Backup
You can back up the CipherMail Gateway using the supplied backup script cm-backup
Tip
In most cases, we recommend creating a full backup of the virtual machine using the backup features provided by your hypervisor or VM tools.
Note
The built-in database backup feature works only when MariaDB is installed on the same server. If your database is hosted remotely or you use a different database system, back up the database using the appropriate tools provided for that system.
To create a backup, use the provided backup script:
Usage: cm-backup ...
-h show usage
--help show usage
--backup-database <file> create a backup of the database (set <file> to - to use stdout)
--restore-database <file> restore a backup of the database
--backup-config <file> create a backup of /etc/ciphermail (set <file> to - to use stdout)
--restore-config <file> restore a backup of /etc/ciphermail
--decrypt-file <file> decrypt a backup file
--password <password> the backup encryption password
Backup database
All configuration settings, certificates, and cryptographic keys are stored in the database. To create a database backup, follow these steps:
Login the shell using Cockpit Terminal (or use an SSH client)
Execute the following command
sudo cm-backup --backup-database <filename> --password <password>Replace
<filename>with the name you want for the backup file and<password>with the backup password. If you set<filename>to a single hyphen (-), the backup will be written to the terminal (standard output).
The database backup is saved as an encrypted file with the .sql.gpg extension
Note
The database backup only works with a locally running MariaDB database.
Restore database
Copy the backup to the gateway using the Cockpit File Browser (or use an scp client)
Login the shell using Cockpit Terminal (or use an SSH client)
Execute the following command
sudo cm-backup --restore-database <filename> --password <password>Replace
<filename>with the database backup filename and<password>with the backup password.
Backup config
The Backup configuration creates a backup of all files in the /etc/ciphermail directory
Login the shell using Cockpit Terminal (or use an SSH client)
Execute the following command
sudo cm-backup --backup-config <filename> --password <password>Replace
<filename>with the name you want for the backup file and<password>with the backup password. If you set<filename>to a single hyphen (-), the backup will be written to the terminal (standard output).
The config backup is saved as an encrypted file with the .tar.gz.gpg extension
Restore config
Copy the backup to the gateway using the Cockpit File Browser (or use an scp client)
Login the shell using Cockpit Terminal (or use an SSH client)
Execute the following command
sudo cm-backup --restore-config <filename> --password <password>Replace
<filename>with the database backup filename and<password>with the backup password.Run the ansible playbook
sudo cm-run-playbook
Backup email
Emails in the Webmail Messenger inbox are stored on the local file system and are not included in the standard backup script. To back up all emails to another CipherMail gateway, follow the procedure below.
On the old system (where the mail is stored), obtain the SSH public key:
sudo cat /root/.ssh/id_ed25519.pubThe output from the command should look similar to:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIA27omfWMN3pbRtra3eFqFiDBPitMq6sDvgib+kjGv6On the new system:
Log in to the cockpit app. The cockpit app can be accessed on https://<host>>:9090 where
<host>should be replaced by the hostname or IP of the new system..Open account settings for the root user ().
Click the Add key button and paste the public key from step 1.
On the old system, copy all email from the old system to the new system:
sudo rsync -avz -e ssh --progress /var/vmail/ <host>:/var/vmail/where
<host>should be replaced by the hostname or IP of the new system.