Mirror Your Web Site With rsync
Author: Falko Timme
Last edited 04/20/2006
This tutorial shows how you can mirror your web site from your main web server to a backup server that can take over if the main server fails. We use the tool rsync for this, and we make it run through a cron job that checks every x minutes if there is something to update on the mirror. Thus your backup server should usually be up to date if it has to take over.
rsync updates only files that have changed, so you do not need to transfer 5 GB of data whenever you run rsync. It only mirrors new/changed files, and it can also delete files from the mirror that have been deleted on the main server. In addition to that it can preserve permissions and ownerships of mirrored files and directories; to preserve the ownerships, we need to run rsync as root which is what we do here. If permissions and/or ownerships change on the main server, rsync will also change them on the backup server.
In this tutorial we will tunnel rsync through SSH which is more secure; it also means you do not have to open another port in your firewall for rsync - it is enough if port 22 (SSH) is open. The problem is that SSH requires a password for logging in which is not good if you want to run rsync as a cron job. The need for a password requires human interaction which is not what we want.
But fortunately there is a solution: the use of public keys. We create a pair of keys (on our backup server mirror.example.com), one of which is saved in a file on the remote system (server1.example.com). Afterwards we will not be prompted for a password anymore when we run rsync. This also includes cron jobs which is exactly what we want.
As you might have guessed already from what I have written so far, the concept is that we initiate the mirroring of server1.example.com directly from mirror.example.com; server1.example.com does not have to do anything to get mirrored.
I will use the following setup here:
- Main server: server1.example.com (server1) - IP address: 192.168.0.100
- Mirror/backup server: mirror.example.com (mirror) - IP address: 192.168.0.175
- The web site that is to be mirrored is in /var/www on server1.example.com.
rsync is for mirroring files and directories only; if you want to mirror your MySQL database, please take a look at these tutorials:
I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
1 Install rsync
First we have to install rsync on both server1.example.com and mirror.example.com. For Debian systems, this looks like this:
(We do this as root!)
apt-get install rsync
On other Linux distributions you would use yum (Fedora/CentOS) or yast (SuSE) to install rsync.
2 Create An Unprivileged User On server1.example.com
Now we create an unprivileged user called someuser on server1.example.com that will be used by rsync on mirror.example.com to mirror the directory /var/www (of course, someuser must have read permissions on /var/www on server1.example.com).
(We do this as root!)
useradd -d /home/someuser -m -s /bin/bash someuser
This will create the user someuser with the home directory /home/someuser and the login shell /bin/bash (it is important that someuser has a valid login shell - something like /bin/false does not work!). Now give someuser a password:
3 Test rsync
Next we test rsync on mirror.example.com. As root we do this:
rsync -avz -e ssh firstname.lastname@example.org:/var/www/ /var/www/
You should see something like this. Answer with yes:
The authenticity of host 'server1.example.com (192.168.0.100)' can't be established.
Then enter someuser's password, and you should see that server1.example.com's /var/www directory is mirrored to /var/www on mirror.example.com.
You can check that like this on both servers:
ls -la /var/www
You should see that all files and directories have been mirrored to mirror.example.com, and the files and directories should have the same permissions/ownerships as on server1.example.com.
4 Create The Keys On mirror.example.com
Now we create the private/public key pair on mirror.example.com:
(We do this as root!)
ssh-keygen -t dsa -b 1024 -f /root/rsync/mirror-rsync-key
You will see something like this:
Generating public/private dsa key pair.
It is important that you do not enter a passphrase otherwise the mirroring will not work without human interaction so simply hit enter!
Next, we copy our public key to server1.example.com:
(Still, we do this as root.)
scp /root/rsync/mirror-rsync-key.pub email@example.com:/home/someuser/
The public key mirror-rsync-key.pub should now be available in /home/someuser on server1.example.com.