Syncthing

Post Reply
User avatar
LHammonds
Site Admin
Site Admin
Posts: 963
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Syncthing

Post: # 976Post LHammonds »

------------- WORK-IN-PROGRESS -------------

Greetings and salutations,

I hope this thread will be helpful to those who follow in my foot steps as well as getting any advice based on what I have done / documented.

To discuss this thread, please participate here: Ubuntu Forums

High-level overview

Syncthing is a continuous file synchronization program. It securely synchronizes files between two or more computers in real time using a decentralized design (no centralized or 3rd-party server)

This tutorial will cover how to manually setup Syncthing on Ubuntu and Windows and setup synchronization between them.

Tools utilized in this process
Helpful links

The list below are sources of information that was helpful in the creation of this document.
Assumptions

This documentation will need to make use of some very-specific information that will most-likely be different for each person / location. And as such, this information will be noted in this section. They will be highlighted in red throughout the document as a reminder that you should plug-in your own value rather than actually using these "place-holder" values.

Under no circumstance should you use the actual values listed below. They are place-holders for the real thing. This is just a checklist template you need to have answered before you start the install process.

Wherever you see RED in this document, you need to substitute it for you will use in your environment.
  • Ubuntu Server name: srv-gm
  • Ubuntu Server IP address: 192.168.107.50
  • Ubuntu Admin ID: administrator
  • Ubuntu Admin Password: myadminpass
  • Windows Server Name: srv-windoze
  • Windows Server IP: 192.168.107.100
  • Syncthing Admin ID: syncadmin
  • Syncthing Admin Password: syncadminpass
  • Syncthing Web Port: 8384
  • Syncthing Sync Port: 22000
  • Syncthing Discovery Port: 21027
It is also assumed the reader knows how to use the VI editor. If not, you will need to beef up your skill set or use a different editor in place of it.
User avatar
LHammonds
Site Admin
Site Admin
Posts: 963
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Syncthing for Windows

Post: # 977Post LHammonds »

  1. Download the Windows 64-bit archive
  2. Extract the archive (Example: syncthing-linux-amd64-v1.18.4.tar.gz) to a folder such as D:\Apps\Syncthing\
  3. Run syncthing.exe
  4. If prompted by the firewall, allow it access. Or run the following commands from an admin-level prompt to allow access (assuming you will use defaults)

    Code: Select all

    netsh advfirewall firewall add rule name="Syncthing Sync 22000 TCP" dir=in action=allow localport=22000 remoteport=any protocol=tcp profile=Domain,Public,Private
    netsh advfirewall firewall add rule name="Syncthing Sync 22000 UDP" dir=in action=allow localport=22000 remoteport=any protocol=udp profile=Domain,Public,Private
    netsh advfirewall firewall add rule name="Syncthing Discovery 21027 UDP" dir=in action=allow localport=21027 remoteport=any protocol=udp profile=Domain,Public,Private
    
    If you want to only open the port for a specific IP only, you can use this command (substituting the IP for your remote IP)...but it will break if that IP changes.

    Code: Select all

    netsh advfirewall firewall add rule name="Syncthing Sync 22000 TCP" dir=in action=allow localport=22000 remoteport=any protocol=tcp remoteip=192.168.107.50 profile=Domain,Public,Private
    netsh advfirewall firewall add rule name="Syncthing Sync 22000 UDP" dir=in action=allow localport=22000 remoteport=any protocol=udp remoteip=192.168.107.50 profile=Domain,Public,Private
    netsh advfirewall firewall add rule name="Syncthing Discovery 21027 UDP" dir=in action=allow localport=21027 remoteport=any protocol=udp remoteip=192.168.107.50 profile=Domain,Public,Private
    
  5. NOTE: The website will only work for the local machine so adding firewall rules for port 8384 will not let other machines see the administrative website for security reasons.
User avatar
LHammonds
Site Admin
Site Admin
Posts: 963
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Syncthing for Ubuntu

Post: # 978Post LHammonds »

  1. Add firewall rules to the operating system to allow the service(s) to be visible outside the server:

    Code: Select all

    ufw allow proto tcp to any port 22000 comment 'syncthing sync' 1>/dev/null 2>&1
    ufw allow proto udp to any port 22000 comment 'syncthing sync' 1>/dev/null 2>&1
    ufw allow proto udp to any port 21027 comment 'syncthing discovery' 1>/dev/null 2>&1
    ufw allow proto tcp to any port 80 comment 'syncthing web' 1>/dev/null 2>&1
    
  2. NOTE: The web site running on port 8384 will not be visible outside machines even if you open the port on the firewall. Since this is a headless server, you will not be able to see the website at all unless you create a reverse proxy to allow other machines access to the local-only web site. A section below discusses how to do this to allow access via port 80.
  3. Create a low-rights user called "syncthing" that will be used for the syncthing service.

    Code: Select all

    sudo addgroup syncthing
    sudo useradd --comment "Syncthing" --shell /bin/bash --home /home/syncthing/ --create-home --gid syncthing syncthing
    
  4. Install syncthing which is part of the official repository.

    Code: Select all

    sudo apt install syncthing
  5. Enable the systemd service with the low-rights user.

    Code: Select all

    sudo systemctl enable syncthing@syncthing.service
  6. Start the service so it will create the initial configuration files.

    Code: Select all

    sudo systemctl start syncthing@syncthing.service
  7. Wait a few seconds and then verify that it is running:

    Code: Select all

    systemctl status syncthing@syncthing.service
Setup Reverse Proxy

The syncthing administrative web interface only works for the local machine it is running on and since this is a headless server (without a graphical interface), you won't be able to access it from another machine unless you configure a reverse proxy. This is how you do it.
  1. Install Apache web server:

    Code: Select all

    sudo apt install apache2
  2. Enable the proxy modules:

    Code: Select all

    sudo a2enmod proxy proxy_http headers proxy_wstunnel
  3. Create a web configuration file:

    Code: Select all

    touch /etc/apache2/sites-available/syncthing.conf
    chown root:root /etc/apache2/sites-available/syncthing.conf
    chmod 644 /etc/apache2/sites-available/syncthing.conf
    cat << EOF > /etc/apache2/sites-available/syncthing.conf
    <VirtualHost *:80>
       ServerName 192.168.107.50
       ErrorDocument 404 /404.html
       ProxyPass / http://127.0.0.1:8384/
       ProxyPassReverse / http://127.0.0.1:8384/
       ErrorLog ${APACHE_LOG_DIR}/syncthing_error.log
       CustomLog ${APACHE_LOG_DIR}/syncthing_access.log combined
    </VirtualHost>
    EOF
    NOTE: Be sure to use the correct IP for the ServerName unless you configured a DNS name for all your machines on your DNS server such as "syncthing.local"
  4. Enable the site:

    Code: Select all

    sudo a2ensite syncthing.conf
  5. Restart Apache to apply all the changes made since install:

    Code: Select all

    sudo systemctl restart apache2
  6. At this point, another machine on your local network should be able to see the web page by accessing the server's IP or local DNS name if you configured that. This traffic is not encrypted so do not allow access from the Internet. If you really want to do that, you should install an SSL encryption certificate and use port 443 instead of port 80. Reference article
User avatar
LHammonds
Site Admin
Site Admin
Posts: 963
Joined: Fri Jul 31, 2009 6:27 pm
Are you a filthy spam bot?: No
Location: Behind You
Contact:

Syncthing

Post: # 979Post LHammonds »

>> INSERT TEXT HERE <<
Post Reply