[BUG] Can't login into Duplicati any more

[Nordlicht-13]

Is there an existing issue for this?

• [X] I have searched the existing issues

Current Behavior

After polling the latest image on my linuxserver/duplicati under dockge I can't login into my duplicati any more.

I get the message: Connection lost Connection to server was rejected due to invalid authentication. Log in again, or re-open the page from the TrayIcon (if applicable)

I added the two new option to my compose-file:

• SETTINGS_ENCRYPTION_KEY=Secret1612PW
• DUPLICATI__WEBSERVICE_PASSWORD= #optional

And I tried

• DUPLICATI__DISABLE_DB_ENCRYPTION=true

What can be done to login into my duplicati again.

Expected Behavior

Login into WebUI of duplicati

Steps To Reproduce

1. Setup duplicati with YAML-File under dockge
2. Start duplicati under dockge

Environment

- OS: dockge on TrueNAS Scale 24.10.0.2
- How docker service was installed: compose.yaml-file with dockge

CPU architecture

x86-64

Docker creation

services:
  duplicati:
    image: lscr.io/linuxserver/duplicati:latest
    container_name: duplicati
    environment:
      - PUID=3001
      - PGID=3001
      - TZ=Etc/GMT-0
      - DUPLICATI__DISABLE_DB_ENCRYPTION=true
      - SETTINGS_ENCRYPTION_KEY=secret_key
      - DUPLICATI__WEBSERVICE_PASSWORD= #optional
      - CLI_ARGS= #optional
    volumes:
      - /mnt/trunk/Apps_Data/duplicati/duplicati_config:/config
      - /mnt/trunk/Apps_Data/duplicati_backup:/backup
      - /mnt/trunk/OfficeFolder:/mnt/OfficeFolder
      - /mnt/trunk/plexmedia/Music:/mnt/plexmedia/Music
    ports:
      - 8200:8200
    restart: unless-stopped
networks: {}

Container logs

duplicati  | [migrations] started
duplicati  | [migrations] no migrations found
duplicati  | usermod: no changes
duplicati  | ───────────────────────────────────────
duplicati  | 
duplicati  |       ██╗     ███████╗██╗ ██████╗
duplicati  |       ██║     ██╔════╝██║██╔═══██╗
duplicati  |       ██║     ███████╗██║██║   ██║
duplicati  |       ██║     ╚════██║██║██║   ██║
duplicati  |       ███████╗███████║██║╚██████╔╝
duplicati  |       ╚══════╝╚══════╝╚═╝ ╚═════╝
duplicati  | 
duplicati  |    Brought to you by linuxserver.io
duplicati  | ───────────────────────────────────────
duplicati  | 
duplicati  | To support LSIO projects visit:
duplicati  | https://www.linuxserver.io/donate/
duplicati  | 
duplicati  | ───────────────────────────────────────
duplicati  | GID/UID
duplicati  | ───────────────────────────────────────
duplicati  | 
duplicati  | User UID:    3001
duplicati  | User GID:    3001
duplicati  | ───────────────────────────────────────
duplicati  | Linuxserver.io version: v2.1.0.2_beta_2024-11-29-ls228
duplicati  | Build-date: 2024-12-14T03:56:45+00:00
duplicati  | ───────────────────────────────────────
duplicati  |     
duplicati  | [custom-init] No custom files found, skipping...
duplicati  | Inside getter
duplicati  | Connection to localhost (::1) 8200 port [tcp/*] succeeded!
duplicati  | [ls.io-init] done.
duplicati  | Server has started and is listening on port 8200
duplicati  | Use the following link to sign in: http://localhost:8200/signin.html?token=a_lot_of_letters_and_numbers_for_the_token
duplicati  | fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1]
duplicati  |       An unhandled exception has occurred while executing the request.
duplicati  |       Duplicati.WebserverCore.Exceptions.UnauthorizedException: Authorization failed due to missing cookie.
duplicati  |          at Duplicati.WebserverCore.Endpoints.V1.Auth.<>c.<<Map>b__3_0>d.MoveNext()
duplicati  |       --- End of stack trace from previous location ---
duplicati  |          at Microsoft.AspNetCore.Http.RequestDelegateFactory.<TaskOfTToValueTaskOfObject>g__ExecuteAwaited|92_0[T](Task`1 task)
duplicati  |          at Duplicati.WebserverCore.Middlewares.HostnameFilter.InvokeAsync(EndpointFilterInvocationContext context, EndpointFilterDelegate next)
duplicati  |          at Duplicati.WebserverCore.Middlewares.LanguageFilter.InvokeAsync(EndpointFilterInvocationContext context, EndpointFilterDelegate next)
duplicati  |          at Microsoft.AspNetCore.Http.RequestDelegateFactory.<ExecuteValueTaskOfObject>g__ExecuteAwaited|129_0(ValueTask`1 valueTask, HttpContext httpContext, JsonTypeInfo`1 jsonTypeInfo)
duplicati  |          at Duplicati.WebserverCore.Middlewares.WebsocketExtensions.<>c__DisplayClass0_0.<<UseNotifications>b__0>d.MoveNext()
duplicati  |       --- End of stack trace from previous location ---
duplicati  |          at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
duplicati  | fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1]
duplicati  |       An unhandled exception has occurred while executing the request.
duplicati  |       Duplicati.WebserverCore.Exceptions.UnauthorizedException: Authorization failed due to missing cookie.
duplicati  |          at Duplicati.WebserverCore.Endpoints.V1.Auth.<>c.<<Map>b__3_0>d.MoveNext()
duplicati  |       --- End of stack trace from previous location ---
duplicati  |          at Microsoft.AspNetCore.Http.RequestDelegateFactory.<TaskOfTToValueTaskOfObject>g__ExecuteAwaited|92_0[T](Task`1 task)
duplicati  |          at Duplicati.WebserverCore.Middlewares.HostnameFilter.InvokeAsync(EndpointFilterInvocationContext context, EndpointFilterDelegate next)
duplicati  |          at Duplicati.WebserverCore.Middlewares.LanguageFilter.InvokeAsync(EndpointFilterInvocationContext context, EndpointFilterDelegate next)
duplicati  |          at Microsoft.AspNetCore.Http.RequestDelegateFactory.<ExecuteValueTaskOfObject>g__ExecuteAwaited|129_0(ValueTask`1 valueTask, HttpContext httpContext, JsonTypeInfo`1 jsonTypeInfo)
duplicati  |          at Duplicati.WebserverCore.Middlewares.WebsocketExtensions.<>c__DisplayClass0_0.<<UseNotifications>b__0>d.MoveNext()
duplicati  |       --- End of stack trace from previous location ---
duplicati  |          at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)

[github-actions[bot]]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[clement-brodu]

Same issue here 😞

[Antonieuk1]

same issue for me unable to login I didn't set any password

[abelfodil]

Same issue for me. Everything works with 2.0.8 tag but stops working with 2.1.0.

[Nordlicht-13]

I entered the password for

• DUPLICATI__WEBSERVICE_PASSWORD= #optional

and now I can login again. Still get a screen that the connection was lost, but than I can click on login and I get the duplicati login.

[philipheyde]

Same issue for me

[tugdualenligne]

Same issue here

[j0nnymoe]

With everyone that's saying "Same issue here" - it would be helpful to know if you've read through the thread and also the readme to add the password env into your deployment method of choice.

Otherwise your just adding an unhelpful comment.

[abelfodil]

This is what I specifically tried: https://github.com/arch-anes/self-hosted-services/commit/3e9f044551a963f3c03afcdabcab2d6b5ec9b82e. I also tried disabling encryption via DUPLICATI__DISABLE_DB_ENCRYPTION=true (ref).

Either my backup config is wiped or I get a "Failed to get nonce" error at login.

The same issue happens with duplicati/duplicati image so I feel like this should be taken to upstream.

[aptalca]

Did you try adding it as a regular plain text environment variable? The changes you made have several moving parts.

[tugdualenligne]

Yes, I tried adding SETTINGS_ENCRYPTION_KEY but the error persisted. I then tried adding the DUPLICATI__WEBSERVICE_PASSWORD but error persisted again

[Antonieuk1]

for anyone using unraid you fix the login problem by resetting the docker image and going into the docker log if you watch it boot you will see a html token copy and paste that into a browser and go to that address and set your own password i did have to delete Localhost and add the IP address of the server at the start of the token and it will solve your problem

[clement-brodu]

Hello,

For me, the problem was with the reverse proxy.
Everything is fine when I access duplicati via the local IP address 192.168.1.123:8200, but I get a lot of errors if I try to access the url duplicati.mydomain.com.

I had to add these 2 WebSocket headers to my Synology reverse proxy.

• Upgrade : $http_upgrade
• Connection : $connection_upgrade

With these 2 headers, everything's fine.

This is probably the problem described here : https://forum.duplicati.com/t/unable-to-log-in-using-reverse-proxy/19760

[kenkendk]

I also tried disabling encryption via DUPLICATI__DISABLE_DB_ENCRYPTION=true

@abelfodil & @tugdualenligne: The database encryption key is not the same as the webservice API/UI password. If you disable the DB encryption, it will store everything in the database unencrypted (passphrases, login credentials, etc). but still requires a webservice password.

Either my backup config is wiped or I get a "Failed to get nonce" error at login.

That indicates a caching error in the WebUI. The "nonce" logic was part of 2.0.8.1 and older, the 2.1.0.2 does not use nonces (at least not that way).

@emol-ch You need to either use the signin link found in the logs, or set a password with the environment variable DUPLICATI__WEBSERVICE_PASSWORD=<password>.

It is not optional in 2.1.0.2 and later.

Additional information on the password are in the Duplicati docs.

[tugdualenligne]

Hi Kenkendk, nice seeing you here in that Linuxserver space, far from the Duplicati forums ;-) Happy new year to all! I have a duplicati instance running for 4 or 5 years (may be even more, can’t remember), and I have not changed anything about my docker compose when I first encountered the login issue I am lost here about the situation: is this a bug and I should wait, or is there a configuration change I should do? As said previously, in order to correct the issue, I tried enabling the database encryption setting, and also forcing the webservice password All of this to no avail, unfortunately Thx

[Lolcraftspace]

Hello, I just want to comment something, i also had the same problem, but I have found a solution that worked for me.

I always logged in with "http://192.168.152.13:8200/ngax/index.html" wich resulted in the error. (Could not log in) When I restartet the docker-container, it said in the Log that I should use a link to lock in: duplicati | Server has started and is listening on port 8200 duplicati | Use the following link to sign in: http://localhost:8200/signin.html?token=a_lot_of_letters_and_numbers_for_the_token

I replaced "localhost" with the server ip, then the docker prompted me to set a new password, which I did and now the old Link works again.

Hope this helps some people. (My docker runs in Unraid.)

[kenkendk]

Hi Kenkendk, nice seeing you here in that Linuxserver space, far from the Duplicati forums ;-)

It is rare, but I sometimes move a bit :)

I am lost here about the situation: is this a bug and I should wait, or is there a configuration change I should do?

If you mean the API password, then it is not a bug and here to stay.

If you see the dialog with "Connection lost Connection to server was rejected due to invalid authentication" then it (most likely) means that you are not logged in.

If you have not yet set a password, look in the logs as described by @Lolcraftspace, find the link and open it to sign in. From here you can change the password in the Settings. After changing the password, the link will no longer appear on startup.

If you set a password with DUPLICATI__WEBSERVICE_PASSWORD=<password> then simply click the "Login" button when you get the "Connection Lost", enter the password, and you are logged in.

If the password is not working, you can also try CLI_ARGS: --webservice-password=<password>, which should do the same.

If the container is running, you can go into it and run /opt/duplicati/duplicati-server-util change-password (maybe the path is different in the linuxserver image).

It could also be a proxy issue where the websocket is being rejected. If this is the case, you should see the configured backups loading (and the text "Beta" underneath the Duplicati logo top-left). If you see one of these two things you are logged in, but the websocket connection is failing. Try using Developer Tools in the browser to see error messages.

[thespad]

Path in the container would be /app/duplicati/duplicati-server-util

[emol-ch]

数据库密码和web密码不要设置一样的，会导致无法登录，我的教训~！

[emol-ch]

thank you for your help ，

The problem has been resolved

eMoL〃CH @.***

 

------------------ 原始邮件 ------------------ 发件人: "linuxserver/docker-duplicati" @.>; 发送时间: 2025年1月10日(星期五) 凌晨5:12 @.>; @.@.>; 主题: Re: [linuxserver/docker-duplicati] [BUG] Can't login into Duplicati any more (Issue #89)

Hi Kenkendk, nice seeing you here in that Linuxserver space, far from the Duplicati forums ;-)

It is rare, but I sometimes move a bit :)

I am lost here about the situation: is this a bug and I should wait, or is there a configuration change I should do?

If you mean the API password, then it is not a bug and here to stay.

If you see the dialog with "Connection lost Connection to server was rejected due to invalid authentication" then it (most likely) means that you are not logged in.

If you have not yet set a password, look in the logs as described by @Lolcraftspace, find the link and open it to sign in. From here you can change the password in the Settings. After changing the password, the link will no longer appear on startup.

If you set a password with DUPLICATI__WEBSERVICE_PASSWORD=<password> then simply click the "Login" button when you get the "Connection Lost", enter the password, and you are logged in.

If the password is not working, you can also try CLI_ARGS: --webservice-password=<password>, which should do the same.

If the container is running, you can go into it and run /opt/duplicati/duplicati-server-util change-password (maybe the path is different in the linuxserver image).

It could also be a proxy issue where the websocket is being rejected. If this is the case, you should see the configured backups loading (and the text "Beta" underneath the Duplicati logo top-left). If you see one of these two things you are logged in, but the websocket connection is failing. Try using Developer Tools in the browser to see error messages.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

[philipheyde]

For me, it was solved by enabling Websocket support in my Nginx reverse proxy. No additional settings for the websocket/proxy were needed.

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[tugdualenligne]

Thanks Kenkendk. I tried the day you posted, it didn't work so I left it for another day... Today has been this day: but nothing works. I do not understand what's going on I'm not talking about the API, but about the login screen This is not a proxy and websocket issue as I don't see any of my configured backups I have replaced the duplicate sqlite DB by an old version. Then I see the famous signing link in the container log. I sign in, but this does not resolve anything I once was able to change the pwd from the command line. Then once the old sqlite DB restored, I get this error when trying to change the password: "No database found in /config/.config/Duplicati", and whatever the password I enter, I get a "failed to log in" error I also tried used the duplicati/duplicati:latest image instead of the linuxserver one. No chance I'm lost

Edit 1: after logging in, I get a "OK" windows that pop up, it re-pop up each time I change between menus Edit 2: I'm wondering if there isn't another issue here as tried from 'scratch': I deleted ALL Duplicati config files and database, even the hidden ones, and relaunched my docker compose with the Linuxserver and with the Duplicati/Duplication docker images, without success. Still the same error

[gleruzh]

I've finally reverted to previous version, for me ~half a year old, without that I wasn't succeded to manage. Required to switch to "backup db".

[tugdualenligne]

On my side, I also abandoned: I could not resolve that issue, and sadly had to move to another solution

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[eprouty]

Ending up here with similar issues, cannot login to the containers anymore, tried setting up a new container and encounter the same problem... enter the password and it just loops back to tell me I am not logged in.

[msberends]

For who needs this, my solution for Apache reverse proxy is as below. So for me going to e.g. 192.168.68.100:8200 worked, but going to my.domain.com gave me the window "Connection lost".

Now it works great with these settings (I set my SSL certificate path globally elsewhere):

<VirtualHost *:443>
    SSLEngine on
    SSLProxyEngine on

    ServerName my.domain.com

    ProxyPreserveHost On

    # WebSocket support
    RewriteEngine on
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule ^/(.*)  ws://localhost:8200/$1 [P,L]

    RewriteCond %{HTTP:Upgrade} !=websocket [NC]
    RewriteRule ^/(.*)  http://localhost:8200/$1 [P,L]

    ProxyPassReverse / http://localhost:8200/

    RequestHeader set Connection "upgrade"
    RequestHeader set Upgrade "%{HTTP:Upgrade}e" env=HTTP_UPGRADE

    ProxyRequests Off
</VirtualHost>

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[LinuxServer-CI]

This issue is locked due to inactivity