Syncthing-share

From wikipost
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

This article shows how to set up a basic Syncthing share.

Features:

  • Synchronise between Linux and Windows hosts
  • Uses Samba on Linux to cater for additional hosts that cannot run Syncthing
  • Operates as replicate-with-delete (files deleted from one share will automatically be deleted on the other share, just like a normal shared folder)



So let's get started:


Samba setup

apt-get install samba syncthing


Because samba runs on Linux it's easier to manage samba user accounts when these users also exist as local users on the Linux system.

Furthermore, to apply permissions to all samba users in one go it is easier to create a linux group as well.


groupadd samba-users


  • mkdir /home/samba


  • mkdir /home/samba/share
  • chgrp samba-users /home/samba/share
  • chmod 775 /home/samba/share
  • mkdir /home/samba/syncthing
  • chgrp samba-users /home/samba/syncthing
  • chmod 775 /home/samba/syncthing


Add the user accounts you'll need for your samba server:

adduser --gecos joe
(+ enter new password)


Add the users to the samba-users group:

adduser joe samba-users


Create the samba users:

smbpasswd -a joe
(+ enter same password as in linux)


  • edit /etc/samba/smb.conf

at the end of the file, add these lines:

[syncthing]
   comment = Samba Share
   path = /home/syncthing/samba
   browseable = yes
   read only = no
   guest ok = no   
   valid users = @samba-users
   force user = syncthing
   force group = samba-users
   create mask = 0664
   directory mask = 0775

You can now browse to \\<ip-address>\ with windows explorer where you will see the 'share' folder. Double-click on it and you will be presented with a login window, asking for credentials. Enter your user name and the password and you are now able to use the share for reading, writing and deleting files.


Syncthing Setup

By default, Syncthing will publish the host's unique Device ID to the global Syncthing servers on the Internet. As we'll see further down, this feature will make discovery and connection to hosts behind routers a breeze.

First, let's set up the user process to run syncthing.

  • create syncthing system account and home directory
useradd -r syncthing -m -d /home/syncthing

usermod -g samba-users syncthing


  • enable syncthing to run as a service (unit file in /lib/systemd/system/)
systemctl enable syncthing@syncthing.service
systemctl start syncthing@syncthing.service


Syncthing is now running and the web admin console can be reached from http://localhost:8384/. However if we want to remotely access this web console we need to configure a reverse proxy for it.

Setting up a reverse proxy with Nginx

  • install nginx
apt-get install nginx

write an nginx website configuration file for syncthing

vi /etc/nginx/conf.d/syncthing.conf
===
server {
  listen 80;
  server_name 10.0.0.23;

  root /var/www/html/syncthing/;
  access_log /var/log/nginx/syncthing.log;
  error_log /var/log/nginx/syncthing.error.log;

  location / {
    
    proxy_set_header Host localhost;    
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_pass http://127.0.0.1:8384;

    proxy_read_timeout 600s;
    proxy_send_timeout 600s;

  }
}
===


Create the placeholder directory and restart nginx


mkdir /var/www/html/syncthing
systemctl reload nginx


Now browse from another computer to the syncthing system with the address: http://<remoteip>/ ..and you should see the Syncthing admin console website.

The site will probably alert you that no password has been set, so do this first.


Creating Syncthing folders

Now that syncthing is running and we can comfortably access the admin console from a remote machine we can now set up the various shares and configure how we want to use them.



First a little Syncthing terminology:


Folders -- These are local folders that are available to the machine that is running the Syncthing service (i.e. the machine that is hosting the Syncthing admin console website that we are currently viewing). These folders may or may not be shared with other machines that are running Syncthing.


This Device -- Details and statistics about the machine that is hosting this admin console website and Syncthing services.


Remote Devices -- Other Syncthing instances on other machines that we are synchronising shared folders to or from.


Our goal is to have a Syncthing folder structure that will allow us to:

  • synchronise folders with other machines running syncthing
  • navigate to the Syncthing folders from Windows and Linux


We have now created the foundation to make this happen, all we need to do now is to create the folders and configure how we wish to share them.


Sharing folders

Before any file or directory synchronisation happens, we need to introduce Syncthing hosts to each other. We do this by importing their unique Device ID.


Again, before we can fully grasp the Syncthing philosophy we need to understand a few more concepts:

Introducer -- Any devices configured on an introducer device will be added to this device as well.

This is an option when manually importing or when automatically being presented with the import of another Syncthing host's Device ID. What this means is that any other remote hosts that the host we're about to add knows about, will also be added to the list of remote devices on this host. This is particularly useful if you're adding a host that already knows about a lot of other hosts that you will be seeking connections with. You will still need to request (or be given) access to shared folders, but the first step in finding out which hosts you need to contact is taken care of.

Send and Receive --


Send Only --


Receive Only --


We must also set some linux file permissions, so that new files placed in the shared directories outside of samba will inherit the correct owner and permissions

Once you have created a new Syncthing folder from the web gui, enter for every new parent folder:

apt-get install acl
chmod g+s <newfolder>
setfacl -Rm g:samba-users:rwX <newfolder>
setfacl -d -Rm g:samba-users:rwX <newfolder>

All files and subdirectories will now inherit

  • 775 syncthing:samba-users permissions on each new directory
  • 664 <user>:samba-users permissions on each new file

This is sufficient to make synching do its work with other peers without losing write access to files.


When you add a new Remote Device by importing its Device ID you will not see anything happen until the remote device will accept the connection. Navigate to the Syncthing admin console of the host you added and log in. At the top of the page you should see a 'New Device' alert for the host that just imported the Device ID. Click on Add Device to accept the incoming connection.

Here is how the process flows, step by step:

  Syntching Host A                                 Syncthing Host B
  ----------------                                 ----------------

  set up Syncthing                                 set up Syncthing

  set up reverse proxy                             set up reverse proxy
  (if we don't have localhost www access)          (if we don't have localhost www access)

  connect to the Syncthing admin console

  copy the Device ID string
                                                   connect to the Syncthing admin console
   
                                                   Click 'Add Remote Device'

                                                   import Device ID from Host A

                                                   (Hostname A will show as 'unused')

  connect to the Syncthing admin console

  Accept the incoming request from Host B
  
  Select locally shared folders you wish
  to allow Host B to have access to
                                                   connect to the Syncthing admin console

                                                   Accept the shared folder(s) from Host A

                                                   Set a location on the local machine where
                                                   the shared folder(s) can be written to.
 
                                                   Optionally, include other remote hosts you
                                                   wish to introduce to Host A's folder(s).
                                                   This will trigger another import-accept run 
                                                   for each of these hosts.                                                


  


The initial communication between these hosts happens largely over the Internet. However, once these hosts exchange their ip addresses they will be able to communicate directly. Initially joining hosts could take a few minutes to process, so please be patient if you don't see any activity after requesting to join a new host or shared folder. There is no need to refresh the page as it will auto-reload to show any notifications.

A useful indicator is to watch the Syncthing thumbnail icon in browser tab, as it will show an exclamation point if there is new activity on that page.