Setting up Duplicati on Debian Stretch for backup to Minio over TLS 1.2
There are a lot of WinXX client-HowTos, none of them solves the pbl. for linux/debian/ubuntu based Clients.
Abstract
Using an LXC (maybe docker later on) Duplicati-Client to backup up local Data to a remote Minio-Server (S3) over LetsEncrypted TLS Connection.
Versions at the time of writing
Server:
- buster (Debian Testing) with ZFS
- Minio: 2018-09-12T18:49:56Z (docker)
- LetsEncrypt set up as suggested @ minio-website
Client:
- Stretch (Debian Stable) @ LXC
- Duplicati 2.0.3.11_canary_2018-09-05
- Mono from Stable, mono-runtime 4.6.2.7+dfsg-1
Mono 4.6 from Stretch is not working with Minio & TLS 1.2
Minio throwes TLS Error
minio_1 |
minio_1 | API: SYSTEM()
minio_1 | Time: 08:21:56 UTC 09/21/2018
minio_1 | Error: tls: client offered an unsupported, maximum protocol version of 301
minio_1 | remoteAddr=xx.xx.xx.xx:16188, localAddr=xx.xx.xx.xx:443
minio_1 | 1: cmd/logger/logger.go:294:logger.LogIf()
minio_1 | 2: cmd/http/listener.go:243:http.(*httpListener).start.func2()
Duplicati throws Error:
A WebException with status SecureChannelFailure was thrown.
even with TLS tied to 1.2
allowed-ssl-versions TLS12
Solution: Update mono-runtime
Update to 5.14-xamarin3 from the mono-project.org
Configuring Backup
General
Name: <Backup-Name>
Encryption: AES-256 (buildin)
Passphrase: <your-secret>
Destination
Storage Type: S3 Compatible
Use SSL: Yes
Server: Custom Server URL: <FQDN>
Bucket name: <bucket-name>
Bucket create region: (default) ()
Storage class: (default) ()
Folder path: <Backup-Name>
AWS Access ID: <MINIO_ACCESS_KEY>
AWS Access Key: <MINIO_SECRET_KEY>
…
HINT: the “Custom Server URL” does NOT take a URL-Format like https://..
– it takes an FQDN only.