FreeNAS to backup (VPS) webserver?

[oguruma]

I have a VPS with a webserver. I am looking at a good way to back this up so I can economically get daily/weekly/monthly backups. I use RSYNC to a separate VPS to replicate it.

Is it feasible, from a security standpoint, to use my main FreeNAS (behind the firewall, on the LAN) box for this? I should I build a second box and stick it in a DMZ?

 

[Chris Moore]

As long as you are configuring the FreeNAS system to reach out to the web server to pull the backups I would think it should be reasonably safe.
You will want to setup crypto keys for login instead of using passwords and you will want to change those from time to time.
I am not sure how well the FreeNAS GUI will support something like that.

The risk of having the web server do a put is that you would need to open a path through the firewall and that creates a vulnerability on your network.
If you configure the web server to only accept the recognized crypto key, it should be almost impossible for anyone that isn't you to get into it.

 

[danb35]

I am not sure how well the FreeNAS GUI will support something like that.

rsync runs over ssh, so you should be able to set it up as an rsync task through the GUI. Or, of course, just about anything can be scripted, and the script run as a cron job.

The risk of having the web server do a put is that you would need to open a path through the firewall and that creates a vulnerability on your network.

VPN through the firewall should be pretty secure. As would ssh that direction.

 

[oguruma]

Thanks for the input. So the major vulnerability is just the open port? Do I have that correct? Which puts the onus more on the router (PFSense in this case).

If I understand you guys correctly, hardened SSH would be very secure?

Also, how do professional web developer types do their offsite backups?

 

[iamanh]

i'm using CenOS 7 :D can i use FreeNas for backup webserver it