Skip to content


Repository files navigation



Time-based one-time password authenticator (2FA)

Etopa is a two-factor-authentication app, which runs as a web server and can be accessed using a web browser or using an Android app. Feel free to suggest feature implementations or report bugs by creating an Issue on GitHub. instance

You can use the instance or host your own.

Download Android app

F-Droid: Add repository and search for Etopa

Google Play Store: Etopa 2FA

Amazon Appstore: Etopa

Samsung Galaxy Store: Etopa


Clone repo

git clone && cd etopa





API server: target/build/etopa

Android APK: target/build/etopa.apk

Web archive: target/build/etopa.tar.xz



You can expose the container ports 80, 443 and 4490. On port 80/443 (HTTP/HTTPS) nginx serves as a reverse proxy for the backend and as a web server for the frontend. If you only need the Etopa backend, you can instead use port 4490 (HTTP).

Configuration file paths relative to the volume directory for /etopa/
Etopa server/backend: etopa.conf
Etopa frontend: config.js
nginx: nginx.conf
TLS certificate/key/fullchain/dhparam: cert.pem/privkey.pem/fullchain.pem/dhparam.pem
If there are no configuration files provided, the default will be used.

Docker Compose

Download docker-compose.yml

curl -o docker-compose.yml

Start Etopa

docker compose up -d

Unless you modify the docker-compose.yml the directory ./etopa/ will be created. User data will be stored in ./etopa/data/ and configuration files (etopa.conf for the backend and config.js for the frontend) can be placed directly in ./etopa/ (using no/default configuration files works as well).


Pull image ltheinrich/etopa:latest

docker pull ltheinrich/etopa:latest

Start Etopa

docker run -d --name etopa -v ./etopa/:/etopa/ --restart always -p -p -p ltheinrich/etopa:latest