Monday, December 5, 2022

01 - Cloud Backup - Duplicati - Initial Setup & Config - 2021 - Part 1 of 5


Intro:

This is a multi-part article and is part 1 of 5.

I've been using Duplicati to backup to several site locations for quite some time to an Amazon compatible S3 service. Prior to deployment I strongly suggest you test out Duplicati's settings and make sure everything works the way you want it to. Once it's setup and working, it's fully automated. You should test a restore here and there to make sure it's working properly. You should also have a backup plan worked out with your customer, ie how many days to store, what to do with that data when those days are up, etc.

You also need to check your S3 storage provider and watch for fees as the amount of data you store will increase at some point. You can read more about the way Duplicati works here.

In short, Duplicati compresses your data into archives (default of 50mb), then every couple of days it cleans up the data archive files and needs to delete and recreate the archive. Your S3 provider may count that deleted data against your total storage space in a given month and or a minimum storage duration policy may apply.


Notes on Wasabi:

*I'm going to explain this article from a small MSP's point of view. Part 2 of X explains how to setup a Wasabi sub-account for each customer's physical location. Reach out to your Wasabi rep to have the WACM (Wasabi Account Control Manager) activated.

WACM gives you the ability to create accounts with trials starting at 30 days to get rolling without incurring charges while testing. You can extend this up to 90 days for your customer in increments of 30 days if they need more time. You can also promote an account from trial mode to paid mode within those 90 days. After 90 days the account becomes a paid account automatically.

Please have a look at this page to understand Wasabi's pricing model. You may also want to look at this page to understand how Wasabi's "minimum storage duration policy" works so the bill isn't a surprise at the end of the month.

Wasabi offers pay as you go and prepaid plans called, "Reserved Capacity Storage". For the latter you can pay up front for a portion of data at a lesser price. For the RCS payment model there is a minimum of 25 terabytes.



Requirements:



Duplicati Setup:

1. Download and install the latest version of Duplicati for either Windows, Linux, or Mac.


Run the downloaded MSI file under an Administrator account. You will launch the service as the system at a later point so it won't be tied to any given user and it will be able to run when no one is logged in.






Once the installer is done you can hit "Finish" to launch the interface.



Duplicati Configuration:

1. Set a password for the interface and save it:


Choose, "Yes" and the Settings window will open in Chrome, Firefox, or Microsoft Edge.


2. Make the following changes to settings:

Access to user interface:
  •  Enable and set password
  •  Enable "Prevent tray icon automatic log-in" (We're install Duplicati as a service so skip this)
  •  Enable remote access (requires restart) and set hostname to "*" if you want to be able to access the GUI from another computer. Runs on port 8200 as default.
Pause after startup or hibernation:
  •  No Pause (0 seconds)
User interface settings:
  •  Change to Dark Theme (This will revert to the light theme if viewing the GUI in Private Mode in your browser due to cookies not being saved.)
Donation Messages:
  •  Hide donation messages
Update channel:
  •  Default (beta)
Usage statistics:
  •  System Defaults (Information)
Default options (Edit as list):

--accept-any-ssl-certificate=true
--snapshot-policy=Required

Hit OK when done and logout.

Login again with new password, double check that the settings have been applied and log out again. This is to make sure the page didn't timeout while the settings were being selected.



Move Database Location and Run Duplicati as a Service:

    1. Stop/Quit the tray icon if you currently have it running.

    2. Create a folder called "C:\ProgramData\Duplicati\Data" ** (this is what solves the windows update problem).

    3. Move the file "C:\Users\[XXXXXXXX]\AppData\Local\Duplicati\Duplicati-server.sqlite" to "C:\ProgramData\Duplicati\Data\Duplicati-server.sqlite".

    4. Open an admin cmd prompt and cd "C:\Program Files\Duplicati 2".

Duplicati.WindowsService.exe install --server-datafolder=C:\ProgramData\Duplicati\Data
    5. Transacted install complete? Run "sc start duplicati".

        5a. To check pending status, type, "sc query duplicati" and it should be in a "RUNNING" state.

        5b. If this fails it's because the service name already exists. Stop it with "sc stop duplicati" or Computer Management --> Services. Retry #5a. If that fails use, "duplicati.windowsservice.exe -uninstall" or NSSM (Non-Sucking Service Manager) to uninstall it.

    6. Close cmd prompt.

    7. Open a new browser window and go to "http://localhost:8200".

        7a. If "http://localhost:8200" doesn't work try "http://localhost:8300".

        7b. If port 8300 is responding then there are two instances of Duplicati running. Check Task Manager as one is still running occupying port 8200. Kill one of the instances and port 8200 should start responding.

    8. Remove tray icon from, "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp".




TL;DR: Install & Uninstall Scripts:

The section below takes care of everything above except the section labeled, "Duplicati Configuration:". Be sure to configure it after installation.

I've designed and tested these scripts to run as SYSTEM. If running the commands as a local Admin, run the commands one by one in their respective shell.


1. Install - Microsoft Visual C++ 2015-2022 Redistributable - x86 & x64 - Latest:

Run "PowerShell ISE" as admin!

(Silently downloads, installs both x86 and x64 versions, waits 60 seconds, and deletes temporary installation files. Duplicati needs C++ 2015 redist.)

Invoke-WebRequest -OutFile C:\Windows\temp\vc_redist.x64.exe -Uri https://aka.ms/vs/17/release/vc_redist.x64.exe
Invoke-WebRequest -OutFile C:\Windows\temp\vc_redist.x86.exe -Uri https://aka.ms/vs/17/release/vc_redist.x86.exe
cd C:\Windows\Temp
C:\Windows\Temp\vc_redist.x64.exe /install /quiet /norestart
C:\Windows\Temp\vc_redist.x86.exe /install /quiet /norestart
Start-Sleep -Seconds 60
del C:\Windows\Temp\vc_redist.x64.exe
del C:\Windows\Temp\vc_redist.x86.exe

2. Duplicati - Install as a service:

Run "CMD" as Admin!

(Installs Duplicati / Setup Database Folder / Start Service / Open Port 8200 for Remote Access)

(If you want to disable port 8200 remove the line in the script below)

(If you want to enable port 8200 leave the line in the script. You'll also need to login to Duplicati locally via the device IP and put a "*" in the Settings --> Hostname field. Save and restart the "Duplicati" service then access it via a DDNS name. Make sure you port forward at the router.)

Copy the following into a batch file, save, and run as Admin:

@echo off
cls
cd C:\
msiexec.exe /q /i https://github.com/duplicati/duplicati/releases/download/v2.0.6.3-2.0.6.3_beta_2021-06-17/duplicati-2.0.6.3_beta_2021-06-17-x64.msi ADDLOCAL=DuplicatiCore REMOVE=DuplicatiDesktopShortCutFeature,DuplicatiProgramMenuShortCutFeature,DuplicatiStartupShortCutFeature
ping 127.0.0.1 -n 16 > nul
mkdir C:\ProgramData\Duplicati\Data
cd "C:\Program Files\Duplicati 2"
Duplicati.WindowsService.exe install --server-datafolder=C:\ProgramData\Duplicati\Data --webservice-port=8200 --webservice-interface=any
sc start duplicati
cd \
netsh advfirewall firewall add rule name="Duplicati" dir=in profile=any action=allow protocol=TCP localport=8200

3. Duplicati Initial Configuration:

Once the MS redistributable and Duplicati has been installed and configured as a service, configure the Duplicati GUI as follows:


Make the following changes to settings:

Access to user interface:
  •  Enable and set password
  •  Enable "Prevent tray icon automatic log-in" (We've install Duplicati as a service so skip this)
  •  Enable remote access (requires restart) and set hostname to "*" if you want to be able to access the GUI from another computer. Runs on port 8200 as default.
Pause after startup or hibernation:
  •  No Pause (0 seconds)
User interface settings:
  •  Change to Dark Theme (This will revert to the light theme if viewing the GUI in Private Mode in your browser due to cookies not being saved.)
Donation Messages:
  •  Hide donation messages
Update channel:
  •  Default (beta)
Usage statistics:
  •  System Defaults (Information)
Default options (Edit as list):

--accept-any-ssl-certificate=true
--snapshot-policy=Required



Uninstall - Microsoft Visual C++ 2015-2022 Redistributable - x86 & x64:

*This may or may not work. It's dependent on the package cache locations existing. So far I've found these two on different Windows 10 installations. Need to write PowerShell script to search for and remove these two packages.

Run "PowerShell ISE" as admin!

Silently uninstalls both x86 and x64 versions with no restart.
Duplicati needs redist C++ 2015.

If uninstall, check these two registry keys for quiet uninstall strings:

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

& "C:\ProgramData\Package Cache\{3746f21b-c990-4045-bb33-1cf98cff7a68}\VC_redist.x64.exe" /uninstall /quiet /norestart
& "C:\ProgramData\Package Cache\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}\VC_redist.x86.exe" /uninstall /quiet /norestart
& "C:\ProgramData\Package Cache\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}\VC_redist.x86.exe" /uninstall /quiet /norestart
& "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" /uninstall /quiet /norestart


Uninstall Duplicati:

Wipes all databases!!!!! Be careful!!!!!

Run "CMD" as admin!

Uninstall Duplicati / Remove Service / Remove Firewall Rule / Delete Left Over Directories (includes SQLITE databases!)

Copy the following into a batch file, save, and run as Admin:

@echo off
cls
sc stop duplicati
cd "C:\Program Files\Duplicati 2"
Duplicati.WindowsService.exe uninstall
msiexec.exe /uninstall https://updates.duplicati.com/beta/duplicati-2.0.6.3_beta_2021-06-17-x64.msi /q
ping 127.0.0.1 -n 31 > nul
netsh advfirewall firewall delete rule name="duplicati" dir=in
cd C:\
rmdir "C:\Program Files\Duplicati 2" /S /Q
rmdir "C:\ProgramData\Duplicati\" /S /Q



Conclusion:
  • Wasabi sub accounts for MSPs and email accounts for backup job reporting will be covered in Part 2.
  • The S3 provider will be configured in Part 3. 
  • Adding a backup job in Duplicati will be covered in Part 4.
  • Restoring a backup job in Duplicati will be covered in Part 5.



๐Ÿ‘ฝ

at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)