ERROR 400 on kopia server shutdown

Hello. I cannot figure out how to use kopia server shutdown gracefully using this command

/usr/bin/kopia server shutdown --address=http://0.0.0.0:$port --log-file=$log_file --config-file=$config_file -p $password --server-username=toast --server-password=abc123

I have attached a video to make clear my problem. I have tried other variations. Just can’t figure out what it’s looking for.

Thanks for weighing in on it. I’m stuck…

I still do not know the solution to this. However, for now I have used a workaround of creating a systemd service which uses kopia server start… so when I want to stop the service I need only run systemctl stop mykopiaservice to halt it. It would still be of value to have the proper solution for using the shutdown command so I may document it and others may also know it.

It took me a while to figure it out. You need to use --server-control-username and --server-control-password instead of --server-username and --server-password.

But in order that this works you have to start the server with --disable-csrf-token-checks --server-control-username=username --server-control-password=password

Here is a systemd service file I wrote for kopia:

[Unit]
After=network.target

[Service]
WorkingDirectory=/root/
EnvironmentFile=/root/.config/kopia/var_file

ExecStart=/usr/bin/kopia server start --address=https://0.0.0.0:51515 --tls-cert-file=/root/kopia.crt --tls-key-file=/root/kopia.key --disable-csrf-token-checks --shutdown-grace-period=5s
ExecStop=/usr/bin/kopia server shutdown --address=https://127.0.0.1:51515 --server-cert-fingerprint=${SERVER_CERT_FINGERPRINT} --server-control-username=${KOPIA_SERVER_CONTROL_USER} --server-control-password=${KOPIA_SERVER_CONTROL_PASSWORD}

[Install]
WantedBy=default.target

The file with the environment variables looks like this:

KOPIA_SERVER_USERNAME=toast
KOPIA_SERVER_PASSWORD=test123

KOPIA_SERVER_CONTROL_USER=server-control
KOPIA_SERVER_CONTROL_PASSWORD=test456

SERVER_CERT_FINGERPRINT=15d48640afbdce495b012a71e4b5f294d6a944f9fc9c59ee485dc84655a6f846

Thanks for the reply. I’m being told --disable-csrf-token-checks is a no go so I’ve got to find another method

–disable-csrf-token-checks does not seem to be necessary. I tried it out and it is probably unnecessary. The commands also work without this parameter.

My corrected systemd service file now looks like this:

[Unit]
After=network.target

[Service]
WorkingDirectory=/root/
EnvironmentFile=/root/.config/kopia/var_file

ExecStart=/usr/bin/kopia server start --address=https://0.0.0.0:51515 --tls-cert-file=/root/kopia.crt --tls-key-file=/root/kopia.key --shutdown-grace-period=5s
ExecStop=/usr/bin/kopia server shutdown --address=https://127.0.0.1:51515 --server-cert-fingerprint=${SERVER_CERT_FINGERPRINT} --server-control-username=${KOPIA_SERVER_CONTROL_USER} --server-control-password=${KOPIA_SERVER_CONTROL_PASSWORD}

[Install]
WantedBy=default.target

I have also written two small shell scripts to do status or refresh commands.

#!/bin/bash

source /root/.config/kopia/var_file

kopia server status --address="https://127.0.0.1:51515" --server-control-username=$KOPIA_SERVER_CONTROL_USER --server-control-password=$KOPIA_SERVER_CONTROL_PASSWORD --server-cert-fingerprint=$SERVER_CERT_FINGERPRINT
#!/bin/bash

source /root/.config/kopia/var_file

kopia server refresh --address="https://127.0.0.1:51515" --server-control-username=$KOPIA_SERVER_CONTROL_USER --server-control-password=$KOPIA_SERVER_CONTROL_PASSWORD --server-cert-fingerprint=$SERVER_CERT_FINGERPRINT

I will unify them into a wrapper script when I get round to it.

EDIT: I remember now why I used --disable-csrf-token-checks in my service file. It is required to monitor my backups via Uptime Kuma. With the checks in place Uptime Kuma is not able to access the API.

Thanks for the reply. Still no success getting refresh to work.

What does this file /root/.config/kopia/var_file contribute to your script? Is that where your KOPIA_SERVER_CONTROL_USERNAME, KOPIA_SERVER_CONTROL_PASSWORD and SERVER_CERT_FINGERPRINT vals are being stored? Otherwise if it is the kopia repository config file which is json formated I would not expect the command “source” to work with the bash script.

Your thoughts.

The file /root/.config/kopia/var_file is indeed the file where the vars are stored. I use this file in in my service file a EnvironmentFile and in my bash script as source for those variables

The problem in your case seems that you mix up HTTP and HTTPS. If you start the server with a certficate it expects all requests via HTTPS.