In general it work and i can set backups. but when i change my Gui password its not persistant. I tried removing - DUPLICATI__WEBSERVICE_PASSWORD=pw after setting a new without success (also restart container). In the gui under settings, i also cannot set remote acces to off. I mean i can but not persistant. I tried to access the container an set it manual in the database but without succes as well. Also i didn´t found /etc/ssh/ in the container so maybe its not a topic?! Also docker log duplicati say that my databas isn´t encrypted. Would love to know how to set encryption pesistent.
thx for your answer :). But is not exactly my Volume option “/opt/docker_container/Duplicati/data:/data” what you mean? It saves the data folder on my system under /opt/docker_container/Duplicati/data, or where did i go wrong?
Sorry, you are right, I misread that line (the first one).
Going back to the original problem, in your folder /opt/docker_container/Duplicati/data you should have a file called Duplicati-server.sqlite that you can view with any SQLite tool (I suggest SQLiteBrowser). In database there is a table called “Settings” and in here a field with the name SERVER_PASSPHRASE. This is a PBKDF value so it does not make much sense on its own, but what I would suggest is to make a copy of Duplicati-server.sqlite, then restart the container, and check if the value has changed. This value should only change if the password is being changed.
Once we know if the password is indeed changed, we can try to track down the issue further.
I’m not sure if i have done it right but thats what i’ve done. first copied Database. Then changed PW. Then stop and start container again. Then i looked inside Databases (Backup and actual one)
what i get for both, for the value you mentioned, is:
its the same like before (as i mentioned i’ve done this before with console to check values). I’m still confused by this cause the pw i set with:
The way it is supposed to work is, that every time you start Duplicati, it will take the password as input, run it through a PBKDF and save the value in the database. Each login is then run through the same PBKDF to see if the values match.
If you start Duplicati without a passphrase set, it will just use the last recorded PBKDF (matching the last provided password).
There was a bug with 2.1.0.111, .112 and .114 where it would refuse ANY login due to an incorrect library file being present. From your config it looks like you have :stable meaning 2.1.0.5.
for testing i removed - DUPLICATI__WEBSERVICE_PASSWORD=pw and add it again to set a new one. This worked for me for changing pw persistant.
This was the behaviour i had, GUI pw set just worked for the session.
Now i tried again (GUI), and it seemed that when i change pw by gui it works as well, and is persistant after restart the container. so this seems to work now. but i don´t know why, maybe container update?!
But the Option remote acces is till not persistant when i turn it off in the gui. for now i just set ports:
- “127.0.0.1:8200:8200” to get what i want.
Also i set a user for the container. but there seems to be a problem too, when i try to save volumes from other containers. I set the owner of the volumes with the user id of the container service and also i’ve done setfacl -R -m u:USERID-Duplicati:rX path/to/dir to get permissions right. When i do it works. But after restarting the container i get permission acces problems here. when id do setfacl -R -m u:USERID-Duplicati:rX path/to/dir again it will work again.
don´t know whats happening here and at this point im to afraid to ask! Maybe you can help me here
As far as i understand, the remote Access in duplicati allows you to acces your duplicati instance from other clients in your network or from wan’s. And i just want to have acces to gui from my pc. I get to managed this with binding my container to my localhost.
Else any Client in the network could get acces to the gui over the ip of the pc duplicati is running on (ip_pc:port)
Also i try to figure out why this setting is not replaced in the database when i just set it.
Its not a docker setting, its a duplicati setting in the gui im talking about. to get this change persistant, i guess this setting should be stored in the database.
But after every restart of the container this option box is checked again
I explained twice although I don’t do Docker, may be wrong, but results fit.
On every restart, I think an environment variable is passed to turn that on.
Do you know how to show environment variables in a process with pse?
Find the Duplicati PID, then you run something like ps -p <PID> e | less
If you see DUPLICATI__WEBSERVICE_INTERFACE=any in it, that turns that on.
If that’s happening, you need to find some way to remove or change setting:
--webservice-interface: The interface the webserver listens on. The special values "*" and "any" means any interface. The special value "loopback" means the loopback adapter.
You could read the links I provide. Just above your last post, you see the option form:
--webservice-interface=any
In networking terms, all means 0.0.0.0 meaning any available interface on system, however I don’t think Docker inherently builds these exactly the way host system does, which is why one needs to map container ports to host ports to allow off-system access.
I think (not sure) that your container has an interface to a bridge network allowing other containers on the same host to communicate. It’s kind of an internal LAN for containers.
You might be able to see your interfaces in docker exec with ip addr list. Are any showing an address which is the physical LAN that host has? If not, LAN cannot access because you only mapped 127.0.0.1 for access from host. I’m not sure what happens if plain 8200:8200 is used. Possibly it relies on now-mandatory password for its security.
Any of the commandline options for the server an be applied by transforming the option name to an environment variable name. The transformation is to upper-case the option, change hyphen, -, to underscore, _, and prepend DUPLICATI__.
meaning the environment equivalent is DUPLICATI__WEBSERVICE_INTERFACE that is GUI
so the environment variable said to allow that, and so the GUI comes up showing it set.
The database stores settings, but the settings also come from options and environment.
Every time you start the container, its environment turns that option back on. Questions?
This is a little different with Docker, because inside the container, Duplicati has a different network.
The setting does not make a lot of sense for Docker, but it you run without Docker, this setting changes the network interface that Duplicati listens on.
By default, Duplicati will only listen to 127.0.0.1, specifically to avoid access from the network.
When running inside the container, you cannot see any ports, except those that you specifically bind outside. Since you already bind it, that is fine, and the setting does not change anything.
What this environment variable does is add a commanline parameter for starting Duplicati:
duplicati-server --webservice-interface=any
When you start Duplicati this way, it will save to the database that you want “any interface”, which is what the checkbox reflects.
In other words, when you save, the checkbox goes away. But as soon as you restart, Duplicati is instructed to set the checkmark again. You need to either remove the environment variable or set it to:
DUPLICATI__WEBSERVICE_INTERFACE=loopback
This will force the checkmark off on each restart, but as explained, it does not matter, because no application can access anything inside the container, and you only bind the port to 127.0.0.1.
i understand what --webservice-interface=any mean. what i don´t understand is why the container always starts with --webservice-interface=any and why i can´t change it. So probably you’re not getting my question and i don´t get your point as i mentioned before. But that can happen during a conversation. I also tried to set
but after this my container was restarting every 5 seconds and the gui acces was gone. So maybe its just how the container is build and works, with DUPLICATI__WEBSERVICE_INTERFACE=any? And the container needs it to function properly?
can you explain to me what you’re trying to say here with an example? do you mean that containers can still communicate with each other? i tried only set the port 8200:8200. After this i could acces duplicati from any client in my lan with the ip of my pc (which was running duplicati) for example 192.168.1.2:8200. After i bind it to 127.0.0.1:8200 i couldn´t acces from my lan clients anymore. So just localhost acces, which was my goal here.
So thx for your patience and maybe i will understand one day :D. For now it makes sense in my head, but your comments are more confusing than helping for me right now :D. but maybe we’re just talking past each other.
if you could just answer “So maybe its just how the container is build and works, with DUPLICATI__WEBSERVICE_INTERFACE=any? And the container needs it to function properly?” with yes or no could be helpful.
