source: box/boxbackup-web/server.html @ 1901

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
<title>Box Backup server configuration</title>
<link rel="stylesheet" href="bbstyles.css" type="text/css" />
</head>
<body>
<div align="center">
<div id="header">
<div id="logo">
<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
</div>
<div id="page">

<h1>Box Backup server configuration</h1>

<h2>Log files</h2>

<p>You may wish to see what's going on with the server. Edit /etc/syslog.conf, and add</p>

<pre>
local6.info                         /var/log/box
local5.info                         /var/log/raidfile
</pre>

<p>Note separators must be tabs, otherwise it ignores you.</p>

<pre>
touch /var/log/box
touch /var/log/raidfile
</pre>

<p>And then get them rotated, by adding in /etc/newsyslog.conf</p>

<pre>
/var/log/box                644  7    2000 *     Z
/var/log/raidfile           644  7    2000 *     Z
</pre>

<p>Then restart syslogd.</p>

<h2>RAID setup</h2>

<p>The server does RAID in userland for that extra bit of reliability. You need to
set this up separately from the server. To create <tt>/etc/box/raidfile.conf</tt>,</p>

<pre>
/usr/local/bin/raidfile-config /etc/box 2048 /raid/0.0 /raid/0.1 /raid/0.2
</pre>

<p>But adjust it for your system. 2048 is the block size. Under BSD with FFS, set this to
your filing system's fragment size (most likely an 8th of the block size), otherwise the block size of
the filing system, for maximum efficiency.</p>

<p>The three directories are the locations of the roots of the raid file directories.
These are probably the mount points of three big partitions on three <b>separate physical discs</b>.
If you don't have this, see below on how to disable userland RAID.</p>

<p>Edit <tt>/etc/box/raidfile.conf</tt> if you have another set of three discs you want
to use -- just add another section for each set.</p>

<h3>Disabling userland RAID</h3>

<p>If you only have one disc, or a hardware RAID array, you probably won't want to use userland
RAID.</p>

<p>In this case, follow the above instructions, but only specify one directory for the
<tt>raidfile-config</tt> script. This will generate a raidfile.conf which disables userland
RAID, and stores files in the single directory you specify.</p>

<p><b>NOTE</b> Running the server in non-RAID mode has not been tested as extensively as
in RAID file mode.</p>


<h2>Server basic setup</h2>

<p>Create a user to run the server under:</p>

<pre>
useradd _bbstored
</pre>

<p>Create <tt>/etc/box/bbstored.conf</tt> with:</p>

<pre>
/usr/local/bin/bbstored-config /etc/box <b>hostname</b> _bbstored
</pre>

<p>(See <a href="openssl.html">OpenSSL notes</a> if you get an OpenSSL error)</p>

<p>(set hostname to the address the clients
will use to contact this server) <b>Are you using a NAT device or firewall?</b> See the note below.</p>

<p><b>Read the output</b> for details of what to do next. There is an example at the end of this page,
but do follow the instructions output when you run the script yourself.</p>

<p>Make sure the user can write to the raid file directories! For more precise control,
create a <tt>backup</tt> directory within each of the raid root directories, and change
their permissions accordingly.</p>

<p>If there are other users on this server, you will probably want to stop other users
reading the certificates.</p>

<pre>
chown -R _bbstored /etc/box/bbstored
chmod -R go-rwx /etc/box/bbstored
</pre>

<h2>Configuration for hosts behind a NAT device or firewall</h2>

<p>The hostname specified is used for 1) the name in the server's certificate and 2) the
address the server will listen on.</p>

<p>If the IP address of the machine isn't the same as the IP address it appears to have to
the outside world (because the NAT device or firewall translates it), then this will fail.
The server will look up the hostname, and then fail to bind to that address since it is not a local
address.</p>

<p>To get around this, you have two options. Either specify the local IP address with the
<tt>bbstored-config</tt> command (the name in the certificate won't match the real address, but
this is not a problem at the moment), or specify the real address, but edit the <tt>bbstored.conf</tt>
file and correct the <tt>ListenAddresses</tt> directive later to reflect the local address.</p>

<h2>Get certified</h2>

<p>As per the instructions in the <a href="accounts.html">certificates and accounts management</a> page,
sign your certificate and install it as directed.</p>

<h2>Start the server</h2>

<pre>
/usr/local/bin/bbstored
</pre>

<p>Add this to your system startup scripts.</p>

<p>Please read the <a href="trouble.html">Troubleshooting</a> page if you have problems.</p>

<p>If you configured the server so the configuration file is somewhere other than <tt>/etc/box/bbstored.conf</tt>,
run the server as, for example,<p>

<pre>
/usr/local/bin/bbstored /some/other/config/dir/bbstored.conf
</pre>

<h2>root not required</h2>

<p>The backup server is configured to be run as root, but changes user to the user
you specify as soon as it can -- this is simply for convenience when starting the daemon
in system start up scripts. However, you can <a href="nonroot.html">run without root</a>
entirely by making a small change to the configuration file.</p>


<h2>Example configuration output</h2>

<p>This is an example of output from the bbstored-config script. <b>Important:</b>
Follow the instructions output by your script, not the ones here -- they may be different
for your system.</p>

<pre>
# /usr/local/bin/bbstored-config /etc/box server.example.com _bbstored                                    
Checking permissions on /raid/0.0/backup
Checking permissions on /raid/0.1/backup
Checking permissions on /raid/0.2/backup

Setup bbstored config utility.

Configuration:
   Writing configuration file: /etc/box/bbstored.conf
   Writing empty accounts file: /etc/box/bbstored/accounts.txt
   Server hostname: server.example.com
   RaidFile config: /etc/box/raidfile.conf

Creating /etc/box/bbstored
Creating blank accounts file
Generating private key...
 [OpenSSL output omitted]

Writing configuration file /etc/box/bbstored.conf

===================================================================

bbstored basic configuration complete.

What you need to do now...

1) Sign /etc/box/bbstored/server.example.com-csr.pem
   using the bbstored-certs utility.

2) Install the server certificate and root CA certificate as
      /etc/box/bbstored/server.example.com-cert.pem
      /etc/box/bbstored/clientCA.pem

3) You may wish to read the configuration file
      /etc/box/bbstored.conf
   and adjust as appropraite.

4) Create accounts with bbstoreaccounts

5) Start the backup store daemon with the command
      /usr/local/bin/bbstored
   in /etc/rc.local, or your local equivalent.

===================================================================
</pre>

<p>&nbsp;</p>
<p>&copy; Ben Summers, 2003, 2004</p>
<p>&nbsp;</p>
</div>
</div>
</body>
</html>