I managed to solve almost all the problems, I just need to solve the hostname part. By default it comes as “*”, that is, it accepts all hosts, however I am running my server on a VPS in another country, but I have a VPN server running on my server and I want it to only accept connections from the external IP itself the server.
I’ve tried to leave it blank, I’ve tried to put my external IP, and nothing works, only *. I want to know how I change and make it work.
The server is a VPS running ArchLinux and the duplicati is in a docker. I am using ngnix with SSL to access via URL, which is configured in the Ngnix Proxy manager and points to the container
version: "3.9"
services:
duplicati:
image: ghcr.io/linuxserver/duplicati:latest
container_name: duplicati
#command:
#- duplicati-server
#- --webservice-interface=any
#- --webservice-allowed-hostnames=*
# Aponte o servidor para o caminho original do diretório de configuração
#- --server-datafolder=/root/.config/Duplicati
# Força diretrório temporário ser no /tmp
#- -–tempdir=/tmp
# tamanho máximo do arquivo
#--max-file-size=50mb # Valor padrão 50mb
#--webservice-allowed-hostnames=" "
environment:
- PUID=0
- PGID=0
- TZ=America/Sao_Paulo
#- CLI_ARGS= #optional
volumes:
- ./volumes/appdata/config:/config #Contém todos os arquivos de configuração relevantes.
- /Becapes/backups:/backups #Caminho para armazenar backups locais.
- /home/tales:/source #Caminho para a origem dos arquivos para backup.
#ports:
# - 8200:8200
expose:
- "8200"
restart: always
networks:
default:
external:
name: nginxproxymanager_default
I don’t use Arch but on Debian and its derivatives (maybe others?) there is an /etc/default/duplicati file that has daemon options where you can adjust things like what interface it listens on. But I don’t think it would really apply to Duplicati running in a docker containers, as it only has one “interface” anyway.
Maybe you need to block it at the nginx reverse proxy level? I don’t have experience with that, so I can’t really help you…
How does the VPN server fit into the picture? Other descriptions sound like you https direct to nginx.
Maybe the config would tell me, but I don’t use nginx… The servers and interfaces are not very clear:
Does “IP itself the server” mean the external IP of the server at your end, going across open Internet?
Duplicati isn’t a firewall. Don’t expose it to the Internet directly even if you think you told it to be secure.
If you can SSH to the remote, an option may be to browse on a port-forwarded connection, e.g. by -L.
As an nginx admin, you likely know host headers better than I do, but this is a remote hostname, right?
Although I’m not sure the help expresses it well, I think you’re telling Duplicati what host headers to take.
That’s not even an IP thing, I think. You should configure the hostname you will use on URL to Duplicati.
What the host header checker is trying to do, I think, is to protect Duplicati from a DNS rebinding attack.