Hello,

i'm writing and implementing backup policy in my company and i need some advice..

I have web server (linux+apache+php+mysql) which i need to backup on a regular basis.

the following is my thoughts about this process:

write a script which will run on the web server and make a dump of mysql databases and a tar with web content. after archiving this script will rsync resulting archives to another server (let's call it backup server).

I want to run this script remotely from backup server thru ssh:

backup-server$ ssh backup@web-server /backup/do-backup.sh

user "backup" authenticating on web-server with a key (not a password).. how do I make this process more secure? is there some things that i should consider?
another thing: i don't want backup process to disturb my web-server, how can I run backup script with lower process priority?
and the last goal which I want to accomplish: traffic minimization. I know that rsync can transfer only changed parts of file (i've tested it on text files) does it belongs to bz2 archives too? is there any special parameters which i must to use?

thanks

If you want to make it more secure, you can limit by hostname or IP for ssh keys, so it won't ask for a password but it's only going to allow that host to login with correct ssh keys.

If you want to take advantage of rsync's capabilities of only grabbing new edited or updates files, I would suggest not tar or gzipping them up and just run rsync from the backup machine to grab files you want backed up.

Perhaps a scenerio like this would work for an incremental and full backup plan:

1. rsync pulls files from webserver on say Sunday, this would be the first and full backup of the files you want.
2. Monday thru Saturday, you do the same thing but rsync should only pull updated files. But on Saturday after the files are pulled down, archive them and or gzip them up then, place on another location and keep for another period of retention of your choosing, perhaps keep a few weeks of gzipped files.
3. Sunday comes around and it does another full backup and the process starts all over.

rsync has a compression option I believe, so you can compress when transferring. The only downside to this quick setup in my head would be you could only go back to the previous day if you lost a file, couldn't go back several days if someone made a bad configuration or change to a file. But you could get creative and this should give you some type of idea.

i have
in my sshd.conf, so users without keys will be dropped (and they really are).
And also I have firewall on my web-server which accepts connections to 22 port only from my office IP.
Is there any method to link user's key to some IP address? i.e. allow login using this key only from given IP address?

so, rsync cannot take only updated parts of gzpped file?
i'm currently using the followint scheme:
1. backup content rsync'ed daily to backup server in some folder. "latest" for examle
2. after rsync, "latest" is tarred and gzipped to a file with name like backup-yyyymmdd.tar.gz which is stored in some other folder like "archives"
3. and the last step should be cleanup: delete archives which are too old (two weeks ago in my case).

in my example i can restore any file at any given date inside those two weeks. and i don't need to waste bandwidth for full backup once in a week.
what do you think about my scenario?

Id recommend a developed linux/mysql backup agent.

try http://www.disksave.com They have both and email you daily on success or failuer and reason.

nice package