Mirror Your Web Site With rsync On Fedora 10 - Page 2
5 Configure server1.example.com
Now log in through SSH on server1.example.com as someuser (not root!)...
server1:
su someuser
... and do this:
server1:
(Please do this as someuser!)
mkdir ~/.ssh
chmod 700 ~/.ssh
mv ~/mirror-rsync-key.pub ~/.ssh/
cd ~/.ssh
touch authorized_keys
chmod 600 authorized_keys
cat mirror-rsync-key.pub >> authorized_keys
By doing this, we have appended the contents of mirror-rsync-key.pub to the file /home/someuser/.ssh/authorized_keys. /home/someuser/.ssh/authorized_keys should look similar to this:
server1:
(Still as someuser!)
vi /home/someuser/.ssh/authorized_keys
ssh-dss AAAAB3NzaC1[...]qqOyXtbUx7HOMEw== [email protected] |
Now we want to allow connections only from server2.example.com, and the connecting user should be allowed to use only rsync, so we add
command="/home/someuser/rsync/checkrsync",from="server2.example.com",no-port-forwarding,no-X11-forwarding,no-pty
right at the beginning of /home/someuser/.ssh/authorized_keys:
server1:
(Still as someuser!)
vi /home/someuser/.ssh/authorized_keys
command="/home/someuser/rsync/checkrsync",from="server2.example.com",no-port-forwarding,no-X11-forwarding,no-pty ssh-dss AAAAB3NzaC1[...]qqOyXtbUx7HOMEw== [email protected] |
It is important that you use a FQDN like server2.example.com instead of an IP address after from=, otherwise the automated mirroring will not work!
Now we create the script /home/someuser/rsync/checkrsync that rejects all commands except rsync.
server1:
(We still do this as someuser!)
mkdir ~/rsync
vi ~/rsync/checkrsync
#!/bin/sh case "$SSH_ORIGINAL_COMMAND" in *\&*) echo "Rejected" ;; *\(*) echo "Rejected" ;; *\{*) echo "Rejected" ;; *\;*) echo "Rejected" ;; *\<*) echo "Rejected" ;; *\`*) echo "Rejected" ;; rsync\ --server*) $SSH_ORIGINAL_COMMAND ;; *) echo "Rejected" ;; esac |
chmod 700 ~/rsync/checkrsync
6 Test rsync On server2.example.com
Now we must test on server2.example.com if we can mirror server1.example.com without being prompted for someuser's password. We do this:
server2:
(We do this as root!)
rsync -avz --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" [email protected]:/var/www/html/ /var/www/html/
(The --delete option means that files that have been deleted on server1.example.com should also be deleted on server2.example.com. The --exclude option means that these files/directories should not be mirrored; e.g. --exclude=**/error means "do not mirror /var/www/html/error". You can use multiple --exclude options. I have listed these options as examples; you can adjust the command to your needs. Have a look at
man rsync
for more information.)
You should now see that the mirroring takes place...
[root@server2 ~]# rsync -avz --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" [email protected]:/var/www/html/ /var/www/html/
receiving incremental file list
sent 62 bytes received 48 bytes 73.33 bytes/sec
total size is 20 speedup is 0.18
[root@server2 ~]#
... without being prompted for a password! This is what we wanted.
7 Create A Cron Job
We want to automate the mirroring, that is why we create a cron job for it on server2.example.com. Run crontab -e as root:
server2:
(We do this as root!)
crontab -e
and create a cron job like this:
*/5 * * * * /usr/bin/rsync -azq --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" [email protected]:/var/www/html/ /var/www/html/ |
This would run rsync every 5 minutes; adjust it to your needs (see
man 5 crontab
). I use the full path to rsync here (/usr/bin/rsync) just to go sure that cron knows where to find rsync. Your rsync location might differ. Run
server2:
(We do this as root!)
which rsync
to find out where yours is.