Duplicacy ignoring settings.json listening address?

It’s not related.

Can you confirm the rest?

  • that you kill duplciacy process
  • that you are making change in the file at the location duplicacy expects it?

Actually, lets do a simpler check – go to WebUI Settings, and check what’s written in “HTTP address” in “Start up options”:

If you don’t see this:
image

then you are not making changes in the correct file or not restarting duplicacy process.

Also, any reason why can’t you change that in the WebUI?

I can’t access the WebUI- that’s mainly been my issue. I figured maybe it’s some sorta reverse proxy issue but I guess starting from being able to even access it with the IP/port directly would be a start. I can access some of my docker stuff through the port but just not Duplicacy

Here’s the service status:

May 03 04:26:49 txgr-compute systemd[1]: Started duplicacy.service - Duplicacy backup software`.
May 03 04:26:49 txgr-compute duplicacy-web[801]: Duplicacy Web Edition 1.8.0 (B47138)
May 03 04:26:49 txgr-compute duplicacy-web[801]: Starting the web server at http://127.0.0.1:3875

But going to our server’s IP:3875 won’t connect. No clue why-- but maybe that’s the more important issue isn’t it :thinking:

I’m very confused. Are you running duplicaly in the docker?

Then what is duplicacy.service? Can you post content of the service file? Do you have HOME variable defined there? Because that’s where the .duplicacy_web will live.

Pleased answer these questions. I’m asking the third time. There is no reason to withhold this information.

It’s obviously listening on 127.0.0.1. Your changes in the settings file don’t have effect. Answering the questions above will help to understand why.

Because it’s listening on loopback. Not on any of the external interfaces.

You can use SSH port tunneling to access web ui to change settings. Run this in terminal on your local machine (you might need to set AllowTcpForwarding to yes in /etc/ssh/sshd_config on the server and restart sshd first)

 ssh -L 3875:127.0.0.1:3875 txgr-compute

then click here to access duplicacy: http://localhost:3875

Wasn’t withholding, and really really really dislike the implication that I was. I had a train of thought and ran with it. Genuinely don’t like this at all. Phrasing this humanely just to let you know.

Restarted the entire server. Didnt’ killall but did kill all processes with duplicacy in it’s name. Checked the service afterwords too. Wasn’t running.

Don’t know where “Duplicacy expects it”.

1 Like

Working on doing this now.

Here:

I can rephrase.

It will be looking at $HOME/.duplicacy_web, wherever $HOME is pointing at the time of launch. If this is systemd service then HOME is likely undefined. You would need to define it explicitly. Hence, request to see your .service file.

Well, I’m just a user like yourself, and I’m volunteering my time on Sunday evening making an attempt at helping you solve your issue. I feel you came here to get the problem resolved, not to exchange pleasantries: If I come out curt or/and direct – I apologize, that was not my intention. On topic – I don’t see any other reason why would you ignore my question two times – if it wasn’t important, I would not be asking. Why would I want to waste your or my time? But I digress, back on topic.

As someone who works specifically in support and have for some time now, I appreciate this- community support is a great thing to have and I’d never ever down someone for volunteering. Sincerely, thank you.

Here’s the contents-- nothing “HOME” mentioned and not sure where I’d add it. Been a while since I’ve been able to look at this issue.

[Unit]
Description=Duplicacy backup software`

[Service]
ExecStart=/usr/local/bin/duplicacy-web
Restart=on-failure
RestartSec=30

[Install]
WantedBy=multi-user.target

If this service runs as root, then the HOME will either be undefined (so it will try to read it from /) or be pointing at /root. I also haven’t looked into systemd for a very long time (I use freebsd and macOS daily), but according to this https://serverfault.com/questions/413397/how-to-set-environment-variable-in-systemd-service it’s possible to set it under [Service] with Environment key:

[Service]
...
Environment="HOME=/users/james"
...

I have also seen that it could be enough to WorkingDirectory, as noted in the first comment here Duplicacy Web on Synology Diskstation without Docker | Trinkets, Odds, and Ends (you would need to scroll down and click “Click here to load legacy comments from Disqus”, there is an example for Synology DSM7 that also uses SystemD.

Well that worked to get it to respond to the settings.json file I was editing. But now, what’s up with this address?

txgr@txgr-compute:~$ sudo netstat -tulpn | grep duplicacy
tcp6       0      0 :::3875                 :::*                    LISTEN      3058897/duplicacy-w 
May 13 01:00:18 txgr-compute duplicacy-web[3058897]: Duplicacy Web Edition 1.8.0 (B47138)
May 13 01:00:18 txgr-compute duplicacy-web[3058897]: Starting the web server at http://[::]:3875

I’m curious about this. Linux networking is… a mountain. Not even sure what a loopback is-- I do have a very cursory understanding of interfaces. What part of the netstat line led you to it ‘listening on loopback’?

It’s IPV6 notation for “all addresses” :slight_smile:

This:

Addresses in the range 127.0.0.0/8 (127.0.0.0–127.255.255.255) are allocated to a fake software interface called loopback, that operating system treats in special way: traffic that goes there cannot be routed anywhere else. It’s like isolated intercom in the building – you can call next office, but cannot call anyone outside of the building. So if the process is listening on loopback – only other processes on the same system can reach it. if you attempt to reach it from another adapter – e.g. your LAN – the OS won’t route packets neither to nor from loopback, even if you have packet forwarding enabled.

For example, duplicacy by default does not encrypt web ui traffic – but you can have it listen on loopback only, so nobody can reach it from other machines, but when you want to reach it – you can use ssh port tunneling to pretend you are connecting from local machine (thus creating a sort of vpn)

So I’m using nginxproxymanager, would I just want to do that thing where I tell the Docker container “hey also listen to localhost stuff, too”. I can’t remember what it’s called. Sorry again for the long response time, appreciate the info about loopbacks- very useful :smiley:

Hi, so I’ve finally gotten into the UI and now all of my settings are gone. I honestly don’t even care tbh that’s fine. My question now is simply, what do I set the HTTP Address to? Just my server’s IP? The subdomain/URL I want to use? This will be behind Bunkerweb as well.

I did try setting HTTPS domain, but now I can’t get into the UI. No matter really, as now I found the correct settings.json and everything. I also have an insane migraine while trying to get this done and are generally just over this issue

Please elaborate. Settings are read from settings.json file. You need to find the right one.

The answer is “it depends”, depends on what are you trying to accomplish. I’m not familiar with bunkerweb.

It’s quite easy:

  • Do you need to access UI only from the machine it’s running on (This includes SSH port tunneling, Cloudflare ZeroTrust, and similar technologies)? Then let it listen one 127.0.0.1
  • Do you want it to be accessible from the LAN only? Let it listen on LAN interface.
  • Do you want ti to be accessible from any interface? Then 0.0.0.0

If you also need security then 127.0.0.1 is a safest setting, 0.0.0.0 least safe, and everything else in between.

This is pretty standard behaviour, not specific to duplicacy, and should not cause a headache.

Yeah it ended up being the one in my home directory as I found. Verified by changing a setting and seeing it reflected in the file.

I’ve spent the whole thread attempting to learn. I have never put any blame on the software or the developers at all. It caused a headache because I’m actively trying to learn it, not because it did something wrong.

If it were already set to 0.0.0.0 I’d expect docker to work with it so I’ll play around with it some more.

Actually, I’m probably just gonna request a refund for the remainder of my license. I remember reading that this was an option

There is a very well known archetype of computer guru that is “ugh you’re supposed to know this obviously and if you call me on it I’m just trying to help” and it’s horribly soured my experience with this program that I’m just trying to get working for us and I’ve been made to seem as if I weren’t cooperative, ignoring things intentionally, or just not willing to work to understand.

Whether or not you work directly for Duplicacy kinda stops mattering for me when you’re the only person responding at all.

Please tell me the proper channels to go through for a refund if I’m correct in my memory that partial refunds are available.

Great!

I never suggested you did! On the contrary, it seems that this is such as common configuration approach, we must be missing something obvious; generally it shall “just work” and not require weeks long endeavor.

For it to work in the container, it shall be listening on 0.0.0.0. My container explicitly sets that. If you are using any other container it may not be configuring that at all, and the default is 127.0.0.1

I’m not a guru. I learn a ton of new things every day for the past quarter century, and there no end on the horizon. Amount of new stuff, the stuff I don’t know, just keeps increasing at the alarming rate. I’m far from guru, on the contrary, I feel very humbled by the vastness of the problem area and I’m conscious of limits of my knowledge.

Expecting everyone to know everything would indeed be baseless and counterproductive: and the whole point to ask for help on the forums is to address some gap in knowledge, or get a nudge to overcome the hurdle. However, it’s on you to ask for clarification as needed. I don’t know you, how am I supposed to know how much to elaborate unless you tell me? 99% of things discussed in this thread is outside of scope of duplicacy, and is all about networking, firewalls, routing, and security. I don’t mind venturing there, but again, I have no idea how much to elaborate and what you don’t understand.

There are also some expectations and forum etiquette, to not question the obvious and also not assume anything.

But I did have to ask the same question three times, did not I? Once one may overlook, but second time? I’m not enjoying that either. And I have nothing to gain.

I don’t work for duplicacy. My only relationship with the company is as customer. I’m hanging out here because I believe in the product, and there are no alternatives pretty much in terms of stability, portability, and performance. I strongly believe in volunteering for a good cause. I’m volunteering my time here to answer questions (and to clean up occasional spam and vandalism when I see it – simply because I visit here often: the shield next to my username only means I have permission to do so. In my profile however I clearly state that I’m not related to duplicacy/acrosync, so there shall be no confusion).

If you dont’ like talking to me you can always ignore my responses. I’m just another user just like yourself.

This is a user forum. Your topic received 250 views as of today. Maybe other users don’t care to chime in? Maybe questions are not interesting enough? I don’t know. But now it’s’ somehow my fault for trying to help.

I don’t know proper channels for refund. I have never went through refund process myself, so can’t draw on personal experience. Maybe email the address you received the license from? or search the forum for the words “refund”?

By the way if you want dedicated support and handholding along the way — you can buy commercial license and get email support directly from the developer.

This is because you’re trying to do something most of the rest of us don’t need, and thus aren’t experienced in.

Even @gchen (pinging the developer for multiple reasons :wink: ) may not have all the pieces to get your particular setup working, but you could take a look at here and trawl the rest of the forum. We’re not even touching on the subject of certificates, either.

However, your issue isn’t specific to Duplicacy - as saspus points out, this is about general network familiarity (complicated slightly more with a Docker environment). Even I know a fair about networking, but I also lack the precise details needed to interface things properly with nginx, although I’m certain it’s quite doable with a little persistence.

Personally speaking, expose Duplicacy’s web interface to the internet will always sound like a very bad idea to me…

This is because web server software (embedded within Duplicacy) could have myriad security vulnerabilities in the various libraries. The web interface is really just a convenient way to change settings, it’s a bonus you can access it over a network, but exposing it so widely is not advisable. This is why I’d only ever do it over a Tailscale network (and further lock down access with iptables/ifw).

It’s fine no follow up/refund needed I just want to move on really. Thanks all