Errors while verifying files (docker installation)

Support
1

Hello,
I’m new to duplicati and wanted to use it in order to backup my docker volumes.
I’v attached my named volume I want to backup and a backup target to my duplicati-docker container (the source as read only).
Unfortunately everytime after a backup, I get the following three error messages in the log:

image
image1379×255 27.9 KB

I the live log I get the following error message:
image
image1788×786 125 KB 

{"ClassName":"System.IO.IOException","Message":"Win32 IO returned 50. Path: /backup-nas/srv-docker01/dockervolumes/minecraft-server_skyblock-data/duplicati-bba31c99ea8e9447fbddefc0771987ca3.dblock.zip","Data":null,"InnerException":null,"HelpURL":null,"StackTraceString":"  at Duplicati.Library.Main.BackendManager.GetForTesting (System.String remotename, System.Int64 size, System.String hash) [0x00065] in <e60bc008dd1b454d861cfacbdd3760b9>:0 \n  at Duplicati.Library.Main.Operation.TestHandler.DoRun (System.Int64 samples, Duplicati.Library.Main.Database.LocalTestDatabase db, Duplicati.Library.Main.BackendManager backend) [0x0042f] in <e60bc008dd1b454d861cfacbdd3760b9>:0 ","RemoteStackTraceString":null,"RemoteStackIndex":0,"ExceptionMethod":null,"HResult":-2147024846,"Source":"Duplicati.Library.Main"}

I’ve already tried altering the block sice from 50MB to even 10GB to get everything into one block and down to 25MB to get more blocks, but still, same issue.

I’m a little bit frustrated since I had other problems along the way and want it to work so badly since it seems to be an awesome solution (if it works).

Thank you in advance!
Benedict

EDIT:
heres the “Verifications” part of the log, I guess thats where the issue originates from. I just cant interprete it:

 "Verifications": [
      {
        "Key": "duplicati-20220216T142149Z.dlist.zip",
        "Value": [
          {
            "Key": "Error",
            "Value": "Win32 IO returned 50. Path: /backup-nas/srv-docker01/dockervolumes/minecraft-server_skyblock-data/duplicati-20220216T142149Z.dlist.zip"
          }
        ]
      },
      {
        "Key": "duplicati-i10d68eff75ce467ea63814bdfdd82120.dindex.zip",
        "Value": [
          {
            "Key": "Error",
            "Value": "Win32 IO returned 50. Path: /backup-nas/srv-docker01/dockervolumes/minecraft-server_skyblock-data/duplicati-i10d68eff75ce467ea63814bdfdd82120.dindex.zip"
          }
        ]
      },
      {
        "Key": "duplicati-b944ae8e2353e457ea19972e61dc42d83.dblock.zip",
        "Value": [
          {
            "Key": "Error",
            "Value": "Win32 IO returned 50. Path: /backup-nas/srv-docker01/dockervolumes/minecraft-server_skyblock-data/duplicati-b944ae8e2353e457ea19972e61dc42d83.dblock.zip"
          }
        ]
      }
    ]
2

Remote volume size of 50MB should be fine, definitely don’t set it to something so large as 10GB. See Choosing Sizes in Duplicati for more detail.

In any case, the remote volume size is not what is causing your issue.

It almost looks like your backup destination is write-only and Duplicati is unable to read files back from it. Can you double check the permissions on your backup destination area?

3

Thank you for answering!

You may be onto something (altough I think write- but not read-permission is really weird).
I’ve logged into the console of the docker with UID 1000 (which is the same UID I specified in the compose file) and had perfect control over the folder

image
As you can see, rwx for owner and group.

BUT: I cant even restore the backups, I get the same three error messages. Which would confirm your theory.
Interestingly I tried to do a backup to the /home folder, which failed with the explicit error “permissions denied”. There seems to be something funny going on with permissions inside the docker container.

Here is my compose file:

version: "3.7"
services:
  duplicati:
    image: lscr.io/linuxserver/duplicati:latest
    container_name: duplicati
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
    volumes:
      - data:/config
      - tempfiles:/backups
      - tempfiles:/source
      - minecraft-server_skyblock-data:/dockervolumes/minecraft-server_skyblock-data:ro
      - type: volume
        source: backup-nas
        target: /backup-nas
        volume:
          nocopy: true
    ports:
      - 8200:8200
    restart: always
    
volumes:
  data:
  minecraft-server_skyblock-data:
    external: true
  tempfiles:
    external: true
  backup-nas:
    driver_opts:
      type: "cifs"
      device: "//192.168.182.1/BakerStreet-NAS/BackupDrive1/backup"
      o: "addr=192.168.182.1,rw,uid=1000,username=user,password=Password,file_mode=0770,dir_mode=0770"
4

I see you are using the linuxserver duplicati image. That can be extra challenging because it doesn’t run Duplicati as root. As you can see it runs with UID=1000 and GID=1000. You’ll need to make sure those IDs have the appropriate permissions on your host NAS. Some people who are extra security conscious like this approach, and there are threads about going through the work to make sure it has necessary permissions.

Personally I’m ok with backup software having full access to files on my system. I run the official duplicati docker image which runs as root by default. No permission issues that way, and you can still make the docker bind mounts for source data read only if you want (via docker config instead of filesystem permissions).

5

Damn, you here talking about security and then theres me not realizing until now that there is an actual official duplicati image for docker :smiley:
No but honestly, I didn’t know that there was an official image. I’ve actually tried to get the linuxserver image running as full root because that would be so much easier.
I’ll try it with the official image instead and will give feedback.

Thank you!

6

Yeah if you’re ok with Duplicati running as root, it makes things way easier!

Note that with the linuxserver image they changed some of the bind mount points for whatever reason. Keep that in mind when you are setting up the official duplicati one.

7

Hey,
so I’ve tried it with the official docker image now and got the exact same result :confused:
But I did some more digging yesterday and if I backup to a normal (not cifs mounted) testvolume it works just fine. Somehow duplicati isnt able to verify the files on the cifs volume.

version: "3.7"
services:
  duplicati:
    image: duplicati/duplicati
    container_name: duplicati
    volumes:
      - data:/data
      - testvolume:/test
      - minecraft-server_skyblock-data:/dockervolumes/minecraft-server_skyblock-data:ro
      - type: volume
        source: backup-nas
        target: /backup-nas
        volume:
          nocopy: true
    ports:
      - 8200:8200
    restart: always
    
volumes:
  data:
  minecraft-server_skyblock-data:
    external: true
  testvolume:
  backup-nas:
    driver_opts:
      type: "cifs"
      device: "//192.168.182.1/BakerStreet-NAS/BackupDrive1/backup"
      o: "addr=192.168.182.1,username=user,password=password"

If you still have Ideas I would really appreciate them, but I think this isn’t an issue of duplicati anymore.
Thank you for your answers!

8

Is 192.168.182.1 the same NAS that is running docker/duplicati? If so why not just use a local path instead of CIFS?

9

No, my NAS is actually a seperate device.

I marked your Post as solution since it was the solution for the general issue I had with duplicati.

Thank you

10

Ok that makes sense. I’m not an expert with Docker, I have never tried doing CIFS mappings with it.

11

Alright,
just figured it out. For anyone else running into this oddly specific issue here’s the solution:
Do not give the user on the NAS (“backup” on Fritzbox) folder specific permissions (even full permissions on a folder wont suffice). Give the user permission over the complete NAS and you’re good.

Greets