Boxbackup is a client/server system for doing backups over the network, especially over slow and unreliable links, e.g. DSL connections. You can read more at the BoxBackup Homepage
As of 2011/08/16 approx 18:30 EST5EDT, boxbackup was added to the packages repository.
Both, client and server are available as software package in the repos, but only the one for the server contains an init script and the option to use an UCI config (see
opkg install boxbackup
- Create certficates, keys, and put them in place.
bbstoreaccounts create <accountnum> soft-limit hardlimit e.g. bbstoreaccounts create A0B0CDEF 100G 150G
- Start the server:
- Check the syslogs:
- Connect clients.
Account numbers are arbitrary 32-bit integers, represented in hex (with no leading 0x).
If you're like me you want more control over your config and/or certificate requests and generation than is allowed by using the supplied scripts. The following details the openssl commands boxbackup's scripts use for generating certificates.
The boxbackup self-signed CA scripts create a CA and sign (and verify) certificates.
It does the equivalent of (with different filenames):
- Generate a key:
openssl genrsa -out ca-key.pem
- Generate a request:
openssl req -new -key ca-key.pem -sha1 -out ca-req.pem
- Self-sign request:
openssl x509 -req -in ca-req.pem -sha1 -extensions v3_ca -signkey ca-key.pem -out ca-cert.pem -days <numberofdays>
It does this for a 'server' CA and a 'client' CA. the serverCA signs server requests and the clientCA signs client requests. You do not have to use seperate CAs if you don't want to, even though they do.
openssl x509 -req -in server-req.pem -sha1 -extension usr_cert -CA ca-key.pem -CAkey ca-key.pem server-key.pem -out server-cert.pem -days <numberofdays>
openssl x509 -req -in client-req.pem -sha1 -CA ca-key.pem -CAkey ca-key.pem client-key.pem -out client-cert.pem -days <numberofdays>
Note that the difference between the server signing and the client signing ends up being insignificant because the default openssl configuration uses a defualt extension of usr_cert.
- A 2048-bit key is generated
openssl genrsa -out server-key.pem 2048
- A certificate request is generated with all fields blank, except CommonName (CN) is
hostname.domain.tld(only the hostname and fqdn of the server).
openssl req -new -key server-key.pem -sha1 -out server-req.pem
- A 2048-bit key is generated
openssl genrsa -out client-key.pem 2048
- A certificate request is generated with all fields blank, except CommonName (CN) is BACKUP-<accountnum> where <accountnum> is the 8-hexdigit account number, for example
openssl req -new -key client-key.pem -out client-req.pem
boxbackup package is found in menuconfig under
boxbackup defines a menu containing the actual packages which can be built and installed. Those packages are:
||utilities for use in creating a non-uci (external) config, including generating a server certificate request|
||tool for creating the CA's for clients and server, and for signing client and server certificates.|
||the client and related tools including non-uci config and certificate request generator (currently no uci configuration is possible)|
When generating your own certificates you can fill in all fields except CommonName (CN) as you wish. The CN is what boxbackup uses to verify the client is associated with the account, or the server is a server.
doc/howto/boxbackup.txt · Last modified: 2013/10/18 22:44 by friedzombie