Does not accept hostname other than *

I managed to solve almost all the problems, I just need to solve the hostname part. By default it comes as “*”, that is, it accepts all hosts, however I am running my server on a VPS in another country, but I have a VPN server running on my server and I want it to only accept connections from the external IP itself the server.

I’ve tried to leave it blank, I’ve tried to put my external IP, and nothing works, only *. I want to know how I change and make it work.

The host header sent by the client is not allowed

Have you tried the --webservice-interface= option? You can use that to force Duplicati to bind only to a certain interface.

I’ve tested it but it doesn’t work

What OS are you using?

The server is a VPS running ArchLinux and the duplicati is in a docker. I am using ngnix with SSL to access via URL, which is configured in the Ngnix Proxy manager and points to the container

version: "3.9"
    container_name: duplicati
      #- duplicati-server
      #- --webservice-interface=any
      #- --webservice-allowed-hostnames=*
      # Aponte o servidor para o caminho original do diretório de configuração
      #- --server-datafolder=/root/.config/Duplicati
      # Força diretrório temporário ser no /tmp
      #- -–tempdir=/tmp
      # tamanho máximo do arquivo
      #--max-file-size=50mb # Valor padrão 50mb
      #--webservice-allowed-hostnames=" "
      - PUID=0
      - PGID=0
      - TZ=America/Sao_Paulo
      #- CLI_ARGS= #optional
      - ./volumes/appdata/config:/config #Contém todos os arquivos de configuração relevantes.
      - /Becapes/backups:/backups #Caminho para armazenar backups locais.
      - /home/tales:/source #Caminho para a origem dos arquivos para backup.
    #  - 8200:8200
      - "8200"
    restart: always

      name: nginxproxymanager_default

I don’t use Arch but on Debian and its derivatives (maybe others?) there is an /etc/default/duplicati file that has daemon options where you can adjust things like what interface it listens on. But I don’t think it would really apply to Duplicati running in a docker containers, as it only has one “interface” anyway.

Maybe you need to block it at the nginx reverse proxy level? I don’t have experience with that, so I can’t really help you…

How does the VPN server fit into the picture? Other descriptions sound like you https direct to nginx.
Maybe the config would tell me, but I don’t use nginx… The servers and interfaces are not very clear:

Does “IP itself the server” mean the external IP of the server at your end, going across open Internet?

Duplicati isn’t a firewall. Don’t expose it to the Internet directly even if you think you told it to be secure.
If you can SSH to the remote, an option may be to browse on a port-forwarded connection, e.g. by -L.

As an nginx admin, you likely know host headers better than I do, but this is a remote hostname, right?
Although I’m not sure the help expresses it well, I think you’re telling Duplicati what host headers to take.
That’s not even an IP thing, I think. You should configure the hostname you will use on URL to Duplicati.
What the host header checker is trying to do, I think, is to protect Duplicati from a DNS rebinding attack.

I have same issue, I added Duplicati as iframe of Home assistant (DNS:

When I use local IP (192.168.x.x:8123/duplicati) to access, it works.

But when I use It show login failed.

Did you find any clue?