SFTP Gateway Support

3.0

Automated Backup for SFTP Gateway

Overview

This article goes over how to automate backups for SFTP Gateway. You will use a bash script to obtain the backup file via the API. Then you can use cron to automate this process.

Download the Script

SSH into the VM and run this command to elevate your privileges:

sudo su

Then, paste in the following commands:

cd /usr/local/bin
ll

If the script, backup-script.sh, isn't already on your machine, then you can run this command to download it and make it executable:

wget http://www.sftpgateway.com/scripts/backup-script.sh
chmod +x backup-script.sh

For reference, a copy of this script is provided at the end of the article.

Usage

Run the script to generate a backup file.

backup-script.sh -u admin -p password

Note: Replace admin and password with the credentials of your web admin user.

This will generate a new backup artifact in the following location:

/opt/sftpgw/backups/sftpgw-09-16-2022-16-26-24.yml

Use a credential file

If you want to avoid having your password show up in your bash history, you can run the script with a credential file.

First, create a credentials file:

cd /usr/local/bin/
touch credentials.txt
nano credentials.txt

Paste the following properties into the file:

admin.username=admin
admin.password=your-password-goes-here

Make sure you replace the above values with your web admin credentials.

Note: You might want to create a separate web admin user to act as a service account. This way, you can reset web admin credentials without impacting the backup automation.

Run the script using the credentials file to create a backup.

backup-script.sh -f credentials.txt

Create a Cron Job

To automate backups, create a cron job:

crontab -e

Paste the following syntax and save your changes:

0 4 * * * /usr/local/bin/backup-script.sh -f /usr/local/bin/credentials.txt > /dev/null 2>&1

This will run the script once a day.

Backup script contents

Here are the contents of the backup-script.sh file:

#!/bin/bash

while [[ $# -gt 0 ]]; do
  key="$1"
  case $key in
    -u|--username)
      ADMIN_USERNAME="$2"
      shift
      shift
      ;;
    -p|--password)
      ADMIN_PASSWORD="$2"
      shift
      shift
      ;;
    -f|--file)
      CREDENTIAL_FILE="$2"
      shift
      shift
      ;;
    *)
      break
      ;;
  esac
done

function extractPropValueFromSourceFile {
    local prefix="${1}"
    local str=`grep "${prefix}" ${2} 2>/dev/null`
    echo "${str#$prefix}" | xargs
}

# if there is a credential file, then run the following:
if [[ -f $CREDENTIAL_FILE ]]; then
    ADMIN_USERNAME=$(extractPropValueFromSourceFile admin.username= $CREDENTIAL_FILE)
    ADMIN_PASSWORD=$(extractPropValueFromSourceFile admin.password= $CREDENTIAL_FILE)
fi

if  [[ "$ADMIN_USERNAME" == "" ]] || [[ "$ADMIN_PASSWORD" == "" ]] || [[ `whoami` != "root" ]]; then
    echo "Usage: sudo $0 -u admin -p password"
    exit 1
fi

APPLICATION_PROPERTIES=/opt/sftpgw/application.properties
CLIENT_ID=$(extractPropValueFromSourceFile "security.client-id=" ${APPLICATION_PROPERTIES})
CLIENT_SECRET=$(extractPropValueFromSourceFile "security.client-secret=" ${APPLICATION_PROPERTIES})

RESPONSE=$(curl --location --request POST 'http://127.0.0.1:8080/oauth/token' -u ${CLIENT_ID}:${CLIENT_SECRET} --form 'grant_type="password"' --form "username=\"${ADMIN_USERNAME}\"" --form "password=\"${ADMIN_PASSWORD}\"" --form 'scope="read"' --silent)

ACCESS_TOKEN=$(echo $RESPONSE | python3 -c "import sys, json; print(json.load(sys.stdin)['access_token'])")

NOW=$(date +%m-%d-%Y-%H-%M-%S)

BACKUP_DIRECTORY=/opt/sftpgw/backups
[[ ! -d $BACKUP_DIRECTORY ]] && mkdir -p "$BACKUP_DIRECTORY"

curl --location --request GET 'http://127.0.0.1:8080/3.0.0/backup' --header 'Content-Type: application/json' --header "Authorization: Bearer ${ACCESS_TOKEN}" --silent > /opt/sftpgw/backups/sftpgw-${NOW}.yml
PreviousNext