Kopia is a fast and secure open-source backup/restore tool that allows you to create encrypted snapshots of your data and save the snapshots to remote or cloud storage of your choice, to network-attached storage or server, or locally on your machine.
We use Docker manifest for cross-platform compatibility. More details can be found on Docker's website.
To obtain the appropriate image for your architecture, simply pull ghcr.io/imagegenius/kopia:latest. Alternatively, you can also obtain specific architecture images by using tags.
This image supports the following architectures:
| Architecture | Available | Tag |
|---|---|---|
| x86-64 | ✅ | amd64-<version tag> |
| arm64 | ✅ | arm64v8-<version tag> |
| armhf | ❌ |
The WebUI can be found at http://your-ip:51515. Login with the username and password specified in the USERNAME and PASSWORD variables.
The htpasswd file is automatically generated on startup (if it does not exist) with the specified username/password in the variables.
After this file has been generated, the USERNAME/PASSWORD variables can be removed, and the htpasswd file can be modified with the htpasswd command as desired.
By default, Kopia will be started with the following configuration:
kopia server start \
--insecure \
--disable-csrf-token-checks \
--address=0.0.0.0:51515 \
--htpasswd-file /config/htpasswdThis can be easily overwritten by specifying startup parameters in the CLI_ARGS variable, which will overwrite everything after the kopia command, eg:
CLI_ARGS=
server start \
--disable-csrf-token-checks \
--tls-cert-file=/config/keys/fullchain.pem \
--tls-key-file=/config/keys/privkey.pem \
--address=0.0.0.0:51515 \
--server-username=kopia \
--server-password=kopiaWhen specifying CLI_ARGS, they must be on a single line.
If you have entered invalid CLI_ARGS, Kopia will not start (see the logs if this happens).
Example snippets to start creating a container:
---
services:
kopia:
image: ghcr.io/imagegenius/kopia:latest
container_name: kopia
hostname: kopia
cap_add:
- SYS_ADMIN
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- USERNAME=kopia
- PASSWORD=kopia
- KOPIA_PERSIST_CREDENTIALS_ON_CONNECT=true #optional
- CLI_ARGS= #optional
volumes:
- </path/to/appdata>:/config
- </path/to/source>:/source
- </path/to/uploads>:/cache
- </path/to/local>:/local #optional
ports:
- 51515:51515
devices:
- /dev/fuse:/dev/fuse
restart: unless-stoppedDocker CLI (Click here for more info)
docker run -d \
--name=kopia \
--hostname=kopia \
--cap-add=SYS_ADMIN \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Etc/UTC \
-e USERNAME=kopia \
-e PASSWORD=kopia \
-e KOPIA_PERSIST_CREDENTIALS_ON_CONNECT=true `#optional` \
-e CLI_ARGS= `#optional` \
-p 51515:51515 \
-v </path/to/appdata>:/config \
-v </path/to/source>:/source \
-v </path/to/uploads>:/cache \
-v </path/to/local>:/local `#optional` \
--device /dev/fuse:/dev/fuse \
--restart unless-stopped \
ghcr.io/imagegenius/kopia:latestTo configure the container, pass variables at runtime using the format <external>:<internal>. For instance, -p 8080:80 exposes port 80 inside the container, making it accessible outside the container via the host's IP on port 8080.
| Parameter | Function |
|---|---|
--hostname= |
Set hostname for the container. |
-p 51515 |
WebUI Port |
-e PUID=1000 |
UID for permissions - see below for explanation |
-e PGID=1000 |
GID for permissions - see below for explanation |
-e TZ=Etc/UTC |
Specify a timezone to use, see this list. |
-e USERNAME=kopia |
Specify a username to access the WebUI, this can be removed after first setup |
-e PASSWORD=kopia |
Specify a password to access the WebUI, this can be removed after first setup |
-e KOPIA_PERSIST_CREDENTIALS_ON_CONNECT=true |
Automatically connect to repository |
-e CLI_ARGS= |
Overwrite CLI arguments |
-v /config |
Appdata Path |
-v /source |
Backup Source Path |
-v /cache |
Temporary Uploads Path (Cache) |
-v /local |
Path for local filesystem repositories |
--device /dev/fuse |
Allows fuse mounts to function |
All of our images allow overriding the default umask setting for services started within the containers using the optional -e UMASK=022 option. Note that umask works differently than chmod and subtracts permissions based on its value, not adding. For more information, please refer to the Wikipedia article on umask here.
To avoid permissions issues when using volumes (-v flags) between the host OS and the container, you can specify the user (PUID) and group (PGID). Make sure that the volume directories on the host are owned by the same user you specify, and the issues will disappear.
Example: PUID=1000 and PGID=1000. To find your PUID and PGID, run id user.
$ id username
uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)Most of our images are static, versioned, and require an image update and container recreation to update the app. We do not recommend or support updating apps inside the container. Check the Application Setup section for recommendations for the specific image.
Instructions for updating containers:
- Update all images:
docker-compose pull- or update a single image:
docker-compose pull kopia
- or update a single image:
- Let compose update all containers as necessary:
docker-compose up -d- or update a single container:
docker-compose up -d kopia
- or update a single container:
- You can also remove the old dangling images:
docker image prune
- Update the image:
docker pull ghcr.io/imagegenius/kopia:latest - Stop the running container:
docker stop kopia - Delete the container:
docker rm kopia - Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your
/configfolder and settings will be preserved) - You can also remove the old dangling images:
docker image prune
- 24.03.24: - rebase to alpine edge.
- 22.04.23: - use
htpasswdfile. - 21.04.23: - Add
CLI_ARGSvariable. - 14.04.23: - BREAKING: move cache from /tmp to /cache.
- 11.04.23: - fix run script ('kopia server' to 'kopia server start')
- 28.03.23: - set home in service
- 23.03.23: - add fuse package
- 21.03.23: - Add service checks
- 26.01.23: - Initial release.