From 83b5409b1b0ef6a20816706c011760608e2057e8 Mon Sep 17 00:00:00 2001 From: wh1te909 Date: Sun, 18 Oct 2020 23:45:21 +0000 Subject: [PATCH] fix backup/restore --- README.md | 2 +- backup.sh | 38 +++++++++++++++++++++++++++++++------- install.sh | 4 +--- restore.sh | 19 ++++++++++++------- 4 files changed, 45 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 70233a8c..96157c15 100644 --- a/README.md +++ b/README.md @@ -131,7 +131,7 @@ During the install you can opt out of using the Let's Encrypt certificate. If yo If you are migrating from Let's Encrypt to another certificate provider, you can create the /certs directory and copy your certificates there. It is recommended to do this because this directory will be backed up with the backup script provided. Then modify the nginx configurations to use your new certificates -The cert that is generated in a wildcard certificate and is used in the nginx configurations: rmm.conf, api.conf, and mesh.conf. If you can't generate wildcard certificates you can create a cert for each subdomain and configure each nginx configuration file to use it's own certificate. Then restart nginx: +The cert that is generated is a wildcard certificate and is used in the nginx configurations: rmm.conf, api.conf, and mesh.conf. If you can't generate wildcard certificates you can create a cert for each subdomain and configure each nginx configuration file to use its own certificate. Then restart nginx: ``` sudo systemctl restart nginx diff --git a/backup.sh b/backup.sh index cdff65b9..fc778c18 100644 --- a/backup.sh +++ b/backup.sh @@ -1,21 +1,41 @@ #!/bin/bash +SCRIPT_VERSION="1" +SCRIPT_URL='https://raw.githubusercontent.com/wh1te909/tacticalrmm/develop/backup.sh' + +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +RED='\033[0;31m' +NC='\033[0m' + +TMP_FILE=$(mktemp -p "" "rmmbackup_XXXXXXXXXX") +curl -s -L "${SCRIPT_URL}" > ${TMP_FILE} +NEW_VER=$(grep "^SCRIPT_VERSION" "$TMP_FILE" | awk -F'[="]' '{print $3}') + +if [ "${SCRIPT_VERSION}" -ne "${NEW_VER}" ]; then + printf >&2 "${YELLOW}A newer version of this backup script is available.${NC}\n" + printf >&2 "${YELLOW}Please download the latest version from ${GREEN}${SCRIPT_URL}${YELLOW} and re-run.${NC}\n" + rm -f $TMP_FILE + exit 1 +fi if [ $EUID -eq 0 ]; then echo -ne "\033[0;31mDo NOT run this script as root. Exiting.\e[0m\n" exit 1 fi -GREEN='\033[0;32m' -NC='\033[0m' +##################################################### + +POSTGRES_USER="changeme" +POSTGRES_PW="hunter2" + +##################################################### if [ ! -d /rmmbackups ]; then sudo mkdir /rmmbackups sudo chown ${USER}:${USER} /rmmbackups fi -POSTGRES_USER="changeme" -POSTGRES_PW="hunter2" - dt_now=$(date '+%Y_%m_%d__%H_%M_%S') tmp_dir=$(mktemp -d -t tacticalrmm-XXXXXXXXXXXXXXXXXXXXX) sysd="/etc/systemd/system" @@ -38,8 +58,12 @@ mongodump --gzip --out=${tmp_dir}/meshcentral/mongo sudo tar -czvf ${tmp_dir}/salt/etc-salt.tar.gz -C /etc/salt . tar -czvf ${tmp_dir}/salt/srv-salt.tar.gz -C /srv/salt . -sudo tar -czvf ${tmp_dir}/certs/etc-letsencrypt.tar.gz -C /etc/letsencrypt . -sudo tar -czvf ${tmp_dir}/certs/certs.tar.gz -C /certs . +if [ -d "/certs" ]; then + sudo tar -czvf ${tmp_dir}/certs/certs.tar.gz -C /certs . +else + sudo tar -czvf ${tmp_dir}/certs/etc-letsencrypt.tar.gz -C /etc/letsencrypt . +fi + sudo tar -czvf ${tmp_dir}/nginx/etc-nginx.tar.gz -C /etc/nginx . diff --git a/install.sh b/install.sh index 18535680..d2f9f6aa 100755 --- a/install.sh +++ b/install.sh @@ -139,8 +139,6 @@ sudo apt install -y software-properties-common sudo apt update sudo apt install -y certbot openssl -sudo mkdir /certs - until [[ $LETS_ENCRYPT =~ (y|n) ]]; do echo -ne "${YELLOW}Do you want to generate a Let's Encrypt certificate?[y,n]${NC}: " read LETS_ENCRYPT @@ -163,7 +161,7 @@ else echo -ne "\n${GREEN}We will generate a self-signed certificate for you.${NC}\n" echo -ne "\n${GREEN}You can replace this certificate later by generating the certificates and editing the nginx configuration${NC}\n" read -n 1 -s -r -p "Press any key to continue..." - sudo mkdir /certs/${rootdomain} + sudo mkdir -p /certs/${rootdomain} sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out /certs/${rootdomain}/pubkey.pem -keyout /certs/${rootdomain}/privkey.pem -subj "/C=US/ST=Some-State/L=city/O=Internet Widgits Pty Ltd/CN=*.${rootdomain}" CERT_PRIV_KEY=/certs/${rootdomain}/privkey.pem diff --git a/restore.sh b/restore.sh index 621099ad..d5a1197d 100755 --- a/restore.sh +++ b/restore.sh @@ -1,6 +1,6 @@ #!/bin/bash -SCRIPT_VERSION="1" +SCRIPT_VERSION="2" SCRIPT_URL='https://raw.githubusercontent.com/wh1te909/tacticalrmm/develop/restore.sh' GREEN='\033[0;32m' @@ -118,12 +118,17 @@ fi print_green 'Restoring certbot' sudo apt install -y software-properties-common -sudo apt install -y certbot -sudo rm -rf /etc/letsencrypt -sudo mkdir /etc/letsencrypt -sudo tar -xzf $tmp_dir/certs/etc-letsencrypt.tar.gz -C /etc/letsencrypt -sudo mkdir /certs -sudo tar -xzf $tmp_dir/certs/certs.tar.gz -C /certs +sudo apt install -y certbot openssl + +if [ -f "${tmp_dir}/certs/certs.tar.gz" ]; then + sudo mkdir /certs + sudo tar -xzf $tmp_dir/certs/certs.tar.gz -C /certs +else + sudo rm -rf /etc/letsencrypt + sudo mkdir /etc/letsencrypt + sudo tar -xzf $tmp_dir/certs/etc-letsencrypt.tar.gz -C /etc/letsencrypt +fi + print_green 'Restoring celery configs'