Set up rsync server to synchronize data

What is rsync?
Rsync is a fast incremental file transfer tool. It can be used for internal backup of the same host. We can also use it as a network backup tool for different hosts. This article mainly describes how to use an rsync server to implement file transmission, backup, and mirroring. Compared with tar and wget, rsync also has its own advantages, such as fast, secure, and efficient.

Rsync Installation
On the centos server, run the following command to install
Yum install rsync
For Debian and Ubuntu servers, the following command is used:
Sudo apt-Get install rsync

Rsync server configuration file rsyncd. conf
The following will involve three files: rsyncd. conf, rsyncd. Secrets, and rsyncd. motd.
Rsyncd. conf is the main configuration file of the rsync server.
Rsyncd. Secrets is the password file used to log on to the rsync server.
Rsyncd. motd defines the rysnc server information, that is, the user login information.

The following three files are created respectively:
Mkdir/etc/rsyncd
Note: Create an rsyncd directory under the/etc directory to store the rsyncd. conf and rsyncd. Secrets files;
Touch/etc/rsyncd. conf
Note: Create rsyncd. conf, which is the configuration file of the rsync server;
Touch/etc/rsyncd. Secrets
Note: Create rsyncd. Secrets, which is the user password file;
Chmod 600/etc/rsyncd. Secrets
Note: For Password Security, we set the permission to 600;
Touch/etc/rsyncd. motd
Note: Create the rsyncd. motd file, which defines the server information.

Modify the content of the rsyncd. conf file:
# Minimal configuration file for rsync daemon
# See rsync (1) and rsyncd. conf (5) man pages for help

# This line is required by the/etc/init. d/rsyncd script
PID file =/var/run/rsyncd. PID
Port = 873
Address = 192.168.0.231
# Uid = nobody
# Gid = nobody
Uid = root
Gid = root

Use chroot = Yes
Read Only = No

# Limit access to private LANs
Hosts allow = 192.168.0.0/255.255.255.0 10.0.1.0/255.255.255.0
Hosts deny = *

Max connections = 5
Motd file =/etc/rsyncd. motd

# This will give you a separate Log File
Log File =/var/log/rsync. Log

# This will log every file transferred-up to 85,000 + per user, per sync
Transfer logging = Yes

Log format = % T % A % m % F % B
Syslog facility = local3
Timeout = 300

[Webuserfile]
Path =/data/tool
List = Yes
Ignore errors
Auth users = webuser
Secrets file =/etc/rsyncd. Secrets
Comment = wangxing directory
# Exclude = beinan/samba/

[Mysqlfile]
Path =/data/tool/rsyncd
List = No
Ignore errors
Comment = MySQL directory
Auth users = nouserjken
Secrets file =/etc/rsyncd. Secrets

Password File:/etc/rsyncd. Secrets content format:
User name: Password
Webusers: 222222
Nouserjken: 111

The webuser here can be a system user or not. The defined user here only provides rsyncd, so it has little to do with the System user.

Rsyncd. motd file content:
++
+ Xinfilm.com rsync 2012-2017 +
++

Rsyncd. conf file code Description
PID file =/var/run/rsyncd. PID
Note: Tell the process to write it to the/var/run/rsyncd. PID file;
Port = 873
Note: You can specify the running port. The default value is 873;
Address = 192.168.0.231
Note: Specify the Server IP address;
Uid = nobody
Gid = nobdoy
Note: When the Server transfers files, the user and user group to be sent for execution is nobody by default. If you use nobody users and user groups, you may encounter permission issues. Some files cannot be pulled from the server. So I was lazy and used root for convenience. However, you can specify a user in the module defined when defining the directory to be synchronized to solve the permission problem.
Use chroot = Yes
With chroot, before transferring files, the server daemon is sending chroot to the directory in the file system. This may protect the system from installation vulnerabilities. The disadvantage is that Super User Permissions are required. In addition, the symbolic link files will be excluded. That is to say, if you have signed a link on the rsync server, when you run the synchronization data of the client on the backup server, only the Symbolic Link name will be synchronized, the content of the symbolic link is not synchronized; you need to try it yourself;
Read Only = Yes
Note: Read-Only is read-only, that is, the client is not allowed to upload files to the server. There is also a write only option
# Limit access to private LANs
Hosts allow = 192.168.0.0/255.255.255.0 10.0.1.0/255.255.255.0
Note: You can specify a single IP address or the entire network segment to improve security. The format is separated by spaces between IP addresses and IP addresses, between IP addresses and CIDR blocks, and between CIDR blocks;
Max connections = 5
Note: The maximum number of client connections;
Motd file =/etc/rsyncd. motd
Note: The motd file defines the server information. You must write the rsyncd. motd File Content yourself. This information is displayed when you log on.
Log File =/var/log/rsync. Log
Note: rsync server logs;
Transfer logging = Yes
Note: This is the log for transferring files;
[Webuserfile]
Note: The module provides us with the name of a link. Where is the link? In this module, the link to the/home directory should be in the form of [name;
Path =/home
Note: the location of the specified file directory must be specified;
Auth users = webuser
Note: The authenticated user is a webuser and must exist on the server;
List = Yes
Note: List indicates whether the directory on the rsync server that provides data synchronization is displayed in the module on the server. The default value is yes. If you do not want to list the contents, no is required. If no is used, at least others do not know which directories are provided on your server. You just need to know it;
Ignore errors
Note: Ignore Io errors. For more information, see this document;
Secrets file =/etc/rsyncd. Secrets
Note: Which file does the password have;
Comment = webuser home data
NOTE: Annotations can be defined by yourself. You can write anything. Just write the relevant content;
Exclude = beinan/samba/
Note: exclude indicates exclusion, that is, to exclude beinan and samba in the/Home Directory; there are spaces between beinan/and samba/directories;
Enable rsync server and firewall settings
Start rsync server
It is quite simple to start the rsync server. -- daemon enables rsync to run in server mode;
/Usr/bin/rsync -- daemon -- Config =/etc/rsyncd. conf
Rsync server and Firewall
Linux Firewall uses iptables, so we should at least let the defined rsync server port pass through on the server side, and the client should also pass through.
Iptables-A input-p tcp-M state -- state new-m tcp -- dport 873-J accept
Check whether the firewall has opened port 873;
Iptables-l

Because Rsync is a super service, it needs to be started through xinetd.
(Here, of course, you can directly add the/etc/rc. Local Command to start the instance)
Install and configure the xinet service for each rsync Host:
Yum-y install xinetd
// Configure the rsync Service
VI/etc/xinetd. d/rsync

# Default: Off
# Description: the rsync server is a good addition to an FTP server, as it \
# Allows CRC checksumming etc.
Service rsync
{
Disable = No
Flags = IPv6
Socket_type = stream
Wait = No
User = root
Server =/usr/bin/rsync
Server_args = -- daemon -- Config =/etc/rsyncd. conf # specify the rsync configuration file path
Log_on_failure + = userid
}

Use the rsync client to synchronize data
Rsync-avzp [email protected]: webuserfile
Password: Enter the webuser password provided by the server. In the previous example, we used 222222. The entered password is not displayed. Press enter when the password is set;
Note: This command means to log on to the server with a webuser and synchronize the webuserfile data to the local directory webuserfile. Of course, the local directory can be defined by yourself, for example, webuser. When you have no webuserfile directory under the current operation directory on the client, the system will automatically create one for you. When the webuserfile directory exists, pay attention to its write permission.
Note:
-A parameter is equivalent to-rlptgod.-R indicates recursive-L indicates a link file, which means copying a link file;-P indicates retaining the original permissions of the file;-T indicates retaining the original time of the file; -G indicates the original user group of the file,-O indicates the original owner of the file, and-D indicates a block device file;
-Z compression during transmission;
-P transmission progress;
-V transmission progress and other information. It has something to do with-P. Try it on your own. You can see the document;
Rsync-avzp -- delete [email protected]: webuserfile
This time, we introduce the -- delete option, indicating that the data on the client must be exactly the same as that on the server. If the webuserfile directory contains files that do not exist on the server, delete them. The ultimate goal is to make the data in the webuserfile directory completely consistent with that on the server; Be careful when using it. It is best not to use the directory with important data as a local update directory, otherwise, all your data will be deleted;
Rsync-avzp -- delete -- password-file = rsync. Password [email protected]: webuserfile
This time we added the option -- password-file = rsync. Password. This is when we log on to the rsync server as a webuser to synchronize data, the password will read the rsync. Password File. The content of this file is only the password of the webuser. We need to do the following;
Touch rsync. Password
Chmod 600 rsync. Password
The above permission settings are required; otherwise, the password file cannot be used.

Echo "222222"> rsync. Password
Rsync-avzp -- delete -- password-file = rsync. Password [email protected]: webuserfile
Note: In this case, no password is required. In fact, this is important because it is necessary for the server to schedule tasks through crond.