Tools to manage gozy instances
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
cozy Handle `COZY_ADMIN_PASSWORD` env variable Dec 6, 2018
.gitignore Ignore .iml Oct 17, 2017
LICENSE Initial commit Sep 28, 2017 Initial commit Sep 28, 2017 Doc for backup/restore Oct 17, 2017
requirements.txt Upgrade ACME to 0.20+ Apr 23, 2018 Upgrade ACME to 0.20+ Apr 23, 2018



cozy-coclyco is designed to create Cozy instances, manage nginx vhost and Let's encrypt certificate issuance.

A single prime256v1 private key /etc/ssl/private/cozy.pem is used to issue certificates. For each created instance with domain <fqdn>, it create

  • a /etc/ssl/private/<fqdn>.crt Let's encrypt certificate will be created
  • a /etc/nginx/sites-available/<fqdn> will be deployed and activated

The issued certificate must contain all subdomains needed for apps. By default,

  • <fqdn>
  • onboarding.<fqdn>
  • settings.<fqdn>
  • drive.<fqdn>
  • photos.<fqdn>
  • collect.<fqdn>

are added to the certificate.


Before creating an instance and to be able to issue certificates with Let's Encrypt, you need to be able to pass the ACME challenge, and so you need to :

  • configure your DNS to point all needed subdomains <app>.<fqdn> to your web server
  • serve /etc/ssl/private/acme-challenge as http://*.<fqdn>/.well-known/acme-challenge/

The best way to configure your web server is to configure your default vhost like below

server {
	listen 80 default_server;
	listen [::]:80 default_server;

	root /var/www/html;
	server_name _;

	location /.well-known/acme-challenge/ {
		alias /etc/ssl/private/acme-challenge/;

	location / {
		return 301 https://$host$request_uri;


To create an instance

cozy-coclyco create <fqdn> <email>

If you install an application on your Cozy, you need to regenerate the certificate to add the corresponding subdomain on it

cozy-coclyco regenerate <fqdn>

To renew your certificates before expiration (Let's Encrypt certificates have 90 days life)

cozy-coclyco renew

By default, the renewal is triggered each month by /etc/cron.monthly/cozy-coclyco

You can regenerate the nginx vhost with

cozy-coclyco vhost <fqdn>

To backup a Cozy

cozy-coclyco backup <fqdn>*

To restore a Cozy from a backup

cozy-coclyco restore <fqdn> <archive.tar.xz>