search

djmaze / resticker

Run automatic restic backups via a Docker container.
https://hub.docker.com/r/mazzolino/restic/
Apache License 2.0
517 stars 71 forks source link

Unable to Ignore TLS Error #193

Open federicotravaini opened 6 months ago

federicotravaini commented 6 months ago

I am encountering an issue with configuring Restic within a Docker container to ignore TLS errors. My setup involves using Rclone configured with Nextcloud via WebDAV. When I use Rclone directly on the host server (Ubuntu), I am able to bypass the TLS error by ignoring it. However, when attempting to use Rclone within resticker Docker container, I am unable to find a way to ignore the TLS error.

The problem arises because Restic treats the --insecure-tls parameter as a global parameter rather than a parameter specific to the backup command. As a result, I cannot pass the --insecure-tls flag directly to the backup command when running Restic within the Docker container.

Is there a workaround that does not involve having the certificate?

djmaze commented 5 months ago

Sorry for the late response. I think this is an upstream problem in restic and should be reported over there.

Oops, I think I did not read the question thoroughly. Where did you try to specify the parameter for the docker container?

O6ACDXl-6sET9zJ commented 4 months ago

I didn’t do this .

O6ACDXl-6sET9zJ commented 4 months ago

I don’t even know what a parameter is I mean don’t get me wrong I think it absolutely amazing stuff but I honestly don’t even know how I found GitHub lol ❤️🤟😅👁️

domiko96 commented 2 months ago

Hey there, I can imagine that the issue is actually that one can only pass in the --ignore-tls argument to the individual actions like so:

RESTIC_BACKUP_ARGS: >-
        --tag docker-volumes
        --verbose
        --insecure-tls

I for example run into this error with minio. In my case I'm running minio on my NAS at home and connect a server I want to backup via vpn.

The docker logs looks like this:

Checking configured repository 's3://my-domain.com:9000/restic' ...
Fatal: unable to open config file: Stat: Get "https://my-domain.com:9000/restic/?location=": tls: failed to verify certificate: x509: certificate is valid for localhost, not my-domain.com
Is there a repository at the following location?
s3://my-domain.com:9000/restic
Could not access the configured repository.
Trying to initialize (in case it has not been initialized yet) ...
Fatal: create repository at s3://my-domain.com:9000/restic failed: client.BucketExists: Get "https://my-domain.com/restic/?location=": tls: failed to verify certificate: x509: certificate is valid for localhost, not my-domain.com

I guess a global parameter to set --insecure-tls would maybe make sense? Or is there a trick I'm missing? I'll try to mitigate it by SKIP_INIT.

Any help is much appreciated. Keep up the great work!

domiko96 commented 2 months ago

I confirmed I can bypass the issues with SKIP_INIT for the backup container.

However in my prune container I get errors even though I also pass

      PRUNE_ARGS: >-
        --insecure-tls

Error is: tls: failed to verify certificate: x509: certificate is valid for localhost, not my-domain.com

domiko96 commented 2 months ago

I confirmed I can bypass the issues with SKIP_INIT for the backup container.

However in my prune container I get errors even though I also pass

      PRUNE_ARGS: >-
        --insecure-tls

Error is: tls: failed to verify certificate: x509: certificate is valid for localhost, not my-domain.com

Ah actually this is all fine it just has to be RESTIC_PRUNE_ARGS instead.