Setting: HostNames blank - change as part of setup script

I want to add to the setting “Hostnames” of the Duplicati installation.
I looked through the .config files in the root and found nothing indicating that setting.
I don’t know where it is stored.

The ultimate goal is to deploy settings changes programmatically should things change on the network to multiple workstations without having to visit them or remotely control/configure them through the local interface. This would be especially useful since the local IP, by default, is the only one with access to the settings.

If someone already has a method to do this, please let me know. Otherwise, if someone knows where they are stored, maybe I could figure it out.


Do you mean the one in the destination URL where hostname appears in Storage Providers?

I’m also confused by plural word. Do you have multiple per Duplicati? If so, are they different?

Have an example? Is this like a destination got a new DNS name, so all its users must adapt?

The scenario is more like a change than initial installation (though some things are common)?

You can provide the destination URL with a run-script-before for the backup. Is that sufficient?

It’s in the TargetURL column for that job in the Backup table in Duplicati-server.sqlite which is typically weakly encrypted to be a little more attack-resistant. --unencrypted-database disables it.

I am sorry for the lack of clarity.
On the Menu>Settings page in Duplicati, there is a page of settings.
The “Allow Remote Access” select box has a box below it named “Hostnames”
This is the setting I would like to modify - to allow remote access on the network to the web interface of Duplicati.


this setting is stored into the Duplicati-server.sqlite database, table option, where backupid=-2 and name=allowed-hostnames.
I have never used this feature since according to UI interface it provides very limited security (“Direct IP access and localhost is always allowed.”)

Duplicati upgrade - “The host header sent by the client is not allowed”
explains how it’s only trying to protect against a DNS rebinding attack.

In order to even get to the Hostnames field, you have to click this one:

Allow remote access (requires restart)

By allowing remote access, the server listens to requests from any machine on your network. If you enable this option, make sure you are always using the computer on a secure firewall protected network.

You’d be better off with some other way to do security, if it’s a concern.
What OS is this, and do you have any secured remote access onto it?
Basically get in that way and browse to Duplicati Settings on localhost.
If you wanted, you could use secure port forwarding to remote-browse.

For whatever it’s worth, you can also change this by starting Duplicati,
which might be a little easier and safer than an unencrypted database:

–webservice-allowed-hostnames: The hostnames that are accepted, separated with semicolons. If any of the hostnames are “*”, all hostnames are allowed and the hostname checking is disabled.

but it won’t provide much security. Would you trust all network access?

If you allow remote GUI or port forwarding, I think you can get localhost.
If you can remotely administer the firewall, that might be another option.