This is a "copy & paste" HowTo! The easiest way to follow this tutorial is to use a command line client/SSH client (like PuTTY for Windows) and simply copy and paste the commands (except where you have to provide own information like IP addresses, hostnames, passwords,...). This helps to avoid typos.

Mirror Your Web Site With rsync

Version 1.0
Author: Falko Timme

This tutorial shows how you can mirror your web site from your main web server to a backup server that can take over if the main server fails. We use the tool rsync for this, and we make it run through a cron job that checks every x minutes if there is something to update on the mirror. Thus your backup server should usually be up to date if it has to take over.

rsync updates only files that have changed, so you do not need to transfer 5 GB of data whenever you run rsync. It only mirrors new/changed files, and it can also delete files from the mirror that have been deleted on the main server. In addition to that it can preserve permissions and ownerships of mirrored files and directories; to preserve the ownerships, we need to run rsync as root which is what we do here. If permissions and/or ownerships change on the main server, rsync will also change them on the backup server.

In this tutorial we will tunnel rsync through SSH which is more secure; it also means you do not have to open another port in your firewall for rsync - it is enough if port 22 (SSH) is open. The problem is that SSH requires a password for logging in which is not good if you want to run rsync as a cron job. The need for a password requires human interaction which is not what we want.

But fortunately there is a solution: the use of public keys. We create a pair of keys (on our backup server, one of which is saved in a file on the remote system ( Afterwards we will not be prompted for a password anymore when we run rsync. This also includes cron jobs which is exactly what we want.

As you might have guessed already from what I have written so far, the concept is that we initiate the mirroring of directly from; does not have to do anything to get mirrored.

I will use the following setup here:

  • Main server: (server1) - IP address:
  • Mirror/backup server: (mirror) - IP address:
  • The web site that is to be mirrored is in /var/www on

rsync is for mirroring files and directories only; if you want to mirror your MySQL database, please take a look at these tutorials:

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

1 Install rsync

First we have to install rsync on both and For Debian systems, this looks like this:


(We do this as root!)

apt-get install rsync

On other Linux distributions you would use yum (Fedora/CentOS) or yast (SuSE) to install rsync.

2 Create An Unprivileged User On

Now we create an unprivileged user called someuser on that will be used by rsync on to mirror the directory /var/www (of course, someuser must have read permissions on /var/www on


(We do this as root!)

useradd -d /home/someuser -m -s /bin/bash someuser

This will create the user someuser with the home directory /home/someuser and the login shell /bin/bash (it is important that someuser has a valid login shell - something like /bin/false does not work!). Now give someuser a password:

passwd someuser

3 Test rsync

Next we test rsync on As root we do this:


rsync -avz -e ssh [email protected]:/var/www/ /var/www/

You should see something like this. Answer with yes:

The authenticity of host ' (' can't be established.
RSA key fingerprint is 32:e5:79:8e:5f:5a:25:a9:f1:0d:ef:be:5b:a6:a6:23.
Are you sure you want to continue connecting (yes/no)?

<-- yes

Then enter someuser's password, and you should see that's /var/www directory is mirrored to /var/www on

You can check that like this on both servers:


ls -la /var/www

You should see that all files and directories have been mirrored to, and the files and directories should have the same permissions/ownerships as on

4 Create The Keys On

Now we create the private/public key pair on


(We do this as root!)

mkdir /root/rsync
ssh-keygen -t dsa -b 1024 -f /root/rsync/mirror-rsync-key

You will see something like this:

Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): [press enter here]
Enter same passphrase again: [press enter here]
Your identification has been saved in /root/cron/mirror-rsync-key.
Your public key has been saved in /root/cron/
The key fingerprint is:
68:95:35:44:91:f1:45:a4:af:3f:69:2a:ea:c5:4e:d7 [email protected]

It is important that you do not enter a passphrase otherwise the mirroring will not work without human interaction so simply hit enter!

Next, we copy our public key to


(Still, we do this as root.)

scp /root/rsync/ [email protected]:/home/someuser/

The public key should now be available in /home/someuser on

Share this page:

Suggested articles

9 Comment(s)

Add comment


From: Anonymous

You should also add the parameter --numeric-ids to keep the value of the uid and gid of the file when its transfer.

From: Anonymous

As most websites these days are dynamic, you need to use different tools for mirroring.

I use wget to to create a mirror of my dyanmic pages.

From: Anonymous

I am mentioning because I am a customer that wants to see their business thrive. Take a look at their philosophy and their privacy/warrant policy and you'll see why ...

I use rsync (and Unison, and sftp) to automatically backup my most important files to a 4 GB offsite filesystem at, which they in turn replicate to their secondary loccation in Colorado.

It's a great solution. You should check them out.

From: Anonymous


ssh-keygen -t dsa -b 2048 -f /root/rsync/mirror-rsync-key


DSA keys must be 1024 bits


ssh-keygen -t dsa -b 1024 -f /root/rsync/mirror-rsync-key


If you are using ssh on a non-standard port quote the ssh part of the commands and include the port option.  For example...

rsync -avz -e 'ssh -p 8022' [email protected]:/var/www/ /var/www/


From: Mike

This is from around 1999 but still the very best rsync tutorial I've ever read:

From: Greg

Thank you for the tutorial. I have port 22 closed for security reasons on the main server. How can I add another port into your script?

I can't get past this otherwise: rsync -avz -e ssh [email protected]:/var/www/ /var/www/

Thanks again!

From: Aamnah

the ssh command let's you specify a port with the -p flag. You can modify the script like so:

rsync -avz -e ssh -p 1234 [email protected]:/var/www/ /var/www/

From: Aamnah

rsync -avz -e "ssh -p 1243" [email protected]:/var/www/ /var/www/