System Backup and Restore
System Backup and System Restore are configured and ran in the CLI as root. There is a Backup script located at /opt/hermes/scripts/system_backup.sh and a Restore script located at /opt/hermes/scripts/system_restore.sh. These scripts should not be moved/copied to other locations. System Backups should be scheduled via Cron or other mechanism to point to /opt/hermes/scripts/system_backup.sh.
Before scheduling system_backup.sh, it's highly recommended that you run it manually to ensure proper operation before scheduling it. The backups can be stored to any mount that you have previously configured in your system such as local, SMB, NFS etc...
System Backup
The /opt/hermes/scripts/system_backup.sh script accepts several flags with corresponding values enclosed in single quotes in order to configure its behavior.
- The -D flag sets the number of days of backups to retain. For example, -D '7' would configure it to delete any backups older than 7 days.
- The -P flag sets the path to store the backups WITHOUT the trailing slash. For example -P '/mnt/backups' configures the backup to store all backups in the /mnt/backups path. Please note that backup logs are also automatically stored in that path.
- The -E flag sets the recipient to send backup success/failure notifications. For example, -E 'to@domain.tld' configures the backup to send notifications to to@domain.tld.
- The -F flag sets the sender where the backup success/failure notifications would come from. For example, -F ' 'from@domain.tld' configures the backup to send notications from from@domain.tld.
- The -B flag sets the backup mode. The backup mode can be either system (backs up all Hermes related files and databases EXCLUDING the e-mail archive), archive (backs up ONLY the e-mail archive) or all (backups all Hermes related files including the databases as well as the e-mail archive). For example, -B 'system' sets the backup mode to back up all Hermes related files and databases.
- The -R flag sets the MySQL root password that the backup will need in order to back up all the Hermes databases. For example, - R 'supersercretpass' sets the MySQL root password to supersercretpass.
Putting it all together, if you wanted to run an all backup, you can run a command similar to below:
/opt/hermes/scripts/system_backup.sh -D '7' -P '/mnt/backups' -E 'to@domain.tld' -F 'from@domain.tld' -B 'all' -R 'supersercretpass'
Please note that depending on what Backup Mode you use, the system will store an appropriately named backup file in the backup location. For example, hermes-system-220410-08-16-2024-0920.tar.gz backup file is system backup as noted by the word system in its name. In case of an all Backup Mode, the system will generate two backup files, one backup file will contain the system backup and the other backup file will contain the e-mail archive backup. In addition to the type of backup, the backup file also includes the build number (in this case 220410) as well as the date/time the backup was created. The build number becomes very important when you attempt to perform a System Restore.
System Restore
System Restore WILL NOT install any programs, therefore, it requires that you have an already existing and fully updated Ubuntu 20.04 LTS Server plain "vanilla" machine with a /mnt/data directory for database and email archive storage. Then, you install the same build of Hermes SEG as the build number of the backup file you are attempting to restore.
System Preparation
Please note that Hermes SEG will NOT run in a LXC Environment
Required Information
Ensure you have that information available before you begin:
- MySQL(MariaDB) root user password you wish to use
- MySQL(MariaDB) username you wish to use with the hermes database (Example: hermes)
- MySQL(MariaDB) password you wish to use with the hermes database user
- MySQL(MariaDB) username you wish to use with the Syslog database (Example: rsyslog)
- MySQL(MariaDB) password you wish to use with the Syslog database user
- MySQL(MariaDB) username you wish to use with the cipermail database (Example: ciphermail)
- MySQL(MariaDB) password you wish to use with the ciphermail database user
- MySQL(MariaDB) username you wish to use with the opendmarc database (Example: opendmarc)
- MySQL(MariaDB) password you wish to use with the opendmarc database user
- Lucee Server and Web Administrator password you wish to use
- System Mailname (Example: smtp.domain.tld)
The Configure /mnt/data partition directions below assume you have a 250GB secondary drive which you will partition, format and mount as /mnt/data.
Technically a secondary drive for the /mnt/data directory is not a requirement but it's highly recommended for performance reasons. If you don't wish to use a secondary drive for the /mnt/data directory, simply create a /mnt/data directory in your system.
Configure /mnt/data partition
sudo mkdir /mnt/data
sudo fdisk -l
Look for 250 GB drive you created earlier device ID, usually /dev/sdb. Ensure you select correct device ID before running the commands below)
Create partition:
sudo fdisk /dev/sdb
- Hit "n" to add new partition
- Hit "p" for primary partition
- Hit "Enter" for partition 1
- Hit "Enter" for default first sector
- Hit "Enter" for default last sector
- Hit "w" to write changes to disk and exit
Format Partition:
sudo mkfs.ext4 /dev/sdb1
Mount Partition to /mnt/data:
sudo mount /dev/sdb1 /mnt/data
Get disk UUID:
ls -l /dev/disk/by-uuid
Edit /etc/fstab:
sudo vi /etc/fstab
Add the following in /etc/fstab where DEVICE_ID is the UUID from the command above:
UUID=DEVICE_ID /mnt/data ext4 errors=remount-ro 0 1
Verify drive is mounted:
sudo df -h
Should yield output similar to below:
Filesystem Size Used Avail Use% Mounted on
udev 1.9G 0 1.9G 0% /dev
tmpfs 395M 1.1M 394M 1% /run
/dev/sda2 79G 5.5G 69G 8% /
tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
/dev/loop0 87M 87M 0 100% /snap/core/4917
/dev/loop1 90M 90M 0 100% /snap/core/8039
tmpfs 395M 0 395M 0% /run/user/1000
/dev/sdb1 246G 61M 233G 1% /mnt/data
Reboot and ensure /mnt/data gets mounted automatically.
Install Hermes SEG using specific build number
Identify the build number from the restore file you wish to restore. For example, the build number for restore file hermes-system-220410-08-16-2024-0920.tar.gz is 220410.
After identifying the build number, from the CLI as root git clone the desired build using the following command where build-220410 is the desired build:
git clone --depth 1 --branch build-220410 https://github.com/deeztek/Hermes-Secure-Email-Gateway
This will clone the repository into directory Hermes-Secure-Email-Gateway.
Change to the Hermes-Secure-Email-Gateway directory:
cd Hermes-Secure-Email-Gateway/
Make script executable:
sudo chmod +x ubuntu_hermes_install.sh
Run the script as root and follow the prompt to install Hermes SEG:
sudo ./ubuntu_hermes_install.sh
Once installation is complete, reboot your computer, ensure everything is running and then continue below to perform a System Restore.
Perform a Restore
Before you can perform a restore, you must have already mounted the location where all you backup files are stored accessible to the /opt/hermes/scripts/system_restore.sh script. Additionally, be aware that once you restore a backup, all existing Hermes SEG credentials including the database credentials will be replaced by the credentials in the backup.
If you have a Hermes SEG Pro installation with a valid license, please be aware that your license will have to be re-installed and re-activated in the restored system. Please send the serial number to support@deeztek.com and let us know that you wish to activate the license on a new system.
The recommended order of restoring backups is to first perform a system restore and once that completes, reboot your computer and then perform an archive restore. Archive restores can take a very long time to complete depending on the size of the data being restored, thus it's best to have your system already up and running and processing e-mail while the archive restore is running. This method will minimize down time.
The /opt/hermes/scripts/system_restore.sh script accepts several flags with corresponding values enclosed in single quotes in order to configure its behavior.
- The -F flag sets the full path to the backup file you wish to restore. For example, -F
'/mnt/backups/hermes-system-220410-08-16-2024-0920.tar.gz'.
- The -M flag sets the Restore Mode you wish to perform. It should be either 'system' or 'archive' For example -M 'system' sets to restore a system backup. The mode you wish to use depends on the file you wish to restore.
- The -R flag sets the MySQL root password that the backup will need in order to
backrestore up all the Hermes databases. For example, - R 'supersercretpass' sets the MySQL root password to supersercretpass.
Putting it all together, if you wanted to run ana allsystem backup,mode restore, you can run a command similar to below:
/opt/hermes/scripts/system_restore.sh -F '/mnt/backups/hermes-system-220410-08-11-2024-0822.tar.gz' -M 'system' -R 'supersecretpass'