Best practices for running on VPS

I want to use Duplicati to backup a Linode VPS I own running Ubuntu and was wonder what would be the best way to do that. I run Apache on it already, and definitely wouldn’t want everyone to have access to the config portal. What would be the best way to do that?

Hello and welcome!

Apache being on the box is irrelevant. Duplicati has its own integrated web server that by default listens on localhost:8200. The web server would not be available from other computers.

If this VPS doesn’t have a GUI and you can’t run a web browser on it directly, then you would need to change Duplicati to listen on the NIC not just localhost. This could make Duplicati accessible to the outside world, which if left unrestricted would be bad. You can mitigate that by using firewall rules to restrict access to only certain trusted source IPs, either on the VPS itself using iptables, or at the cloud level assuming Linode supports it like AWS and Azure do. You should also set a web UI password.

The main author of Duplicati has advised against making the Duplicati web UI accessible on the internet, so definitely use firewall IP restrictions at a minimum.

Maybe Apache isn’t totally irrelevant. If you have the know-how you could set it up to act as a reverse proxy to help protect the Duplicati web UI.

Another idea is to not run the web UI engine at all and stick with pure command line usage.

More ideas. What’s best might depend on what facilities you use, and what you find OK to set up…

What is your current secure solution to access the VPS for administration? If SSH, it can tunnel too.

How to Set Up SSH Tunneling (ssh -L if you run ssh, but I think PuTTY can also do port forwarding)

You wouldn’t have to have Duplicati prepare for anything other than its default localhost on port 8200.
You also wouldn’t need a GUI or browser on the VPS. A local browser is forwarded to VPS’ Duplicati.

There are probably other ways to make secure tunnels of some type. I don’t personally use a VPS…