Can't connect to insecure repository server

Am I meant to be able to connect to an insecure repository server?

I’m running the “selfhosters” kopia UnRAID template, which runs a server with --insecure. I’ve also repeated the problem running a test server locally and trying to connect to it.

If I run kopia repository connect server --url="http://<servername>:51515", I get this response:

Connecting to server 'http://<servername>:51515' as 'jorgenman@laptop'...
Enter password to open repository: 

ERROR failed to open repository: invalid server address, must be 'https://host:port'
kopia: error: error connecting to API server: invalid server address, must be 'https://host:port', try --help

On the other hand if I run kopia repository connect server --url="https://<servername>:51515" or kopia repository connect server --url="kopia://<servername>:51515", I get this response:

Connecting to server 'https://<servername>:51515' as 'jorgenman@laptop'...
Enter password to open repository: 

ERROR failed to open repository: unable to establish session for purpose=: error establishing session: Session(): rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake"
kopia: error: error connecting to API server: unable to establish session for purpose=: error establishing session: Session(): rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake", try --help

It says: must be https://host:port
And since you do not have a secure http connection, you get an error if you try to connect over https.
Maybe you can put a reverse proxy like nginx in front of it with a self signed certificate?

Yeah, I get that I can’t connect to an insecure server with https. That’s the point of the question - I’m really asking about the intended use case for insecure mode. Why enable me to run an insecure server if I can’t connect to it?

After thinking about it a bit, I’m realizing that it’s probably meant to run a local server for scheduling local tasks, etc., not to run a repository server that clients can send snapshots to. Part of the problem is that the --insecure flag isn’t documented anywhere (that I could find), so I wasn’t sure I was using it right, or that I understood how it was meant to be used.

--insecure is primarily used for development of the UI and for running UI behind a proxy which provides TLS and/or authentication.

The issue you’re seeing is due to the fact that GRPC (which is used by Repository Server) requires TLS and starting with --insecure does not support it.