Remote access to headless ubuntu install

I’ve installed Duplicati on Ubuntu 18.04 server headless. The service is running but I’m not able to access over the server’s LAN IP address using port 8200. I’ve read through the different forum posts on this subject but can’t get it working. H

Here is what I’m getting when I run “systemctl status duplicati.service”

====
● duplicati.service - Duplicati web-server
Loaded: loaded (/etc/systemd/system/duplicati.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-12-14 17:43:53 EST; 1min 7s ago
Main PID: 819 (mono)
Tasks: 16 (limit: 4631)
CGroup: /system.slice/duplicati.service
├─ 819 DuplicatiServer /usr/lib/duplicati/Duplicati.Server.exe --webservice-interface=any --webservice-port=8200 --portable-mode
└─1026 /usr/bin/mono-sgen /usr/lib/duplicati/Duplicati.Server.exe --webservice-interface=any --webservice-port=8200 --portable-mode

Dec 14 17:43:53 ip-xxx-xx-xx-xxx systemd[1]: Started Duplicati web-server.

=====

I’ve also run the command “duplicati-server --webservice-password=xxxxxx”

I’ve checked the firewall and it’s not blocking access. I’m also able to connect the server for other services running on the server.

Any suggestions would be appreciated.

Welcome @pcranston,

I’m no Linux expert but a few questions if I may.

  1. Does your browser give any error or just timeout?

  2. Are any of the “other services” on the server web based? Like Apache or another app that’s hosting a local site.

  3. If I’m finding the right info, you be able to run a "sudo ufw status " and you should see the Duplicati.Service listed if it’s been allowed through the firewall?

  4. Have you tried it without --portable-mode? I’m really not quite sure what “Activates portable mode where the database is placed below the program executable.” means but it seems odd to me for a “service” to be “portable” but I’m probably missing something.

  5. Is the server truly headless (CLI only, no GUI) or just doesn’t currently have a monitor plugged in? If it has a GUI and you can temporarily connect a monitor, kb & mouse enough to see if it can be accessed locally and if so that points the issue back to the network/firewall.

I’m not sure if in this kind of setup you need to specify the --webservice-webroot but if you do that could explain why it’s not working. I would expect to get an error if a --webservice option is set and it can’t find the webroot but things do get missed sometimes.

  1. The browser times out with a no response error.
  2. There is a FileMaker server running on the server that has a web service component but it’s running on different ports. I’m able to access the FileMaker web service remotely without any issue.
  3. The ufw is currently turned off while I’m testing.
  4. I removed the --portable-mode option but that did not make any difference.
  5. The server is headless I don’t have a way to plug in a kb/mouse.

This should do it!

Can you confirm it is indeed listening on port 8200 of all interfaces by running:

lsof -i :8200

You should see something like this:

COMMAND       PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
mono-sgen 2096371 root    9u  IPv4 34706324      0t0  TCP *:8200 (LISTEN)

When I run lsof -i :8200 I get.

COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
mono-sgen 20304 root    9u  IPv4 262598      0t0  TCP *:8200 (LISTEN)

But I still don’t get any response when attempting to connect via a web browser from a different computer

I’d assume a firewall issue, but I see you have looked at that. Do you have iptables rules at all? What’s the default INPUT policy?

I checked the IP table policies and they are set to allow

Chain INPUT (policy ACCEPT)
Chain FORWARD (policy ACCEPT)
Chain OUTPUT (policy ACCEPT)

I did notice that lsof is slightly different for the connections that are working. The server is accepting connections on port 5003 for a different application. The lsof results show server is listening on IPv6 for port 5003 (working) and IPv4 for port 8200 (not working). Maybe that is the issue. Is there a way to get mono to listen on IPv6 instead of IPv4?

fmserverd  1249 fmserver   19u  IPv6  27563      0t0  TCP *:5003 (LISTEN)
mono-sgen 20304     root    9u  IPv4 262598      0t0  TCP *:8200 (LISTEN

The IPv4 vs IPv6 isn’t the issue…mine shows IPv4 per my earlier message and it works fine.

Your INPUT policy being set to ACCEPT is good, but are there any rules defined? You might still have some firewall rules that are blocking the connection.

@drwtsn32 - Thanks your input was helpful. There was a specific allow rule that was needed in the IPTables for the traffic to get through to port 8200. Once it added that rule remote access started working.

1 Like