Authentik-Backup: Difference between revisions
Initial |
formatting and standarized and categories Tag: 2017 source edit |
||
| Line 1: | Line 1: | ||
= Backing Up Authentik Server = | |||
This guide provides steps to back up an Authentik server, including PostgreSQL and Redis databases, and sync the backup to a Proxmox server for redundancy. | |||
== Overview == | |||
This process includes: | |||
* Backing up critical components of the Authentik server, such as databases and configuration files. | |||
* Compressing backups into a single tarball for easy transfer and storage. | |||
* Encrypting backups for additional security (optional). | |||
* Syncing backups from the Authentik server to the Proxmox server. | |||
== Prerequisites == | |||
* Access to the Authentik server and Proxmox server. | |||
* Authentik server's IP address or hostname and a user with appropriate SSH privileges. | |||
* Tools: `rsync`, `ssh`, and required Docker utilities installed on both servers. | |||
* Backup storage location on Proxmox server. | |||
* Remote storage (e.g., pCloud) for redundancy. | |||
== Backup Script == | |||
<pre> | |||
# Define variables | |||
BACKUP_DIR="/datadrive/Backups" | BACKUP_DIR="/datadrive/Backups" | ||
VZ_DIR="/var/lib/vz/dump" | VZ_DIR="/var/lib/vz/dump" | ||
| Line 10: | Line 25: | ||
VZ_REMOTE="pcloud:Backups/Server-Backups/VZDUMPS" | VZ_REMOTE="pcloud:Backups/Server-Backups/VZDUMPS" | ||
LOCAL_BACKUP_DIR="/datadrive/Backups" | LOCAL_BACKUP_DIR="/datadrive/Backups" | ||
# Authentik variables | |||
AUTHENTIK_REMOTE_USER="root" | AUTHENTIK_REMOTE_USER="root" | ||
AUTHENTIK_REMOTE_HOST="192.168. | AUTHENTIK_REMOTE_HOST="192.168.X.Y" # Replace with Authentik server's IP | ||
AUTHENTIK_REMOTE_BACKUP_DIR="/home/authentik/authentik/authentik_backups" | AUTHENTIK_REMOTE_BACKUP_DIR="/home/authentik/authentik/authentik_backups" | ||
TIMESTAMP=$(date +"%Y%m%d%H%M%S") | TIMESTAMP=$(date +"%Y%m%d%H%M%S") | ||
# Ensure remote backup directory exists | |||
ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST "mkdir -p $AUTHENTIK_REMOTE_BACKUP_DIR" | ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST "mkdir -p $AUTHENTIK_REMOTE_BACKUP_DIR" | ||
# Backup PostgreSQL Database | |||
ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST "docker exec -i authentik-postgresql-1 /usr/local/bin/pg_dump --username authentik authentik > $AUTHENTIK_REMOTE_BACKUP_DIR/postgres-back" | ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST \ | ||
"docker exec -i authentik-postgresql-1 /usr/local/bin/pg_dump --username authentik authentik > $AUTHENTIK_REMOTE_BACKUP_DIR/postgres-back-$TIMESTAMP.sql" | |||
# Save Redis Database | |||
ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST "docker exec -i authentik-redis-1 redis-cli save" | ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST "docker exec -i authentik-redis-1 redis-cli save" | ||
# Copy Redis Dump | |||
ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST "docker cp authentik-redis-1:/data/dump.rdb $AUTHENTIK_REMOTE_BACKUP_DIR/redis-backup-$TIMESTAMP.rdb" | ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST \ | ||
"docker cp authentik-redis-1:/data/dump.rdb $AUTHENTIK_REMOTE_BACKUP_DIR/redis-backup-$TIMESTAMP.rdb" | |||
# Create Tarball of Necessary Files | |||
ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST \ | |||
"tar czvf $AUTHENTIK_REMOTE_BACKUP_DIR/authentik-backup-$TIMESTAMP.tar.gz -C /home/authentik/authentik authentik docker-compose.yml certs" | |||
# Sync backups from Authentik server to Proxmox server | |||
rsync -avz --progress $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST:$AUTHENTIK_REMOTE_BACKUP_DIR/ $LOCAL_BACKUP_DIR/authentik_backups | |||
echo "Backup and sync completed successfully." | |||
</pre> | |||
= | == Optional Encryption == | ||
ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST " | To add encryption, use tools like `gpg` or `age`. For example: | ||
=== GPG === | |||
<pre> | |||
# Encrypt the tarball with GPG | |||
ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST \ | |||
"gpg --symmetric --cipher-algo AES2# $AUTHENTIK_REMOTE_BACKUP_DIR/authentik-backup-$TIMESTAMP.tar.gz" | |||
</pre> | |||
=== age === | |||
<pre> | |||
# Encrypt the tarball with age | |||
ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST \ | |||
"age -e -a -r default.recipient $AUTHENTIK_REMOTE_BACKUP_DIR/authentik-backup-$TIMESTAMP.tar.gz" | |||
</pre> | |||
# | == Considerations == | ||
# '''Security:''' Ensure SSH access to the Authentik server is secure (e.g., use key-based authentication). | |||
# '''Automation:''' Consider scheduling this script via `cron` or a similar tool for regular backups. | |||
# '''Testing:''' Regularly test your backup restoration process to ensure integrity and usability. | |||
== Categories == | |||
= | [[Category:Backup]] | ||
[[Category:Proxmox]] | |||
[[Category:Authentik]] | |||
[[Category:Server Administration]] | |||
[[Category:Cybersecurity]] | |||
Latest revision as of 22:16, 27 November 2024
Backing Up Authentik Server
This guide provides steps to back up an Authentik server, including PostgreSQL and Redis databases, and sync the backup to a Proxmox server for redundancy.
Overview
This process includes:
- Backing up critical components of the Authentik server, such as databases and configuration files.
- Compressing backups into a single tarball for easy transfer and storage.
- Encrypting backups for additional security (optional).
- Syncing backups from the Authentik server to the Proxmox server.
Prerequisites
- Access to the Authentik server and Proxmox server.
- Authentik server's IP address or hostname and a user with appropriate SSH privileges.
- Tools: `rsync`, `ssh`, and required Docker utilities installed on both servers.
- Backup storage location on Proxmox server.
- Remote storage (e.g., pCloud) for redundancy.
Backup Script
# Define variables BACKUP_DIR="/datadrive/Backups" VZ_DIR="/var/lib/vz/dump" BACKUP_REMOTE="pcloud:Backups/Server-Backups" VZ_REMOTE="pcloud:Backups/Server-Backups/VZDUMPS" LOCAL_BACKUP_DIR="/datadrive/Backups" # Authentik variables AUTHENTIK_REMOTE_USER="root" AUTHENTIK_REMOTE_HOST="192.168.X.Y" # Replace with Authentik server's IP AUTHENTIK_REMOTE_BACKUP_DIR="/home/authentik/authentik/authentik_backups" TIMESTAMP=$(date +"%Y%m%d%H%M%S") # Ensure remote backup directory exists ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST "mkdir -p $AUTHENTIK_REMOTE_BACKUP_DIR" # Backup PostgreSQL Database ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST \ "docker exec -i authentik-postgresql-1 /usr/local/bin/pg_dump --username authentik authentik > $AUTHENTIK_REMOTE_BACKUP_DIR/postgres-back-$TIMESTAMP.sql" # Save Redis Database ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST "docker exec -i authentik-redis-1 redis-cli save" # Copy Redis Dump ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST \ "docker cp authentik-redis-1:/data/dump.rdb $AUTHENTIK_REMOTE_BACKUP_DIR/redis-backup-$TIMESTAMP.rdb" # Create Tarball of Necessary Files ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST \ "tar czvf $AUTHENTIK_REMOTE_BACKUP_DIR/authentik-backup-$TIMESTAMP.tar.gz -C /home/authentik/authentik authentik docker-compose.yml certs" # Sync backups from Authentik server to Proxmox server rsync -avz --progress $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST:$AUTHENTIK_REMOTE_BACKUP_DIR/ $LOCAL_BACKUP_DIR/authentik_backups echo "Backup and sync completed successfully."
Optional Encryption
To add encryption, use tools like `gpg` or `age`. For example:
GPG
# Encrypt the tarball with GPG ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST \ "gpg --symmetric --cipher-algo AES2# $AUTHENTIK_REMOTE_BACKUP_DIR/authentik-backup-$TIMESTAMP.tar.gz"
age
# Encrypt the tarball with age ssh $AUTHENTIK_REMOTE_USER@$AUTHENTIK_REMOTE_HOST \ "age -e -a -r default.recipient $AUTHENTIK_REMOTE_BACKUP_DIR/authentik-backup-$TIMESTAMP.tar.gz"
Considerations
- Security: Ensure SSH access to the Authentik server is secure (e.g., use key-based authentication).
- Automation: Consider scheduling this script via `cron` or a similar tool for regular backups.
- Testing: Regularly test your backup restoration process to ensure integrity and usability.