I run (for years) Duplicati in a docker without issues.
I just enhanced my security and forces throught Traefik the use of TLS 1.2 and above.
All of my other Docker apps works fine, but I can’t connect to my Duplicati app. I get:
Does anyone has an idea of how to correct that? I use the Beta version of Duplicati (June version from memory)
Thanks in advance
I have no experience with Traefik, but my Firefox only supports TLS 1.2/1.3 and I have no issue connecting to any of my Duplicati instances (one of which is in Docker).
What version of Duplicati are you using? Which docker image (official Duplicati or linuxserver)?
Edit to add: actually, duh, I don’t use TLS with Duplicati web UI at all. (I don’t access it over the internet, not worried about non-TLS at home.) Maybe someone who has experience with applying a certificate to the web UI can respond.
Duplicati version is [version-v18.104.22.168-22.214.171.124_beta_2021-06-17]
Docker image is linuxserver/duplicati
If someone connecting through TLS, and therefore certificates, can respond, that’ll be great! Thanks
That would not be me, but looking at Traefik docs, it looks like it can hold certificates and terminate the TLS instead of passing it through to the final destination while somehow being able to control TLS version used. Alternatively, maybe it looks to see what was negotiated, and cuts things off if undesired? I don’t know area.
If it’s insisting that Duplicati do TLS by itself, you could test Duplicati at localhost with browsers or tools to see if will do desired TLS on that path, but seeing
SslProtocols.Default in the server code worries me.
Hi gents, thanks for helping. I managed to solve by opening temporarily my duplicati instance to the Internet, so that Traefik gives it a Let’s Encrypt certificate, instead of its default autogenerated Traefik certificate, and… voilà! Solved. I guess (but I’m not sure) that the autogenerated certificate wasn’t correct and prevented somehow the TLS connection.
If that is not the reason, the only other parameters I changed is in Traefik to go from hostHeader to Host. Will test another day to find out