Creating Encrypted FTP Backups With duplicity And ftplicity On Debian Etch

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Sun, 2007-12-16 19:06. :: Debian | Backup

Creating Encrypted FTP Backups With duplicity And ftplicity On Debian Etch

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 12/10/2007

When you rent a dedicated server nowadays, almost all providers give you FTP backup space for your server on one of the provider's backup systems. This tutorial shows how you can use duplicity and ftplicity to create encrypted (so that nobody with access to the backup server can read sensitive data in your backups) backups on the provider's remote backup server over FTP. ftplicity is a duplicity wrapper script (provided by the German computer magazine c't) that allows us to use duplicity without interaction (i.e., you do not have to type in any passwords).

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

In this tutorial I call the backup server backup.example.com where I have an FTP account with the username backupuser and the password secret. On my own server, I want to backup the directory /home/exampleuser.

 

2 Installing duplicity

First we make sure our system is up-to-date:

apt-get update

apt-get upgrade

Then we install duplicity as follows:

apt-get install duplicity

 

3 Our First Backup

Now let's do our first backup:

FTP_PASSWORD=secret duplicity /home/exampleuser ftp://backupuser@backup.example.com/

server2:/home/exampleuser# FTP_PASSWORD=secret duplicity /home/exampleuser ftp://backupuser@backup.example.com/
GnuPG passphrase:
Retype to confirm:
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1197306549.59 (Mon Dec 10 18:09:09 2007)
EndTime 1197306610.85 (Mon Dec 10 18:10:10 2007)
ElapsedTime 61.26 (1 minute 1.26 seconds)
SourceFiles 342
SourceFileSize 10545818 (10.1 MB)
NewFiles 342
NewFileSize 10545818 (10.1 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 342
RawDeltaSize 10513050 (10.0 MB)
TotalDestinationSizeChange 8968398 (8.55 MB)
Errors 0
-------------------------------------------------

server2:/home/exampleuser#

As you see you will be asked for a GnuPG passphrase. You can type in any password you like; this has to be done everytime you run duplicity. The backup will be encrypted with the help of GnuPG. Permissions and ownerships will be preserved in the backup.

To create the backup in a subdirectory on the backup server, you'd modify the command as follows:

FTP_PASSWORD=secret duplicity /home/exampleuser ftp://backupuser@backup.example.com/subdirectory

When you run duplicity for the first time, it will create a full backup; afterwards, it creates incremental backups. To force the creation of a full backup again, you can use the --full switch:

FTP_PASSWORD=secret duplicity --full /home/exampleuser ftp://backupuser@backup.example.com/

To exclude a directory from the backup, e.g. /home/exampleuser/tmp, you can use the --exclude switch:

FTP_PASSWORD=secret duplicity --exclude /home/exampleuser/tmp /home/exampleuser ftp://backupuser@backup.example.com/

If you are backing up the root directory /, remember to --exclude /proc, or else duplicity will probably crash.

To learn more about the available duplicity options, take a look at

man duplicity

 

4 Restore A Backup

Now let's assume we have deleted everything in /home/exampleuser and want to restore it from our FTP backup. This is how it's done:

FTP_PASSWORD=secret duplicity ftp://backupuser@backup.example.com/ /home/exampleuser

Please note that in this case the remote location comes before to local folder!


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by sjau (registered user) on Wed, 2008-05-28 18:31.

Well, I've gotten this error for a few times when I tried to run duplicity/ftplicity.

cp:/backup# FTP_PASSWORD=********* duplicity /backup/current ftp://*********@*********/test
Traceback (most recent call last):
  File "/usr/bin/duplicity", line 373, in ?
    if __name__ == "__main__": main()
  File "/usr/bin/duplicity", line 349, in main
    globals.archive_dir).set_values()
  File "/usr/lib/python2.4/site-packages/duplicity/collections.py", line 406, in set_values
    backend_filename_list = self.backend.list()
  File "/usr/lib/python2.4/site-packages/duplicity/backends.py", line 365, in list
    try: return self.error_wrap('nlst')
  File "/usr/lib/python2.4/site-packages/duplicity/backends.py", line 335, in error_wrap
    except ftplib.all_errors, e: raise BackendException(e)
duplicity.backends.BackendException: 226 Transfer complete.
cp:/backup#

Well, I don't know the reason why this happens but I know how to prevent this. This happens if you try to run duplicity or ftplicity into a backup folder that is EMTPY. In that case above, the folder /test on the server was empty. I just needed to create one file there and afterwards it runs fine.

Submitted by Anonymous (not registered) on Sat, 2008-10-04 17:59.
create an emtpy file in the backup directory. it's a bug.