Encrypted VPS backup with dropbox and GnuPG

Today it is unclear how long a vps provider stays in business. Therefore I have been looking for a backup solution of my vps server in the cloud.

• Reliable backup transfer (daily)
• Mutiple backup revisions
• No unencrypted files on the backup storage
• No private keys or passwords on the source system
• Only one unencrypted copy at any time (running mailserver itself)

Dropbox seems to be perfect for this usecase. Dropbox syncs all changes in the background without X11. Dropbox offers mutiple revisions per file.

GnuPG is the encryption solution. It is possible to save the private key in a secure local location. For encryption purpose only the public key is needed.

My mailserver is using CommuniGate Pro but this method can be used for every other service as well. Backup of a mailserver is quite easy cause a small downtime doesn’t do any harm. Incomming mails will be delayed during the backup process.

#!/bin/sh
DATE=`date +%Y-%m-%d`
SOURCE=/var/CommuniGate
DEST=/home/phil/Dropbox/Share11
#FILE=$DEST/backup-$DATE.tar.bz2.gpg
FILE=$DEST/cgate.tar.bz2.gpg
KEY=ABC12345

PRECMD="/etc/init.d/communigate stop"
POSTCMD="/etc/init.d/communigate start"

$PRECMD
sleep 1
echo "Starting backup operation"
tar -cjvf - $SOURCE | gpg --encrypt -r $KEY > $FILE
echo "Finished backup operation"
date
du -s -h $FILE
sleep 1
$POSTCMD
find $DEST -type f -name "cgate-*" -mtime +1 -exec rm {} \;

This is the result output

Shutting down the CommuniGate Pro Server
Starting backup operation
Finished backup operation
Tue Aug  7 07:39:36 UTC 2012
279M    /home/phil/Dropbox/Share11/cgate.tar.bz2.gpg
Starting CommuniGate Pro
This script can be placed inside the crontab in order to run it daily.