Fixing My Backups Using rclone & OneDrive…

Running rm -rf on / is bad. Everyone needs a backup ‘strategy’.

Server – Ubuntu 16.04RAID 6

Storage – RAID 6, mdadm. Approximately 3Tb of data requiring backup.

“The Backup Strategy”

Running Linux means this backup problem can be solved with little more than a script…

#!/bin/bash

I want the script to be run every night, copying selected folders (that are important to me) only. Setting some variables in the first part of the script to help name the files that are outputted from this script.

‘dest’ is a temporary location. Writing files here makes the encryption and upload to cloud storage much simpler.

# setting variables
time=$(date +%Y%m%d)
filename=daily-backup-$time.tgz
encfile=daily-backup-$time.enc
dest=/home/username/temp
srcdir=/mnt/raid/username/documents

I want to zip the source files. Again, it’s much easier handling 1 tar.gz file than many unzipped files. Also makes the files smaller as we’re compressing them too.

# create archive
tar cvzf $dest/$filename $srcdir

As I intend to upload my data to the ‘Cloud’ I wanted to encrypt the data first. This data is important so if it’s compromised when it’s in the cloud I want some semblance of security on it.

# encrypt backup file with OpenSSL
openssl enc -aes-256-cbc -salt -in $dest/$filename -out $dest/$encfile -k passwordhere

If for whatever reason, an upload files one night, I would like everything in the temp directory to be uploaded the following night. Uploading all files in the folder makes sense. Before the upload though I want to make sure only encrypted files are in the temp folder.

# cleaning up files unecrypted before upload (upload uses all data in folder).
rm /home/username/temp/$filename

Using rclone, I’m uploading the encrypted files to my OneDrive storage.

# OneDrive Cloud Upload…
/usr/sbin/rclone –config=/home/username/.rclone.conf copy /home/username/temp/ onedrive:/Backup/

And after the upload, we delete the encrypted files.

# cleaning up remaining files
# rm /home/username/temp/*.enc

 

 

Learning Azure… Rebooted.

Despite my best efforts, life has gotten in the way!

Starting this blog back in November last year, I had hoped I’d be able to post weekly about all the cool stuff I learnt with Azure and its associated products. But then life happened. Not to be deterred, I’m recommitting to my original goals and objectives.

This week I signed up at https://linuxacademy.com/ after a personal recommendation. A good friend of mine used them to brush on their Linux skills and build their own skills and exposure on the AWS platform.  Despite their name, https://linuxacademy.com/ offer training on AWS, DevOps and also the Azure platform. Given my friends personal recommendation, I thought I’d give them a go to help me get up to speed.

I’ve kicked off with a 1 year sub which should give me time I need to get the most out of their service. I found them to be quite reasonably priced with a 1 year subscription for $228 USD (£186 GBP).

I’ve started with the Azure Essentials course which so far feels well put together. I am only at the very beginning though so I’ll report back as I progress through.

Things I like;

  • Website is well put together, clean and easy to navigate
  • Feels like good value for money so far
  • Covers a broad range of important and relevant technologies

Things that could be improved;

  • My British ears are having some difficulty with American accents!
  • Would like a larger video player window (not just full screen/small window options).

Fundamentals of Azure eBook ‘Review’

As I start the process of learning Azure, I’ve subscribed to Chris Pieschmann’s Build Azure blog/website. Chris seems like a guy who knows quite a bit about Azure – who better to learn from right?

Earlier this year, Chris linked to an eBook available from the Microsoft Virtual Academy. The ‘Fundamentals of Azure (Second Edition)’ is written by Michael Collier and Robin Shahan,

It’s been probably 20+ years since I did my last book review back in grade school, so I’ll leave a formal review to more accomplished readers/writers. That said having now read each and every page I highly recommend picking up a copy for those people new to Azure. At a guess, I’d say this is also a good digest to those familiar with Azure, but looking to brush up on the headline new features – Azure AD for instance.

The book doesn’t go into significant detail, but it’s given me a great understanding of the key features of Azure. The exercises were easy to follow and the book itself is written simply and in plain English.

Make sure you pick up the latest edition (the 2nd edition) of the eBook. As you can see from the recent Microsoft Ignite conference held in Atlanta last week, change in the Azure world comes thick and fast! You can download the book from here – Microsoft Virtual Academy.

WordPress and HTTPS

When I decided to create this blog, I sat down and had a good hard think about what I should do, what I wanted to do, and what I have to do. Squarely at the top of the ‘have to do‘ column was security. My blog would need to be a secure as reasonably possible.

By all accounts, WordPress based blogs seemed to get ‘hacked’ with frightening regularity. But why? According to SecuPress it’s largely down to the same reasons as why any other piece of software is compromised. In-secure plug-ins/themes, Brute Force Password attacks, out of date versioning etc are all reasons why WordPress blogs get compromised.

Unavoidable is the push too for ‘https everywhere’. Movements like the ‘Encrypt All The Things‘ campaign  make a compelling argument. But when Google takes a shot across the bow by publicly disclosing their intent to include a site’s security capabilities in its search results , it very quickly becomes a no-brainer that adding https to the blog had to be right at the top of afore mentioned ‘have to do‘ column.

So setting up https on WordPress (on which this blog is hosted) is a piece of cake right? Well, no. Not quite. Everything is easy when you’ve done it a couple of times, but I’m very much a noob when it comes to this sort of thing. About the closest I’ve ever been to ‘web-dev’ was some HTML and PHP ‘hello world’ stuff back in around 2001/2002.

There’s a ton of guides and help articles on the net on how to convert your WordPress site to https, but for all the reading I did, it still felt like a leap into the dark. The How-to articles never quite seemed complete with necessary bits of info missing. Necessary at least for someone who’s never done this before! As result, I was left to experiment with some trial and error to get this https enabled.

So, how’d I do it? First up, I purchased a verified SSL Certificate as offered through my hosting provider Dreamhost. The actual process is very straight forward. A confirmation email will be sent to an address associated with the domain you’re buying the cert for. Dreamhost offers a nifty interface to get basic webmail setup for your domain – make sure it’s active and ready to receive mail – you will need an ‘admin@yourdomain.com’ email address!

Within the Dreamhost portal, make the Certificate Active and turn HTTPS on against the domain.

Dreamhost HTTPS

Next up, I connected via SFTP to access my .htaccess file. If you’re new to this, the .htaccess file is a hidden file (hence the leading dot), so make sure your sftp client is set to display hidden files. Dreamhost provide a username to be able to connect to your storage area (also available in the portal).

I edited my .htaccess file to include;

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

This made my .htaccess file look like this;

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

# BEGIN Force http to https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
# END Force http to https

While you have the SFTP client handy, edit the WP-config.php file to include this line at the end;

define(‘FORCE_SSL_ADMIN’, true);

And once that’s complete, test! I used Qualsys SSL testing website – . Test results came back as a ‘A’ rating with small improvements to be made on Protocol Support, Key Exchange and Cipher Strength. Something to learn tomorrow I think!

Hello World!

Hello World! And so it’s time for a change.

I’ll be using this blog to document what is essentially the path I take in effecting a career change. I want to get back to be more hands on, doing more, being at the forefront of something new and something interesting. As opposed to what I do now, which is not much more than watching other people do those things. But in order to make a change, there’s going to a be a heap of stuff I’m going to need to learn first.

So, I’ll document it. I’m sure the things I learn will be useful to someone. Maybe many people. And thus in turn, this blog will be useful to them.

I think I’ll start first with Azure.

Contact

© 2017 Learning New Things

Theme by Anders NorenUp ↑