Kopia: An Automatic Backup Solution for Your Self-Hosted App Data or Documents
Video
Transcript
Hello this is channel Easy Self Host. In this video we are going to run Kopia, an automatic
backup application that can help you backup your data and especially your self-hosted application data
Kopia supports scheduling and running script before and after the backup which make it very easy
to deal with the data of a running application. It also supports cloud storage system out of the
box. Here I'm going to show you how to regularly backup a vaultwarden server with Kopia and it
applies to other applications or simply directories. Now let's get started to set up our Kopia server.
We're going to run Kopia as a Docker service and give it access to all the data we want to backup.
Here at the beginning we are still including the docker network we set up for our proxy server
because Kopia has a web UI to configure the backup. In the volume section we first need a
config volume to store Kopia configs. Next we're going to include the docker volumes we want to
backup. I'm storing my vaultwarden data in a docker volume so I just include it as an external volume
here in Kopia. If you store your application data directly on the host file system you don't need to
include any volumes here. For the Kopia service we are using the official Kopia docker image.
We are exposing the port 80 for the Kopia web UI and we connect to the proxy network so we can
access the web UI through our proxy server. Then we need to set up the commands for the Kopia server.
We need to do this because Kopia is more than a server application. It can just be used as a command
line application but we want to use it as a server here. Among the arguments we set up the server to
listen on port 80 on all the IP addresses. The port should be the same port we exposed.
We also need to set up the server username and the server password for logging. The password
parameter is for an existing backup repository that you can skip here. For the volume section
we first need to mount the config volume to the config directory. Next we are mounting a script
in the same directory to our container. The script can start and stop other docker containers. This is
useful because when we are backing up an application we want it to be stopped so the data is settled.
The script will send start or stop requests to the docker socket so we are also going to
mount the docker socket in the host to the container. Then we are going to mount the
docker volume or the path we want to backup to the container. Here I'm mounting it to a directory
under /backup. We also need to update our proxy configuration. I'm using caddy so I add a
caddy rule to map the domain kopia.home.easyselfhost.com to a kopia service. After this let's go to the
server command line and go to the directory that has the kopia docker compose file. From here we
run docker compose up -d to start the service. We also need to refresh our proxy rule. For me I'll
just restart the caddy server. Also my vaultwarden server is already running. Now we can go to the
domain for our kopia server and then we enter our server username and server password. Then we are
in the kopia web UI and setting up our backup repository. The repository is a place we want to
store our backup data. We can store our data in other directories, network share or many kinds of
cloud storage systems. Here I'm going to choose the classic amazon s3 and I'm going to quickly set up
an s3 bucket in the AWS console. We'll also create a cloud credentials for kopia to access the bucket.
You can skip this part if you already have a storage system for backup or you know how to set
up one. In the AWS console we can go straight to the s3 and here we click Create Bucket.
In the bucket setup page the first thing we need to do is to give the bucket an unique name.
We can leave the rest of the settings as default and then we can click Create Bucket.
So now we have a bucket and we also need credentials for kopia to access this bucket
and we're going to create an IAM user for that. So let's go to the IAM dashboard and under the
users tab we click create user. Here you can specify any username you want and then we need
to create an user group for our user to have access to our s3 bucket. Here in the permission policies
we can search s3 and select AmazonS3FullAccess. Remember to select this user group and then go to
the next step. After the user is created let's go to the user detail and then click create access
key. Here you can select third-party service and click next. Now we have the access key and the
secret access key for kopia to access the bucket and we can copy them to the corresponding field
in kopia and let's also fill in the bucket name and the server endpoint and now we can click next
to create our repository. And then you also need to set up a very safe repository password to encrypt
your data. After the repository is set up we can now set up our backup. We are going to backup the
vaultwarden server data which is the passwords we set. Then we click new snapshot. Here we enter the
path of the vaultwarden data. We can click estimate to see how much data we have. Then we have all
these configurations for our backup strategies like you can customize the retention policies.
I'm going to leave that as a default and instead configure the scheduling. We can type the time of
the day we want to backup our data and then you can preview the upcoming backup time. I didn't get
my time zone right so here I can spot the difference. You can configure the time zone for the container
to make this consistent. Then I'll configure the snapshot action to stop the container before backup
and start the configure after the backup. We can run our script like this to stop the vaultwarden
container and the same is for starting the container after the snapshot and then we are
good to go. And we can click snapshot now to test run our backup. After a few seconds our backup is
done. And then we can go to the bucket and see there's data written to it. All the data is encrypted
so you cannot see any file structure. Now we know how to configure and do the backup and we also need
to know how to restore our data. To do that let's create a directory on our server to explore the
backup data and we also need to mount this directory to the Kopia container and then rerun
the docker compose. In the backup export directory let's also create a directory specifically for
vaultwarden. In the Kopia web ui we click the vaultwarden path and click the backup we want
to restore. Here we can see all the files for vault warden and here let's click restore files
and directories. Here we specify the export directory we set up in the container and then
click begin restore. Now we can go to the server command line again and check if the restore files
are in place in our directory and here are the files we restore from the cloud. That's all for
this video. Please consider subscribing for content like this. You can find the configuration files in
this video on github and the link is in description below. Thank you for watching.