Backups¶
Since MaadiX release 202301, you will have the option of subscribing to the backup service that is offered using the Borg software. The copies are stored on a remote server and encrypted at the source.
The remote server does not know the key needed to decrypt the copies.
The Borg Backup tool creates backups using the ‘deduplicating’ technique. This technique allows you to create copies incrementally, i.e. only new or changed files are stored in the new copies, which allows you to optimise the use of resources.
To retrieve the copies created by Borg and navigate between the folders it is necessary to first decrypt them and then transform the incremental files created by Borg into readable files that allow access to their contents.
You can check the official website of the project here: https://www.borgbackup.org/
The Control Panel offers both functionalities, but it is essential to make a copy of the of key needed to decrypt the backups and save it on one or more external devices. Without this key, in the event of your system being compromised, the backups would be unreadable.
The MaadiX team does not know this secret key, so if you lose it, there will be no way to access the contents of the backups.
Copying key¶
Once the backup service has been activated, you will receive an email recommending you to access the Control Panel to download a copy of the encryption key. The encryption key is a ‘secret’ in text format that you can save to a file. Until until you complete this process, you will not be able to perform any other tasks from the control panel.
The first time you access the control panel after you have activated the backup system you will see an alert like this:
Access to other sections of the control panel will be prevented until you you complete the key export process.
The first step is to request the key to be exported, by clicking ‘Export Key’
The export process can take between one and three minutes. Wait until the following window appears
Once the password is exported, a field will appear in which you will have to insert control panel password in order to be able to display it.
You can use the ‘Copy Key’ button to make sure you don’t make mistakes in the selection of the character string.
Once you have copied the string, paste it into a plain text (.txt) file and save it to one or more secure external devices (computer, hard disk, etc). Don’t forget to click on the ‘Saved key’ button so that the control panel will not force you to repeat the process again.
You will be able to make a copy of the key again at any time by visiting the page ‘System’ -> ‘Back-ups’.
Accessing copies¶
You can check the available backups from the ‘System’ -> ‘Backups’ tab. This page shows a list of the existing backups and allows you to ‘Mount’ or ‘Unmount’ any of them.
If a copy is mounted, you can access it via SSH/SFTP with the Supeusuarix account and you will have available all the files it contains for copying or downloading. Access to mounted copies is read-only. They cannot be modified.
Mounted copies do not take up space on the server’s disk. It is a mount point that reconstructs the state of files on a specific date.
If you reboot the server the mount point is switched off. You will then have to remount it from the control panel if you want to access the files.
The cycle that specifies how many copies are retained is shown in the right column.
When a copy is deleted by the rotation cycle, it will no longer appear in the list of available copies and cannot be remounted.
However, if it was already mounted at the time it was deleted by the rotation cycle, it will still be available and you will still be able to access the files. You can distinguish these copies because they are listed underneath the previous ones as Cache Mounted Folders as you can see in the image above.
It should be noted that the mounted folders are unmounted on every server reboot and also use system resources, so the best practice for preserving old copies is to download them to another devices.
What copies are made?¶
All mysql databases are backed up with a single dump. If you have installed applications that use MongoDB or PostgreSQL, these databases are also backed up.
The openldap directory containing all the information added via the control panel (installed applications, ordinary and e-mail accounts, domains, server configurations, etc.) is backed up as well.
In terms of files, the contents of all the following directories are backed up:
/boot → Contiene todo lo necesario para el proceso de arranque
/etc → Contiene archivos de configuración del sistema y de varios servicios (Let’s encrypt, Vhosts de los dominios, Mysql, SSH, Apache...)
/home → Contiene las carpetas de las cuentas en /home/username y los crreos en /home/vmail
/opt → Contiene archivos de configuración y la aplicación Mailman si está instalada
/root → Contiene archivos de configuración de root
/usr → Contiene librerías y aplicaciones, entre ellas el panel de control
/srv → Contiene datos específicos de algunas aplicaciones. De momento en MaadiX no se utiliza
/var → Contiene aplicaciones y las carpetas de los dominios crreados desde el panel de control (webs, Nextcloud...)
From these folders the following subfolders are excluded to avoid redundancies and copying temporary files:
/home/.trash → Contiene los archivos que se hayan borrado desde el panel de control
All of the following folders are libraries, cache files or binaries that do not make sense to back up and are excluded from the backup:
/usr/bin
/usr/lib
/usr/sbin
/usr/src
/var/backups
/var/cache
/var/lib/apt
/var/lib/docker
/var/lib/dpkg
/var/lib/fail2ban
/var/lib/mlocate
/var/lib/mongodb
/var/lib/munin
/var/lib/mysql
/var/lib/postgresql
/var/lib/smartmontools
A rotation cycle is applied which retains the following copies: 7 daily (last 7 days) 8 weekly, 4 monthly.
You can check the backup script at: