Using CLI_ARGS to setup SSL for webui fails when docker restart

[josemags]

Recently added option CLI_ARGS is perfect to set up SSL for webui, just need to store your p12 cert in a subdirectory of config (/config/keys/cert.p12, for example) and add the option:

-e CLI_ARGS='--webservice-sslcertificatefile=/config/keys/cert.p12 --webservice-sslcertificatepassword=password'

Actually, I did it using the webui for Docker in OpenMediaVault.

Everything works like a charm. But when the docker is restarted it cannot start duplicati service, getting repeatedly the following error in log:

A serious error occurred in Duplicati: System.PlatformNotSupportedException: Operation is not supported on this platform.
  at Duplicati.Server.Database.ServerSettings.get_ServerSSLCertificate () [0x00115] in <be73c239d77d4180b5147067144fc237>:0
  at Duplicati.Server.WebServer.Server..ctor (System.Collections.Generic.IDictionary`2[TKey,TValue] options) [0x0029d] in <be73c239d77d4180b5147067144fc237>:0
  at Duplicati.Server.Program.RealMain (System.String[] _args) [0x00674] in <be73c239d77d4180b5147067144fc237>:0

Then, the webui is unreachable by http neither https.

I found a tip at this post on duplicati forum (user fognar). It seems that the certificate is incorporated to the database at /config/Duplicati-server.sqlite file, Option table, record with 'server-ssl-certificate' value in Name field. When the docker is restarted with the CLI_ARGS options setting the certificate file and the database also remains the certificate in Option table, duplicati service cannot start.

So I tried to update the record in the database and set it with blank value each time the docker was started, before trying to start duplicati service. I thougt that /etc/services.d/Duplicati/run file must do it, adding the first exec command you can see as follows:

cd /app/duplicati || exit

 exec \
	sqlite3 /config/Duplicati-server.sqlite \
	"UPDATE Option SET Value='' WHERE Name='server-ssl-certificate';"

 exec \
	s6-setuidgid abc mono Duplicati.Server.exe \
	--webservice-interface=any --server-datafolder=/config --webservice-allowed-hostnames=* $CLI_ARGS

As I am not experienced at creating nor modifying docker images, I mounted the /etc/services.d/Duplicati/ directory as a volume in the host (-v /dockers/Duplicati/etcServices.dDuplicati:/etc/services.d/Duplicati) and made there my own version of the run file as before.

It works fine, but it is just a workaround, not a serious fix.

Sorry for my English and sorry for style mistakes, first time using GitHub.

Host OS: OpenMediaVault 4.1.23-1 (Arrakis)

[aptalca]

So you're only supposed to start duplicati with that option once? And then that option is enabled forever? And if you try to use that option again duplicati doesn't start? That makes no sense.

But anyway, you can recreate the container without that variable set

[calvinbui]

I can confirm the above from @josemags

After recreating/restarting the container, I also ran into the same problems until I removed the certificate CLI args

I fixed this by adding sqlite3 /config/Duplicati-server.sqlite "UPDATE Option SET Value='' WHERE Name='server-ssl-certificate';" to the top of the run script without exec