Setting up Minio on Linux and Duplicati on Windows as a service using tls

Note: Most of this comes from DIY cloud backup: Installing and configuring the server - Intermittent Technology, so credit goes to Quindor.

This how-to is for installation of Duplicati on Windows, setting it as a service, and connecting to Minio S3 using valid ssl certificate

Start by installing Duplicati on Windows.

Stop the Duplicati system tray, so the service shuts down.

Convert it to a service (following Duplicati Tutorial 02 Install Duplicati as a Service) by:

  • Open an Administrative Command prompt
  • cd to c:\program files\duplicati 2
  • Run Duplicati.windowsservice.exe install --webservice-interface=loopback --webservice-port=8200 --portable-mode

--webbservice-interface=loopback means that the interface is only available on the window system using a local browser
--webservice-port=8200 means that the client interface uses port 8200
--portable-mode means that the configuration is stored in the duplicati program files directory (c:\program files\duplicati 2)

This should work fine running as the local system account, so no modifications to the service should be required.

Set the Duplicati system tray to not start the service by editing it (in Startup folder) and appending “–no-hosted-server” to the command.

If you have any existing jobs, you’ll need to move them as well.
Shutdown the Duplicati service, and move the Duplicati-server.sqllite file from C:\Users<username>\appdata\local\Duplicati to c:\program files\duplicati 2\data.
Start the Duplicati service, and then move the job databases by opening the GUI, and for each job:

  1. Advanced–>Database
  2. Modify the location path to c:\program files\duplicati 2\data.
  3. Select “Move existing database”

New jobs will store their database in c:\program files\duplicati 2\data.

Now install Minio, and set it a service

Install SSL keys in Minio following Minio
I used “proper” ones, so I did not need to deal with self-signed keys

My Minio server was at another physical location, so opened TCP port that Minio is running on to allow Duplicati to connect to it.

In Duplicati, set up a job. As part of that job, set TLS version to 1.2 only, since Minio only supports version 1.2. Make sure to save the job, then edit it and test it.

Note that I was not able to get it working when setting the global SSL setting to use TLS 1.2 only. I did not troubleshoot why, once I figured out how to make it work by setting that at the job level.