Not able to log into WebGUI after changing password

sit_rp · February 17, 2022, 5:04pm

Hello,

Have anybody had issues with not being able to log in after changing password via WebGui? I am on the latest Docker release (linuxserver.io).

Recently changed my password and can’t log in anymore. I tried multiple browsers and incognito modes.

I went ahead and used FILE__PASSWORD variable. And pointed it to /tmp/ folder. Can confirm that the file is there with the password when I cat from console.

Also, when container starts I do see this in the logs: [env-init] PASSWORD set from FILE__PASSWORD

But I can’t login…Any ideas would be much appreciated. Bad timing since I am very low on space on my backup jobs…

drwtsn32 · February 17, 2022, 5:41pm

I use docker but with the official duplicati image, not the linuxserver one. So I can’t really help you with the linuxserver customizations, like the FILE__PASSWORD thing they are doing.

I know that the web UI password can be cleared if you can get this parameter passed to the server daemon on startup:

--webservice-password=

Do you see a way to do that with the linuxserver image?

sit_rp · February 17, 2022, 7:33pm

I just tried. It didn’t work. I tried both with password and with empty field. Also, tried with --webservice-password and just webservice-password.

-e ‘webservice-password’=‘changeme’

oot@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name=‘duplicati’ --net=‘br0.10’ --ip=‘192.168.170.251’ -e TZ=“America/New_York” -e HOST_OS=“Unraid” -e ‘TCP_PORT_8200’=‘8200’ -e ‘PUID’=‘99’ -e ‘PGID’=‘100’ -e ‘webservice-password’=‘changeme’ -v ‘/mnt/cache/appdata/’:‘/tmp’:‘rw,slave’ -v ‘/mnt/disks/easystore’:‘/backups’:‘rw,slave’ -v ‘/mnt/user/Documents/’:‘/Documents’:‘rw,slave’ -v ‘/mnt/user/Music/’:‘/Music’:‘rw,slave’ -v ‘/mnt/user/Movies/’:‘/Movies’:‘rw,slave’ -v ‘/mnt/user/Photos/’:‘/Photos’:‘rw,slave’ -v ‘/mnt/user/TV Shows/’:‘/TV Shows’:‘rw,slave’ -v ‘/mnt/user/Personal Video/’:‘/personal video’:‘rw,slave’ -v ‘/mnt/user/Backup/’:‘/backupconfigs’:‘rw,slave’ -v ‘/mnt/user/Audio Books/’:‘/Audio Books/’:‘rw,slave’ -v ‘/mnt/cache/appdata/docker/’:‘/Docker’:‘rw,slave’ -v ‘/mnt/user/Lab/’:‘/Lab’:‘rw,slave’ -v ‘/mnt/user/isos/’:‘/isos’:‘rw,slave’ -v ‘/mnt/cache/appdata/duplicati/’:‘/config’:‘rw,slave’ ‘linuxserver/duplicati’
a76f18adeee7a63e5b381711c725756f26065c3f40d7ff9c64158cf80ff974e1

sit_rp · February 17, 2022, 7:49pm

I was able to get in through brute force (trying every combination of password I originally reset). I also created another thread on linuxserver.io forum.

I do appreciate you following up with me.

drwtsn32 · February 17, 2022, 10:59pm

Ok, glad you were able to finally resolve the issue!

ts678 · February 18, 2022, 12:10am

I couldn’t find evidence that Duplicati accepts the web UI password through an environment variable.
That documentation might just be kind of boilerplate about how one can set enviroronment variables.

--webservice-password
The password required to access the webserver. This option is saved so you do not need to set it on each run. Setting an empty value disables the password.

Above is from Duplicati.Server.exe documentation. On Linux I think this is usually controlled by systemd and accepts options in /etc/default/duplicati. Alternatively you can maybe systemctl stop duplicati and run the wrapper script /usr/bin/duplicati by hand, adding that option to see if you can set as desired.

Password verification data is in Duplicati-server.sqlite, possibly in the Duplicati user’s ~/.config/Duplicati which is (I think – I don’t use Docker) supposed to be mapped onto a host file so it survives new Docker.

I mention all this in case you dare try this again. You should be able to backup your configs, just in case.

I’m glad you got in.