This worked for me. It will probably work for you with minor touches if you insist. After I ran this for a while I didn't like how unreliable Duplicati was with the actual work of backing up and I began to investigate Duplicacy instead. I will leave this here for a year or so because it will probably remain more or less valid for that long and I did spend a lot of time putting it together to just thwack it because it's not useful to me. YMMV. GL. GG.
This is a note on installing Duplicati, a free Backup server into a TrueNAS Core jail.
In TrueNAS create a Jail running the latest FreeBSD image available (13.2-RELEASE-p4). I am calling this jail instance backup
todo: Add notes on jail settings
I find there is trouble with TrueNAS jails and DHCP, but otherwise the defaults should be fine.
1️⃣ /mnt/Vol_2X8T/Server/Apps/Backup/ --> /mnt/Vol_2X8T/iocage/jails/backup/root/mnt/
2️⃣ /mnt --> /mnt/Vol_2X8T/iocage/jails/backup/root/media
1️⃣ Where you put your app data is beyond the scope of this note, but in general a persistent location for containerized
(incl. jailed) apps to store configs and data is useful, and gets mounted to a handy path inside the container. Here
I'm using /mnt
and I will put everything within that directory that needs to persist outside the jail. I will symlink
the config and startup files from there into the jail when recreating it.
If you don't do this, you can still follow this guide unchanged (/mnt
is a default and empty directory in FreeBSD). The main difference is destroying your jail will destroy the Duplicati files and configs too.
If you are closely following this guide, the paths here from /mnt
should be fine. If you mount your persistent storage
somewhere else that's fine (Linux often uses /opt
for this kind of stuff), but you may need to add some settings in the /etc/rc.conf.local
file as the /usr/local/etc/rc.d/duplicati
example included below assumes my paths as the defaults.
2️⃣ Mounting the topmost level of my TrueNas storage to /media
inside the jail as read only so all the backup jobs I create will run out of there.
These mounting strategies are mine. Feel free to use or improve on them. Live large.
For this section you should be operating from a root shell in your new jail.
- Use curl to download the zip file.
pkg install curl
- We will need Mono to run the .net executables in the *nix environment.
pkg install mono
will NOT work as it (currently) installs mono5.20. As of this writing there is a package for mono6:mono6.8-6.8.0.123_2
which works. Because these are updated regularly, checkpkg search mono
to find the exact package available.
pkg install mono6.8-6.8.0.123_2
- We will need sqlite3 for Duplicati to store data
pkg install sqlite3
- Create the user (and group) that Duplicati will run under.
pw user add duplicati -c duplicati -u 818 -d /nonexistent -s /usr/bin/nologin
- Create a some directories for binaries, data, and startup scripts.
mkdir -p /mnt/Duplicati-bin /mnt/Duplicati-data /mnt/_usr_local_etc/rc.d
chown duplicati:duplicati /mnt/Duplicati-data/
- Get link for zip file from https://www.duplicati.com/download and decompress it:
curl -o /mnt/Duplicati-bin/duplicati.zip https://updates.duplicati.com/beta/duplicati-2.0.7.1_beta_2023-05-25.zip
cd /mnt/Duplicati/ ; unzip duplicati.zip
We will follow the FreeBSD convention using a startup script for local services. This will show up as
/usr/local/etc/rc.d/duplicati
inside the jail.
- Copy the contents from the appendix /mnt/_usr_local_etc/rc.d/duplicati below. You should not need to edit any of the stuff in this file.
- Use your favorite editor to create the file and paste in the contents.
ee /mnt/_usr_local_etc/rc.d/duplicati
- Set the correct file permissions on that file.
chmod 555 /mnt/_usr_local_etc/rc.d/duplicati
- Link it into place inside the jail filesystem.
ln -s /mnt/_usr_local_etc/rc.d /usr/local/etc/rc.d
We will continue followingthe FreeBSD convention for enabling and passing variables to local services.
This will show up as /etc/rc.conf.local
inside the jail.
- Copy and paste the contents from the appendix /mnt/_etc_rc.conf.local below.
- Use your favorite editor to create and paste in the contents. You should
definitely read the comments and edit these settings to suit your environment.
ee /mnt/_etc_rc.conf.local
- Set the correct file permissions on that file.
chmod 755 /mnt/_etc_rc.conf.local
- Link it into place inside the jail filesystem.
ln -s /mnt/_usr_local_etc/rc.d /usr/local/etc/rc.d
Now you should be able to run the command service duplicati status
and if you got back the answer duplicati is not running.
Congratulations -- you're on the right track. Now let's actually start up Duplicati. ready?
service duplicati start
todo: does it actually work? I think it does, it seems to be working for me. Please let me know if it works for you, or if you have comments on how this doc can be improved.
Taking a day off? Inadvertently killed your jail? Want to upgrade the jail easily? These commands inside the jail should get you back in action if you have already created the jail as described above and just want to bring up the same settings and data in a new jail instance.
refer to the notes above about determining exactly what version / package of mono to install
pkg install sqlite3 mono6.8-6.8.0.123_2
ln -s /mnt/_etc_rc.conf.local /etc/rc.conf.local
ln -s /mnt/_usr_local_etc/rc.d /usr/local/etc/rc.d
pw user add duplicati -c duplicati -u 818 -d /nonexistent -s /usr/bin/nologin
Hat tip to Ryan_Y who posted a version of this on the Duplicati forum
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: duplicati
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add these settings to /etc/rc.conf.local to configure this service:
#
# duplicati_enable: Set to YES to enable duplicati
# duplicati_user: The user account used to run the duplicati daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# duplicati_group: The group account used to run the duplicati daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# duplicati_data_dir: Directory where duplicati configuration
# data is stored.
# duplicati_exe: path to the Duplicati.Server.exe binary
# duplicati_webui_password: there are better ways to do this
# Default empty (note this webUI connection is not encrypted,
# this password will be passed over the network in cleartext)
# duplicati_webui_port: TCP port for web user interface
# duplicati_webui_allowed_hostnames: hosts permitted for initial
# connection to the webUI. As this is a server, starting open
# is probably okay, the list can be limited within the config.
. /etc/rc.subr
name=duplicati
rcvar=${name}_enable
load_rc_config $name
start_precmd="${name}_precmd"
required_dirs="${duplicati_data_dir}"
# Varibles you could set in /etc/rc.conf.local
: ${duplicati_enable:="NO"}
: ${duplicati_webui_password:=""}
: ${duplicati_webui_port:=8200}
: ${duplicati_webui_allowed_hostnames:="*"}
: ${duplicati_user:="duplicati"}
: ${duplicati_group:="duplicati"}
: ${duplicati_data_dir:="/mnt/Duplicati-data/"}
: ${duplicati_exe:="/mnt/Duplicati-bin/Duplicati.Server.exe"}
: ${duplicati_pidfile:="/tmp/duplicati.pid"}
: ${duplicati_msg_success:="Duplicati daemon started on pid: "}
startmsg="Starting ${name} daemon"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-S -t ${name} -T ${name} -p ${duplicati_pidfile} \
${procname} ${duplicati_exe} \
--webservice-port=${duplicati_webui_port} --webservice-interface=any \
--webservice-allowed-hostnames=${duplicati_webui_allowed_hostnames} \
--webservice-password=${duplicati_webui_password} \
--server-datafolder=${duplicati_data_dir}"
duplicati_precmd() {
export USER=${duplicati_user}
if [ ! -d ${duplicati_data_dir} ]; then
install -d -o ${duplicati_user} -g ${duplicati_group} ${duplicati_data_dir}
fi
}
run_rc_command $1
The top two lines are not related to Duplicati, feel free to leave them out if you do not want the Jail to run an SSH daemon.
## Run SSH daemon
sshd_enable="YES"
#### Duplicati settings ####
# Nothing else matters if this is not YES
duplicati_enable="YES"
# if webui port is not set here default will be 8200
duplicati_webui_port="8200"
# If webui password is not set here default will be empty
# NOTE: this webUI connection is not encrypted, this
# password will be passed over the network in cleartext
duplicati_webui_password="LetMeInPlease"
-
Generic, but insigful guidance on installing software into TrueNAS Core Jails:
Documentation Hub/TrueNAS CORE/Configuration Tutorials/Jails, Plugins, and VMs/Jails/Installing Software -
Practical rc.d scripting in BSD
https://docs.freebsd.org/en/articles/rc-scripting/ -
Canonical source on using duplicati Duplicati User Manual
-
Duplicati forum threads:
https://forum.duplicati.com/t/running-duplicati-on-startup-on-freenas-freebsd/3653/17
https://forum.duplicati.com/t/running-duplicati-on-startup-on-freenas-freebsd/3653/24
cd /mnt/Duplicati/ ; unzip duplicati.zip has to be cd /mnt/Duplicati-bin/ ; unzip duplicati.zip
When I start the jail, dubplicati is not starting. I have to startin manually with "service duplicati onestart"
"service duplicati start" is not working even if "duplicati_enable" is set to "YES""