The bulk of this post has been pieced together from other bits of documentation on the web (see Additional Sources at the bottom of the post), but most of the available information applies specifically to CrashPlan “home” — not “pro”. Also, the included CrashPlan plugin in FreeNAS 9.10 is quite out of date so this guide will help you install and configure the most recent version of either the home or the pro version of CrashPlan. This how-to assumes that you’ve already installed FreeNAS.
Step #1: Install the included CrashPlan plugin
This will create the CrashPlan jail for you. Login to the admin interface of your FreeNAS box and navigate to Plugins:
Install the included CrashPlan plugin
Click OK to begin the installation
Wait for the install process to complete
Once the installation process has completed, verify that the plugin shows up under the Installed tab of the Plugins menu, but do not attempt to start the CrashPlan service just yet.
The CrashPlan plugin has been installed but is not yet running
Step #2: Configure a gateway IP address for the CrashPlan jail
Navigate to Jails -> crashplan_1 -> Edit
Edit the crashplan_1 jail configuration
Configure the jail’s network settings
You’ll notice that FreeNAS has already assigned an IP address to this jail. You can change it now to suit your needs, or leave it alone. Click on Advanced Mode so that we can configure a gateway.
Configure your gateway and/or any other desired network settings
Configure any other settings you need and then scroll down to the bottom of the dialog box and click Save.
Step #3: Enable SSH
We’re actually going to enable SSH on both the NAS and the crashplan_1 jail. Navigate to Services and click the wrench icon next to SSH
Navigate to “Services”
Click the wrench icon to configure SSH Settings
Check the option to Login as Root with password and click OK. Later on, we’ll change this to only allow public key authentication.
Allow root logins with password
Then start the SSH service:
Click the toggle switch to start the SSH service
If everything went well, you should be able to use secure shell to connect to your NAS.
Step #4: Enable SSH on the crashplan_1 jail
Connect to your NAS as root via ssh
Login to the NAS as root via ssh, then drop into the crashplan_1 jail via jexec
Once logged in, type the following command and hit enter:
This will output a listing of available jails:
[root@freenas] ~# jls
JID IP Address Hostname Path
1 - crashplan_1 /mnt/tank/jails/crashplan_1
To drop into the crashplan_1 jail, you need to run jexec followed by the number of the desired jail from the output of the previous command:
After you’ve executed that last command, your shell should look something like that last screenshot. Now we can continue with configuring ssh on the jail:
We need to change the value of the PermitRootLogin setting to without-password and verify that the value of PasswordAuthentication is set to no. Additionally, we need to ensure that the values of AllowTcpForwarding and PubkeyAuthentication are yes. The only option that you should have to change is the first one; the latter three should have the correct setting by default, but check them just in case. Make sure they match the following:
Set “PermitRootLogin” to “without-password” to enable public key authentication via ssh
Verify that TCP forwarding is enabled. If this is not enabled, then we won’t be able to connect to the CrashPlan engine from the CrashPlan app later on.
Save the file and quit, then execute the following commands:
service sshd keygen
service sshd start
Enabling and starting ssh in the crashplan_1 jail
Next, make sure to insert your public key into the .ssh/authorized_keys file:
Create an authorized_keys file and paste your public key into it.
Paste your key into .ssh/authorized_keys, then save and quit and execute the following command:
chmod -R 600 .ssh
Optionally, update some stuff:
pkg clean; pkg update; pkg upgrade
Let’s also restrict root logins to public key authentication on the NAS (i.e., outside of the jail). Assuming you’re still logged into the jail, execute the following commands:
Then change the PasswordAuthentication, PubkeyAuthentication and PermitRootLogin options to match the following (just like before):
Save and quit, but whatever you do, do not reboot or restart the ssh service — not yet. Next, you’ll need to create an authorized_keys file just like you did for the crashplan_1 jail:
Once again, paste your public key into this file and then save and quit and execute the following command:
chmod -R 600 .ssh
… And then go ahead and reboot the NAS via the web interface or by executing the reboot command.
Reboot. This step isn’t strictly necessary, but you may receive the following error: “CrashPlan data did not validate, configure it first” when attempting to start the service (even after accepting the java EULA.) If this happens to you, reboot before proceeding.
Alternatively, if you didn’t reboot, just restart the ssh daemon:
service sshd restart
Step #5: Install CrashPlan on the NAS
Remember back in Step #1 when I said not to start the CrashPlan service? Well we’re getting close. Login to the web interface and navigate to Plugins -> CrashPlan.
Navigate to “Plugins” -> “CrashPlan”
As soon as you click on the CrashPlan icon, an EULA for Java will appear. Scroll all the way down to the bottom and Click “Yes, I accept”:
Accept the EULA
And then click the X icon (cancel) on in the upper-right corner of the next window that appears.
Click ‘cancel’ in this dialog box
If you’re curious, here’s where the link mentioned in the dialog box takes you, currently: http://support.code42.com/CrashPlan/4/Configuring/Using_CrashPlan_On_A_Headless_Computer. We’re going to cover all of this stuff in the next few steps.
Now we need to download the most recent version of CrashPlan (4.6.0 at the time of this writing.) There are two versions we’re concerned with: Home and Pro. I’m using the Pro version but the steps to install either version are mostly the same. Download whichever version you use:
Make sure to download it to your local machine — we will need to install CrashPlan locally as well. Once it’s downloaded (assuming you saved the file in ~/Downloads) use scp to copy it to the crashplan_1 jail. Once again, I’m using the Pro version, my pool is named “tank”, my crashplan jail index is “1”, and the IP of my FreeNAS box (not the jail) is 10.0.2.218, so be sure to modify the following steps to suit your environment.
The difference in the filename between the “Home” and “Pro” versions are subtle, pay close attention:
- Pro version: CrashPlanPRO_4.6.0_Linux.tgz
- Home version: CrashPlan_4.6.0_Linux.tgz
Execute the following commands from a terminal on your local machine; make sure you type the correct filename:
scp CrashPlanPRO_4.6.0_Linux.tgz firstname.lastname@example.org:/mnt/tank/jails/crashplan_1/usr/pbi/crashplan-amd64/share/crashplan/
Then ssh to your NAS and execute the following:
tar -xf CrashPlanPRO_4.6.0_Linux.tgz
cpio -idv < CrashPlanPRO_4.6.0.cpi
rm -r lib*
cp -r crashplan-install/lib* .
service crashplan start
Verify that the service is running with the following command:
sockstat -4 | grep java
You should see similar output:
The CrashPlan service is listening on 127.0.0.1:4243
If you are using the Pro version, the following step is absolutely necessary; continuing from above:
sed -i .backup 's/<orgType>CONSUMER</orgType>/<orgType>BUSINESS</orgType>/g; s/central.crashplan.com/central.crashplanpro.com/g' conf/default.service.xml conf/my.service.xml
Step #6: Install CrashPlan on your local machine
Again, I’m assuming the CrashPlan tarball was saved to ~/Downloads on your local machine:
tar -xf CrashPlanPRO_4.6.0_Linux.tgz
Accept all of the default settings when prompted. Since we don’t want the CrashPlan service running locally, we need to disable it on our local machine. This next step is not universal across all distros. For example, I’m using Ubuntu 15.10; to stop and disable (i.e., prevent from starting on boot) CrashPlan, I need to do the following:
sudo service crashplan stop
sudo sh -c 'echo "manual" > /etc/init/crashplan.override'
As you can see from the method used to disable the CrashPlan service, the init script for CrashPlan on Ubuntu 15.10 is an upstart job. In 15.04 and later, both systemd and upstart are installed by default. Notice to future readers using Ubuntu: this will most likely change in the near future, given Ubuntu’s adoption of systemd as the default init system in 15.04.
Once you’ve disabled the service, we need to configure the desktop app (CrashPlanDesktop) to connect to the remote CrashPlan service via an ssh tunnel. Execute the following command:
sudo sed -i.backup 's/#servicePort=4243/servicePort=4200/g' /usr/local/crashplan/conf/ui.properties
Note: the lack of a space between the -i and .backup is intentional. When sed was used previously in this post, it was on the FreenNAS (which is built on FreeBSD) — as stated previously, my local machine is Ubuntu (Linux) so there is a slight variation in the behavior of sed between the two operating systems.
Now we need to grab the auth token from the NAS — remember: The IP address of my NAS is 10.0.2.218, and my pool is named tank; yours might differ. Modify as necessary.
ssh email@example.com "cat /mnt/tank/jails/crashplan_1/var/lib/crashplan/.ui_info"
The output will look similar to this:
Retrieving the auth token from /var/lib/crashplan/.ui_info
The format of the .ui_info file is:
You need to modify the port and the auth token in your local /var/lib/crashplan/.ui_info. The port needs to be 4200, and the auth token needs to be replaced with the one from the previous command. You can simply overwrite the local .ui_info:
sudo sh -c 'echo "4200,eeeb3f1a-b426-4a78-b70c-460a36da9381,127.0.0.1" > /var/lib/crashplan/.ui_info
Any time the CrashPlan service is restarted on the NAS, this auth token could potentially change. There’s nothing you can really do about it except be aware that it happens. If the desktop app has trouble connecting to the backup engine, be sure to check this.
Step #7: Starting the CrashPlanDesktop app on your local machine
First, setup an ssh tunnel. You will need to use the IP address of the crashplan_1 jail in this command. Mine is 10.0.2.2; modify yours as necessary:
ssh -L 4200:localhost:4243 firstname.lastname@example.org -Nv
Then, on your local machine, start the CrashPlanDesktop app either by clicking the icon on your desktop (if there is one) or by starting the app from the terminal:
Two ways to start the CrashPlanDesktop app
If everything went as planned, the desktop app should connect to the backup engine via the tunnel, and you should be able to configure your CrashPlan backup.