Hi Ken, welcome to the forums.
There are a few ways to get this working, here’s my suggestion. First off, as stated here, providing you’re on the same LAN (or VPNed into the same LAN) you can access the Web GUI from another machine but I’m not sure you’ll need it once setup. This all presumes that both machines are in the same LAN (or VPN).
“The service includes a full user interface that can be accessed with a browser on http://localhost:8200/. As the server does not use TLS (aka SSL), the server will only respond to requests from the local machine. If you wish to use the server from another machine, make sure that you add the commandline option --webservice-interface=any
when starting the server, such that it listens for requests from any machine. If you enable this option, make sure you take precautions to ensure that the machine cannot be access from the internet, as the service is not security hardened, and should NEVER be exposed directly to the internet.”
Just to clarify so long as you don’t DMZ the host or port forward 8200 from the WAN to the hosts LAN IP, the exposure should only exist internally on your LAN and so long as you trust the rest of your LAN to not mess with it there is very little risk in doing so. You could also just use VNC or the like to remote directly into the source machine.
As with anything offering a service, life is much simpler and much more reliable when they are assigned a static IP address. If you need help deriving a usable static IP for your network let me know.
So long as your computer (destination) has a static IP, doesn’t go to sleep and has a shared folder that’s accessible to the other computer (Everyone with Write perms) it should be fine for it to act as the destination. Using the Everyone group for security is not at all secure but exposure should be limited to your LAN. “Better security” can certainly be had but it will require a bit more setup and IMO is only worth it if you don’t trust the users on your LAN.
The big down fall to using the Everyone group is that anyone connected to the LAN can access the folder and delete the backups. Providing the backups are encrypted, the contents will be protected from peeking eyes. They can delete the files but can’t see what’s in them. Like anything security related, it’s all about balance.
On the other end (source) mount that shared folder and tell Duplicati to use that mount location as the destination. A static IP on this machine is not required but helpful if you do want to access the Web GUI.
Once setup as above there should be very little to do in the future other than check the backup logs. I can’t see any benefit to involving WSL at this point but I may have missed a detail. Hope this helps and if you have any questions fire away.