Easy Self Host Icon

Kopia: An Automatic Backup Solution for Your Self-Hosted App Data or Documents

Video

Transcript

Hello this is channel Easy Self Host. In this video we are going to run Kopia, an automatic

backup application that can help you backup your data and especially your self-hosted application data

Kopia supports scheduling and running script before and after the backup which make it very easy

to deal with the data of a running application. It also supports cloud storage system out of the

box. Here I'm going to show you how to regularly backup a vaultwarden server with Kopia and it

applies to other applications or simply directories. Now let's get started to set up our Kopia server.

We're going to run Kopia as a Docker service and give it access to all the data we want to backup.

Here at the beginning we are still including the docker network we set up for our proxy server

because Kopia has a web UI to configure the backup. In the volume section we first need a

config volume to store Kopia configs. Next we're going to include the docker volumes we want to

backup. I'm storing my vaultwarden data in a docker volume so I just include it as an external volume

here in Kopia. If you store your application data directly on the host file system you don't need to

include any volumes here. For the Kopia service we are using the official Kopia docker image.

We are exposing the port 80 for the Kopia web UI and we connect to the proxy network so we can

access the web UI through our proxy server. Then we need to set up the commands for the Kopia server.

We need to do this because Kopia is more than a server application. It can just be used as a command

line application but we want to use it as a server here. Among the arguments we set up the server to

listen on port 80 on all the IP addresses. The port should be the same port we exposed.

We also need to set up the server username and the server password for logging. The password

parameter is for an existing backup repository that you can skip here. For the volume section

we first need to mount the config volume to the config directory. Next we are mounting a script

in the same directory to our container. The script can start and stop other docker containers. This is

useful because when we are backing up an application we want it to be stopped so the data is settled.

The script will send start or stop requests to the docker socket so we are also going to

mount the docker socket in the host to the container. Then we are going to mount the

docker volume or the path we want to backup to the container. Here I'm mounting it to a directory

under /backup. We also need to update our proxy configuration. I'm using caddy so I add a

caddy rule to map the domain kopia.home.easyselfhost.com to a kopia service. After this let's go to the

server command line and go to the directory that has the kopia docker compose file. From here we

run docker compose up -d to start the service. We also need to refresh our proxy rule. For me I'll

just restart the caddy server. Also my vaultwarden server is already running. Now we can go to the

domain for our kopia server and then we enter our server username and server password. Then we are

in the kopia web UI and setting up our backup repository. The repository is a place we want to

store our backup data. We can store our data in other directories, network share or many kinds of

cloud storage systems. Here I'm going to choose the classic amazon s3 and I'm going to quickly set up

an s3 bucket in the AWS console. We'll also create a cloud credentials for kopia to access the bucket.

You can skip this part if you already have a storage system for backup or you know how to set

up one. In the AWS console we can go straight to the s3 and here we click Create Bucket.

In the bucket setup page the first thing we need to do is to give the bucket an unique name.

We can leave the rest of the settings as default and then we can click Create Bucket.

So now we have a bucket and we also need credentials for kopia to access this bucket

and we're going to create an IAM user for that. So let's go to the IAM dashboard and under the

users tab we click create user. Here you can specify any username you want and then we need

to create an user group for our user to have access to our s3 bucket. Here in the permission policies

we can search s3 and select AmazonS3FullAccess. Remember to select this user group and then go to

the next step. After the user is created let's go to the user detail and then click create access

key. Here you can select third-party service and click next. Now we have the access key and the

secret access key for kopia to access the bucket and we can copy them to the corresponding field

in kopia and let's also fill in the bucket name and the server endpoint and now we can click next

to create our repository. And then you also need to set up a very safe repository password to encrypt

your data. After the repository is set up we can now set up our backup. We are going to backup the

vaultwarden server data which is the passwords we set. Then we click new snapshot. Here we enter the

path of the vaultwarden data. We can click estimate to see how much data we have. Then we have all

these configurations for our backup strategies like you can customize the retention policies.

I'm going to leave that as a default and instead configure the scheduling. We can type the time of

the day we want to backup our data and then you can preview the upcoming backup time. I didn't get

my time zone right so here I can spot the difference. You can configure the time zone for the container

to make this consistent. Then I'll configure the snapshot action to stop the container before backup

and start the configure after the backup. We can run our script like this to stop the vaultwarden

container and the same is for starting the container after the snapshot and then we are

good to go. And we can click snapshot now to test run our backup. After a few seconds our backup is

done. And then we can go to the bucket and see there's data written to it. All the data is encrypted

so you cannot see any file structure. Now we know how to configure and do the backup and we also need

to know how to restore our data. To do that let's create a directory on our server to explore the

backup data and we also need to mount this directory to the Kopia container and then rerun

the docker compose. In the backup export directory let's also create a directory specifically for

vaultwarden. In the Kopia web ui we click the vaultwarden path and click the backup we want

to restore. Here we can see all the files for vault warden and here let's click restore files

and directories. Here we specify the export directory we set up in the container and then

click begin restore. Now we can go to the server command line again and check if the restore files

are in place in our directory and here are the files we restore from the cloud. That's all for

this video. Please consider subscribing for content like this. You can find the configuration files in

this video on github and the link is in description below. Thank you for watching.

Resources