Configure https on QNAP?

gorlen · 18 December 2020 19:49

How do I configure https for the Web UI on QNAP? I’ve forwarded external port 8090 to port 8090 on the QNAP and restarted duplicacy_web after manually killing the leftover running process. settings.json is:

{
    "listening_address": ":80",
    "https_address": ":8090",
    "https_domain": "gorlen.myqnapcloud.com",
    "temporary_directory": "/share/CACHEDEV1_DATA/.qpkg/Duplicacy/.duplicacy-web/repositories",
    "log_directory": "/share/CACHEDEV1_DATA/.qpkg/Duplicacy/.duplicacy-web/logs",
    "dark_mode": false,
    "cli_stable_version": false
}

Accessing https://gorlen.myqnapcloud.com:8090 fails with ERR_TIMED_OUT. The QNAP is accessible on port 8082, so DDNS is OK.

gchen · 19 December 2020 04:04

There might be some error messages in .duplicacy-web/logs/duplicacy_web.log. You can also check that log file to see if there are connections coming in.

gorlen · 19 December 2020 20:04

Error messages from duplicacy_web.log:

2020/12/18 11:34:43 192.168.1.11:62734 POST /save_settings
2020/12/18 11:34:44 Restarting to load the new settings
2020/12/18 11:34:44 Failed to retrieve the machine id: machineid: open /etc/machine-id: no such file or directory
2020/12/18 11:34:44 Failed to get the value from the keyring: keyring/dbus: Error connecting to dbus session, not registering SecretService provider: dbus: DBUS_SESSION_BUS_ADDRESS not set
2020/12/18 11:34:44 Failed to retrieve the machine id: machineid: open /etc/machine-id: no such file or directory
2020/12/18 11:34:44 Temporary directory set to /share/CACHEDEV1_DATA/.qpkg/Duplicacy/.duplicacy-web/repositories
2020/12/18 11:34:44 Schedule NAS0 Backup + Prune next run time: 2020-1219 00:01
2020/12/18 11:34:44 Duplicacy Web Edition 1.4.1 (074ED2)
2020/12/18 11:34:44 Duplicacy CLI 2.7.2
2020/12/18 11:35:32 Failed to retrieve the machine id: machineid: open /etc/machine-id: no such file or directory
2020/12/18 11:35:32 Failed to get the value from the keyring: keyring/dbus: Error connecting to dbus session, not registering SecretService provider: dbus: DBUS_SESSION_BUS_ADDRESS not set
2020/12/18 11:35:32 Failed to retrieve the machine id: machineid: open /etc/machine-id: no such file or directory
2020/12/18 11:35:32 Temporary directory set to /share/CACHEDEV1_DATA/.qpkg/Duplicacy/.duplicacy-web/repositories
2020/12/18 11:35:32 Schedule NAS0 Backup + Prune next run time: 2020-1219 00:01
2020/12/18 11:35:32 Duplicacy Web Edition 1.4.1 (074ED2)
2020/12/18 11:35:33 Duplicacy CLI 2.7.2
2020/12/18 11:40:49 http: TLS handshake error from 192.168.1.1:62799: acme/autocert: missing certificate
2020/12/18 11:40:49 http: TLS handshake error from 192.168.1.1:62834: acme/autocert: missing certificate
2020/12/18 11:40:49 http: TLS handshake error from 192.168.1.1:62798: 429 urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
2020/12/18 11:40:49 http: TLS handshake error from 192.168.1.1:62833: acme/autocert: missing certificate

Is this a Duplicacy Web problem or something else?

gchen · 16 January 2021 03:13

Do you have port 80 open? It must be reachable by the letsencrypt server to complete the HTTP-01 challenge.

saspus · 16 January 2021 04:17

We definitely need ability to specify custom certificates. Opening port 80 to the world on app that has access to all the most important data is not going to happen. Especially that this will only work for fqdns while in the lan local names to access services are often used.

gorlen · 16 January 2021 20:17

Here’s the log with external port 80 forwarded to internal port 80:

duplicacy_web.log:2021/01/16 11:55:33 Failed to retrieve the machine id: machineid: open /etc/machine-id: no such file or directory
duplicacy_web.log:2021/01/16 11:55:33 Failed to get the value from the keyring: keyring/dbus: Error connecting to dbus session, not registering SecretService provider: dbus: DBUS_SESSION_BUS_ADDRESS not set
duplicacy_web.log:2021/01/16 11:55:33 Failed to retrieve the machine id: machineid: open /etc/machine-id: no such file or directory
duplicacy_web.log:2021/01/16 11:55:33 Temporary directory set to /share/CACHEDEV1_DATA/.qpkg/Duplicacy/.duplicacy-web/repositories
duplicacy_web.log:2021/01/16 11:55:33 Schedule NAS0 Backup + Prune next run time: 2021-0117 00:01
duplicacy_web.log:2021/01/16 11:55:33 Duplicacy Web Edition 1.4.1 (074ED2)
duplicacy_web.log:2021/01/16 11:55:34 Duplicacy CLI 2.7.2
duplicacy_web.log:2021/01/16 11:59:29 http: TLS handshake error from 192.168.1.1:50381: acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/10128334837" for domain "gorlen.myqnapcloud.com": no viable challenge type found
duplicacy_web.log:2021/01/16 11:59:29 http: TLS handshake error from 192.168.1.1:50382: acme/autocert: missing certificate
duplicacy_web.log:2021/01/16 11:59:29 http: TLS handshake error from 192.168.1.1:50386: acme/autocert: missing certificate
duplicacy_web.log:2021/01/16 11:59:29 http: TLS handshake error from 192.168.1.1:50385: acme/autocert: missing certificate
duplicacy_web.log:2021/01/16 11:59:38 http: TLS handshake error from 192.168.1.1:50391: acme/autocert: missing certificate
duplicacy_web.log:2021/01/16 11:59:38 http: TLS handshake error from 192.168.1.1:50392: acme/autocert: missing certificate
duplicacy_web.log:2021/01/16 11:59:38 http: TLS handshake error from 192.168.1.1:50393: acme/autocert: missing certificate
duplicacy_web.log:2021/01/16 11:59:38 http: TLS handshake error from 192.168.1.1:50394: acme/autocert: missing certificate
duplicacy_web.log:2021/01/16 11:59:47 http: TLS handshake error from 192.168.1.1:50396: acme/autocert: missing certificate
duplicacy_web.log:2021/01/16 11:59:47 http: TLS handshake error from 192.168.1.1:50397: acme/autocert: missing certificate
duplicacy_web.log:2021/01/16 11:59:47 http: TLS handshake error from 192.168.1.1:50398: acme/autocert: missing certificate
duplicacy_web.log:2021/01/16 11:59:47 http: TLS handshake error from 192.168.1.1:50399: acme/autocert: missing certificate

Maybe the Let’s Encrypt QTS SSL cert that is already installed is causing a conflict? Is it possible for Duplicacy Web to use this cert?

gchen · 18 January 2021 04:53

The support for custom certificates is in 1.5.0, which I will release in a couple of days.

gorlen · 31 March 2021 17:32

Is it possible to use the Let’s Encrypt QTS SSL cert that is installed on the QNAP for https://<user>.myqnapcloud.com? If so, how?

Note: On the QNAP, it appears that the cert is maintained in /mnt/HDA_ROOT/.config/stunnel/stunnel.pem, which contains a single private key and certificate.