copyparty on Ubuntu 24.04 on Azure User Guide
Overview
copyparty is a portable, self-contained file server and file-sharing tool: drag-and-drop upload, browsing, media playback, Markdown rendering and multi-user accounts, all from a single Python file with no external dependencies beyond the standard library. The cloudimg image installs the pinned copyparty 1.20.17 self-contained release, runs it as a dedicated copyparty system user under systemd, and fronts its web UI on port 80 with an nginx reverse proxy configured for large uploads. copyparty has its own account system - not nginx Basic Auth - and a unique admin password is generated on the first boot of every VM. Shared files live on a dedicated Azure data disk. Backed by 24/7 cloudimg support.
What is included:
- copyparty 1.20.17 (single self-contained Python file, no external dependencies) running as the
copypartysystemd service - The copyparty web UI on
:80, fronted by nginx withclient_max_body_size 0for large drag-and-drop uploads - copyparty's own account system - a per-VM admin password generated on first boot, hashed at rest with a salted sha2 hash (never stored in plaintext)
- No anonymous access at all: both browsing and uploading require the admin login
- A dedicated Azure data disk at
/var/lib/copyparty/shareholding your shared files copyparty.service+nginx.serviceas systemd units, enabled and active- An unauthenticated
/healthzendpoint for Azure Load Balancer health probes - 24/7 cloudimg support
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet + subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a comfortable starting point; copyparty is very light on resources. NSG inbound: allow 22/tcp from your management network, 80/tcp for the web UI, and 443/tcp if you add TLS. copyparty serves plain HTTP on port 80; for production-adjacent use, terminate TLS in front of it with your own domain (see Maintenance).
Step 1 - Deploy from the Azure Marketplace
Sign in to the Azure Portal, choose Create a resource, search the Marketplace for copyparty by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create -> Create.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group <your-rg> \
--name copyparty \
--image <marketplace-image-urn> \
--size Standard_B2s \
--admin-username azureuser \
--ssh-key-values ~/.ssh/id_ed25519.pub \
--vnet-name <your-vnet> --subnet <your-subnet> \
--public-ip-sku Standard
az vm open-port --resource-group <your-rg> --name copyparty --port 80 --priority 1010
Step 3 - Connect to your VM
ssh azureuser@<vm-public-ip>
Step 4 - Confirm the services are running
systemctl is-active copyparty.service nginx.service
Both report active. copyparty listens on the loopback connector 127.0.0.1:3923; nginx fronts it on port 80. Your shared files live on the dedicated Azure data disk mounted at /var/lib/copyparty.

Step 5 - Retrieve your admin password
copyparty protects browsing and uploading with its own account system - not nginx Basic Auth. The username is admin and a unique password is generated on the first boot of your VM and written to a root-only file:
sudo cat /root/copyparty-credentials.txt
This file contains COPYPARTY_USERNAME, COPYPARTY_PASSWORD and the COPYPARTY_URL to open in a browser. The password is stored on disk only as a salted sha2 hash in /etc/copyparty/accounts.conf (each VM gets its own random salt), so no plaintext password ships in the image. Store the password somewhere safe.

Step 6 - Confirm the health endpoint
nginx serves an unauthenticated health endpoint for load balancers and probes:
curl -s http://localhost/healthz
It returns ok. This endpoint never requires authentication, so it is safe for an Azure Load Balancer health probe.
Step 7 - Confirm authentication
Unlike a plain read-only file share, this image grants no anonymous access at all - both browsing and uploading require the admin login. The following reads the per-VM password from the credentials file and proves the round-trip: an unauthenticated upload is rejected, a wrong password is rejected, and the correct password is accepted:
PW=$(sudo grep '^COPYPARTY_PASSWORD=' /root/copyparty-credentials.txt | cut -d= -f2-)
echo "unauthenticated upload: $(curl -s -o /dev/null -w '%{http_code}' -T /etc/hostname http://127.0.0.1/probe.txt)"
echo "wrong password: $(curl -s -o /dev/null -w '%{http_code}' -u admin:wrong-pw -T /etc/hostname http://127.0.0.1/probe.txt)"
echo "correct password: $(curl -s -o /dev/null -w '%{http_code}' -u admin:$PW -T /etc/hostname http://127.0.0.1/probe.txt)"
curl -s -o /dev/null -X DELETE -u admin:$PW http://127.0.0.1/probe.txt
It prints 401 (unauthenticated), then 403 (wrong password), then 201 (correct password - the file was uploaded), and the last line cleans up the probe file.

Step 8 - Sign in to the web UI
Browse to http://<vm-public-ip>/. copyparty shows a "howdy stranger" prompt because you are not logged in yet - enter the password from Step 5 into the password field and click login.

Step 9 - Browse and upload files
Once logged in you land on the file browser. The toolbar along the top gives you upload, search, media player, mkdir, new-file and control-panel actions; the left-hand tree navigates folders. Drag and drop files anywhere onto the page (or click the upload icon) to add them to the current folder - copyparty's resumable up2k protocol means large uploads survive a dropped connection.

Step 10 - Preview Markdown and media inline
Click any .md file to render it inline - headings, lists, blockquotes and bold/italic text all render exactly as they would on GitHub. Images, audio and video files get an inline preview and player the same way, so you can share a folder of notes or media without downloading anything first.

Step 11 - The control panel
Click the gear icon in the toolbar to open the control panel, where you can toggle the grid/thumbnail view, choose a folder-download format (zip, tar, ...), change the theme and language, and tune upload behaviour. These are per-browser client preferences and do not require another login.

Step 12 - Confirm data lives on the dedicated disk
Your shared files are kept under /var/lib/copyparty/share on the dedicated Azure data disk, so they survive OS changes and the disk can be resized independently:
findmnt /var/lib/copyparty
The mount is backed by a separate Azure data disk captured into the image and re-provisioned on every VM.
Maintenance
- Password: the admin password is set on first boot and stored as a salted sha2 hash in
/etc/copyparty/accounts.conf. To change it, generate a new hash withpython3 /opt/copyparty/copyparty-sfx.py --ah-alg sha2 --ah-salt <same-salt-from-accounts.conf> --ah-gen '<new-password>'and replace theadmin:line, thensudo systemctl restart copyparty. - Adding more accounts: add another
user: <hash>line under[accounts]in/etc/copyparty/accounts.confand a matching permission entry under[/]in/etc/copyparty/copyparty.conf, then restart the service. See the copyparty accounts documentation for the full permission syntax. - Upgrades: copyparty is a single self-contained file at
/opt/copyparty/copyparty-sfx.py; to upgrade, download a newer pinned release, verify its checksum, replace the file and runsudo systemctl restart copyparty. Your shared files under/var/lib/copyparty/shareare preserved. - Storage: all shared files live under
/var/lib/copyparty/shareon the data disk; back up that volume to protect your files. - TLS: copyparty serves plain HTTP on port 80 behind nginx; front it with TLS (for example certbot with your own domain) before exposing it beyond a trusted network.
- Security patches: unattended-upgrades remains enabled so the OS continues to receive security updates automatically.
Support
cloudimg provides 24/7 expert support for this image. Contact support@cloudimg.co.uk.