Application Infrastructure Azure

copyparty on Ubuntu 24.04 on Azure User Guide

| Product: copyparty on Ubuntu 24.04 LTS on Azure

Overview

copyparty is a portable, self-contained file server and file-sharing tool: drag-and-drop upload, browsing, media playback, Markdown rendering and multi-user accounts, all from a single Python file with no external dependencies beyond the standard library. The cloudimg image installs the pinned copyparty 1.20.17 self-contained release, runs it as a dedicated copyparty system user under systemd, and fronts its web UI on port 80 with an nginx reverse proxy configured for large uploads. copyparty has its own account system - not nginx Basic Auth - and a unique admin password is generated on the first boot of every VM. Shared files live on a dedicated Azure data disk. Backed by 24/7 cloudimg support.

What is included:

  • copyparty 1.20.17 (single self-contained Python file, no external dependencies) running as the copyparty systemd service
  • The copyparty web UI on :80, fronted by nginx with client_max_body_size 0 for large drag-and-drop uploads
  • copyparty's own account system - a per-VM admin password generated on first boot, hashed at rest with a salted sha2 hash (never stored in plaintext)
  • No anonymous access at all: both browsing and uploading require the admin login
  • A dedicated Azure data disk at /var/lib/copyparty/share holding your shared files
  • copyparty.service + nginx.service as systemd units, enabled and active
  • An unauthenticated /healthz endpoint for Azure Load Balancer health probes
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet + subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a comfortable starting point; copyparty is very light on resources. NSG inbound: allow 22/tcp from your management network, 80/tcp for the web UI, and 443/tcp if you add TLS. copyparty serves plain HTTP on port 80; for production-adjacent use, terminate TLS in front of it with your own domain (see Maintenance).

Step 1 - Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for copyparty by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create -> Create.

Step 2 - Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name copyparty \
  --image <marketplace-image-urn> \
  --size Standard_B2s \
  --admin-username azureuser \
  --ssh-key-values ~/.ssh/id_ed25519.pub \
  --vnet-name <your-vnet> --subnet <your-subnet> \
  --public-ip-sku Standard

az vm open-port --resource-group <your-rg> --name copyparty --port 80 --priority 1010

Step 3 - Connect to your VM

ssh azureuser@<vm-public-ip>

Step 4 - Confirm the services are running

systemctl is-active copyparty.service nginx.service

Both report active. copyparty listens on the loopback connector 127.0.0.1:3923; nginx fronts it on port 80. Your shared files live on the dedicated Azure data disk mounted at /var/lib/copyparty.

The copyparty and nginx services active, the listener on loopback 3923 and nginx on port 80, and the dedicated data disk mounted at /var/lib/copyparty

Step 5 - Retrieve your admin password

copyparty protects browsing and uploading with its own account system - not nginx Basic Auth. The username is admin and a unique password is generated on the first boot of your VM and written to a root-only file:

sudo cat /root/copyparty-credentials.txt

This file contains COPYPARTY_USERNAME, COPYPARTY_PASSWORD and the COPYPARTY_URL to open in a browser. The password is stored on disk only as a salted sha2 hash in /etc/copyparty/accounts.conf (each VM gets its own random salt), so no plaintext password ships in the image. Store the password somewhere safe.

The copyparty version, the per-VM credentials file with the generated admin password and URL, and the accounts.conf entry showing only a salted hash - no plaintext password

Step 6 - Confirm the health endpoint

nginx serves an unauthenticated health endpoint for load balancers and probes:

curl -s http://localhost/healthz

It returns ok. This endpoint never requires authentication, so it is safe for an Azure Load Balancer health probe.

Step 7 - Confirm authentication

Unlike a plain read-only file share, this image grants no anonymous access at all - both browsing and uploading require the admin login. The following reads the per-VM password from the credentials file and proves the round-trip: an unauthenticated upload is rejected, a wrong password is rejected, and the correct password is accepted:

PW=$(sudo grep '^COPYPARTY_PASSWORD=' /root/copyparty-credentials.txt | cut -d= -f2-)
echo "unauthenticated upload: $(curl -s -o /dev/null -w '%{http_code}' -T /etc/hostname http://127.0.0.1/probe.txt)"
echo "wrong password:         $(curl -s -o /dev/null -w '%{http_code}' -u admin:wrong-pw -T /etc/hostname http://127.0.0.1/probe.txt)"
echo "correct password:       $(curl -s -o /dev/null -w '%{http_code}' -u admin:$PW -T /etc/hostname http://127.0.0.1/probe.txt)"
curl -s -o /dev/null -X DELETE -u admin:$PW http://127.0.0.1/probe.txt

It prints 401 (unauthenticated), then 403 (wrong password), then 201 (correct password - the file was uploaded), and the last line cleans up the probe file.

The auth round-trip: an unauthenticated upload rejected with 401, a wrong password rejected with 403, the correct password accepted with 201, and the authenticated listing confirming the account and its files

Step 8 - Sign in to the web UI

Browse to http://<vm-public-ip>/. copyparty shows a "howdy stranger" prompt because you are not logged in yet - enter the password from Step 5 into the password field and click login.

The copyparty login prompt shown to an unauthenticated visitor, with the password field and login button

Step 9 - Browse and upload files

Once logged in you land on the file browser. The toolbar along the top gives you upload, search, media player, mkdir, new-file and control-panel actions; the left-hand tree navigates folders. Drag and drop files anywhere onto the page (or click the upload icon) to add them to the current folder - copyparty's resumable up2k protocol means large uploads survive a dropped connection.

The copyparty file browser showing uploaded files and a folder, with the toolbar and folder tree

Step 10 - Preview Markdown and media inline

Click any .md file to render it inline - headings, lists, blockquotes and bold/italic text all render exactly as they would on GitHub. Images, audio and video files get an inline preview and player the same way, so you can share a folder of notes or media without downloading anything first.

A Markdown file rendered inline by copyparty, showing headings, a bulleted list and a blockquote

Step 11 - The control panel

Click the gear icon in the toolbar to open the control panel, where you can toggle the grid/thumbnail view, choose a folder-download format (zip, tar, ...), change the theme and language, and tune upload behaviour. These are per-browser client preferences and do not require another login.

The copyparty control panel showing display, theme, language and upload switches

Step 12 - Confirm data lives on the dedicated disk

Your shared files are kept under /var/lib/copyparty/share on the dedicated Azure data disk, so they survive OS changes and the disk can be resized independently:

findmnt /var/lib/copyparty

The mount is backed by a separate Azure data disk captured into the image and re-provisioned on every VM.

Maintenance

  • Password: the admin password is set on first boot and stored as a salted sha2 hash in /etc/copyparty/accounts.conf. To change it, generate a new hash with python3 /opt/copyparty/copyparty-sfx.py --ah-alg sha2 --ah-salt <same-salt-from-accounts.conf> --ah-gen '<new-password>' and replace the admin: line, then sudo systemctl restart copyparty.
  • Adding more accounts: add another user: <hash> line under [accounts] in /etc/copyparty/accounts.conf and a matching permission entry under [/] in /etc/copyparty/copyparty.conf, then restart the service. See the copyparty accounts documentation for the full permission syntax.
  • Upgrades: copyparty is a single self-contained file at /opt/copyparty/copyparty-sfx.py; to upgrade, download a newer pinned release, verify its checksum, replace the file and run sudo systemctl restart copyparty. Your shared files under /var/lib/copyparty/share are preserved.
  • Storage: all shared files live under /var/lib/copyparty/share on the data disk; back up that volume to protect your files.
  • TLS: copyparty serves plain HTTP on port 80 behind nginx; front it with TLS (for example certbot with your own domain) before exposing it beyond a trusted network.
  • Security patches: unattended-upgrades remains enabled so the OS continues to receive security updates automatically.

Support

cloudimg provides 24/7 expert support for this image. Contact support@cloudimg.co.uk.