Syncthing-share
This article shows how to set up a basic Syncthing share.
Features:
- Synchronise between Linux and Windows hosts
- Uses Samba on Linux to cater for additional hosts that cannot run Syncthing
- Operates as replicate-with-delete (files deleted from one share will automatically be deleted on the other share, just like a normal shared folder)
So let's get started:
Samba setup
apt-get install samba syncthing
Because samba runs on Linux it's easier to manage samba user accounts when these users also exist as local users on the Linux system.
Furthermore, to apply permissions to all samba users in one go it is easier to create a linux group as well.
groupadd samba-users
- mkdir /home/samba
- mkdir /home/samba/share
- chgrp samba-users /home/samba/share
- chmod 775 /home/samba/share
- mkdir /home/samba/syncthing
- chgrp samba-users /home/samba/syncthing
- chmod 775 /home/samba/syncthing
Add the user accounts you'll need for your samba server:
adduser --gecos joe (+ enter new password)
Add the users to the samba-users group:
adduser joe samba-users
Create the samba users:
smbpasswd -a joe (+ enter same password as in linux)
- edit /etc/samba/smb.conf
at the end of the file, add these lines:
[syncthing] comment = Samba Share path = /home/syncthing/samba browseable = yes read only = no guest ok = no valid users = @samba-users force user = syncthing force group = samba-users create mask = 0664 directory mask = 0775
You can now browse to \\<ip-address>\ with windows explorer where you will see the 'share' folder. Double-click on it and you will be presented with a login window, asking for credentials. Enter your user name and the password and you are now able to use the share for reading, writing and deleting files.
Syncthing Setup
By default, Syncthing will publish the host's unique Device ID to the global Syncthing servers on the Internet. As we'll see further down, this feature will make discovery and connection to hosts behind routers a breeze.
First, let's set up the user process to run syncthing.
- create syncthing system account and home directory
useradd -r syncthing -m -d /home/syncthing usermod -g samba-users syncthing
- enable syncthing to run as a service (unit file in /lib/systemd/system/)
systemctl enable syncthing@syncthing.service systemctl start syncthing@syncthing.service
Syncthing is now running and the web admin console can be reached from http://localhost:8384/. However if we want to remotely access this web console we need to configure a reverse proxy for it.
Setting up a reverse proxy with Nginx
- install nginx
apt-get install nginx
write an nginx website configuration file for syncthing
vi /etc/nginx/conf.d/syncthing.conf === server { listen 80; server_name 10.0.0.23; root /var/www/html/syncthing/; access_log /var/log/nginx/syncthing.log; error_log /var/log/nginx/syncthing.error.log; location / { proxy_set_header Host localhost; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8384; proxy_read_timeout 600s; proxy_send_timeout 600s; } } ===
Create the placeholder directory and restart nginx
mkdir /var/www/html/syncthing systemctl reload nginx
Now browse from another computer to the syncthing system with the address: http://<remoteip>/ ..and you should see the Syncthing admin console website.
The site will probably alert you that no password has been set, so do this first.
Creating Syncthing folders
Now that syncthing is running and we can comfortably access the admin console from a remote machine we can now set up the various shares and configure how we want to use them.
First a little Syncthing terminology:
Folders -- These are local folders that are available to the machine that is running the Syncthing service (i.e. the machine that is hosting the Syncthing admin console website that we are currently viewing). These folders may or may not be shared with other machines that are running Syncthing.
This Device -- Details and statistics about the machine that is hosting this admin console website and Syncthing services.
Remote Devices -- Other Syncthing instances on other machines that we are synchronising shared folders to or from.
Our goal is to have a Syncthing folder structure that will allow us to:
- synchronise folders with other machines running syncthing
- navigate to the Syncthing folders from Windows and Linux
We have now created the foundation to make this happen, all we need to do now is to create the folders and configure how we wish to share them.
Sharing folders
Before any file or directory synchronisation happens, we need to introduce Syncthing hosts to each other. We do this by importing their unique Device ID.
Again, before we can fully grasp the Syncthing philosophy we need to understand a few more concepts:
Introducer -- Any devices configured on an introducer device will be added to this device as well.
This is an option when manually importing or when automatically being presented with the import of another Syncthing host's Device ID. What this means is that any other remote hosts that the host we're about to add knows about, will also be added to the list of remote devices on this host. This is particularly useful if you're adding a host that already knows about a lot of other hosts that you will be seeking connections with. You will still need to request (or be given) access to shared folders, but the first step in finding out which hosts you need to contact is taken care of.
Send and Receive --
Send Only --
Receive Only --
We must also set some linux file permissions, so that new files placed in the shared directories outside of samba will inherit the correct owner and permissions
Once you have created a new Syncthing folder from the web gui, enter for every new parent folder:
apt-get install acl chmod g+s <newfolder> setfacl -Rm g:samba-users:rwX <newfolder> setfacl -d -Rm g:samba-users:rwX <newfolder>
All files and subdirectories will now inherit
- 775 syncthing:samba-users permissions on each new directory
- 664 <user>:samba-users permissions on each new file
This is sufficient to make synching do its work with other peers without losing write access to files.
When you add a new Remote Device by importing its Device ID you will not see anything happen until the remote device will accept the connection. Navigate to the Syncthing admin console of the host you added and log in. At the top of the page you should see a 'New Device' alert for the host that just imported the Device ID. Click on Add Device to accept the incoming connection.
Here is how the process flows, step by step:
Syntching Host A Syncthing Host B ---------------- ---------------- set up Syncthing set up Syncthing set up reverse proxy set up reverse proxy (if we don't have localhost www access) (if we don't have localhost www access) connect to the Syncthing admin console copy the Device ID string connect to the Syncthing admin console Click 'Add Remote Device' import Device ID from Host A (Hostname A will show as 'unused') connect to the Syncthing admin console Accept the incoming request from Host B Select locally shared folders you wish to allow Host B to have access to connect to the Syncthing admin console Accept the shared folder(s) from Host A Set a location on the local machine where the shared folder(s) can be written to. Optionally, include other remote hosts you wish to introduce to Host A's folder(s). This will trigger another import-accept run for each of these hosts.
The initial communication between these hosts happens largely over the Internet. However, once these hosts exchange their ip addresses they will be able to communicate directly. Initially joining hosts could take a few minutes to process, so please be patient if you don't see any activity after requesting to join a new host or shared folder. There is no need to refresh the page as it will auto-reload to show any notifications.
A useful indicator is to watch the Syncthing thumbnail icon in browser tab, as it will show an exclamation point if there is new activity on that page.