User Tools

Site Tools


control-panels:cpanel-whm:backup-configuration

Backups

It is strongly recommended to have automatic backups configured for your server. Although we do keep Snapshots of the VPSs, the most reliable way of restoring lost site data is from the backups configurable within WHM.1) In Dedicated Servers, these are enabled by default, but we cannot automatically configure Additional Destinations since you need to provide some of the information for them. This article discusses how to configure automatic backups in WHM, how to order and set up an External Storage Addon,2) and some general recommendations about how to choose backup settings.

Configuring Backups

In order to configure automatic backups in a cPanel server, first, log into WHM. The url should look like https://<ipaddress>:2087 or https://<hostname>:2087, where <ipaddress> is replaced by the IP address of your server, and <hostname> is the hostname of your server. The first of these will give a warning about the certificate which can be safely ignored:

The hostname version of the login url will only work if the server's hostname resolves correctly to the server, but will usually not give a warning about the certificate:

Once logged in, go to Home »Backup »Backup Configuration:

On this page, various backup settings can be chosen. More detail about these options will be covered later in this article.

Ordering Your External Storage Package

For Dedicated Servers, we are now offering external storage packages to provide an additional level of backups for your server!

To order one of these Addons, first log into your My Knownhost billing portal. From your dashboard, click the "Manage" button next to your Dedicated Server:

From here, go to Addons:

and click "Add Addon":

Then in the dropdown box, choose the desired addon. Currently, you can choose sizes of 100GB, 250GB, 500GB, 750GB, or 1000GB, for renewal periods of 1 month, 3 months, 6 months, or 1 year. Prices range from $10 for 1 month of 100 GB to $1020 for 1 year of 1000 GB.3)

Once you have selected the desired backup space size and renewal term, click "Create":

Then, review and confirm the invoice:

Once you have finished purchasing the Addon, you can then configure backups to be stored there.

Configuring Your New External Storage

To use it, you need to first get the needed information from your My Knownhost customer portal. Once you are logged in and at your Dashboard, click on the row for the Dedicated Server to expand its details, then click "Manage" next to the backup space addon:

Then, in the "Statistics" section, you can see the current Disk Usage and Bandwidth Usage of your new backup space addon. You can also see the Domain, which you will need later, and the IP Address, which may occasionally be useful for troubleshooting purposes:

If you ever need to reset the password of the backup space, you can do so in the Actions section:4)

For actually configuring the backups, you will need some of the information from the Welcome Email from when you ordered the backup space package:

You will need to make note of the five things in the section "Login Details". This includes the "Username", "Password", "SFTP/SSH Port", "Server Name", and "Backup Path".

First, make sure the backup space is whitelisted in your server's firewall. If your server uses ConfigServer Security&Firewall,5) start by going to that page in WHM, going to the "Login Failure Daemon" section, and clicking the "lfd Dynamic DNS" button:

This opens an editing box for the domain-based whitelist. As described in the comments of this file, this file is a list of domains for the firewall to let through. So, we add the domain (i.e., "Server Name") to this list, and then click the "Change" button:

Once the changes are saved, be sure to restart lfd so that the changes take effect:

Now that the domain is configured to be whitelisted, we need to make sure that the lookups themselves are enabled. Go back to the main "ConfigServer Security&Firewall" page, go to the "ConfigServer Firewall" section, and click the "Firewall Configuration" button:

In the dropdown box, choose the "Global Lists/DYNDNS/Blocklists" section:

Scroll down to the setting labeled "DYNDNS", and choose a number greater than zero.6) This setting tells the firewall how often (in seconds) to look up the IP addresses of the whitelisted domains, so that if their IP addresses change, the firewall will update its rules accordingly. Domains whose IP addresses have changed will be unable to access the server in between the time their IPs change and when the firewall does its next lookup. For this reason, setting the interval too long can result in a higher likelihood of those locations being unable to access the server at times, but setting the interval too short can raise server load due to the lookup processes, especially if there are a lot of domains to look up. For most servers, but not all of them, an interval of ten minutes (600 seconds) should work fine.7)

Scroll down to the bottom and click "Change":

And, as before, restart csf and lfd, so that the saved changes will take effect:

Now that the backup space is whitelisted in the server's firewall, the automatic backups can be set to use this as a remote Additional Destination. To do so, you will need to go back to the "Backup Configuration" page of WHM as shown above. Scroll all the way down to the section "Additional Destinations" and in the "Destination Type" dropdown box choose SFTP. Then click "Create New Destination".

Then, fill in the requested details, and click "Save and Validate Destination":

If it worked, you will see this success message:

Once backups have run, you can see the usage recorded in the Statistics page:

Recommendations

Although the "ideal" backup configuration for a particular server will depend on the specific context and situation of that server, there are some general guidelines that can be useful when choosing appropriate settings for your server.

Once WHM8) automatic backups are enabled in the server, it is strongly recommended not to use site plugins to generate site backups, and it is likely not needed to enable Softaculous backups.

It is particularly strongly recommended not to use site plugins or similar to generate backups. Very frequently this type of site plugin runs at an unnecessarily high i/o priority, which in many cases can use up all the disk time and prevent other processes (such as mysql or apache) from having quick access to the disk. For this reason, this type of plugin is extremely likely to slow down all of the sites on your server, and they are not recommended.

If you do decide to leave other types of backups enabled, it is recommended to at least exclude them from the cPanel/WHM backups. You can learn more about how to do this here.

Because sometimes the days chosen for weekly and monthly backups coincide, it is recommended to retain at least two of at least one of the three frequencies.9) For example, if you only retain one each of daily, weekly, and monthly backups, then whenever the chosen day of the week for the weekly backups happens on the first or fifteenth of the month, you will only be retaining one backup that time, resulting in a single point of failure. If that one backup was within the last day, and you do not notice a problem for two days, you will not have any backups from before when the problem happened.

It is very important to make sure you have enough disk space for the backups you are making and retaining. In general, you want to allow 2 * (largest account size) + 1GB of disk space for the backup generation process, in addition to the space needed to store the backups themselves. Even if you are not retaining the backups locally, you will need enough space to store the newly-generated backups before they are transferred to any remote destinations. Each backup file in a set that is not being retained locally, or that is old enough that the retention will no longer keep it, will not be deleted until the corresponding new backup file has finished being generated and, if any Additional Destinations are configured, transferred to at least one of the Additional Destinations. Since the backups might transfer slower than they are generated, it is strongly recommended to keep enough disk space free for at least one full set of backups, in addition to the space needed to generate them.

On a VPS it is of particular importance to make sure the backups have enough disk space to complete, since they are stored on the same partition as the system files. If this partition becomes completely full, important system processes will quit working.

Due to the importance of keeping backups, if you do not have enough disk space to store or generate backups, it is strongly recommended to add additional space to the server or backup location, rather than to disable backups.

To illustrate some of the general guidelines, here is an example, including some useful arithmetic.

Overall, when choosing a backup configuration, it is important to consider all of the following factors:

  • How much disk space you have available in the server
  • How much disk space each account takes up
  • Whether/how many external locations you have available to you in order to store copies of backups outside of the server
  • How long ago you want to be able to revert accounts to

In our example, we are working with a server with 50 GB total, with 18 GB remaining available:

[email protected] [~/support]# df -h /
Filesystem      Size  Used Avail Use% Mounted on
/dev/simfs       50G   33G   18G  65% /

The largest account in this server is 4754 MB, or a little over 4.5 GB:

[email protected] [~/support]# repquota -as | awk 'NR==FNR{acct[$2]}$1 in acct{print $3 "\t" $1}' /etc/trueuserdomains - | sort -h | tail -1
4754M	someuser

We've already been storing some backups, and in total they are currently taking up about 11 GB of space:

[email protected] [~/support]# du -h /backup* | tail -1
11G	/backup

We can count that we are currently storing two backup sets:

[email protected] [~/support]# find /backup* -name accounts
/backup/monthly/2017-06-15/accounts
/backup/monthly/2017-06-01/accounts

So each backup set is taking about 5.5 GB, and our largest account is about 5 GB. So we will want to make sure there is always room to store a backup set of about 5.5GB, and about (2*5GB)+1GB=11GB for the generation process of the largest account's backup. So we want to make sure there is 16.5 GB (almost 17000 MB) of space available before beginning the backup process, which is about 34% of the disk space.

Since without the current backups we would have 18+11=29GB of space free, and we need to make sure 16.5GB remain free, we can use 29-16.5=12.5GB for storing backups, which is enough for about 11GB/5.5GB=2 sets of backups. But as the accounts grow larger, we will need to either keep fewer backups, stop retaining them within the server, and/or add more disk space to the server.

If we choose not to retain the backups locally, we still need to make sure 16.5 GB of space remains available for the backup process itself, then if we have a 100GB Backup Space Addon we can save up to 99GB/5.5GB=18 backup sets in the Backup Space Addon. To have a variety of backup ages, we might choose to have six of each type (daily, weekly, monthly). However, as the accounts grow larger we will need to either retain fewer backup sets or use a larger Backup Space Addon. We will want to make sure we will have space to retain at least two of at least one of the three types of backups.

With this in mind, we choose the following backup settings:

We set automatic backups in general to "Enabled", choose "Compressed" backups (to save space), and enable "Minimum Free Disk Space Check" and set it to 17000 MB:

The default timeouts are usually okay, but can be adjusted later if needed. Since we decided to keep six of each type of backup, we choose that number. In this case, we choose to Strictly Enforce retention, to make sure the backups do not take more space than expected:10)

We want to backup the accounts,11) and we will want to go to the Select Users page to double-check all desired users have backups enabled. In our case, we want to disable backups for Suspended Accounts,12) enable backups of Access Logs,13) and enable backups of Bandwidth Data.14) Since this server is not part of a DNS Cluster, the "Use Local DNS" setting should not make any difference, and in this case we do want to enable backups of the System Files:

Although backups are usually already enabled for newly-created users, accounts that are migrated into the server will start out with the same setting15) as they had in the old server. It is useful to double-check that all accounts you want backups of have backups enabled. This page does not have a "Save" button; the enabled/disabled settings of each account are saved as soon as the slider is clicked.

For the databases, it is useful to enable backups both per account and for the entire directory, for that little bit of extra redundancy. In most cases the default backup directory /backup works fine. In our example, we are not retaining backups in the default backup directory, so that we are not limited to the amount of disk space in this server for storing backups. Since our default backup directory is not on a separate partition we do not need to mount it.

Once we have finished choosing the backup settings, we click "Save Configuration":

After this, another success message should appear:

Now, next time backups are configured to run, they should get uploaded to the Additional Destination, in this case the External Backup Space Addon. If we want to generate a backup set right now, regardless of whether it is time for backups or whether there is already an up to date backup, we can use this command:

[email protected] [~/support]# /usr/local/cpanel/bin/backup --force

Notes

  • These settings are written for a cPanel server. For Plesk or DirectAdmin, similar equivalent settings are recommended where possible.
  • Retain at least two backups of at least one of the three types (daily/weekly/monthly)
  • It is strongly recommended to have at least one "Additional Destination" configured pointing to a remote destination.
  • It is recommended to only use Additional Destinations that can use secure, encrypted connections, like the External Backup Space now available for Dedicated Servers.16)
  • If there is not enough disk space within the server to store the backups, then once you have confirmed that the remote Additional Destination is working, you can deselect (disable) the option "Retain backups in the default backup directory".17)
  • There needs to be enough disk space in the server to generate the backups, even if they are not being stored in the server. For this purpose, you should ensure you have at least twice the size of the largest account free, plus an extra gigabyte. If you do not have this much disk space in your server, it is strongly recommended to add more disk space to your server, so that you have adequate room to generate backups.
  • For convenience, it is recommended if possible to store the backups in the server as well as at the remote destination, if you have the disk space available to do so. For this, it is necessary to have at least twice the amount of free space as is used by one set of backups, since old backups are not deleted until the new backups have finished being generated.

The backup settings can be changed later if needed.

1) , 8)
or DirectAdmin or Plesk
2)
currently for Dedicated Servers only
3)
Or average rates ranging from 8.5 cents/month/GB to 10 cents/month/GB.
4)
Since the initial password is sent via email, it is strongly recommended to choose a new password as soon as possible. Remember to record the new password in a safe and secure place so that you and only you will have access to it. You can learn more about choosing secure passwords here.
5)
this is installed by default on new servers
6)
but no larger than 86400
7)
If there are a lot of domains being whitelisted, the interval should be set longer, whereas if there is a specific need to detect changes particularly quickly, the interval should be set shorter.
9)
ie, retain at least two daily backups, or at least two weekly backups, or at least two monthly backups
10)
You can read more about Retention Behavior here.
11)
that is, after all, the main reason for setting any of this up in the first place
12)
since they are unlikely to have many changes
13)
in case that data is later useful
14)
in case that data is later needed
15)
i.e., enabled or disabled
16)
or other options such as Amazon S3, SFTP, or WebDAV with SSL Enabled
17)
in section "Configure Backup Directory"
control-panels/cpanel-whm/backup-configuration.txt · Last modified: 2017/11/09 20:22 by Daniel P.