antipode.info/docker-backuppc
3
0
Fork 0
mirror of https://github.com/adferrand/docker-backuppc.git synced 2023-11-05 04:40:26 +01:00
Code Issues Releases Wiki Activity

Merge branch 'master' into 4

Browse Source
This commit is contained in:
Adrien Ferrand 2017-06-08 21:11:59 +02:00
commit 65393472d6
3 changed files with 55 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@ -1,5 +1,5 @@
# adferrand/backuppc # adferrand/backuppc
![](https://img.shields.io/badge/tags-4%20latest-lightgrey.svg) [![](https://images.microbadger.com/badges/version/adferrand/backuppc:4.1.3-1.svg) ![](https://images.microbadger.com/badges/image/adferrand/backuppc:4.1.3-1.svg)](https://microbadger.com/images/adferrand/backuppc:4.1.3-1) ![](https://img.shields.io/badge/tags-4%20latest-lightgrey.svg) [![](https://images.microbadger.com/badges/version/adferrand/backuppc:4.1.3-2.svg) ![](https://images.microbadger.com/badges/image/adferrand/backuppc:4.1.3-2.svg)](https://microbadger.com/images/adferrand/backuppc:4.1.3-2)
![](https://img.shields.io/badge/tags-3-lightgrey.svg) [![](https://images.microbadger.com/badges/version/adferrand/backuppc:3.3.2.svg) ![](https://images.microbadger.com/badges/image/adferrand/backuppc:3.3.2.svg)](https://microbadger.com/images/adferrand/backuppc:3.3.2) ![](https://img.shields.io/badge/tags-3-lightgrey.svg) [![](https://images.microbadger.com/badges/version/adferrand/backuppc:3.3.2.svg) ![](https://images.microbadger.com/badges/image/adferrand/backuppc:3.3.2.svg)](https://microbadger.com/images/adferrand/backuppc:3.3.2)
* [Introduction](#introduction) * [Introduction](#introduction)
@ -7,6 +7,8 @@
* [Basic usage](#basic-usage) * [Basic usage](#basic-usage)
* [Data persistency](#data-persistency) * [Data persistency](#data-persistency)
* [POSIX rights](#posix-rights) * [POSIX rights](#posix-rights)
* [UI authentication/authorization](#ui-authenticationauthorization)
* [Advanced UI authentication/authorization](#advanced-ui-authenticationauthorization)
* [UI SSL encryption](#ui-ssl-encryption) * [UI SSL encryption](#ui-ssl-encryption)
* [Self-signed certificate](#self-signed-certificate) * [Self-signed certificate](#self-signed-certificate)
* [Advanced SSL use](#advanced-ssl-use) * [Advanced SSL use](#advanced-ssl-use)
@ -94,6 +96,43 @@ docker run \
adferrand/backuppc adferrand/backuppc
``` ```
## UI authentication/authorization
By default, a single user with admin rights is created during the first start of the container. Its username is *backuppc* and its password is *password*. The credentials are stored in the file `/etc/backuppc/htpasswd` to allow the embedded lighttpd server to handle Basic Authentication, and the Backuppc config variable `$Conf{CgiAdminUsers}` is setted to this username to instruct BackupPC to give it admin rights.
You can modify the admin user credentials by setting the environment variables `BACKUPPC_WEB_USER (default backuppc)` and `BACKUPPC_WEB_PASSWD (default password)` when creating the container.
The admin user credentials can be modified on an existing container by modifying the relevant environment variables, then re-creating the container. However please note that if you modify the username, you will need to manually remove the old username from the file `/etc/backuppc/htpasswd` in the container after its re-creation.
### Advanced UI authentication/authorization
One may need more advanced authentication/authorization on Backuppc Web UI, for instance several *normal* users allowing operations on backups, and an *admin* user to parameterize BackupPC.
In theses cases, authentication and admin granting must be configured manually.
* Authentication is configured by providing credentials in the file `/etc/backuppc/htpasswd` of the container. You should use Apache `htpasswd` utility to fill it.
* All authenticated users are considered as *normal* users if not telling otherwise. Add a username in the `$Conf{CgiAdminUsers}` variable of `/etc/backuppc/config.pl` file to grant this user admin rights.
* Then default admin user creation is not needed : unset environment variables `BACKUPPC_WEB_USER` and `BACKUPPC_WEB_PASSWD` to avoid adding an additional user in the `htpasswd` file, and reconfigure admin rights in `config.pl`.
For instance, with two *normal* users `user1` and `user2` + one *admin* user `admin`, you can do the following steps on the host. It is assumed that `/etc/backuppc` is mounted on `/var/docker-data/backuppc/etc` on the host and Apache `htpasswd` utility is installed on it.
```bash
htpasswd -b -c /var/docker-data/backuppc/etc/htpasswd admin admin_password
htpasswd -b /var/docker-data/backuppc/etc/htpasswd user1 user1_password
htpasswd -b /var/docker-data/backuppc/etc/htpasswd user2 user2_password
sed -ie "s/^\$Conf{CgiAdminUsers}\s*=\s*'\w*'/\$Conf{CgiAdminUsers} = 'admin'/g" \
/var/docker-data/backuppc/etc/config.pl
docker run \
--name backuppc \
--publish 80:8080 \
--volume /var/docker-data/backuppc/etc:/etc/backuppc \
--volume /var/docker-data/backuppc/home:/home/backuppc \
--volume /var/docker-data/backuppc/data:/data/backuppc \
adferrand/backuppc
```
Please note that Basic Authentication is still done unencrypted on HTTP port. See [UI SSL encryption](#ui-ssl-encryption) to secure the authentication.
## UI SSL encryption ## UI SSL encryption
By default, BackupPC Admin Web UI is exposed on the non secured HTTP protocol. Two advised ways to secure this are proposed. By default, BackupPC Admin Web UI is exposed on the non secured HTTP protocol. Two advised ways to secure this are proposed.

2
VERSION
View File

@ -1 +1 @@
4.1.3-1 4.1.3-2

20
files/entrypoint.sh
View File

@ -20,6 +20,17 @@ if [ -f /firstrun ]; then
tar xf BackupPC-$BACKUPPC_VERSION.tar.gz tar xf BackupPC-$BACKUPPC_VERSION.tar.gz
cd /root/BackupPC-$BACKUPPC_VERSION cd /root/BackupPC-$BACKUPPC_VERSION
# Configure WEB UI access
configure_admin=""
if [ ! -f /etc/backuppc/htpasswd ]; then
htpasswd -b -c /etc/backuppc/htpasswd "${BACKUPPC_WEB_USER:-backuppc}" "${BACKUPPC_WEB_PASSWD:-password}"
configure_admin="--config-override CgiAdminUsers='${BACKUPPC_WEB_USER:-backuppc}'"
elif [ -n "$BACKUPPC_WEB_USER" -a -n "$BACKUPPC_WEB_PASSWD" ]; then
touch /etc/backuppc/htpasswd
htpasswd -b /etc/backuppc/htpasswd "${BACKUPPC_WEB_USER}" "${BACKUPPC_WEB_PASSWD}"
configure_admin="--config-override CgiAdminUsers='$BACKUPPC_WEB_USER'"
fi
# Install BackupPC (existing configuration will be reused and upgraded) # Install BackupPC (existing configuration will be reused and upgraded)
perl configure.pl \ perl configure.pl \
--batch \ --batch \
@ -30,10 +41,7 @@ if [ -f /firstrun ]; then
--html-dir /var/www/html/BackupPC \ --html-dir /var/www/html/BackupPC \
--html-dir-url /BackupPC \ --html-dir-url /BackupPC \
--install-dir /usr/local/BackupPC \ --install-dir /usr/local/BackupPC \
--config-override CgiAdminUsers="'${BACKUPPC_WEB_USER:-backuppc}'" $configure_admin
# Configure WEB UI access
htpasswd -b -c /etc/backuppc/htpasswd ${BACKUPPC_WEB_USER:-backuppc} ${BACKUPPC_WEB_PASSWD:-password}
# Prepare lighttpd # Prepare lighttpd
if [ "$USE_SSL" = true ]; then if [ "$USE_SSL" = true ]; then
@ -59,8 +67,8 @@ if [ -f /firstrun ]; then
echo "host ${SMTP_HOST:-mail.example.org}" >> /etc/msmtprc echo "host ${SMTP_HOST:-mail.example.org}" >> /etc/msmtprc
echo "auto_from on" >> /etc/msmtprc echo "auto_from on" >> /etc/msmtprc
if [ "${SMTP_MAIL_DOMAIN:-}" != "" ]; then if [ "${SMTP_MAIL_DOMAIN:-}" != "" ]; then
echo "maildomain ${SMTP_MAIL_DOMAIN}" >> /etc/msmtprc echo "maildomain ${SMTP_MAIL_DOMAIN}" >> /etc/msmtprc
fi fi
# Clean # Clean
rm -rf /root/BackupPC-$BACKUPPC_VERSION.tar.gz /root/BackupPC-$BACKUPPC_VERSION /firstrun rm -rf /root/BackupPC-$BACKUPPC_VERSION.tar.gz /root/BackupPC-$BACKUPPC_VERSION /firstrun