UniqueSoft/openpanel
2
0
Fork 0
mirror of https://github.com/stefanpejcic/openpanel synced 2025-06-26 18:28:26 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
09caaa6e6b
openpanel/website/docs/panel/files/backups.md
Stefan Pejcic 09caaa6e6b
Create backups.md
2025-04-30 13:47:00 +02:00

6.8 KiB
Raw Blame History

sidebar_position
6

Backups

backups.png

Introduction to Backups

In OpenPanel, backups are configurable directly by the panel users, unlike other panels where backups are managed by the admin.

This empowers users to define their own backup schedules, choose exactly what to back up, and select from a wide range of supported destinations. As a result, administrators have fewer tasks to manage, and users gain greater control and flexibility.

Destinations

OpenPanel supports the following destinations:

  • S3 storage - AWS S3, Filebase, MinIO, etc.
  • WebDAV - Remote backups using WebDAV.
  • SSH - Remote backups via SSH to another server.
  • Azure - Remote backups to Azure Blob Storage.
  • Dropbox - Remote backups to Dropbox cloud storage.

User can select destination from Backups > Destinations page.

Once backup is selected, it's options are available on Backups > Settings page.

SSH

Setting Description
SSH_HOST_NAME The FQDN of the remote SSH server, example: server.local
SSH_PORT The port of the remote SSH server
SSH_REMOTE_PATH The Directory to place the backups to on the SSH server. Example: /home/user/backups
SSH_USER The username for the SSH server. Example: user
SSH_PASSWORD The password for the SSH server. Example: password
SSH_IDENTITY_FILE The private key path inside /var/www/html/ for SSH server. Non-RSA keys (e.g. ed25519) will also work.
SSH_IDENTITY_PASSPHRASE The passphrase for the identity file if applicable. Example: pass

S3

Setting Description
AWS_S3_BUCKET_NAME The name of the remote bucket that should be used for storing backups. If this is not set, no remote backups will be stored. Example: backup-bucket
AWS_S3_PATH If you want to store the backup in a non-root location on your bucket you can provide a path. The path must not contain a leading slash. Example: my/backup/location
AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY Define credentials for authenticating against the backup storage and a bucket name. Although all of these keys are AWS-prefixed, the setup can be used with any S3 compatible storage.
AWS_IAM_ROLE_ENDPOINT Instead of providing static credentials, you can also use IAM instance profiles or similar to provide authentication. Some possible configuration options on AWS: - EC2: http://169.254.169.254 - ECS: http://169.254.170.2
AWS_ENDPOINT This is the FQDN of your storage server, e.g. storage.example.com. If you need to set a specific (non-https) protocol, you will need to use the AWS_ENDPOINT_PROTO option. The default value points to the standard AWS S3 endpoint. Example: s3.amazonaws.com
AWS_ENDPOINT_PROTO The protocol to be used when communicating with your S3 storage server. Defaults to "https". You can set this to "http" when communicating with a different seld-hosted s3 storage.
AWS_ENDPOINT_INSECURE Setting this variable to true will disable verification of SSL certificates for AWS_ENDPOINT. You shouldn't use this unless you use self-signed certificates for your remote storage backend. This can only be used when AWS_ENDPOINT_PROTO is set to https.
AWS_ENDPOINT_CA_CERT If you wish to use self signed certificates your S3 server, you can pass the location of a PEM encoded CA certificate and it will be used for validating your certificates. Alternatively, pass a PEM encoded string containing the certificate. Example: /var/www/html/cert.pem
AWS_STORAGE_CLASS Setting a value for this key will change the S3 storage class header. Default behavior is to use the standard class when no value is given. Example: GLACIER
AWS_PART_SIZE Setting this variable will change the S3 default part size for the copy step. This value is useful when you want to upload large files. Note: While using Scaleway as S3 provider, be aware that the parts counter is set to 1.000. While Minio uses a hard coded value to 10.000. As a workaround, try to set a higher value. Defaults to 16 (MB) if unset (from minio), you can set this value according to your needs. The unit is in MB and an integer.

WebDAV

Setting Description
WEBDAV_URL The URL of the remote WebDAV server. Example: https://webdav.example.com
WEBDAV_PATH The Directory to place the backups to on the WebDAV server. If the path is not present on the server it will be created. Example: /my/directory/
WEBDAV_USERNAME The username for the WebDAV server Example: user
WEBDAV_PASSWORD The password for the WebDAV server. Example: password

Azure

Dropbox

  1. Create a new Dropbox App in the App Console
  2. Open your new Dropbox App and copy the DROPBOX_APP_KEY and DROPBOX_APP_SECRET
  3. Click on Permissions in your app and make sure, that the following permissions are cranted (or more):
    • files.metadata.write
    • files.metadata.read
    • files.content.write
    • files.content.read
  4. Replace APPKEY in https://www.dropbox.com/oauth2/authorize?client_id=APPKEY&token_access_type=offline&response_type=code with the app key from step 2
  5. Visit the URL and confirm the access of your app. This gives you an auth code -> save it somewhere!
  6. Replace AUTHCODE, APPKEY, APPSECRET accordingly and perform the request from your terminal: 
    curl https://api.dropbox.com/oauth2/token \
-d code=AUTHCODE \
-d grant_type=authorization_code \
-d client_id=APPKEY \
-d client_secret=APPSECRET
  7. Execute the request. You will get a JSON formatted reply. Use the value of the refresh_token for the last setting DROPBOX_REFRESH_TOKEN
  8. You should now have DROPBOX_APP_KEY, DROPBOX_APP_SECRET and DROPBOX_REFRESH_TOKEN set. These dont expire.

:::info Note: Using the “Generated access token” in the app console is not supported, as it is only very short lived and therefore not suitable for an automatic backup solution. The refresh token handles this automatically - the setup procedure above is only needed once. :::

Important: If you chose App folder access during the creation of your Dropbox app in step 1 above, DROPBOX_REMOTE_PATH will be a relative path under the App folder! (For example, DROPBOX_REMOTE_PATH=/somedir means the backup file will be uploaded to /Apps/myapp/somedir) On the other hand if you chose Full Dropbox access, the value for DROPBOX_REMOTE_PATH will represent an absolute path inside your Dropbox storage area. (Still considering the same example above, the backup file will be uploaded to /somedir in your Dropbox root)