My solution to recent login problems with proxied service

I have been struggling for several months to be able to log in to the Duplicati Web GUI on a remote server. This worked fine until a recent update.
This is a non-dockerised headless install on Debian Bookworm. I have a duplicati.mysever.com domain registered.
Depending on different settings I have been getting various auth refused messages, typically the (now infamous) “Help Login Reload” popup or

Connection lost
Connection to server was rejected due to invalid authentication.
Log in again, or re-open the page from the TrayIcon (if applicable)

Looking at the debugger I was mainly getting 401 “cookie refused” or 403 “invalid hostname”.

I knew that my problems were coming from the virtual host proxy settings in Apache2, but finding the fix was far from simple. But now I have something that works! Hopefully this could help others.

(Replace duplicati.myserver.com with your hostname in the following)

/etc/default/duplicati
DAEMON_OPTS="--webservice-interface=any --webservice-port=8200 --webservice-allowed-hostnames=duplicati.myserver.com --portable-mode"

/etc/apache2/sites-available/duplicati-le-ssl.conf

<IfModule mod_ssl.c>

 <VirtualHost *:443>
    ServerAdmin webmaster@localhost
    ServerName duplicati.myserver.com
    ErrorLog ${APACHE_LOG_DIR}/duplicati.error.log
    CustomLog ${APACHE_LOG_DIR}/duplicati.access.log combined
    AllowEncodedSlashes On
    ProxyPass "/" "http://localhost:8200/"
    ProxyPassReverse "/" "http://localhost:8200/"
    ProxyPreserveHost On
    ProxyRequests Off
    SSLCertificateFile /etc/letsencrypt/live/duplicati.myserver.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/duplicati.myserver.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
 </VirtualHost>

 <Location /notifications >
    ProxyPass ws://127.0.0.1:8200/notifications
 </Location>
</IfModule>

Please don’t ask me how/why this works - I’ve lost track already!
Please do add any improvements you may feel necessary.

Thanks for sharing!

The --portable-mode parameter instructs Duplicati to store data in a subfolder from the binary. This may be what you want but is not needed for the proxy setup.

Thanks for the input!
That is possibly a holdover from another installation. Now it’s too late to change (or rather having just got it working again, I’d rather not fiddle with it).