I am going through documents and it seems that when using restic server as a repository, you can define a https host.
However I have 2 machines in the local network, one running restic server, and the other running restic. I want to use IP as endpoint to access the rest server, but the server does have a valid tls cert, in this case, is it possible to define the hostname to check cert against?
Thank you!
That’s not supported. Why can’t you use the DNS name of the server?
The server is using the certificate for some public facing web apps, so DNS of the domain points to my router’s public IP. I do not want to expose restic endpoint which is on a different port, and even if I expose the port to enable loopback NAT, it won’t work on router itself. Split DNS can cause other problems that I won’t go into details too. In short, I know there are workarounds, but they also have their problems.
This is a pretty classic problem, one that some application like curl, caddy or Synology’s hyper backup has implemented solutions for: allow users to specify an IP and a hostname/cert at the same time for https endpoint.
Then currently the only option is to use a self-signed certificate for rest-server (see its readme).
Thanks for the suggestion. I have marked your previous answer as solution, because it addressed my question.
But there is no solution for my use case, I have opened a PR on github.
May I suggest an alternative that I use in these cases? It works well, encrypts data and authentication and has additional benefits like the fact that nothing more than the bare restic executable has to be on the exposed client.
Thanks, though I would rather neither backup server or the destination server have access to its counterpart.