Shell scripts for security delivery backups from your servers to Google Drive by API:
- Creates a user for each project:
- without password
- with minimal rights
- auto generating personal ssh-keys
- send ssh-keys to admin by telegram
- Waiting to receive data from the source server via ssh
- When the data appeared in the project's home directory, moves it to Google Disk
flowchart LR
source[(Source Data)] --> | SSH | proxy[(Proxy Server)] --> | API | target[(Google Drive)]
- Easy to manage projects
- If there are multiple projects, the credentials are stored in one secure location
- The data source platform does not matter. Simply copy the required data to the server via ssh keys
- Linux
- curl
Clone the project as a user with sudo
git clone git@github.com:kio-by/proxy-backup.git
Every minute the scripts will check the folder and if it is not empty - move its contents to Google:
parent-folder_ID_on_google
├── project-01
│ ├── 2022
│ │ ├── 2022-01-02.zip
│ │ └── 2022-03-02.zip
│ └── 2025
│ ├── 2025-01-02.zip
│ ├── 2025-03-07.zip
│ └── 2025-11-02.zip
├── project-02
│ └── 2024
│ └── 2024-01-02.zip
└── project-xx
└── year-xx
├── backup-01
└── backup-02
- Generate Google OAuth Credentials
not required: Create Telegram bot and getCHAT_IDandBOT_TOKEN- Edit
.envfile
vi /root/backup/scripts/.env
- Create backup-project:
sudo ./sudo/00-adduser.sh
- Uncomment cron task current backup-project:
sudo crontab -e
- Copy ssh-keys to source data server
- Move data to
/home/your_project_name/backup. Use scripts, cron, scheduler, etc. For example:
scp ./backup-file.tar your_project_name@IP_backup_proxy_server:~/backup/
- Generate and move temp-flag «delete.»
/home/your_project_name/backup/.temp-flag/. It is needed to tell the script that the backup files is fully loaded. For example:
touch delete.my_project_name
scp ./delete.my_project_name your_project_name@IP_backup_proxy_server:~/backup/.temp-flag/
For new project repeat 2-7
- Run
88-deluser.shand enter name of your project
sudo ./sudo/88-deluser.sh
- Remove that note in cron tasks
Google Drive is a free service for file storage files. In order to use this storage you need a Google (or Google Apps) user which will own the files, and a Google API client.
- Go to the Google Developers console and create a new project.
- Now you should be on the Project Dashboard
- Go to APIs & Services > APIs and enable Drive API and Sheets API.
-
Click Credentials
-
Create OAuth Client ID Credentials
-
Select Web Application as product type
-
Configure the Authorized Redirect URI to https://developers.google.com/oauthplayground must not have a ending “/” in the URI
-
Save your Client ID and Secret or full OAuth string
-
Now you will have a
Client ID,Client Secret, andRedirect URL. -
You can convert oauth string to oauth
PSObjectfor future use$oauth_json = '{"web":{"client_id":"10649365436h34234f34hhqd423478fsdfdo.apps.googleusercontent.com", "client_secret":"h78H78h7*H78h87", "redirect_uris":["https://developers.google.com/oauthplayground"]}}' | ConvertFrom-Json
-
Request Authroization Code
- Manually
- Browse to https://developers.google.com/oauthplayground
- Click the gear in the right-hand corner and select “Use your own OAuth credentials"
- Fill in OAuth Client ID and OAuth Client secret
- Authorize the API scopes
- Save
Authorization Codeor directly Exchange authorization code for tokens - Save
Refresh token, it can not be requested again without new Authorization code
- Manually
/
├── root
│ ├── backup
│ │ └── project-name
│ │ ├── .env.local
│ │ ├── ln -> .env
│ │ ├── ln -> run-backup.sh
│ │ └── ln -> google-api.sh
│ └── scripts
│ ├── .env
│ ├── ln -> run-backup.sh
│ ├── ln -> google-api.sh
│ ├── ln -> telegram-message.sh
│ └── ln -> telegram-message.sh
└── home
├── sudo_user
│ └── proxy-backup
│ ├── sudo
│ │ ├── 00-adduser.sh
│ │ └── 88-deluser.sh
│ └── root
│ ├── google-api.sh
│ ├── run-backup.sh
│ ├── telegram-message.sh
│ └── telegram-message.sh
└── project-name
└── backup
├── backup.file1
├── backup.file2
└── .temp-flag
└── delete.file