Aside from Linux pathnames, I don’t see why it should be, although I can’t help with the details for any OS.
C:\Program Files\Duplicati 2>Duplicati.Server.exe help
Supported commandline arguments:
--tempdir: This option can be used to supply an alternative folder for temporary storage. By default the system default temporary folder is used. Note that also SQLite will put temporary files in this temporary folder.
--help: Displays this help
--parameters-file: This option can be used to store some or all of the options given to the commandline client. The file must be a plain text file, UTF-8 encoding is preferred. Each line in the file should be of the format --option=value. The special options --source and --target can be used to override the localpath and the remote destination uri, respectively. The options in this file take precedence over the options provided on the commandline. You cannot specify filters in both the file and on the commandline. Instead, you can use the special --replace-filter, --append-filter, or --prepend-filter options to specify filters inside the parameter file. Each filter must be prefixed with either a + or a -, and multiple filters must be joined with ;
--unencrypted-database: Disables database encryption
--portable-mode: Activates portable mode where the database is placed below the program executable
--log-file: Outputs log information to the file given
--log-level: Determines the amount of information written in the log file
--webservice-webroot: The path to the folder where the static files for the webserver is present. The folder must be located beneath the installation folder
--webservice-port: The port the webserver listens on. Multiple values may be supplied with a comma in between.
--webservice-sslcertificatefile: The certificate and key file in PKCS #12 format the webserver use for SSL. Only RSA/DSA keys are supported.
--webservice-sslcertificatepassword: The password for decryption of certificate PKCS #12 file.
--webservice-interface: The interface the webserver listens on. The special values "*" and "any" means any interface. The special value "loopback" means the loopback adapter.
--webservice-password: The password required to access the webserver. This option is saved so you do not need to set it on each run. Setting an empty value disables the password.
--webservice-allowed-hostnames: The hostnames that are accepted, separated with semicolons. If any of the hostnames are "*", all hostnames are allowed and the hostname checking is disabled.
--ping-pong-keepalive: When running as a server, the service daemon must verify that the process is responding. If this option is enabled, the server reads stdin and writes a reply to each line read
--log-retention: Set the time after which log data will be purged from the database.
--server-datafolder: Duplicati needs to store a small database with all settings. Use this option to choose where the settings are stored. This option can also be set with the environment variable DUPLICATI_HOME.
--server-encryption-key: This option sets the encryption key used to scramble the local settings database. This option can also be set with the environment variable DUPLICATI_DB_KEY. Use the option --unencrypted-database to disable the database scrambling.
C:\Program Files\Duplicati 2>
Let’s Encrypt is a possible certificate source if you don’t want to buy one or sign your own (OS tools vary).
But this ignores the concern of overall security. If you mean an IP restriction done by a trusted firewall, that seems pretty safe. A determined hacker with the right networking capabilities could possibly spoof your IP, however it would take some work. Don’t rely on the Duplicati options like --webservice-allowed-hostnames which are implemented as applications on the web server. The server itself isn’t known to be Internet-safe.
https://forum.duplicati.com/search?q=sslcertificatefile can find some other people who’ve tried to use that.
Is a server/client setup possible with Duplicati? might give some ideas of ways to do central management.