Install BackupPC on Debian 11

|
Last Updated:
|
|

In this guide, we will learn how to install BackupPC on Debian 11. BackupPC is a free, high-performance enterprise-grade backup software suite with a web-based frontend that can be used for backing up Linux, Windows and mac OSXs PCs and laptops to a server’s disk.

BackupPC features:

  • Clever pooling scheme minimizes disk storage and disk I/O. Identical files across multiple backups of the same or different PC are stored only once resulting in substantial savings in disk storage and disk writes. Also known as “data deduplication”.
  • Optional compression provides additional reductions in storage. CPU impact of compression is low since only new files (those not already in the pool) need to be compressed.
  • A powerful http/cgi user interface allows administrators to view log files, configuration, current status and allows users to initiate and cancel backups and browse and restore files from backups very quickly.
  • No client-side software is needed. On WinXX the smb protocol is used. On Linux or Unix clients, rsync or tar (over ssh/rsh/nfs) can be used
  • Flexible restore options. Single files can be downloaded from any backup directly from the CGI interface. Zip or Tar archives for selected files or directories can also be downloaded from the CGI interface.
  • BackupPC supports mobile environments where laptops are only intermittently connected to the network and have dynamic IP addresses (DHCP).
  • Flexible configuration parameters allow multiple backups to be performed in parallel.

Installing BackupPC on Debian 11

Update and upgrade your system packages.

apt update
apt upgrade

Once the system update is done, proceed to install BackupPC.

BackupPC is usually available on the default APT repositories:

apt-cache policy backuppc
backuppc:
  Installed: (none)
  Candidate: 4.4.0-3
  Version table:
     4.4.0-3 500
        500 http://deb.debian.org/debian bullseye/main amd64 Packages

As of this writing, BackupPC 4.4.0 is the current release. The above confirms that the default Debian 11 repos provide the latest BackupPC packages.

Install BackupPC

Hence, BackupPC can be installed using the package, backuppc by running the command below;

apt install -y backuppc

Choose Web Server

During the installation, you will be prompted to choose the web server to be used by BackupPC. Apache web server is used in this guide.

Install BackupPC on Debian 11

Web Administrator Credentials

A default BackupPC administrative user, backuppc, and its password is also created during the installation. This user is used to administer various tasks such as access to BackupPC web dashboard, carry out backups etc.

Install BackupPC on Debian 11

You can choose to copy the password provided or you can proceed and reset the password later by executing the command below;

htpasswd /etc/backuppc/htpasswd backuppc

Configuring BackupPC Server on Debian 11

Define BackupPC Backup User and Backup Protocol

BackupPC uses different protocols to get backup data from devices being backed up:

  • smb – used for backing up windows machines
  • tar – used for backing up Linux/Unix/MacOSX systems
  • rsync – used for backing up Linux/Unix/MacOSX systems. This can also be used to backup Windows systems.

In this tutorial we are going to configure BackupPC to use the rsync protocol as a backup method.

This is customizable per client basis as well.

Also, by default, BackupPC is using root user run backup tasks. However, in this guide, we are going to use a backuppc user to execute backup tasks.

If you happen to change the backup user, edit BackupPC configuration file, /etc/backuppc/config.pl and replace the root user with a user you are using for backup under the Rsync/Rsyncd Configuration.

sed -i '/RsyncSshArgs/s/-l root/-l backuppc/' /etc/backuppc/config.pl

Configure BackupPC Apache Authentication

BackupPC uses htpasswd user files to restrict access to web interface.

As such, you require a valid user in order to authenticate.

The Web authentication user and its hashed credential password is stored under the /etc/backuppc/htpasswd.

You can reset the password by running;

htpasswd /etc/backuppc/htpasswd backuppc

Allow external access to BackupPC, which is set to only allow connections from localhost.

sed -i 's/local/all granted/' /etc/backuppc/apache.conf

This is how the BackupPC Apache config file looks like without comment lines;


<pre class="scroll-box">
Alias /backuppc /usr/share/backuppc/cgi-bin/

<Directory /usr/share/backuppc/cgi-bin/>
	AllowOverride None

					
	Options ExecCGI FollowSymlinks
	AddHandler cgi-script .cgi
	DirectoryIndex index.cgi

        AuthUserFile /etc/backuppc/htpasswd
	AuthType basic
	AuthName "BackupPC admin"

        <RequireAll>
		Require all granted

		Require valid-user
	</RequireAll>
</Directory>
</pre>

Next, restart both backuppc and Apache service to apply the changes made above.

systemctl restart backuppc apache2

If UFW is running, allow external access to Apache.

ufw allow WWW

Generate Backup User SSH Keys

For rsync to work, BackupPC requires passwordless SSH login for backuppc user to every client it will be getting backup data from, as per this setup.

This also means that you should create a dedicated backuppc user on the hosts you need to backup, at least using the rsync protocol.

As a result, switch to backuppc user on BackupPC server and generate passwordless ssh keys and copy them to every host you want to backup.

su - backuppc

This will opens up the sh shell. You can run bash command to launch bash shell.

Generate SSH key pair by running the following command;

ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/backuppc/.ssh/id_rsa): 
Created directory '/var/lib/backuppc/.ssh'.
Enter passphrase (empty for no passphrase): PRESS ENTER
Enter same passphrase again: PRESS ENTER
Your identification has been saved in /var/lib/backuppc/.ssh/id_rsa
Your public key has been saved in /var/lib/backuppc/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:MjPsb8texAqx1uc0u2X3Pk7kJRftu4KiJPeoD4RnNcQ [email protected]
The key's randomart image is:
+---[RSA 3072]----+
|      ..         |
|      .E        .|
|      .o       ..|
|    ...+..     ..|
|   . +X S *   ..+|
|    +o * * o  ooo|
|     o.o. + + .+ |
|      =o+o = o.o.|
|     .o**oo   o++|
+----[SHA256]-----+

Create Backup User Account On Clients

Next, login to the system servers you want to backup and create an account on the client dedicated for backup purposes for example, create a backuppc user account on remote client and copy the public key to that user.

useradd -m backuppc
passwd backuppc

Copy BackupPC Server SSH Keys

Now logout from client host and copy the SSH public key for backuppc user on BackupPC server to backuppc user on the client. Copy the keys while logged as backuppc user.

ssh-copy-id [email protected]

Where 192.168.43.214 is my client IP address. Once you copy the key, you should be able to login without being prompted for a password.

Now, test the login to client with the backup user to ensure user can successfully login to client. You can use root user if you didn’t make the changes above.

su - backuppc
ssh -l backuppc client_IP whoami

Sample output;

backuppc

or

ssh -l root client_IP whoami

Sample output

root

If you changed you backup user to non-root user, Login to the client host as an administrative user and allow the non-user to run the rsync command without being prompted for password by adding the user to sudoers list. backuppc user is used in this case.

ssh admin@client_IP

Run the command below to find the absolute path of rsync.

which rsync

If rsync command is not installed, run the following commands to install it.

apt install rsync -y
yum install rsync -y

Next, update the sudoers file.

echo "backuppc ALL=NOPASSWD: /usr/bin/rsync" | sudo tee /etc/sudoers.d/backuppc

You may also want to disable ssh agent-forwarding, port-forwarding or even the pty for backuppc user logging in to the client from BackupPC.

To do this, login to client, edit the ssh authorized key file and add the line below before the ssh-rsa keyword.

from=”backuppc_server_ip”,no-agent-forwarding,no-port-forwarding,no-pty

Replace the backuppc_server_ip with the IP address of the backuppc server.

vim /home/backuppc/.ssh/authorized_keys
from="192.168.43.154",no-agent-forwarding,no-port-forwarding,no-pty ssh-rsa AAAAB3NzaC1SSSc2EAAAADAQABAAABAQDYuDSNIPxQL6hNh6FeW4wj3hYJ+p42SD9BGVg5Rn6HuzIAi1zrU2pRceQ5VDRj5nXxSjs+oJJ4lXZ/HTaUQDBFysVyIe9Sc4Z9Z5nmmmGWIJnKWfuvzSYbV2JbSJjcTfUPjH32DOvU+4PMdil/4GjKW7pr8fyywl4XuhZMU6RfVw0LgzYuqzUQX5D6Q4MsgIN4HGqBsnVIBvSz2TcPc0hovtfKQMmUBQvp7L9Ob3AKuG01ZZznQ8Q6+eGL7EJHnS30h/FLM8rKBxsvI6El8xog2E0/ALnNGKWsg2NTEqWqQ3xpUDEnA6exgHEm+2xCuKAy1sAuSJHJHScUMLZIUE36t2+nB0Vn [email protected]

Next, you can also configure ssh logins to backuppc user accounts on clients hosts from the BackupPC server only. This can be done by editing sshd_config file on the client and configuring as shown below;

sudo vim /etc/ssh/sshd_config

Add the line below to SSHd configuration to allow login to the client as backuppc from the BackupPC server only.

Match Host 192.168.43.154
         AllowUsers backuppc

Reload SSH configurations

systemctl reload ssh

Accessing BackupPC Web User Interface

Once the configuration is done, login to BackupPC via browser using the address, http://backuppc_server_IP or hostname/backuppc.

You are prompted to authenticate before accessing the dashboard.

Use the backuppc web user credentials set above.

When you login, you will land on BackupPC dashboard.

backuppc dashboard

Backup Hosts using BackupPC

If you noticed, the localhost, which is the server running backuppc is already added as one of the backup hosts.

The backup tried to run but failed, due to some default backup protocol (tar) errors.

Since we are using rsync as a backup protocol in this guide, you need to update this for the localhost backup to run.

Hence, click on hostname (localhost for example) > edit config > Xfer > XferMethod > Rsync.

backup protocol

Update RsyncShareName

rsync share name

Click Save.

Reset the local account password for backuppc user.

passwd backuppc

Keep the password save.

Install rsync and allow BackupPC user to execute rsync with sudo without password.

apt install rsync
echo "backuppc ALL=NOPASSWD: $(which rsync)" | sudo tee /etc/sudoers.d/backuppc
su - backuppc

Copy the password generated above to server itself.

ssh-copy-id backuppc@localhost

Initiate localhost backup.

backup localhost

Once the backup is running, you can see status under status menu.

host summary

You can now add more hosts to backup.

Backup Windows System via SMB Using BackupPC

Backup Windows System with BackupPC Using Rsyncd

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
gen_too
Co-founder of Kifarunix.com, Linux Tips and Tutorials. Linux/Unix admin and author at Kifarunix.com.

Leave a Comment