Loading...
 

BackupOfTikiSites

Backups of Tiki community sites

For backups of Tiki community sites, the default backup actions of console.php are being used. The resulting backups are then uploaded via SFTP into the directory ~/incoming/ on the Tiki community backup server bkp.tiki.org. Each tiki.org subdomain has a dedicated account on that server.

 Information

If you are responsible for running a Tiki community site, please contact amette for an account on bkp.tiki.org.

Example backup script

The following is an example script to back up multiple Tikis and then SFTP the resulting backups into the correct directory on bkp.tiki.org.

Script to back up dev/doc/themes.tiki.org
#!/bin/bash
# This script is being run from a dedicated user 'tikibackup'
# which is in the group 'www-data' so it can access the webroots
set -u

function errexit(){
        echo "Backup failed!"
        rm $TEMP/*
        exit 1
}

INSTANCE="dev doc themes"

for site in $INSTANCE; do
        # The web-root of the Tiki you are backing up
        TIKI_ROOT="/var/local/$site.tiki.org/www"
        # The following should be an empty directory just for the backups
        TEMP="/var/tmp/tikibackup/"
        # Use the following, if you want to keep backups, otherwise set to empty string
        KEEP=""
        # Your username on bkp.tiki.org
        BKP_USER="bkp-$site"
        # The private key to login to bkp.tiki.org with
        PRIVATE_KEY="/home/tikibackup/.ssh/id_rsa"
        trap errexit 1 2 3 15 ERR
        mkdir -p $TEMP
        cd $TIKI_ROOT
        svn cleanup
        php console.php database:backup $TEMP
        php console.php backup:files $TEMP
        if [ "$KEEP" != "" ];
        then
                ln $TEMP/* $KEEP/
        fi
        cd $TEMP
        echo "put *" | sftp -oIdentityFile=$PRIVATE_KEY -q "$BKP_USER@bkp.tiki.org:incoming/" > /dev/null 2>&1
        rm $TEMP/*
done

Backend of bkp.tiki.org

bkp.tiki.org is a completely bare-bones machine with nothing but OpenSSH running and jailing users into SFTP allowing login only via SSH keys. Every Tiki subdomain has it’s own user, that can write into the directory ~/incoming/ to upload backups. These backups are rotated daily into the directory ~/archive/, which is read-only. This way every Tiki site administrator can access all backups of the last 31 days from the directory ~/archives, but in case her server gets hacked and a malicious attacked wants to delete data, it’s not possible.

Backup testing on nxt.tiki.org

The next-doc/dev/themes fetch the latest backup from bkp.tiki.org and install it afresh each night. This way we always test the latest code with the latest data and also test our backups at the same time.

Created by amette. Last Modification: Sunday 15 October 2017 12:48:22 CEST by amette.

Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.