Aus EUserv Wiki

Aktuelle Version vom 14:29, 7. Mai 2013

Languages:

Deutsch  • English

Encrypt the Rsync connection to the BackupHD

General

Hint: To use rsync for your BackupHD, you have to activate the function in the customer center. To do so navigate to the menu-point "Verwaltung" after you have chosen your contract and make the tick under "Rsync active".

Then click on the button "Ändern". Your BackupHD will be activated within 24 hours for rsync.

If you want to encrypt the rsync-connection to your BackupHD, you have the possibility to set an stunnel.

By that the connection to your BackupHD will be encrypted via SSL.

This instruction describes the setup of stunnel under Linux and Windows.

= Setup of stunnel

Linux

First you have to install stunnel on your system. There should be a package available for your package manager.

CentOS

 yum install stunnel

Now you have to create the stunnel configuration file

 vi /etc/stunnel/stunnel.conf

and edit the following changes:

   
; Certificate/key is needed in server mode and optional in client mode
;cert = /etc/ssl/certs/stunnel.pem
;key = /etc/ssl/certs/stunnel.pem

; PID is created inside the chroot jail
pid = /stunnel.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib

; Some debugging stuff useful for troubleshooting
debug = 5
output = /var/log/stunnel/stunnel.log

; Use it for client mode
client = yes

Service-level configuration

[pop3s]
accept  = 995
connect = 110

[imaps]
accept  = 993
connect = 143

[ssmtp]
accept  = 465
connect = 25

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0

[ssync]
accept = 873
connect = rsync1.euserv.de:273
  

Now you can start stunnel with the following command:

 stunnel /etc/stunnel/stunnel.conf

The use of rsync:

For an stunnel encrypred through the rsync-connection you can specify localhost as server:

for example

 rsync -avuz /dev/zero ftpbackup-1234@localhost::ftpbackup-1234

Exiting stunnel:

 killall stunnel

Debian/Ubuntu

 aptitude install stunnel

Now you have to edit the stunnel configuration file

 vi /etc/stunnel/stunnel.conf

and make the following changes:

   
; Certificate/key is needed in server mode and optional in client mode
;cert = /etc/ssl/certs/stunnel.pem
;key = /etc/ssl/certs/stunnel.pem

; PID is created inside the chroot jail
pid = /stunnel.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib

; Some debugging stuff useful for troubleshooting
debug = 5
output = /var/log/stunnel/stunnel.log

; Use it for client mode
client = yes

Service-level configuration

[pop3s]
accept  = 995
connect = 110

[imaps]
accept  = 993
connect = 143

[ssmtp]
accept  = 465
connect = 25

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0

[ssync]
accept = 873
connect = rsync1.euserv.de:273
  

Generating the stunnel certificate and private key (pem):

 openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem

Enter the necessary information:

 
Country Name:
State or Province name:
Locality:
Organization Name:
Organizational Unit Name:
Common Name (FQDN):
  

Finally edit the following file:

 vi /etc/default/stunnel

and change the following line:

 
# Change to one to enable stunnel automatic startup
ENABLED=1
  

Now you can start stunnel with the following command:

 stunnel /etc/stunnel/stunnel.conf

The use of rsync:

For an stunnel encrypred through the rsync-connection you can specify localhost as server:

for example

 rsync -avuz /dev/zero ftpbackup-1234@localhost::ftpbackup-1234

Exiting stunnel:

 killall stunnel

OpenSuse

Download the .rpm file with the following command:

wget http://mirror.geht-schon.de/packman.links2linux.de/suse/12.3/Extra/x86_64/stunnel-4.36-1.1.x86_64.rpm

and install stunnel:

 zypper install stunnel-4.36-1.1.x86_64.rpm

Now you have to edit the stunnel configuration file

 vi /etc/stunnel/stunnel.conf

and make the following changes:

 
# client = yes | no
# client mode (remote service uses SSL)
# default: no (server mode)
client = yes

pid = /var/run/stunnel.pid

# debugging
#
debug = 5
output = stunnel.log

# Some performance tunings
#
# disable Nagle algorithm (a.k.a. tinygram prevention, see man 7 tcp)
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
#compression = rle

#cert = /etc/stunnel/stunnel.pem

[ssync]
accept = 873
connect = rsync1.euserv.de:273
  

Now you can start stunnel with the following command:

 stunnel /etc/stunnel/stunnel.conf

The use of rsync:

For an stunnel encrypred through the rsync-connection you can specify localhost as server:

for example

 rsync -avuz /dev/zero ftpbackup-1234@localhost::ftpbackup-1234

Exiting stunnel:

 killall stunnel

Windows

You can also set stunnel manually in Windows.

The necessary program can be downloaded at http://www.stunnel.org/.

Now you just have to edit the configuration file. You can find a link in the start menu .

Ensure that the option client=yes is not commented out.

   
client = yes
[ssync]
accept = 873
connect = rsync1.euserv.de:273
    

Now you can start stunnel from the start menu.

You can use Rsync under Windows e.g. with the free tool DeltaCopy.