Installation on Linux (Ubuntu 24.04) - Docs are confusing

Hi,

In my clients servers I was using all these years UrBackup but I wanted to test Duplicati.
Since Latest “stable” releases does not work on 24.04, I’ve installed 2.1.0.100 Canary.

I’ve enabled it as service (sudo systemctl enable duplicati.service) but when I open in browser localhost:8200 it ask for a password that I’ve never set. Which one is the password?

Also I don’t want to use the tray Icon, since I plan to access remotely later (if possible) by adding VHOST settings in apache2 for Proxy.

Thanks in advance.

EDIT: what I did in the meantime was:

  • Stop Duplicati service (sudo service duplicati stop)
  • Start as normal/default user Duplicati via Trayicon
  • Set the initial password and close the Trayicon
  • Copy Duplicati folder from /home/myuser/.config/Duplicati to /root/.config/Duplicati
  • Start Duplicati service (sudo service duplicati start)

Now I can access Duplicati via web with the assigned password.

Docs for this part are in the making.

There are a few ways to do this, and you figured out one: use TrayIcon.

Another approach is to stop running instances, then start it briefly from the commandline:

sudo duplicati-server —webservice-password=<new password>

You can also check the system logs, where a special signin link is logged, that is valid a short time after startup.

And finally, you can use server-util:

sudo duplicati-server-util change-password

In that case you might want to set:

—webservice-listen-interface=any
—webservice-allowed-hostnames=<vhost name>

The first option makes Duplicati listen to any network request, as opposed to just listening on the loopback adapter.

The second option lets you give the hostname the browser would send. You can use * to disable the hostname check.

Edit: there is also a paid option for managing the Duplicati instances through the Duplicati console. It is not yet fully public, but you can create an account on https://app.duplicati.com and then request remote control functionality via the support button.

This way you don’t have to deal with the settings and you get full SSL/TLS protection for the requests, and your machines do not have any open ports.

Hi @kenkendk !

Thanks for replying. When I tried to use --webservice-password= It gave me an error (and for sure is because my password contains a @ at the beginning, but like I said in my post EDIT, I’ve solved it otherway).

Now for the rest of the tips I already saw it in the Docs. Thanks!

As for the remote access I am planing to use Proxy reverse in Apache, but is not working so far. When I setup the Proxy and enter the URL, it says that is not connected and keeps trying and trying.

Since in this server I only have one domain available, what I do is to use apache settings like domain.com/myapp. As for this case, I am using domain.com/backups (so depending of the app, I use Alias or Proxy settings). My conf. for Duplicati:

AllowEncodedSlashes On
ProxyPreserveHost On
ProxyRequests off
ProxyPass /backups http://127.0.0.1:8200/
ProxyPassReverse /backups http://127.0.0.1:8200/

Any tips for this? Thanks.

You might find that original job database is the one being updated.
The Database screen will let you move job databases as you wish.

1 Like

Can you try to look at any errors you may see with the developer tools in the browser?

I think this may be related to websockets, so you also need:

<Location /notifications > 
  ProxyPass ws://127.0.0.1:8200/notifications
  ProxyPassReverse ws://127.0.0.1: 8200/notifications
</Location>

Note that this makes the app spread out beyond the /backups prefix, so it may clash with other applications.

I have registered an issue for fixing this:

If you prefer, you can also edit the code in webroot/ngax/scripts/services/ServerStatus.js in you local Duplicati install (around line 344) and update it to use the /backups prefix:

const w = new WebSocket(`${websocketProtocol}//${window.location.host}/backups/notifications?token=${AppService.access_token}`);

Hi,

I added the Location section for still getting the same error. As for the console, attaching the screenshot.

I no prefer to modify files from the app itself, since this will be replaced in future updates, so for me that is not the way to go.

Thanks

It looks correct from the browser perspective. It is calling the correct url, and this is the step before the websocket. Since you are getting a 404, the question is who is sending this?

Can you see any log messages in Apache for this? For Duplicati you can set the environment variable:

DUPLICATI_WEBSERVER_LOGGING=1

Which will then emit verbose HTTP access logs.

The specific call is for /backups/api/v1/auth/refresh and this should be mapped to http://localhost:8200/api/v1/auth/refresh, but the 404 error indicates that it is not.

In Apache logs I don’t have any entry in the corresponding error logs, just in the access:

181.46.93.170 - - [27/Nov/2024:10:48:08 -0300] "POST /backups/api/v1/auth/refresh HTTP/1.1" 404 240 "https://alogys.ddns.gdnet.ar/backups/ngax/index.html" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/2010010
1 Firefox/132.0"
181.46.93.170 - - [27/Nov/2024:10:48:08 -0300] "POST /backups/api/v1/auth/refresh HTTP/1.1" 404 240 "https://alogys.ddns.gdnet.ar/backups/ngax/index.html" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/2010010
1 Firefox/132.0"

As I saw in another posts, I’ve added these, but without luck either:

ProxyPass "/backups/api" "http://127.0.0.1:8200/duplicati/api"
ProxyPass "/backups/customized" " http://127.0.0.1:8200/duplicati/customized"
ProxyPass "/backups/img" " http://127.0.0.1:8200/duplicati/img"
ProxyPass "/backups/ngax" " http://127.0.0.1:8200/duplicati/ngax"
ProxyPass "/backups/oem" " http://127.0.0.1:8200/duplicati/oem"
ProxyPass "/backups/package" " http://127.0.0.1:8200/duplicati/package"
ProxyPassReverse "/backups/api" " http://127.0.0.1:8200/duplicati/api"
ProxyPassReverse "/backups/ngax" " http://127.0.0.1:8200/duplicati/ngax"

EDIT: I’ve added the settings as a new VirtualHost so to use root path / and to not conflict with another apps in the same VHOST (and of course, this Vhost in another port, 8443) but I have the same error in the browser.

Also, in Browser I get this now:

index.html:31 
 GET https://alogys.ddns.gdnet.ar:8443/ngax/styles/%7B%7Bactive_theme%7D%7D.css net::ERR_ABORTED 404 (Not Found)

angular.js:10514 
 POST https://alogys.ddns.gdnet.ar:8443/api/v1/auth/refresh 403 (Forbidden)
angular.js:10514 
 POST https://alogys.ddns.gdnet.ar:8443/api/v1/auth/refresh 403 (Forbidden)

That is progress! The 403 means that you are (most likely) hitting the Duplicati server now. Try navigating to /login.html and enter your password.

With that path, I can login just fine, but then:

GET
wss://alogys.ddns.gdnet.ar:8443/notifications?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0eXAiOiJBY2Nlc3NUb2tlbiIsInNpZCI6IndlYnNlcnZlciIsImZhbSI6IkQ2OTlEOEFFRjM5RTE3MUUiLCJuYmYiOjE3MzI3MTc5MjEsImV4cCI6MTczMjcxODgyMSwiaXNzIjoiaHR0cHM6Ly9kdXBsaWNhdGkiLCJhdWQiOiJodHRwczovL2R1cGxpY2F0aSJ9.EIbS4BKPxL01IT7OLz1TIAgRIsae8J6kf4nQ6TRNqw0
[HTTP/1.1 400 Bad Request 101ms]

Firefox no puede establecer una conexión con el servidor en wss://alogys.ddns.gdnet.ar:8443/notifications?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0eXAiOiJBY2Nlc3NUb2tlbiIsInNpZCI6IndlYnNlcnZlciIsImZhbSI6IkQ2OTlEOEFFRjM5RTE3MUUiLCJuYmYiOjE3MzI3MTc5MjEsImV4cCI6MTczMjcxODgyMSwiaXNzIjoiaHR0cHM6Ly9kdXBsaWNhdGkiLCJhdWQiOiJodHRwczovL2R1cGxpY2F0aSJ9.EIbS4BKPxL01IT7OLz1TIAgRIsae8J6kf4nQ6TRNqw0.

Do I have to add Proxy for wss:?

Yes! That is the part I created an issue for. As you can see it requests /notifications and not /backups/notifications, so you need a rule like:

ProxyPass /notifications ws://127.0.0.1:8200/notifications

When the next canary build is out, you should change it to:

ProxyPass /backups/notifications ws://127.0.0.1:8200/notifications

Great, I forgot to add the ws proxy in this new VHOST, my bad.

The only error I get in the browser is:

GEThttps://alogys.ddns.gdnet.ar:8443/ngax/styles/{{active_theme}}.css[HTTP/1.1 404 Not Found 102ms]

As for future reference, I share my Apache settings for Reverse Proxy in Apache2:

<VirtualHost *:8443>
    ServerAdmin me@mydomain.com
    ServerName mydomain.com
    ServerAlias mydomain.com

    SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    ErrorLog ${APACHE_LOG_DIR}/duplicati-error.log
    CustomLog ${APACHE_LOG_DIR}/duplicati-access.log combined

    AllowEncodedSlashes On
    ProxyPreserveHost On
    ProxyRequests off

    ProxyPass / http://127.0.0.1:8200/
    ProxyPassReverse / http://127.0.0.1:8200/

    ProxyPass /api http://127.0.0.1:8200/duplicati/api
    ProxyPass /customized http://127.0.0.1:8200/duplicati/customized
    ProxyPass /img http://127.0.0.1:8200/duplicati/img
    ProxyPass /ngax http://127.0.0.1:8200/duplicati/ngax
    ProxyPass /oem http://127.0.0.1:8200/duplicati/oem
    ProxyPass /package http://127.0.0.1:8200/duplicati/package
    ProxyPassReverse /api http://127.0.0.1:8200/duplicati/api
    ProxyPassReverse /ngax http://127.0.0.1:8200/duplicati/ngax

    <Location /notifications>
        ProxyPass ws://127.0.0.1:8200/notifications
        ProxyPassReverse ws://127.0.0.1:8200/notifications
    </Location>
</VirtualHost>
1 Like

That is a known issue and has no side-effects.
It is a quirk from AngularJS, it will go away once we have a new UI based on Angular19.

Awesome!
(I assume it is now working :smiley: )

1 Like

Thanks for all the help @kenkendk !!

1 Like