1
0
Fork
You've already forked backup-www-db
0
My bash script to backup www folders and MariaDB/MySQL Databases encrypted with rclone and pushover notifications support.
  • Shell 100%
Find a file
2025年07月11日 08:03:26 +02:00
.forgejo/workflows Initial Release v1.0.0 2025年05月03日 18:11:52 +02:00
backup-www-db.conf Release v1.2.0 2025年06月30日 16:34:03 +02:00
backup-www-db.sh Release v1.2.0 2025年06月30日 16:34:03 +02:00
CHANGELOG.md Release v1.2.0 2025年06月30日 16:34:03 +02:00
LICENSE Initial Release v1.0.0 2025年05月03日 18:11:52 +02:00
README.md Update LICENSE link in README 2025年07月11日 08:03:26 +02:00

release MIT License Donate

🛡️ backup-www-db

An enhanced bash script to back up MySQL/MariaDB databases and web directories like /var/www individually.


Features

📁 Per-Directory Web Backup
Backs up each subdirectory in /var/www into its own compressed archive.

🛢️ MySQL/MariaDB Database Dumps
Detects your database engine and creates compressed dumps of all databases.

🚫 Exclusions
Easily exclude specific web folders/files or databases via configuration.

🔐 Optional GPG Encryption
Encrypt each backup archive using GPG asymmetric encryption (optional).

☁️ Rclone Remote Upload
Uploads backups to any rclone compatible remote (e.g., Nextcloud, Google Drive, S3).

🧹 Retention Policy
Deletes old backups based on a user-defined retention period.

📲 Pushover.net Notifications
Sends backup status alerts to your phone or desktop via Pushover.

📝 Detailed Logging
Logs all backup activities and errors to a dedicated log file.

🧪 Backup Integrity Checks
Verifies .tar.gz and .sql.gz files to ensure data integrity.


🛠️ Requirements

  • Bash 4.x or later
  • Root permissions
  • mysqldump or mariadb-dump
  • gzip, tar, gpg
  • rclone
  • curl

🚀 Installation

  1. Clone the repository: git clone https://codeberg.org/CaLiS/backup-www-db.git
  2. Set permissions:
    • chown -R root backup-www-db
    • cd backup-www-db
    • chmod 700 backup-www-db.sh && chmod 600 backup-www-db.conf
  3. Create the MySQL credentials file ~/.my.cnf:
    • echo -e "[client]\nuser=root\npassword=root_password" | sudo tee /root/.my.cnf > /dev/null
    • chmod 600 /root/.my.cnf
  4. Configure variables in backup-www-db.conf
  5. Optional: configure rclone
  6. Optional: configure gpg

⚙️ Configuration

Edit backup-www-db.conf to adjust settings, they should be self explaining:

BACKUP_SOURCE_DIR="/var/www"
BACKUP_TARGET_DIR="/var/backups/backup-www-db"
RETENTION_DAYS=7
MAX_DELETIONS=5
LOG_FILE="/var/log/backup-www-db_$(date '+%Y-%m-%d_%H-%M-%S').log"
LOG_FILE_RETENTION_DAYS=7
RCLONE_REMOTE="YourRemote:/backup-www-db"
ENABLE_PUSHOVER=true
PUSHOVER_USER_KEY="your_user_key"
PUSHOVER_APP_TOKEN="your_app_token"
PUSHOVER_API_URL="https://api.pushover.net/1/messages.json"
ENABLE_ENCRYPTION=true
GPG_EMAIL="you@example.com"
EXCLUDE_SUBDIR=("/var/www/site1" "/var/www/site2")
EXCLUDE_DB=("db1" "db2")
EXCLUDE_ARCHIVE=("*.log" "cache/" "tmp/")

Exclusions

Exclude a subdirectory completly:
EXCLUDE_SUBDIR=("/var/www/site1")

Exclude a database completly:
EXCLUDE_DB=("db1")

Exclude files and folders from inside a subdirectory (wildcard support)
EXCLUDE_ARCHIVE=("*.log" "cache/")

📁 Backup Structure

├── 2025年05月02日_15-30-00/
│ ├── mysql/
│ │ ├── db1.sql.gz.gpg
│ │ ├── db2.sql.gz.gpg
│ │ └── ...
│ └── www/
│ ├── site1.tar.gz.gpg
│ ├── site2.tar.gz.gpg
│ └── ...
└── ...

📦 Running the Script

Manually run the script

sudo /path/to/backup-www-db.sh

Run via cronjob

sudo crontab -e

Add:

0 2 * * * /path/to/backup-www-db.sh

🔓 Encryption

Setup encryption key

To ensure your backup script can run non-interactively, generate a GPG key without a passphrase:

⚠️ WARNING: A GPG key without a passphrase should be protected carefully. Store it securely and restrict access to the system and user account that holds it.

  1. Run the following command:
    • gpg --full-generate-key
  2. When prompted:
    • Key type: Select the default (RSA)
    • Key size: Use at least 4096 bits
    • Expiration: Choose a suitable duration or 0 for no expiration
    • User ID: Enter your email
    • Passphrase: Leave blank and press Enter to skip
  3. After generation, list your keys:
    • gpg --list-keys
  4. Use the email shown for the script’s GPG_EMAIL variable.

⚠️ IMPORTANT: Be sure to securely back up your GPG private key. If the key is lost, you will be unable to decrypt and restore your encrypted backups.

Decrypting Backups

Use the following command to decrypt a backup file:

gpg --output decrypted_file.tar.gz --decrypt backup_file.tar.gz.gpg

⚠️ IMPORTANT: You must have access to the GPG private key used during encryption. Without it, the backup cannot be decrypted.

📌 License

This script is released under the MIT License.

🙏 Acknowledgements