Unable to Ignore TLS Error

[federicotravaini]

I am encountering an issue with configuring Restic within a Docker container to ignore TLS errors. My setup involves using Rclone configured with Nextcloud via WebDAV. When I use Rclone directly on the host server (Ubuntu), I am able to bypass the TLS error by ignoring it. However, when attempting to use Rclone within resticker Docker container, I am unable to find a way to ignore the TLS error.

The problem arises because Restic treats the --insecure-tls parameter as a global parameter rather than a parameter specific to the backup command. As a result, I cannot pass the --insecure-tls flag directly to the backup command when running Restic within the Docker container.

Is there a workaround that does not involve having the certificate?

[djmaze]

Sorry for the late response. I think this is an upstream problem in restic and should be reported over there.

Oops, I think I did not read the question thoroughly. Where did you try to specify the parameter for the docker container?

[domiko96]

Hey there,
I can imagine that the issue is actually that one can only pass in the --ignore-tls argument to the individual actions like so:

RESTIC_BACKUP_ARGS: >-
        --tag docker-volumes
        --verbose
        --insecure-tls

I for example run into this error with minio.
In my case I'm running minio on my NAS at home and connect a server I want to backup via vpn.

The docker logs looks like this:

Checking configured repository 's3://my-domain.com:9000/restic' ...
Fatal: unable to open config file: Stat: Get "https://my-domain.com:9000/restic/?location=": tls: failed to verify certificate: x509: certificate is valid for localhost, not my-domain.com
Is there a repository at the following location?
s3://my-domain.com:9000/restic
Could not access the configured repository.
Trying to initialize (in case it has not been initialized yet) ...
Fatal: create repository at s3://my-domain.com:9000/restic failed: client.BucketExists: Get "https://my-domain.com/restic/?location=": tls: failed to verify certificate: x509: certificate is valid for localhost, not my-domain.com

I guess a global parameter to set --insecure-tls would maybe make sense? Or is there a trick I'm missing?
I'll try to mitigate it by SKIP_INIT.

Any help is much appreciated. Keep up the great work!

[domiko96]

I confirmed I can bypass the issues with SKIP_INIT for the backup container.

However in my prune container I get errors even though I also pass

      PRUNE_ARGS: >-
        --insecure-tls

Error is: tls: failed to verify certificate: x509: certificate is valid for localhost, not my-domain.com

[domiko96]

I confirmed I can bypass the issues with SKIP_INIT for the backup container.

However in my prune container I get errors even though I also pass

      PRUNE_ARGS: >-
        --insecure-tls

Error is: tls: failed to verify certificate: x509: certificate is valid for localhost, not my-domain.com

Ah actually this is all fine it just has to be RESTIC_PRUNE_ARGS instead.