Can the tray icon in Windows connect to Duplicati webserver set as HTTPS?

The answer to this seems to be “no” as at the moment I get:

"C:\Program Files\Duplicati 2\Duplicati.GUI.TrayIcon.exe" --no-hosted-server | more
Request error: System.Net.WebException: The underlying connection was closed: The connection was closed unexpectedly.
   at Duplicati.Library.Utility.AsyncHttpRequest.AsyncWrapper.GetResponseOrStream()
   at Duplicati.Library.Utility.AsyncHttpRequest.GetResponse()
   at Duplicati.GUI.TrayIcon.HttpServerConnection.PerformRequestInternal[T](String method, String endpoint, Dictionary`2 queryparams)
   at Duplicati.GUI.TrayIcon.HttpServerConnection.PerformRequest[T](String method, String urlfragment, Dictionary`2 queryparams)
   at Duplicati.GUI.TrayIcon.HttpServerConnection.UpdateStatus()
   at Duplicati.GUI.TrayIcon.HttpServerConnection..ctor(Uri server, String password, Boolean saltedpassword, PasswordSource passwordSource, Boolean disableTrayIconLogin, Dictionary`2 options)
   at Duplicati.GUI.TrayIcon.Program.StartTray(String[] _args, Dictionary`2 options, String toolkit, HostedInstanceKeeper hosted, String password, Boolean saltedpassword)
Request error: System.Net.WebException: The underlying connection was closed: The connection was closed unexpectedly.
   at Duplicati.Library.Utility.AsyncHttpRequest.AsyncWrapper.GetResponseOrStream()
   at Duplicati.Library.Utility.AsyncHttpRequest.GetResponse()
   at Duplicati.GUI.TrayIcon.HttpServerConnection.PerformRequestInternal[T](String method, String endpoint, Dictionary`2 queryparams)
   at Duplicati.GUI.TrayIcon.HttpServerConnection.PerformRequest[T](String method, String urlfragment, Dictionary`2 queryparams)
   at Duplicati.GUI.TrayIcon.HttpServerConnection.UpdateStatus()
   at Duplicati.GUI.TrayIcon.HttpServerConnection..ctor(Uri server, String password, Boolean saltedpassword, PasswordSource passwordSource, Boolean disableTrayIconLogin, Dictionary`2 options)
   at Duplicati.GUI.TrayIcon.Program.StartTray(String[] _args, Dictionary`2 options, String toolkit, HostedInstanceKeeper hosted, String password, Boolean saltedpassword)
Request error: System.Net.WebException: The underlying connection was closed: The connection was closed unexpectedly.
   at Duplicati.Library.Utility.AsyncHttpRequest.AsyncWrapper.GetResponseOrStream()
   at Duplicati.Library.Utility.AsyncHttpRequest.GetResponse()
   at Duplicati.GUI.TrayIcon.HttpServerConnection.PerformRequestInternal[T](String method, String endpoint, Dictionary`2 queryparams)
   at Duplicati.GUI.TrayIcon.HttpServerConnection.PerformRequest[T](String method, String urlfragment, Dictionary`2 queryparams)
   at Duplicati.GUI.TrayIcon.HttpServerConnection.UpdateStatus()
   at Duplicati.GUI.TrayIcon.HttpServerConnection..ctor(Uri server, String password, Boolean saltedpassword, PasswordSource passwordSource, Boolean disableTrayIconLogin, Dictionary`2 options)
   at Duplicati.GUI.TrayIcon.Program.StartTray(String[] _args, Dictionary`2 options, String toolkit, HostedInstanceKeeper hosted, String password, Boolean saltedpassword)

Is there any other parameter to tell it to use HTTPS? I tried --hosturl but nothing seems to work

** I created an issue at Github: Tray icon no longer works/connects after switching the webserver to use an SSL certificate · Issue #3794 · duplicati/duplicati · GitHub

I don’t know the answer but I’m curious why you would need this. The tray icon talks to the web server on the local/same machine… Traffic to localhost won’t traverse a physical network so is not susceptible to packet sniffing. TLS doesn’t seem to add any tangible value.

Because I need to talk to it using HTTPS with my browser, but when you switch the web service to HTTPS it breaks the tray icon. I don’t care how the icon connects, it just needs to connect.

Ok, makes sense. Hopefully someone knows the answer!

Maybe try the --hosturl command-line option? Looking at the source code I see it defaults to http://localhost:8200. Perhaps if you set that to https://localhost:8200 it will work…

1 Like

I hadn’t thought to try “localhost” because knowing that using it in the browser doesn’t work either because the certificate is named after the machine, but I did notice it reported:

Request error: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

So I tried it once again with the FQDN of the machine and amazingly it worked - I know I tried this so I’m not sure why it would work hours later. I can only think that like the parameters for the service to use the certificate (which seems to really mean, import and save for the next start-up), it’s not so clear cut.

Thanks for the help.

Makes sense that the hostname would need to match what is in the certificate, otherwise it will complain about trust issues. Glad it is working for you!