๐Ÿบzoy.sh๐Ÿ“™

Kopia backup server

1059 words, 6 min read
Created & updated
๐ŸŒŸ Code ย  ๐Ÿ“„ Raw.md ย  ๐Ÿ—“๏ธ History

โ”€โ”€โ”€ โ– โ”€โ”€ โœฆ โ”€โ”€ โ– โ”€โ”€โ”€

Warning

All credentials and IPs in this guide must be changed before you deploy it yourself, theyโ€™re only written out for demonstration purposes! Also you might want to change stuff like ports, mount points and the timezone.

This guide is about how to set up a Kopia repository server with docker and connect Kopia instances on other PCs to it. This way we can take snapshots of folders on different PCs and save them in a central place.
Most configuration steps of this guide are done via the containers WebUI but some things (like adding new users) require the command line.

My usecase

I have set up a dockerized Kopia repository server on my Synology NAS, which doesnโ€™t create new snapshots himself but only accept remote ones. On my NAS I created a shared folder โ€œbackupsโ€ as a place for Kopia and other tools to deposit their data. Inside this folder I created a folder called โ€œkopiaโ€ with various subfolders (due to limitations of Docker on Synology these folders have to be created in the DSM WebUI or via SSH before running the docker stack):

volume1
 โ””โ”€โ”€ backups
     โ””โ”€โ”€ kopia
         โ”œโ”€โ”€ config
         โ”œโ”€โ”€ cache
         โ”œโ”€โ”€ logs
         โ”œโ”€โ”€ cert
         โ””โ”€โ”€ repository

Now we create our โ€œdocker-compose.yamlโ€ (I use Portainer or dockge for this):

repository server docker-compose.yaml
version: '3.7'
services:
  kopia-server:
    image: kopia/kopia:latest
    hostname: repositoryserver
    container_name: kopia-server
    restart: unless-stopped
    ports:
      - 51515:51515
    command:
      - server
      - start
      - --tls-generate-cert
      - --tls-cert-file=/app/cert/my.cert
      - --tls-key-file=/app/cert/my.key
      - --address=0.0.0.0:51515
      - --server-username=kopiagui
      - --server-password=jz9x5y3zftnyo2zt
    environment:
      KOPIA_PASSWORD: "yqxwbdjgmqkrj2t2"
      TZ: Europe/Berlin
    volumes:
      - /volume1/backups/kopia/config:/app/config
      - /volume1/backups/kopia/cache:/app/cache
      - /volume1/backups/kopia/logs:/app/logs
      - /volume1/backups/kopia/cert:/app/cert
      - /volume1/backups/kopia/repository:/repository

Right after (successfully) starting the container we inspect its logs, where we watch for a line similar to this (and note it down):

SERVER CERT SHA256: 321a09df468f2fd7a7cb198a2aa195015014ae839409f5ca32718e34bd31e09c

Then we stop the container, remove the line - --tls-generate-cert from the compose file (otherwise he will fail to start) and redeploy it.

Create new repository on NAS

Now we can configure the repository server via its WebUI at https://[Synology-IP]:51515 (note: https), username โ€œkopiaguiโ€ and password โ€œjz9x5y3zftnyo2ztโ€ (or other values, see your compose file).

  • โ€œSelect Storage Typeโ€ โ†’ โ€œLocal Directory or NASโ€ โ†’ โ€œ/repositoryโ€ โ†’ Next
  • Enter the Repository PW (use the value โ€œKOPIA_PASSWORDโ€ from your compose file, here: โ€œyqxwbdjgmqkrj2t2โ€)
    Only after being manually configured once the value from the compose file is used for the configured repository.
  • (optional) Advanced Options โ†’ Error Correction Overhead โ†’ 1%
  • โ€œCreate Repositoryโ€

We can also set global policies, some also define defaults for backups from other PCs. Set them at โ€œPoliciesโ€ โ†’ โ€œEditโ€. For now I only changed this (to reduce the required storage space):

  • Compression โ†’ Compression Algorithm โ†’ Defined โ†’ zstd

Setup on another PC

One big advantage of having a central repository server is the ability to isolate backups from different endpoints. To utilize this we need to create a new user for each PC we want to back up from (it is possible to use the same credentials for more than one endpoint, too). We need to enter the kopia-server container, via Portainer or through the shell of the Synology NAS (docker exec -it kopia-server sh). Here we add a new user with

kopia server user add user@host

โ€œuserโ€ and โ€œhostโ€ should of course be changed, but โ€œuserโ€ without โ€œ@hostโ€ is not sufficient. You also need to provide a password. For this guide letโ€™s assume the login โ€œuser2@remotehostโ€ & password โ€œ12345678โ€.

With Docker

Letโ€™s assume we want to snapshot some files on a remote PC (โ€œtestvmโ€ in our example) using a Kopia container, but of course we want to save the backups in our repository server.

For this example we store the config files for our โ€œtestvmโ€ Kopia container at subdirectories of /root/kopia_config, the important data we want to back up is located at /root/important-data (mounted read-only to the container) and we mount /root/restore into the container at /restore to have a location (besides the WebUI) to retrieve our restored files.

Important: set โ€œKOPIA_PASSWORDโ€ to the password of our newly created user, here: โ€œ12345678โ€.

testvm docker-compose.yaml
version: '3.7'
services:
  kopia:
    image: kopia/kopia:latest
    hostname: testvm
    container_name: kopia
    restart: unless-stopped
    ports:
      - 51515:51515
    command:
      - server
      - start
      - --disable-csrf-token-checks
      - --insecure
      - --address=0.0.0.0:51515
      - --server-username=kopiagui
      - --server-password=gfmh7qevukqnur58
    environment:
      TZ: Europe/Berlin
      KOPIA_PASSWORD: "12345678"
    volumes:
      - /root/kopia_config/config:/app/config
      - /root/kopia_config/cache:/app/cache
      - /root/kopia_config/logs:/app/logs
      - /root/important-data:/data:ro
      - /root/restore:/restore

Note that this configuration is less secure than our repository server setup (no HTTPS, for example), but it is way easier this way.

Now we can configure the repository server on our NAS to be our snapshot target. Open the Kopia WebUI of โ€œtestvmโ€ at http://[testvm-IP]:51515 (note: http), username โ€œkopiaguiโ€ and password โ€œgfmh7qevukqnur58โ€ (or other values, see the โ€œtestvmโ€ compose file).

โ†’ Select Storage Type โ†’ Kopia Repository Server

Set the โ€œServer addressโ€ to the IP of your Synology NAS (I use Tailscale on both the NAS and the local PC) with the correct port (example here: โ€œhttps://100.95.65.71:51515โ€). We also need to add the repository serverโ€™s fingerprint, which we noted from the containerโ€™s log after its first start (example here: โ€œ321a09df468f2fd7a7cb198a2aa195015014ae839409f5ca32718e34bd31e09cโ€).
Here we also have to insert our credentials (login โ€œuser2@remotehostโ€ & password โ€œ12345678โ€), the login can be changed from its default value in the Advanced View below.

Now we can create our first snapshot:

  • Snapshots โ†’ New Snapshot โ†’ โ€œ/dataโ€

More information about snapshot options needed, like ignore patterns!

Restoring files

More information needed!

Since we mounted /root/restore into the container at /restore writeable we can restore files there and manually move or compare them to /root/important-data.

Possible: remove โ€œ:roโ€ from โ€œ/root/important-data:/data:roโ€, restore at โ€œ/dataโ€ and select โ€œOverwrite Filesโ€ & โ€œOverwrite Directoriesโ€ โ†’ restore at original place (but overwrite new changes, since apparently no partial restore through the WebUI is possible, beside downloading single files โ†’ maybe through cli commands?).

Drawback of Docker approach: โ€œMount as Local Filesystemโ€ does not work!

With binary

untested, might have advantages over docker approach

Kopia command line refference

โ†’ https://kopia.io/docs/reference/command-line/common/

Inside the kopia-server (repository) container

  • List all snapshots by all users (Source) 
    kopia snapshot list -a
  • Delete snapshots: Best approach (IMHO) โ†’ delete through WebUI of PC where the snapshot was created.

Resources

Some links with additional information:

Steps to improve this guide

  • write consistently โ€˜weโ€™ or โ€˜youโ€™
  • consistently write abc -> def or "abc" -> "def"

โ”€โ”€โ”€ โ– โ”€โ”€ โœฆ โ”€โ”€ โ– โ”€โ”€โ”€

Graph View

Backlinks

  • No backlinks found