I’m trying to understand the line-of-thinking with Kopia.
See also attached image:
The client (i.e. logos) is an Ubuntu server with IP 192.168.139.250.
The backup server (i.e. kopia) is a Debian LXC container with IP 192.168.139.155.
The backup store is a local disk and mounted as /mnt/bu-test.
Client and server have Kopia installed on the machine itself (i.e. no Docker container).
For the time being I would like to use insecure transfers.
What are the bare minimum config steps and settings on both sites for getting these daily snapshots going?
For nitty gritty details of kopia server/client configuration I recommend you read (or watch:)) posts created recently by @compumatter - plenty of hints and clarifications for things sometimes not well documented in official docs.
I have created the local repository with: kopia repository create filesystem --path=/mnt/bu-test --enable-actions
I have also created the following repository users:
# kopia server user list
admin@kopia
will@kopia
will@logos
will@morpheus
will@pandora
I then started the server with: kopia server start --address 0.0.0.0:80 --insecure
And when I try to connect via a browser I’m asked for username and password.
Which ends in: UI Access denied. See https://github.com/kopia/kopia/issues/880#issuecomment-798421751 for more information.
What am I missing?
=====
@compumatter has post where the server is started with:
/usr/bin/kopia server start
--address=http://0.0.0.0:${web_port}
--log-file=${log_file}
--config-file=${config_file}
-p ${password}
--tls-cert-file=/etc/letsencrypt/live/${server_domain}/fullchain.pem
--tls-key-file=/etc/letsencrypt/live/${server_domain}/privkey.pem
--server-username=${web_gui_username}
--server-password=${web_gui_password}
--description='{$backup_description}'
# unsure about these two
--server-control-username='${server_control_username}'
--server-control-password='${server_control_password}'
But this seems to be with lots of variables? Where are they coming from?
And also: why 2 usernames and 3 passwords? What is the purpose of all these?
With regards to --config-file - I guess this is the config file with the repositories and usernames?
First of all: thank you for the support until now.
The server is starting as expected with: kopia server start --address 0.0.0.0:80 --insecure --server-username=admin –server-password='<password>' –server-control-user=admin --server-control-password='<password>'
With this I get the webui.
Now the client-side - this is not working as expected:
kopia repository connect server --url=http://bu-test.tech.itv.lan --override-username will
Connecting to server 'http://bu-test.tech.itv.lan' as 'will@logos'...
Enter password to open repository:
Ends with:
ERROR failed to open repository: invalid server address, must be 'https://host:port' or 'unix+https://<path>
ERROR error connecting to API server: invalid server address, must be 'https://host:port' or 'unix+https://<path>
It doesn’t mater if I add :80 at the end of the url.
No idea. This is somebody’s else example. If you want replace them with values or also pass variables either as script parameters or environment variables.
For example in general it is not good idea to hardcode passwords in your script. It is much better to use variables and pass values from your OS key chain or password manager.
One other thing related to setting things up with Docker-CLI:
It looks like all Kopia-CLI parameters are passed with the Docker run command?
Anything to be aware of when running things via a Docker container?
The idea is to use the Proxmox LCX container for the Kopia server.
This reduces the complexity somewhat when working with volumes and certificates.
On the Kopia client site (at least for the Linux servers) I would like to use the Docker container.
This reduces potential conflicts with the host-OS and other containers/applications.
I’m not sure about Windows - Scoop seems to be fairly heavy as it contains different code layers like NodeJS and Python. Is the GUI also relying on these code layers?
Any time you see me using ${web_gui_username} in scripts it means I have a file somewhere that is storing web_gui_username=myuser and other values and pulling them in before running this command. For instance in bash I might use “source /my/variables/file.txt” or if I was creating a systemd server I would use “EnvironmentFile= /my/variables/file.txt”. In both of those cases the variables would be available in the way you see me using them. In this case I do not have to display my “real values” when asking for support in these forums