SFTP with Installatron and Bitvise

Setting up an SFTP server backup with Installatron and Bitvise

I would like to point out that since a few months back I am not using this solution. That does not mean it is flawed or not working. This tutorial should still be relevant, albeit unsupported.


Primarily for webmasters with no other “easy” backup options and concerned about used space on the Webhost, this document is intended for personal and non-profit sites but adding a purchased Bitvise license is of course possible for anyone.

Most of us know that Installatron comes with some backup functionality and many would probably look in to that for an easy way to backup and restore sites and databases. However, for larger sites with GB’s of data this may not be a long term viable solution since the backup on premises eats up space on the host.

Other solutions like FTP, FTP/S or WebDAV may not be advisable for security concerns.

I spent some time looking in to different solutions for a long term viable backup and restore solution. Since none of my sites are normally updated minute-by-minute but at the most daily, if even that, the templates available for daily-weekly-monthly backups in Installatron are enough. Hourly is not a default option from what I see in my Installatron.

The key aspect was backup location. I have computers, I have space, and I can setup a target server. However, I would not setup a FTP or FTP/S due to security concerns so I have been looking at “easy” solutions to setup an SFTP Server in Windows.

In theory one can setup a SFTP using IIS – and there are guides for it using OpenSSH certification – but that is. in my opinion, a bit of a greater hassle so I looked for something else. A clean SFTP server software, cheap if not free. After some tests and tribulations I ended up with Bitvise. Please note that SFTP is encrypted and a SSH protocol, considered safe if updated and properly maintained.

FTP or FTP/S is NOT safe. Ref: https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol .

For this I am using a Windows Server (overkill) and reviewing some customizations to Windows Firewall and Ransomware Protection functionality. You can run this virtually or directly on hardware, doesn’t matter, I run it directly on an older HPE server. You need to setup Port forwarding on your Router and for this I am NOT using the default SFTP Port 22, but something else, let’s say 33391. Any number here, that do not collide with other network resources, is applicable. Port Forward is done in different ways depending on what Router brand (or other relevant network equipment) is used by you. Check how to do it in relevant equipment manual or on www.portforward.com that has many tutorials for this.

Once the PortForward is done, you have an open network path to your Bitvise installation on Windows on your physical or virtual computer. Test it, make sure the connection is open. If you haven’t installed Bitvise already, get it from https://www.bitvise.com/ssh-server and go forward with its installation.

Dynamic IP address – a few words on a potential showstopper

If you have a dynamic IP address to your local network, you may have to setup a DNS Forwarding to your external Internet IP address as well. This may entail using a software to communicate with a server to translate your dynamic IP to a fixed DNS address. There are many services for this and also some additional links and tutorials on www.portforward.com and you can get this functionality for free for one host lookup at many providers.

Setting up Bitvise

So now you may wonder about the Bitvise licensing cost. Well, it is – as I write this – free for personal use with some limitations as stated here: https://www.bitvise.com/ssh-server-usage-faq#personal-edition  and that would cover most of what you need for personal and non-profit sites.  Having said that it is not expensive at 95$ / yearly for basic commercial usage.

Once you installed Bitvise you may want to look at creating and configuring a few things:

Check the Bitvise Activity log often and learn how to read it, seriously, it will help!

Windows Firewall

It is important that you add a rule to Windows Firewall specifying that you want a certain port open (our example 33391). You may start with allowing any protocol and any IP address access, remember you can set some specific limitations in Bitvise. This is trial and error, as I write this there are still some security related functionality I have not looked in to, but I have delimited connectivity to the IP addresses of my Webhosts for starters.
Look this up, and make notes, since it is easy to set a checkbox that you feel is an improvement to security and then forget about it only to face a break in connectivity.

Tip! Name the rule so you can find it easily, I named it “[Port number] – Bitvise SFTP”.

Windows Ransomware Protection

You can enable this, but you will block SFTP transfer by Bitvise until you actually define Bitvise Service as allowed to do changes to your file structure. This is also why it would be good to have a dedicated drive and a dedicated folder where you store your backup – easy to see. This is a Windows Defender only feature but it seems available on recent versions of Windows.

Ref: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-worldwide

Installatron

Now you have five items to use in the Installatron backup interface.

Careful with spaces and superfluous characters since they will cause issues.

  • Address to your server as URL or IP
  • Port
  • Username
  • Password
  • Path (forward or backwards slash are both accepted)
  • Time spans of backup as selected by you.

A thing about Installatron: make sure you save every step before altering something else.

With any luck using this on your webhost will give you a long term reliable backup with ability to restore. The backed files are stored as .gz which is a Linux compression algorithm, but can be opened and browsed and unpacked with most packing software, like WinRAR or 7zip.

Test your backup, run it manually, check setting for potential issues. Post below for any questions or clarification requests. Read the manuals I have linked, please!

FAQ

Q: Will this affect my hosts bandwidth limitations?

A: Yes, but ultimately this is a matter about your agreement with your webhost. I used several hundreds of GB in less than a week so it is worth considering and checking.

Q: I have connection and everything should be fine, yet I see no new files on the backup location.

A: Check Windows settings in regards to Firewall and if you use the Ransomware Protection, it may block the Bitvise Service from writing to the file system. Check local Virtual Bitvise account for root access to the target folder.

Q: I have several instances of Installatron running on the same Webhost, but they all write to one single folder despite having specified different folders for each backed up site?

A: I have noticed that in some Webhost interface (I have DirectAdmin) it may be important to have correct domain selected before even touching the Backup settings of the site in Installatron, despite having them all available in a list (if you even have that?).

Q: When reviewing my settings for a Backup in Installatron it defaulted back to Webhost by itself.

A: This may happen when the backup encounters some undefined problem or haven’t been tested when setting it up. Check if any files were created at all in the backup location, also check adjacent folders, if any. Start over with that site. Review eventual backups on your Webhost so you are not using up space you weren’t planning for.

Q: How to restore the backup?

A: You have all the files in the backup archive. If Installatron doesn’t recognize the backup package it becomes a bit more complex. It could potentially not find the backup path to your SFTP server, but you should be able to upload the files to a folder and unpack them from there and point Installatron to the existing backup, in the default Installatron backup folder. Worst case scenario is to upload the files and restore the database the “long” way, which you should already know if you have some experience with handling web applications.

The author of this text is in no way affiliated with any of the above mentioned companies.