Exactly what data will be in the clear and thus at risk?
I ask because I’ve had a pig of a time trying (and failing) 
to get TLS working with IIS 8 on server 2012r2, then again I’m not much of an admin, just a hobbyist the documentation gives no guidance for IIS other webservers seem to be assumed.
Urbackup provides it s own encryption that you can enable and doesnt works via http.
The most dangerous is being able to get the admin password when you login via the web gui.
Maybe try to set up a firewall filtering on some ip range to fix that.
I think having the login be done over https should be a priority.
I tend to agree, however, I think it’ll take someone with a greater skillset than me to figure out getting TLS working with IIS 
I guess I could throw Apache at it, but I greatly dislike maintaining Apache on Windows, on Debian apt-get update && apt-get upgrade gets you all the latest security patches, IIS gets them every 2nd Tuesday. On windows with Apache you have to constantly check for updates manually… Then when you run the installer, you find things have altered which break your config 
been there, done that!
If anyone knows how to make UrBackup play nice with IIS 8 I’m all ears though 
Hi,
Is your server already in production use? I wouldn’t mind taking a look at it, just for the fun of it.
But I don’t really have time to set up my own test server just to try this 
(I have everything on Linux).
But I’ve had a few occasions where I used IIS as a reverse proxy.
I would of course write everything down for future reference.
regards,
Stijn
P.S.: What time zone are you in? And do you have Skype?