I am getting flagged in our security scans because UrBackup creates its own self-signed SSL certificate. Is it possible to replace this certificate with our own signed certificate? If so, is this documented anywhere? If I replace the certificate, will all the clients receive new public keys automatically? I would like to think so.
I can’t make heads or tails of how to do this natively with UrBackup. I followed a tutorial for windows to use IIS as a reverse proxy on the same box as UrBackup that will accept the https connection on the typical port (443) and middle man it to the UrBackup interface. I then made firewall rules so that the unecnrypted UrBackup interface is not available for access.
I find this easier because of how I manage SSL certs to begin with. Trying to automate the cert renewals ever 90 days with Urbackup natively would be difficult for me.
Just to clarify: Were you able to get it working with the reverse proxy?
Yes. Install IIS with the URL Rewrite Role Service on the same box as UrBackup. You will also need to install application request routing: Application Request Routing : The Official Microsoft IIS Site.
Configure your website bindings in IIS to listen on 443 and the appropriate corresponding certificate.
Then create a Reverse proxy URL rewrite rule and make it like this:
The “Rewrite URL” should be that of urbackup web interface
Lastly create a firewall rule that restricts access to TCP55414 to only allow in traffic from the local IP address of the UrBackup server. This means that the local IIS webserver can forward traffic to it, but no other device can reach that port.
If you use linux my post helps you.
But there I use self sign ssl cert. You can use let’s encrypt ssl cert.
If you use windows you can install nginx to windows and configure it by this instruction.