How to get started

Team,

I’m trying to understand the line-of-thinking with Kopia.

See also attached image:
The client (i.e. logos) is an Ubuntu server with IP 192.168.139.250.
The backup server (i.e. kopia) is a Debian LXC container with IP 192.168.139.155.
The backup store is a local disk and mounted as /mnt/bu-test.

Client and server have Kopia installed on the machine itself (i.e. no Docker container).

For the time being I would like to use insecure transfers.

What are the bare minimum config steps and settings on both sites for getting these daily snapshots going?

In a nutshell:

On kopia machine:

1. Create and configure local (/mnt/bu-test) repository
2. Start kopia server

On logos machine:

1. connect to remote repository (kopia server)
2. start backing up your data (create snapshots)

Good two above points summary is here.

For nitty gritty details of kopia server/client configuration I recommend you read (or watch:)) posts created recently by @compumatter - plenty of hints and clarifications for things sometimes not well documented in official docs.

I have created the local repository with:
kopia repository create filesystem --path=/mnt/bu-test --enable-actions

I have also created the following repository users:

# kopia server user list
admin@kopia
will@kopia
will@logos
will@morpheus
will@pandora

I then started the server with:
kopia server start --address 0.0.0.0:80 --insecure

And when I try to connect via a browser I’m asked for username and password.
Which ends in:
UI Access denied. See https://github.com/kopia/kopia/issues/880#issuecomment-798421751 for more information.

What am I missing?

=====

@compumatter has post where the server is started with:

/usr/bin/kopia server start 
	--address=http://0.0.0.0:${web_port} 
	--log-file=${log_file} 
	--config-file=${config_file} 
	-p ${password} 
	--tls-cert-file=/etc/letsencrypt/live/${server_domain}/fullchain.pem 
	--tls-key-file=/etc/letsencrypt/live/${server_domain}/privkey.pem 
	--server-username=${web_gui_username} 
	--server-password=${web_gui_password} 
	--description='{$backup_description}' 
	# unsure about these two 
	--server-control-username='${server_control_username}' 
	--server-control-password='${server_control_password}'

But this seems to be with lots of variables? Where are they coming from?
And also: why 2 usernames and 3 passwords? What is the purpose of all these?

With regards to --config-file - I guess this is the config file with the repositories and usernames?

These define web gui access server credentials.

and these are for remote server operations e.g. refresh etc.

Check docs:

First of all: thank you for the support until now.

The server is starting as expected with:
kopia server start --address 0.0.0.0:80 --insecure --server-username=admin –server-password='<password>' –server-control-user=admin --server-control-password='<password>'

With this I get the webui.

Now the client-side - this is not working as expected:

kopia repository connect server --url=http://bu-test.tech.itv.lan --override-username will
Connecting to server 'http://bu-test.tech.itv.lan' as 'will@logos'...
Enter password to open repository:

Ends with:

ERROR failed to open repository: invalid server address, must be 'https://host:port' or 'unix+https://<path>
ERROR error connecting to API server: invalid server address, must be 'https://host:port' or 'unix+https://<path>

It doesn’t mater if I add :80 at the end of the url.

The webui is still responding as expected.

Any suggestions?

well…

Documentation does not explain it unfortunately… --insecure flag is for UI only and can be used when you use proxy etc.

kopia clients have to use https. It is impossible to disable it as under the hood it uses GRPC which makes https mandatory.

kopia can generate certs when you start server first time - so it is relatively easy to start with. Check server docs.

And read:

as you will need fingerprint to connect

With these 2 as an example:

--log-file='${log_file}'
--config-file='${config_file}'

This looks like a way of adding variables into the play.
Where are they coming from? And how are they filled?

No idea. This is somebody’s else example. If you want replace them with values or also pass variables either as script parameters or environment variables.

For example in general it is not good idea to hardcode passwords in your script. It is much better to use variables and pass values from your OS key chain or password manager.

BTW It has nothing to do with kopia itself:)

I agree - especially about the passwords.

One other thing related to setting things up with Docker-CLI:
It looks like all Kopia-CLI parameters are passed with the Docker run command?
Anything to be aware of when running things via a Docker container?

The idea is to use the Proxmox LCX container for the Kopia server.
This reduces the complexity somewhat when working with volumes and certificates.

On the Kopia client site (at least for the Linux servers) I would like to use the Docker container.
This reduces potential conflicts with the host-OS and other containers/applications.

I’m not sure about Windows - Scoop seems to be fairly heavy as it contains different code layers like NodeJS and Python. Is the GUI also relying on these code layers?

Anything else worth mentioning on all the above?

I do not use Docker and do not understand really why to use it adding extra level of complexity it unless you deploy something to 100s of machines…

Hopefully some other forum members can provide some Docker related wisdom.

Any time you see me using ${web_gui_username} in scripts it means I have a file somewhere that is storing web_gui_username=myuser and other values and pulling them in before running this command. For instance in bash I might use “source /my/variables/file.txt” or if I was creating a systemd server I would use “EnvironmentFile= /my/variables/file.txt”. In both of those cases the variables would be available in the way you see me using them. In this case I do not have to display my “real values” when asking for support in these forums