Server

• Server:
  • Adding secure rsync protocol
  • Setting up rsync server config (which dir to rsync to)
  • Running rsync service
  • Setting up stunnel config
  • Running stunnel service

Rsync

Configure Rsync Server

on the server we will run an rsync daemon

editing config file at /etc/rsyncd.conf will allow us to set name of module (potentially syncing multiple client data to multiple locations on the server) and point to the data directory

Running Rsync Server

rsync runs as a system service so once completed just run service rsync start

Adding Tcp Wrappers for Secure Rsync Protocol

Editing files in etc to add secure rsync protocol

Stunnel

Configure Stunnel Server for Rsync

Config file and ports configuration

Running Stunnel Server for Rsync

Just start it up with stunnel command

Can also add debug = 7 and foreground = yes to see what's happening and troubleshoot

Firewall

Opening Firewall

Need to open firewall to incoming connections on the stunnel rsync port (873)

Client

• Client:
  • Adding secure rsync protocol
  • No rsync setup needed
  • Setting up stunnel config
  • Running stunnel service
  • Running rsync over stunnel

Rsync

Configuring Rsync

No rsync setup is needed for the client. Woo hoo!

Running Rsync

No rsync background service runs on the client, so when you want to run rsync, you just call the rsync command directly.

See https://git.charlesreid1.com/rpi/pi-transmission

rsync script contains the actual rsync commands.

Adding Tcp Wrappers for Secure Rsync Protocol

Edit the etc files again. See repo.

Stunnel

Configuring Stunnel Client for Rsync

Client stunnel over rsync configuration file goes here.

Running Stunnel Client for Rsync

The usual - run stunnel using the stunnel command.

To monitor what is happening use debug = 7 and foreground = yes.

Debugging

Debugging problems with the two interacting stunnel-rsync layers can get tricky. Here's a good workflow.

Debugging stunnel

First, if you want to see what stunnel is actually doing, add the following to the stunnel configuration file:

debug = 7
foreground = yes

These will run stunnel in the foreground and print out lots of information. You can run this in a terminal window, then open another window and run rsync commands. You should see activity in the stunnel window, indicating it is initiating a connection with the server and passing traffic.

You can do the same thing on the server to monitor the server instance of stunnel, so if you need to troubleshoot a problem on the server side, edit the server stunnel configuration file and add the debug and foreground options.

Debugging rsync

If you are confident stunnel is working properly and that the problem is with rsync, you can monitor rsync using the system log. rsync does not log to its own log file.

By running tail -f /var/log/syslog on the server in a window, then running rsync over stunnel commands in another, you should see messages about rsync activity showing up in the syslog. This should also give you more helpful and descriptive information when things go wrong, and help you diagnose the error.

• Debugging:
  • How to debug stunnel
  • How to debug rsync
  • Workflow for checking connections while running commands

Flags

stunnel secure tunnel - create secure encrypted connections on any port to wrap any protocol Stunnel  · Category:Stunnel Using: Client: Stunnel/Client Server: Stunnel/Server Stunnel Over Docker: Stunnel/Docker Certificates: Stunnel/Certificates Protocols: Stunnel/Rsync  · Stunnel/SSH  · Stunnel/Scp  · Stunnel/HTTP  · Stunnel/OpenVPN Other Links: RaspberryPi/Headless  · RaspberryPi/Reverse SSH Category:Stunnel  · Category:SSH  · Category:Networking Flags  · Template:StunnelFlag  · e