I am currently running Canary 2.0.9.101 on Ubuntu 24.04. I’m on Canary since at the time it was to get away from mono that had a 24.04 issue and the Canary used .net instead.
I would like to get on to the latest stable. What version is that and can I do it safely as an update?
Nine months old is ancient in Canary time. I had to do some research on that.
The duplicati.com Downloads page currently has a Ubuntu entry that links: duplicati-2.1.0.5_stable_2025-03-04-linux-x64-gui.deb
I think need to uninstall first went away in an earlier Canary, but stop Duplicati.
Your Canary is one version short of when mandatory password came in. Read
If you use only TrayIcon, password isn’t needed. See directions for other uses.
2.1.0.5 lacks some fixes that the later Canary releases such as 2.1.0.111 have.
A notable one fixes duplicati with --no-hosted-server. I don’t know your use.
I don’t use trayicon. I just interact through the webpage at localhost:8200 with no password needed. It runs as a service when it started today journalctl just shows
Started duplicati.service - Duplicati web-server
I do have an old note with an encryption password, I don’t even know if it applies to this machine, I run duplicati on several machines. So what should I do? stop duplicati and dpkg the stable version?
You’ll need one if you even go from 2.0.9.101 to v2.0.9.102_canary_2024-08-02:
This build changes authentication for the WebUI
With this build it is no longer possible to use the web-UI without a password.
If no password is set, a random password is generated.
For users activating the UI via the TrayIcon, this will automatically log in, as the TrayIcon hosts the server.
For users that rely on the WebUI without the TrayIcon, as special link is emitted during startup that allows login.
For both cases, the password can be (re-)set with --webservice-password=... as a startup commandline argument.
This and more is described in the user manual section I linked earlier. Please read.
This isn’t an encryption password. It’s an access password for using web interface.
Might as well, but be prepared to add a password. Since you know journalctl, there’s probably a five-minute-expiration link that you can use to get in first time.
Temporary signin token explains that, but for some reason doesn’t also suggest Settings page is a good way to set a password directly into the server database.
Will I have the “No database encryption key was found. The database will be stored unencrypted…:” issue going from Canary 2.0.9.10 to 2.1.0.5_stable? I have that on another machine, and haven’t resolved it as yet.
Yes. My research suggests it was added in v2.0.9.106_canary_2024-09-03.
User manual sections:
Configuring the server encryption
High-level view of changes from beta 2.0.8.1
covers it. Unfortunately v2.1.0.5_stable_2025-03-04 did not repeat that section.
So is there a solution on how to upgrade the 2.0.9.106 without loosing the encripted backups?
How did the idea of such a loss get in? The backup itself is not touched.
If you don’t know your encryption password, you should probably note it.
Export As Command-line will provide it, and you can save it just-in-case.
Doing an Export to File is good too, and saves more of the configuration.
Yes, and it was given. Download update, stop Duplicati, install, start Duplicati, journalctl or maybe systemctl status for temporary token, use Settings to add a password for GUI login.
Before I do this update on this machine “A” , I’m trying not to fall into the issue I got on a different duplicati update I got on another machine “B”. Thats the
"No database encryption key was found. The database will be stored unencrypted. S
upply an encryption key via the environment variable SETTINGS_ENCRYPTION_KEY or
disable database encryption with the option --disable-db-encryption
"
All the export configs on both machines have individual authid’s and passphrases in each config. That hasn’t helped machine B.
So what do I need to do so the update of machine A doesn’t have the same problem?
No surprise, as they are completely different things. The job config AuthID gets remote access, the passphrase encrypts remote data. Locally, there’s the GUI password and optional (which you can turn off per your quote) server database encryption which helps to secure things like the items I named in the job config.
Please look at the links I’m providing you, and say what you see as problem or issue. If the problem is you don’t want nags, and you trust system security is sufficient, use --disable-db-encryption as directed. You can put it in /etc/default/duplicati then systemctl restart duplicati. To secure server datase, manual has options:
To supply the field-level encryption password, start the Server, TrayIcon, or Agent with the commandline option
--settings-encryption-key=<key>. As the commandline can usually be read by other processes, it is also possible to supply this key via the environment variableSETTINGS_ENCRYPTION_KEY=<key>.
You can use the method I quoted for either of those, as the file primarily sets the environment variables, but templates one special one which can pass in options.
# Defaults for duplicati initscript
# sourced by /etc/init.d/duplicati
# installed at /etc/default/duplicati by the maintainer scripts
#
# This is a POSIX shell fragment
#
# Additional options that are passed to the Daemon.
DAEMON_OPTS=""
For better security, see if that file is world-readable. It probably only needs 600 root.
If you don’t like either of those, the manual describes a third way using a special file which you would put next to the Duplicati-server.sqlite database which is probably in ~root/.config/Duplicati. Again, secure permissions on that file if you like top security.
So there are four options ranging from weak security and no nags, and on up some.
Fifth option is ignore the nag if you were going to disable it anyway. There’s no huge rush on securing the database, unlike the GUI password which can block you fast…