Kopia repository server installation doc

samuel · December 28, 2020, 8:34am

Hi,
I managed to have a working backup using Kopia repository server’s feature. I’m on a Debian 9. Here is what I did. If you see something wrong, feel free to comment and/or correct. Once doc is ok, I’ll add it to website

Install kopia on server using the appropriate method
Create a user on the server (kopia)

useradd kopia

Change user’s homedir to a partition with space if your /home doesn’t have enough (could be /opt, /var, etc.)

usermod -d /opt/kopia kopia

Create a kopia_conf dir

cd /opt/kopia
mkdir kopia_conf

Create a storage directory

mkdir datas

Create service (https://forum.frank-mankel.org/topic/848/kopia-http-s-server/3)

vi /etc/systemd/service/kopia.service

[Unit]
Description=Kopia Server
After=syslog.target
After=network.target

[Service]
Type=simple
User=kopia
Group=kopia
ExecStart=/usr/bin/kopia server --htpasswd-file full_path/kopia_conf/kopia_auth --tls-cert-file full_path/kopia_conf/kopia.cert --tls-key-file full_path/kopia_conf/kopia.key --address <server IPv4>:51515
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
# and adjust paths

Configure kopia (Based on this page https://kopia.io/docs/repository-server/)
Create user(s) account(s)

cd kopia_conf
htpasswd -c kopia_auth user1@host1
# !!! (Lowercase client host)

Start server to generate keys

kopia server start --htpasswd-file full_path/kopia_conf/kopia_auth --tls-generate-cert --tls-cert-file full_path/kopia_conf/kopia.cert --tls-key-file full_path/kopia_conf/kopia.key --address <server IPv4>:51515
# !!! Write down the hash SERVER CERT SHA256

Configure repository
Connect to web interface https://<server_ip>:51515 with credentials created earlier
Create a local storage Dir : “datas”
Stop server and start service
Stop server ()
start kopia service

systemctl start kopia.service

Connect with client (kopiaUI)

Start KopiaUI, fill the fields with according informations
enter server address : https://<server_ip>:51515
use SERVER CERT SHA256 generated earlier
use password created earlier
add directories to backup
create snapshots

jkowalski · December 28, 2020, 6:27pm

That’s nice, note you can also use pre-existing trusted TLS certificate files.

For example If you own somedomain.com you can use LetsEncrypt to generate trusted cert and key for kopia.somedomain.com and use that instead of your server IP and since the cert is trusted you won’t need to pass SHA256 at all.

peter · December 8, 2022, 3:47pm

As it took me several tries to setup a kopia server (in my case on a raspberry pi using the nextcloudpi image) and connect to it, here the steps that did work for me:

# create a user to run the kopia server
sudo adduser kopia
sudo usermod -a -G kopia kopia
# it makes life easier if you can access the conf & repo as the default 'pi' user
sudo usermod -a -G kopia pi

# allow access to this port from outside, nextcloudpi uses the universal firewall
sudo ufw allow 51515/tcp comment 'kopia server'

# now some steps as user kopia
sudo su - kopia
mkdir kopia_conf
cd kopia_conf

# this might be no longer necessary, I'm not sure?
htpasswd -c kopia_auth myuser@another-host

# IMPORTANT: You need to connect locally to server's repo before the server is started!
kopia repository connect filesystem --path=.../repo/

# Once connected, you can then add users:
kopia server user add $USER@$HOSTNAME
kopia server user add myuser@another-host

# NOW: at the FIRST server start: generate KEY & write down fingerprint

kopia server start --htpasswd-file /home/kopia/kopia_conf/kopia_auth --tls-generate-cert --tls-cert-file /home/kopia/kopia_conf/kopia.cert --tls-key-file /home/kopia/kopia_conf/kopia.key --address 192.168.178.xx:51515`

# next starts: keep certificate
kopia server start --htpasswd-file /home/kopia/kopia_conf/kopia_auth --tls-cert-file /home/kopia/kopia_conf/kopia.cert --tls-key-file /home/kopia/kopia_conf/kopia.key --address 192.168.178.xx:51515

And to connect from a client, connect to the this nice server from myuser@another-host (added above as user):

kopia repository connect server --url https://192.168.178.xx:51515 --server-cert-fingerprint  <fingerprint-noted-from-above>
kopia snapshot create ...

I plan to improve the documentation and provide a PR, as soon as I have some spare time.

wayland · December 4, 2023, 6:08pm

Do I really need to use tls certificates? I will be connecting over VPN so not sure if it is really necessary to have additional certificates? I remember having issues in the browser when I tried to open the local web page

Topic		Replies	Views
Restore from lan repository from another kopia install Support	2	367	September 7, 2023
How to specify the root dir for kopia server General	14	935	February 17, 2023
Authenticated server user can see all other users' snapshots via web interface Support	2	559	November 19, 2020
Repository Server, multiple users and dedup Support	1	719	September 20, 2021
Containerized Kopia server setup General	49	13445	April 4, 2023

Kopia repository server installation doc

Related Topics