Premise

Acrosync’s Duplicacy is a powerful backup program that I’m using extensively on a variety of devices, including the Synology Diskstation in the docker container.

Docker on Synology however suffers from annoying issues, including but not limited to incorrect resource usage reporting and while the overhead of managing userIDs and configuration data is worthwhile for applications that benefit from dependencies isolation docker provides duplicacy does not require nor benefits from it: both Web UI and command line engine are written in Golang and are self-contained executables.

Furthermore, some Synology devices do not run docker – and yet duplicacy would work just fine on them.

Purpose

In this article I describe the simple script to download and install duplicacy_web as a service on a Synology Diskstation natively, without the aid of docker. It can be used as-is, or to be used as a starting point for your customizations and to illustrate various techniques.

Synology DSM uses upstart to manage services. The script below downloads the specified duplicacy executables and configures it to run when network and storage is up.

Usage

Create the limited user duplicacy for the daemon to run under. Modify the script accordingly if different username is desired. Give that user permissions to read the folders intended to be backed up. Enable users home service. Duplicacy configuration will be stored in the home folder of the user defined in step 1. It is trivial to modify the script to store data elsewhere if homes service is undesirable. Read through and run the script to install and start the daemon.

To upgrade or downgrade duplicacy version modify the DUPLICACY_WEB_VERSION environment variable in the beginning and run the script again.

Important notes

Listening address

By default Duplicacy Web is listening on a loopback interface so that only local users can connect. It can be configured to listen on your LAN adapter instead but this is undesirable due to this issue.

The secure enough workaround until that is fixed is to keep it accessible on a loopback only and reach the UI via SSH port tunneling. By default port tunneling is disabled, so the script enables it and restarts sshd daemon in the very end.

To login, you would start a tunnel like so in the background:

ssh -N -L 3875:127.0.0.1:3875 you@nas &

and then connect to http://localhost:3875.

However, if you really want to avoid the tunneling you can change the listening port. Place the code below right before “Launching service”: If the configuration file does not exist it will be created with the listening_address set to to listen on all interfaces; otherwise the change will be edited into the existing file.

CONFIGPATH = ${ HOMEDIR } /.duplicacy-web if [ ! -f ${ CONFIGPATH } /settings.json ] ; then echo "Configuration file does not exist." echo "Creating default one enabling listening on all interfaces" mkdir -p ${ CONFIGPATH } cat > ${ CONFIGPATH } /settings.json << EOF { "listening_address" : "0.0.0.0:3875" } EOF else echo "Setting listening_address to 0.0.0.0:3875" sed -i "s/ \" listening_address \"\s *: \s * \" .* \" / \" listening_address \" : \" 0 \. 0 \. 0 \. 0:3875 \" /g" ${ CONFIGPATH } /settings.json fi # Setting the correct owner to entire folder chown -R ${ USERNAME } : ${ GROUPNAME } ${ CONFIGPATH } || exit 7

Memory consumption

Duplicacy can be fairly memory hungry on large datasets. To mitigate this somewhat we set DUPLICACY_ATTRIBUTE_THRESHOLD=1 to prevent it from caching metadata in memory and we adjust oom tolerance for the service to reduce the chances for the child process to get killed.

ARM devices

I haven’t tested it on ARM devices due to lack of access to hardware.

The script