Mirror Your Web Site With rsync On Fedora 10 - Page 2

5 Configure server1.example.com

Now log in through SSH on server1.example.com as someuser (not root!)...

server1:

su someuser

... and do this:

server1:

(Please do this as someuser!)

mkdir ~/.ssh
chmod 700 ~/.ssh
mv ~/mirror-rsync-key.pub ~/.ssh/
cd ~/.ssh
touch authorized_keys
chmod 600 authorized_keys
cat mirror-rsync-key.pub >> authorized_keys

By doing this, we have appended the contents of mirror-rsync-key.pub to the file /home/someuser/.ssh/authorized_keys. /home/someuser/.ssh/authorized_keys should look similar to this:

server1:

(Still as someuser!)

vi /home/someuser/.ssh/authorized_keys
ssh-dss AAAAB3NzaC1[...]qqOyXtbUx7HOMEw== [email protected]

Now we want to allow connections only from server2.example.com, and the connecting user should be allowed to use only rsync, so we add

command="/home/someuser/rsync/checkrsync",from="server2.example.com",no-port-forwarding,no-X11-forwarding,no-pty

right at the beginning of /home/someuser/.ssh/authorized_keys:

server1:

(Still as someuser!)

vi /home/someuser/.ssh/authorized_keys
command="/home/someuser/rsync/checkrsync",from="server2.example.com",no-port-forwarding,no-X11-forwarding,no-pty ssh-dss AAAAB3NzaC1[...]qqOyXtbUx7HOMEw== [email protected]

It is important that you use a FQDN like server2.example.com instead of an IP address after from=, otherwise the automated mirroring will not work!

Now we create the script /home/someuser/rsync/checkrsync that rejects all commands except rsync.

server1:

(We still do this as someuser!)

mkdir ~/rsync
vi ~/rsync/checkrsync
#!/bin/sh

case "$SSH_ORIGINAL_COMMAND" in
        *\&*)
                echo "Rejected"
                ;;
        *\(*)
                echo "Rejected"
                ;;
        *\{*)
                echo "Rejected"
                ;;
        *\;*)
                echo "Rejected"
                ;;
        *\<*)
                echo "Rejected"
                ;;
        *\`*)
                echo "Rejected"
                ;;
        rsync\ --server*)
                $SSH_ORIGINAL_COMMAND
                ;;
        *)
                echo "Rejected"
                ;;
esac
chmod 700 ~/rsync/checkrsync

 

6 Test rsync On server2.example.com

Now we must test on server2.example.com if we can mirror server1.example.com without being prompted for someuser's password. We do this:

server2:

(We do this as root!)

rsync -avz --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" [email protected]:/var/www/html/ /var/www/html/

(The --delete option means that files that have been deleted on server1.example.com should also be deleted on server2.example.com. The --exclude option means that these files/directories should not be mirrored; e.g. --exclude=**/error means "do not mirror /var/www/html/error". You can use multiple --exclude options. I have listed these options as examples; you can adjust the command to your needs. Have a look at

man rsync

for more information.)

You should now see that the mirroring takes place...

[root@server2 ~]# rsync -avz --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" [email protected]:/var/www/html/ /var/www/html/
receiving incremental file list
sent 62 bytes received 48 bytes 73.33 bytes/sec
total size is 20 speedup is 0.18
[root@server2 ~]#

... without being prompted for a password! This is what we wanted.

 

7 Create A Cron Job

We want to automate the mirroring, that is why we create a cron job for it on server2.example.com. Run crontab -e as root:

server2:

(We do this as root!)

crontab -e

and create a cron job like this:

*/5 * * * * /usr/bin/rsync -azq --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" [email protected]:/var/www/html/ /var/www/html/

This would run rsync every 5 minutes; adjust it to your needs (see

man 5 crontab

). I use the full path to rsync here (/usr/bin/rsync) just to go sure that cron knows where to find rsync. Your rsync location might differ. Run

server2:

(We do this as root!)

which rsync

to find out where yours is.

 

Share this page:

3 Comment(s)