I’ve installed Duplicati on Ubuntu 18.04 server headless. The service is running but I’m not able to access over the server’s LAN IP address using port 8200. I’ve read through the different forum posts on this subject but can’t get it working. H
Here is what I’m getting when I run “systemctl status duplicati.service”
====
● duplicati.service - Duplicati web-server
Loaded: loaded (/etc/systemd/system/duplicati.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-12-14 17:43:53 EST; 1min 7s ago
Main PID: 819 (mono)
Tasks: 16 (limit: 4631)
CGroup: /system.slice/duplicati.service
├─ 819 DuplicatiServer /usr/lib/duplicati/Duplicati.Server.exe --webservice-interface=any --webservice-port=8200 --portable-mode
└─1026 /usr/bin/mono-sgen /usr/lib/duplicati/Duplicati.Server.exe --webservice-interface=any --webservice-port=8200 --portable-mode
Dec 14 17:43:53 ip-xxx-xx-xx-xxx systemd[1]: Started Duplicati web-server.
=====
I’ve also run the command “duplicati-server --webservice-password=xxxxxx”
I’ve checked the firewall and it’s not blocking access. I’m also able to connect the server for other services running on the server.
Any suggestions would be appreciated.
Welcome @pcranston,
I’m no Linux expert but a few questions if I may.
-
Does your browser give any error or just timeout?
-
Are any of the “other services” on the server web based? Like Apache or another app that’s hosting a local site.
-
If I’m finding the right info, you be able to run a "sudo ufw status " and you should see the Duplicati.Service listed if it’s been allowed through the firewall?
-
Have you tried it without --portable-mode? I’m really not quite sure what “Activates portable mode where the database is placed below the program executable.” means but it seems odd to me for a “service” to be “portable” but I’m probably missing something.
-
Is the server truly headless (CLI only, no GUI) or just doesn’t currently have a monitor plugged in? If it has a GUI and you can temporarily connect a monitor, kb & mouse enough to see if it can be accessed locally and if so that points the issue back to the network/firewall.
I’m not sure if in this kind of setup you need to specify the --webservice-webroot but if you do that could explain why it’s not working. I would expect to get an error if a --webservice option is set and it can’t find the webroot but things do get missed sometimes.
This should do it!
Can you confirm it is indeed listening on port 8200 of all interfaces by running:
lsof -i :8200
You should see something like this:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mono-sgen 2096371 root 9u IPv4 34706324 0t0 TCP *:8200 (LISTEN)
When I run lsof -i :8200 I get.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mono-sgen 20304 root 9u IPv4 262598 0t0 TCP *:8200 (LISTEN)
But I still don’t get any response when attempting to connect via a web browser from a different computer
I’d assume a firewall issue, but I see you have looked at that. Do you have iptables rules at all? What’s the default INPUT policy?
I checked the IP table policies and they are set to allow
Chain INPUT (policy ACCEPT)
Chain FORWARD (policy ACCEPT)
Chain OUTPUT (policy ACCEPT)
I did notice that lsof is slightly different for the connections that are working. The server is accepting connections on port 5003 for a different application. The lsof results show server is listening on IPv6 for port 5003 (working) and IPv4 for port 8200 (not working). Maybe that is the issue. Is there a way to get mono to listen on IPv6 instead of IPv4?
fmserverd 1249 fmserver 19u IPv6 27563 0t0 TCP *:5003 (LISTEN)
mono-sgen 20304 root 9u IPv4 262598 0t0 TCP *:8200 (LISTEN
The IPv4 vs IPv6 isn’t the issue…mine shows IPv4 per my earlier message and it works fine.
Your INPUT policy being set to ACCEPT is good, but are there any rules defined? You might still have some firewall rules that are blocking the connection.
@drwtsn32 - Thanks your input was helpful. There was a specific allow rule that was needed in the IPTables for the traffic to get through to port 8200. Once it added that rule remote access started working.
1 Like