I have scoured the Internet and all documentation and I as well cannot find the answer to this question. If you do answer, please answer it for a 7 year old because I want to be sure I understand it
I start my kopia server using these parameters
/usr/bin/kopia server start
--address=http://0.0.0.0:${web_port}
--log-file=${log_file}
--config-file=${config_file}
-p ${password}
--tls-cert-file=/etc/letsencrypt/live/${server_domain}/fullchain.pem
--tls-key-file=/etc/letsencrypt/live/${server_domain}/privkey.pem
--server-username=${web_gui_username}
--server-password=${web_gui_password}
--description='{$backup_description}'
# unsure about these two
--server-control-username='${server_control_username}'
--server-control-password='${server_control_password}'
I add a user to kopia using these configs
kopia server user add frank@desktop-gba321
--log-file=${log_file}
--config-file=${config_file}
--user-password=${user_password}
--password=${password}
It responds with: Updated user credentials will take effect in 5-10 minutes or when the server is restarted. To refresh credentials in a running server use ‘kopia server refresh’ command.
Research on kopia server refresh indicates the request to refresh the server should look like this:
kopia server refresh
# where xxxx is the port number
--address=${address}:xxxx
--log-file=${log_file}
--config-file=${config_file}
--server-cert-fingerprint=${server_fingerprint}
--server-control-username=${server_control_username}
--server-control-password=${server_control_password}
--server-username=${web_gui_username}
--server-password=${web_gui_password}
My request fails with a ERROR 400 Bad Request. So I am left to assume I am setting those values in the wrong way.
I know there are other commands including kopia server status … which require the use of --server-control-username and --server-control-password.
I have found countless posts of people trying to scrape together and understanding of where exactly these credentials --server-control-username and --server-control-password are initially set and how to properly use them in examples like server refresh and server status.
Can someone provide me and the Kopia community clear answers to:
what options are available to us for setting these two --server-control-x values
how can we test to know that they are set and reply / confirm showing us our values
I have been stuck on this one for a few days and my searches reveal this is a common missing piece of knowledge for the community as a whole.
Do not use --server-username and --server-password for status and refresh but only --server-control-username and --server-control-password. The --server-username is for accessing the WebUI and --server-control-username is for accessing the control API.
kopia server refresh
# where xxxx is the port number
--address=${address}:xxxx
--log-file=${log_file}
--config-file=${config_file}
--server-cert-fingerprint=${server_fingerprint}
--server-control-username=${server_control_username}
--server-control-password=${server_control_password}
I think the problem is that you use a HTTP address instead of HTTPS. You started the server with a certificate so kopia seems to expect a HTTPS connection.
I recreated this on my server with starting kopia with a certificate and then checked the status via HTTP. The result was ERROR 400 Bad Request. When I changed from HTTP to HTTPS it gave me the propper result.
Thank you for your suggestion. I wonder if it matters that I am using my webui via an NGINX reverse proxy… Though I have also tried using https://127.0.0.1:9425 and also https://domainname:9425 with no success.
Unfortunately for me it just provides a different error. kopia server refresh --file-log-level=debug --log-level=debug --address=https://127.0.0.1:9425 --config-file=/SM_DATA/sm_backups/kopia/configs/internal.config --server-cert-fingerprint=A2F5723E8E3373BD47SDFASDF33WS3234F3E35CD0CB1A0D43F357903 --server-control-username=server --server-control-password=abc123 --log-file=logmehere.txt
ERROR 401 Unauthorized
The server-control-username and server-control-password I am setting as system wide environment variables in /etc/environment
No, I have written a shell script and read the variables from a file and then set them directly in the command line with --server-control-username= and --server-control-password=
For the server I use a systemd service file and use the same file with the variables as EnvironmentFile so I am sure that all the parameters are identical.
The file /etc/environment is not read by systemd. systemd creates a clean start environment with a minimum of environment variables. You have to set the environment variables explicitly in systemd either directly in the service file or read them from a file using EnvironmentFile.
I had experimented with that but without results so I switched to /etc/environment to see if it perhaps worked. However, since this works for you I’m going back to that.
I’ve created a video for you that you’ll hopefully be able to look at. It demonstrates clearly what my settings are and where I got them from. I step through my process in real time.
If you are able to give it a look I look forward to hearing your thoughts on it.
