I have managed to set up a Kopia Server and a Kopia client. I am using Kopia version 0.23.0 in a Docker container, both on the client and on the server.
On the client, I can connect to the server with “kopia repository connect server”, and I can issue commands like “kopia repository status”.
I am starting the Kopia server without setting KOPIA_SERVER_CONTROL_PASSWORD, and without using command-line arguments --server-control-username and --server-control-password. Will the control API be available anyway with a default username and password? Or will it be disabled?
Commands “kopia server status” and “kopia server refresh” can take both “–server-password” and “–server-control-password”, in addition to “–address”. I am guessing that, by specifying those arguments, these commands operate independently of the current repository connection.
However, command “kopia server status --address=xxx --server-username=xxx etc.” fails on the client:
unable to list sources: 403 Forbidden: access is denied
That is even though I am using the same URL, username and password as in the “kopia repository connect server” command.
What ACL should I grant that user in the Kopia Server so that such a command works? The ACL type can be ‘snapshot’, ‘policy’, ‘user’ and ‘acl’, but there nothing like ‘server’ for a ‘status’ or a ‘refresh’ operation.
Why can “kopia server status” and “kopia server refresh” take both “–server-password” and “–server-control-password”? Can you do these operations with both a user account and the server control/API account? Does it make any difference?