Token sign in issues with 2.0.9.107 amd64

Hey! I created a seperate thread for my issue with the latest canary cli build ( v2.0.9.107_canary_2024-09-11) since there are multiple discussions running in parallel in the release threat.

So my problem is that after a starting the cli duplicati as a service on Ubuntu 24.04.1 LTS it seems to start normally. I then copy the token URL from syslog and open the URL on my windows machine. (replacing localhost with the server name).

The browser (Brave/Chrome) will show a “Signin failed: error” notification and duplicati asks me to provide a “JWT Signin Token”.

The server shows a quite lengthy error message (see below) each time i try to open the url or click on “sign in”

At the moment i can not open the sign in link on the server itself, as i have only an ssh/cli access and no GUI.

I assume that the connection the duplicati is fine since i see the Login screen in the duplicati design
The token / url is correct, as i copy and pasted it from the syslog - although changing a few characters in the token produces the same error message in the log!

Are there any ideas how i can troubleshoot this issue?

2024-09-30T11:42:30.579290+02:00 mediabox duplicati-server[460591]: fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1]
2024-09-30T11:42:30.579762+02:00 mediabox duplicati-server[460591]:       An unhandled exception has occurred while executing the request.
2024-09-30T11:42:30.579781+02:00 mediabox duplicati-server[460591]:       System.InvalidOperationException: Headers are read-only, response has already started.
2024-09-30T11:42:30.579801+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpHeaders.ThrowHeadersReadOnlyException()
2024-09-30T11:42:30.579826+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpResponseHeaders.Microsoft.AspNetCore.Http.IHeaderDictionary.set_ContentType(StringValues value)
2024-09-30T11:42:30.579849+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Http.DefaultHttpResponse.set_ContentType(String value)
2024-09-30T11:42:30.579868+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Http.HttpResponseJsonExtensions.WriteAsJsonAsync[TValue](HttpResponse response, TValue value, JsonTypeInfo`1 jsonTypeInfo, String contentType, CancellationToken cancellationToken)
2024-09-30T11:42:30.579889+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Internal.ExecuteHandlerHelper.WriteJsonResponseAsync[T](HttpResponse response, T value, JsonTypeInfo`1 jsonTypeInfo)
2024-09-30T11:42:30.579909+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Internal.ExecuteHandlerHelper.ExecuteReturnAsync(Object obj, HttpContext httpContext, JsonTypeInfo`1 jsonTypeInfo)
2024-09-30T11:42:30.579946+02:00 mediabox duplicati-server[460591]:          at lambda_method186(Closure, Object, HttpContext, Object)
2024-09-30T11:42:30.579973+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Http.RequestDelegateFactory.<>c__DisplayClass102_2.<<HandleRequestBodyAndCompileRequestDelegateForJson>b__2>d.MoveNext()
2024-09-30T11:42:30.579996+02:00 mediabox duplicati-server[460591]:       --- End of stack trace from previous location ---
2024-09-30T11:42:30.580021+02:00 mediabox duplicati-server[460591]:          at Duplicati.WebserverCore.Middlewares.WebsocketExtensions.<>c__DisplayClass0_0.<<UseNotifications>b__0>d.MoveNext()
2024-09-30T11:42:30.580039+02:00 mediabox duplicati-server[460591]:       --- End of stack trace from previous location ---
2024-09-30T11:42:30.580059+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
2024-09-30T11:42:30.580086+02:00 mediabox duplicati-server[460591]: warn: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[2]
2024-09-30T11:42:30.580105+02:00 mediabox duplicati-server[460591]:       The response has already started, the error handler will not be executed.
2024-09-30T11:42:30.580150+02:00 mediabox duplicati-server[460591]: fail: Microsoft.AspNetCore.Server.Kestrel[13]
2024-09-30T11:42:30.580171+02:00 mediabox duplicati-server[460591]:       Connection id "0HN716A0C5DO1", Request id "0HN716A0C5DO1:00000001": An unhandled exception was thrown by the application.
2024-09-30T11:42:30.580274+02:00 mediabox duplicati-server[460591]:       System.InvalidOperationException: Headers are read-only, response has already started.
2024-09-30T11:42:30.580292+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpHeaders.ThrowHeadersReadOnlyException()
2024-09-30T11:42:30.580311+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpResponseHeaders.Microsoft.AspNetCore.Http.IHeaderDictionary.set_ContentType(StringValues value)
2024-09-30T11:42:30.580330+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Http.DefaultHttpResponse.set_ContentType(String value)
2024-09-30T11:42:30.580348+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Http.HttpResponseJsonExtensions.WriteAsJsonAsync[TValue](HttpResponse response, TValue value, JsonTypeInfo`1 jsonTypeInfo, String contentType, CancellationToken cancellationToken)
2024-09-30T11:42:30.580366+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Internal.ExecuteHandlerHelper.WriteJsonResponseAsync[T](HttpResponse response, T value, JsonTypeInfo`1 jsonTypeInfo)
2024-09-30T11:42:30.580392+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Internal.ExecuteHandlerHelper.ExecuteReturnAsync(Object obj, HttpContext httpContext, JsonTypeInfo`1 jsonTypeInfo)
2024-09-30T11:42:30.580411+02:00 mediabox duplicati-server[460591]:          at lambda_method186(Closure, Object, HttpContext, Object)
2024-09-30T11:42:30.580429+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Http.RequestDelegateFactory.<>c__DisplayClass102_2.<<HandleRequestBodyAndCompileRequestDelegateForJson>b__2>d.MoveNext()
2024-09-30T11:42:30.580446+02:00 mediabox duplicati-server[460591]:       --- End of stack trace from previous location ---
2024-09-30T11:42:30.580463+02:00 mediabox duplicati-server[460591]:          at Duplicati.WebserverCore.Middlewares.WebsocketExtensions.<>c__DisplayClass0_0.<<UseNotifications>b__0>d.MoveNext()
2024-09-30T11:42:30.580481+02:00 mediabox duplicati-server[460591]:       --- End of stack trace from previous location ---
2024-09-30T11:42:30.580500+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
2024-09-30T11:42:30.580519+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.HandleException(HttpContext context, ExceptionDispatchInfo edi)
2024-09-30T11:42:30.580557+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
2024-09-30T11:42:30.580576+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
2024-09-30T11:42:30.580600+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
2024-09-30T11:42:30.580618+02:00 mediabox duplicati-server[460591]:          at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

okay… I managed to log in. The server still generates an error message in the log, but duplicati works fine.

What I did differently: using Firefox and using the server IP instead of the device name. Can by reproduce this?!

It seems to be an issue arround looking up the host name. When using the IP everything works fine. When using .local i receive the following error:

The connection to the server is lost, attempting again in 0:11 …

I can see the duplicati gui and the error message is displayed in the duplicati theme. So there is some connection. (Win10, same behaviour with Brave,Chrome and Firefox)

What is that? Do you mean localhost? Do you mean some host name? If it’s the latter,

Lots of unanswered questions from the talk in Release: 2.0.9.107 (Canary) 2024-09-11.

Maybe you should post images, as other thread’s “Signin failed: error token” seemed unlikely.
Here, “Signin failed: error” gives me that same feeling, though I can’t code-search it as easily.

For the error message it self, it seems to happen because the browser closes the connection after opening it.
EDIT: I managed to reproduce with a rejected hostname. This will be fixed in the next version, but as suggested, you need to allow the network name.

I tried reproducing on 2.0.9.108 and here I get a rather verbose message, but at least it starts with

Duplicati.WebserverCore.Exceptions.UnauthorizedException: Failed to sign in

Otherwise, it looks like you are hitting the hostname filter which is a guard against DNS flux attacks. You can set the allowed hostnames as suggested by @ts678 .