Kopia Backup Tool Installation and Configuration

Kopia is a fast, encrypted backup tool with client-side deduplication, compression, and support for cloud storage backends including S3 and Backblaze B2. Unlike older tools, Kopia offers both a CLI and a GUI, policy-based snapshot scheduling, and maintenance automation — making it suitable for both personal and production Linux server backups.

Prerequisites

  • Ubuntu/Debian or CentOS/Rocky Linux
  • At least 512 MB RAM (more for large repositories)
  • Access to a cloud storage account or local/remote storage

Installing Kopia

# Ubuntu/Debian - APT repository
curl -s https://kopia.io/signing-key | sudo gpg --dearmor -o /usr/share/keyrings/kopia-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/kopia-keyring.gpg] http://packages.kopia.io/apt/ stable main" | \
  sudo tee /etc/apt/sources.list.d/kopia.list
sudo apt-get update
sudo apt-get install -y kopia

# CentOS/Rocky - YUM repository
sudo rpm --import https://kopia.io/signing-key
cat | sudo tee /etc/yum.repos.d/kopia.repo << 'EOF'
[Kopia]
name=Kopia
baseurl=http://packages.kopia.io/rpm/stable/x86_64/
gpgcheck=1
gpgkey=https://kopia.io/signing-key
enabled=1
EOF
sudo dnf install -y kopia

# Or download binary directly
curl -sL https://github.com/kopia/kopia/releases/latest/download/kopia-$(curl -s https://api.github.com/repos/kopia/kopia/releases/latest | grep -o '"tag_name":"[^"]*"' | cut -d'"' -f4 | tr -d v)-linux-x64.tar.gz | \
  tar -xz kopia
sudo mv kopia /usr/local/bin/

# Verify
kopia --version

Repository Setup

A Kopia repository stores all your backups with deduplication across snapshots:

Local Filesystem Repository

# Create repository directory
sudo mkdir -p /backup/kopia-repo

# Connect to a new local repository
kopia repository create filesystem \
  --path /backup/kopia-repo \
  --password "your-repository-password"

# Connect to an existing repository
kopia repository connect filesystem \
  --path /backup/kopia-repo \
  --password "your-repository-password"

# Verify repository
kopia repository status

S3 Repository

# Create an S3-backed repository
kopia repository create s3 \
  --bucket your-s3-bucket \
  --prefix kopia/ \
  --access-key AKIAIOSFODNN7EXAMPLE \
  --secret-access-key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \
  --region us-east-1 \
  --password "your-repository-password"

# Connect to existing S3 repository
kopia repository connect s3 \
  --bucket your-s3-bucket \
  --prefix kopia/ \
  --access-key YOUR_KEY \
  --secret-access-key YOUR_SECRET \
  --region us-east-1 \
  --password "your-repository-password"

After connecting, Kopia remembers the repository in its config:

# View repository configuration
kopia repository status

# Disconnect (leaves data intact)
kopia repository disconnect

Snapshot Policies

Policies control which files to include, retention schedule, and compression:

Create Snapshots

# Create an immediate snapshot
kopia snapshot create /var/www

# Create snapshot of multiple directories
kopia snapshot create /etc /home /var/www

# List all snapshots
kopia snapshot list

# List snapshots for a specific path
kopia snapshot list /var/www

# Show snapshot details
kopia snapshot show <snapshot-id>

# Estimate backup size before running
kopia snapshot estimate /var/www

Set Directory Policies

# Set a policy for a directory (persists across snapshots)
kopia policy set /var/www \
  --keep-latest 10 \
  --keep-hourly 24 \
  --keep-daily 7 \
  --keep-weekly 4 \
  --keep-monthly 12 \
  --keep-annual 3

# Set compression for a directory
kopia policy set /var/www \
  --compression zstd-fastest

# Exclude patterns
kopia policy set /var/www \
  --add-never-compress "*.zip,*.tar.gz,*.jpg,*.mp4" \
  --add-ignore "node_modules/**" \
  --add-ignore ".git/**" \
  --add-ignore "*.pyc" \
  --add-ignore "__pycache__/**"

# View current policy for a directory
kopia policy show /var/www

# List all policies
kopia policy list

Global Policy

# Set a global default policy
kopia policy set --global \
  --keep-latest 5 \
  --keep-hourly 0 \
  --keep-daily 7 \
  --keep-weekly 4 \
  --keep-monthly 6 \
  --compression zstd \
  --add-ignore ".git/**" \
  --add-ignore "node_modules/**"

Compression Configuration

Kopia supports multiple compression algorithms:

# Available compression algorithms
kopia benchmark compression --data-file /var/www/large-file.sql

# Set compression by speed/ratio preference:

# Fastest (lowest CPU, moderate compression)
kopia policy set /path --compression zstd-fastest

# Balanced (good ratio, moderate speed) - recommended
kopia policy set /path --compression zstd

# Better compression (slower)
kopia policy set /path --compression zstd-best-compression

# Other options:
# gzip, gzip-best-speed, gzip-best-compression
# s2-default, s2-better, s2-parallel-4, s2-parallel-8
# pgzip, deflate, zstd-fastest, zstd-best-compression

# Never compress already-compressed files
kopia policy set /path \
  --add-never-compress "*.zip,*.gz,*.bz2,*.xz,*.7z,*.jpg,*.mp4,*.mp3,*.avi"

Cloud Storage Backends

Backblaze B2

kopia repository create b2 \
  --bucket your-b2-bucket \
  --key-id your-b2-key-id \
  --key your-b2-application-key \
  --password "your-repo-password"

Azure Blob Storage

kopia repository create azure \
  --container your-container \
  --storage-account your-storage-account \
  --storage-account-key your-account-key \
  --password "your-repo-password"

Google Cloud Storage

kopia repository create gcs \
  --bucket your-gcs-bucket \
  --credentials-file /path/to/service-account.json \
  --password "your-repo-password"

SFTP

kopia repository create sftp \
  --path /remote/backup/path \
  --host backup.yourdomain.com \
  --port 22 \
  --username backupuser \
  --keyfile /root/.ssh/backup_key \
  --password "your-repo-password"

Rclone (Any Cloud)

# Kopia can use Rclone for any backend Rclone supports
kopia repository create rclone \
  --remote-path "myremote:bucket/kopia" \
  --password "your-repo-password"

Kopia UI

Kopia UI provides a desktop GUI and a server mode:

# Install Kopia UI (server mode for web access)
sudo apt-get install -y kopia-ui

# Or start Kopia in server mode (headless)
kopia server start \
  --address 127.0.0.1:51515 \
  --server-username admin \
  --server-password your-ui-password \
  --tls-generate-cert

# Access at https://localhost:51515
# Or expose via Nginx reverse proxy

# Nginx config for Kopia UI
server {
    server_name kopia.yourdomain.com;
    location / {
        proxy_pass https://127.0.0.1:51515;
        proxy_ssl_verify off;  # Self-signed cert from Kopia
        proxy_set_header Host $host;
    }
}

Scheduled Backups and Retention Management

Systemd Timer

# Create backup script
sudo tee /usr/local/bin/kopia-backup.sh << 'SCRIPT'
#!/bin/bash
set -euo pipefail

# Connect to repository (uses stored config)
kopia repository connect s3 \
  --bucket your-bucket \
  --prefix kopia/ \
  --access-key "$AWS_ACCESS_KEY_ID" \
  --secret-access-key "$AWS_SECRET_ACCESS_KEY" \
  --region us-east-1 \
  --password "$KOPIA_PASSWORD" \
  --override-username root \
  --override-hostname "$(hostname)"

# Create snapshots
kopia snapshot create /etc /home /var/www /opt

# Run maintenance (prune + repack)
kopia maintenance run

echo "Backup completed at $(date)"
SCRIPT

chmod +x /usr/local/bin/kopia-backup.sh

# Create systemd service
sudo tee /etc/systemd/system/kopia-backup.service << 'EOF'
[Unit]
Description=Kopia Backup
After=network-online.target

[Service]
Type=oneshot
EnvironmentFile=/etc/kopia/credentials
ExecStart=/usr/local/bin/kopia-backup.sh
StandardOutput=journal
StandardError=journal
EOF

# Store credentials
sudo mkdir -p /etc/kopia
sudo tee /etc/kopia/credentials << 'EOF'
AWS_ACCESS_KEY_ID=your-access-key
AWS_SECRET_ACCESS_KEY=your-secret-key
KOPIA_PASSWORD=your-repo-password
EOF
sudo chmod 600 /etc/kopia/credentials

# Create timer
sudo tee /etc/systemd/system/kopia-backup.timer << 'EOF'
[Unit]
Description=Daily Kopia backup

[Timer]
OnCalendar=03:30
RandomizedDelaySec=30m
Persistent=true

[Install]
WantedBy=timers.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable --now kopia-backup.timer

Repository Maintenance

# Run full maintenance (prune unreferenced data)
kopia maintenance run --full

# Run quick maintenance (frequent, low impact)
kopia maintenance run --quick

# Set maintenance schedule
kopia maintenance set \
  --full-interval 168h \
  --quick-interval 1h

# View maintenance status
kopia maintenance info

# Show repository statistics (dedup ratio, etc.)
kopia repository status --storage-stats

Troubleshooting

Repository connection fails:

# Check stored connection config
cat ~/.config/kopia/repository.config

# Test credentials
kopia repository status

# Reconnect with verbose output
kopia repository connect s3 --bucket your-bucket --password "..." --log-level debug

Snapshot fails with "out of space":

# Check cache directory size (default: ~/.cache/kopia)
du -sh ~/.cache/kopia

# Clear cache
kopia cache clear

# Set cache size limit
kopia cache set --metadata-cache-size-mb 512 --content-cache-size-mb 2048

Slow snapshot performance:

# Benchmark your system
kopia benchmark compression
kopia benchmark hashing
kopia benchmark encryption

# Increase parallelism
kopia snapshot create /data --parallel 8

Conclusion

Kopia delivers modern backup capabilities with client-side deduplication, encryption, and flexible cloud backend support in a single tool. Its policy-based configuration makes it easy to define consistent retention and compression rules across directories, while the built-in maintenance commands keep repositories lean and efficient. The optional UI makes it accessible for users who prefer a graphical interface while still offering a full-featured CLI for scripting and automation.