Hello Kopia Community,
I’m encountering a persistent issue while trying to access the Web UI for my Kopia server running in Docker. I’ve followed various steps to add a user, but I consistently receive a “UI Access denied” error. I’m hoping someone can provide some guidance.
My Setup:
• Kopia server running in Docker using the kopia/kopia:latest image.
• Deployed using Docker Compose with the following relevant part of my docker-compose.yml:
services:
kopia:
image: kopia/kopia:latest
container_name: kopia
ports:
- “51515:51515”
volumes:
- ./kopia-config:/app/config
- ./kopia-cache:/app/cache
- ./kopia-logs:/app/logs
- /home//docker/kopia/data:/data:ro
- /mnt/kopia_backups:/mnt/kopia_backups
environment:
- PUID=1000
- PGID=1000
- user: “1000:1000”
- command: server start --insecure --address=0.0.0.0:51515 --password “”
Steps I’ve Taken:
-
Accessed the Kopia container’s shell using docker exec -it kopia /bin/sh.
-
Tried adding users using the kopia server users add command with various usernames, including: admin, kopia@local, ui@local, ui@kopia-server, kopia - All attempts required the repository password and seemed to add the user, often with the message: “Updated user credentials will take effect in 5-10 minutes or when the server is restarted.”
-
Restarted the Kopia container after each user addition using docker restart kopia.
-
Tried logging into the Web UI (accessed via https://:51515) with the created usernames and the password “”.
-
Checked the Kopia server logs using docker logs kopia, which showed “failed login attempt” messages for the admin user initially. After adding other users, there were no specific login failure messages for those users, just the “UI Access denied” page in the browser.
-
Tried listing ACLs using kopia server acl list inside the container, which returned an empty list.
-
Attempted to add ACLs for the ui@kopia user (and other variations) with FULL access to type=*, which resulted in the error: ERROR error adding ACL entry: error validating ACL: invalid ‘type’ label, must be one of: acl, content, policy, snapshot, user.
-
Subsequently tried adding ACLs with FULL access to the valid target types (acl, content, policy, snapshot, user) for the ui@kopia user, but still received “UI Access denied”.
The Persistent Issue:
After successfully (it seems) adding a user, I consistently get “UI Access denied” when trying to log in through the web browser. I have referenced GitHub issue #880 (After upgrade to 0.8.0-beta1, unable to access S3 repo via Kopia server · Issue #880 · kopia/kopia · GitHub), which suggests different username formats for UI and repository server accounts, but the kopia server users add command seems to enforce the user@hostname format.
My Questions:
What is the correct way to create a user that can access the Kopia Web UI in the current version?
Are there specific roles or permissions that need to be granted to a user to access the UI? If so, how can these be set?
Is there any specific configuration in the docker-compose.yml or within the Kopia configuration files that I might be missing?
Any help or pointers would be greatly appreciated. I’ve spent a significant amount of time trying to resolve this and am currently stuck.
Thank you!