-name --wp-source-dir --backup-dir [--storage-quota ] [--passphrase-dir ]" + -pname, --project-name A Unique name (usually the website name) for this backup + -wp_src, --wp-source-dir Directory where your WordPress website is stored + --backup-dir Directory where backup files will be stored + -quota, --storage-quota [Optional] Unlimited by default + When supplied backups would never exceed this capacity. + Older backups will automatically be deleted to make room for new ones. + -passdir, --passphrase-dir [Optional] /home/[user]/.config/borg by default + Backups keys are stored (in plain-text) at this location. + Use "export BORG_PASSPHRASE" as shown in the example below to avoid saving passphrase to file. + -h, --help Display this information + + NOTE:- You MUST specify BORG_PASSPHRASE by export or by a passphrase file + + $ export BORG_PASSPHRASE= + $ sudo ./wp_borg_backup.sh --project-name "example.com" --wp-source-dir "/var/www/example.com" --backup-dir "/home/me/backup/example.com" --storage-quota 5G --passphrase-dir /root/borg +``` + +### What does the script do? + +- Install _borgbackup_ if not installed +- Install _wp-cli_ if not installed +- Backup the Wordpress database using _wp-cli_ +- Initialize _borg_ repository if --backup-dir is empty + - Generates a passphrase + - Saves the passphrase to /home/[user]/.config/borg directory + - Secures the passphrase file by "chmod 400" +- Performs the backup + +## FAQ +Q - Is the passphrase saved on the server in plain-text + +Ans - Yes. + +However, it does restrict access to the file only to _root_ user. If someone has access to your server and can access a file restricted to _root_ - then they would just go to the website folder itself to do any damage. You should sync your backup regularly to other locations for more protection. + + If you do not like that, edit the script to add the following line to top of the file. + +``` + export BORG_PASSPHRASE=[your-passphrase] +``` + + +### Roadmap + +- [ ] Pretty print console output +- [ ] Test on + - [ ] Ubuntu 18.08 + - [ ] Ubuntu 18.04 + - [ ] Ubuntu 16.04 + - [ ] Debian 8 + - [ ] Debian 9 + +## License + +Copyright 2019 Pratik Kumar Tripathy + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +** \ No newline at end of file diff --git a/wp_borg_backup.sh b/wp_borg_backup.sh index 37a35ab..3877e9f 100755 --- a/wp_borg_backup.sh +++ b/wp_borg_backup.sh @@ -69,7 +69,7 @@ Usage: Use "export BORG_PASSPHRASE" as shown in the example below to avoid saving passphrase to file. -h, --help Display this information - NOTE:- You MUST specify BORG_PASSPHRASE by export + NOTE:- You MUST specify BORG_PASSPHRASE by export or by a passphrase file $ export BORG_PASSPHRASE= $ sudo $0 --project-name "example.com" --wp-source-dir "/var/www/example.com" --backup-dir "/home/me/backup/example.com" --storage-quota 5G --passphrase-dir /root/borg @@ -302,28 +302,29 @@ main() { export BORG_NEW_PASSPHRASE="${borg_passphrase}" - # Backup any recidual passphrase keys - if [[ -f "${passphrase_dir}/.${project_name}" ]]; then - mv "${passphrase_dir}/.${project_name}" "${passphrase_dir}/.${project_name}_old_${TS}" - fi - - # chmod 400 the passphrase file - mkdir -p "${passphrase_dir}" >> "${LOGFILE}" 2>&1 && - touch "${passphrase_dir}/.${project_name}" >> "${LOGFILE}" 2>&1 && - chmod 440 "${passphrase_dir}/.${project_name}" >> "${LOGFILE}" 2>&1 && { - # Display the passphrase on screen - echo -e "\n############### BACKUP PASSPHRASE ###############" | tee -a "${LOGFILE}" - echo "${borg_passphrase}" | - tee "${passphrase_dir}/.${project_name}" | tee -a "${LOGFILE}" - echo "############### BACKUP PASSPHRASE ###############" | tee -a "${LOGFILE}" - echo -e "You CANNOT access your backup without the above passphrase\n" | tee -a "${LOGFILE}" - } - # Initalize the repo if (borg init --verbose \ --encryption=repokey-blake2 "${storage_quota}" \ "${bkp_final_dir}" >> "${LOGFILE}" 2>&1); then echo "Repository initialized successfully" | tee -a "${LOGFILE}" + + # Save passphrase to a file if Repo initialization succeeds + # Backup any recidual passphrase keys + if [[ -f "${passphrase_dir}/.${project_name}" ]]; then + mv "${passphrase_dir}/.${project_name}" "${passphrase_dir}/.${project_name}_old_${TS}" + fi + + # chmod 400 the passphrase file + mkdir -p "${passphrase_dir}" >> "${LOGFILE}" 2>&1 && + touch "${passphrase_dir}/.${project_name}" >> "${LOGFILE}" 2>&1 && + chmod 400 "${passphrase_dir}/.${project_name}" >> "${LOGFILE}" 2>&1 && { + # Display the passphrase on screen + echo -e "\n############### BACKUP PASSPHRASE ###############" | tee -a "${LOGFILE}" + echo "${borg_passphrase}" | + tee "${passphrase_dir}/.${project_name}" | tee -a "${LOGFILE}" + echo "############### BACKUP PASSPHRASE ###############" | tee -a "${LOGFILE}" + echo -e "You CANNOT access your backup without the above passphrase\n" | tee -a "${LOGFILE}" + } else echo "ERROR: Backup initialization failed. Check the logfile for more details." 2>STDERR | tee -a "${LOGFILE}" fi