Installing Syncthing on Ubuntu Server

4 min read

Install Syncthing

curl -s https://syncthing.net/release-key.txt | sudo apt-key add 
echo "deb https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list

Add HTTPS suport layer for apt

sudo apt-get install apt-transport-https

Continue installation,

sudo apt-get update
 
sudo apt-get install syncthing

Setting it up with Systemd

The official deb package ships with the required systemd file. The file syncthing@.service is located at /lib/systemd/system/. Enable syncthing to autoboot by replacing username with your username in the command below.

sudo systemctl enable syncthing@username.service

Start the syncthing service

sudo systemctl start syncthing@username.service

Check its status

systemctl status syncthing@username.service

Firewall Config

It uses port 22000 to communicate with peers, and the web UI is served on port 8384.

sudo ufw allow 22000/tcp
sudo ufw allow 8384

Setup Nginx Config

Add the following to your nginx config. Replace syncthing.sahej.io with your domain name everywhere.

server {
  listen 80;
  server_name syncthing.sahej.io www.syncthing.sahej.io;
 
  access_log /var/log/nginx/syncthing.access.log;
  error_log /var/log/nginx/syncthing.error.log;
 
  location / {
    proxy_pass http://127.0.0.1:8384;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}

Generate certificates only using certbot. Change the config as shown below.

server {
  listen 80;
  server_name syncthing.sahej.io www.syncthing.sahej.io;
  return 301 https://syncthing.sahej.io$request_uri;
}
 
upstream syncthing_upstream {
    server 127.0.0.1:8384;
    keepalive 64;
}
 
server {
  listen 443 ssl http2;
  server_name www.syncthing.sahej.io;
  return 301 https://syncthing.sahej.io$request_uri;
}
 
server {
  listen 443 ssl http2;
  server_name syncthing.sahej.io;
  
  ssl_certificate /etc/letsencrypt/live/syncthing.sahej.io/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/syncthing.sahej.io/privkey.pem;
  
  access_log /var/log/nginx/syncthing.access.log;
  error_log /var/log/nginx/syncthing.error.log;
  
  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
 
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
 
    proxy_pass http://syncthing_upstream/;
    proxy_redirect off;
    proxy_read_timeout 240s;
  }
}

Setup cron Job

Setup syncthing to use certbot certs by making cron job by running crontab -e. Replace syncthing.sahej.io with your domain, and /root/.config/syncthing with path to your syncthing installation

@daily cp /etc/letsencrypt/live/syncthing.sahej.io/privkey.pem /root/.config/syncthing/https-key.pem
@daily cp /etc/letsencrypt/live/syncthing.sahej.io/fullchain.pem /root/.config/syncthing/https-cert.pem

Syncthing Web UI Settings

Syncthing web UI is only accessible from localhost hostnames by default, to disable that behaviour add the following in the syncthing config.xml file, or you would get a Host check error.

<gui>
  <insecureSkipHostcheck>true</insecureSkipHostcheck>
</gui>

Finally, restart syncthing and reload nginx, replace username with your username

sudo systemctl restart syncthing@username.service
sudo systemctl reload nginx

Visit the domain and syncthing web UI should be visible. Make sure that you setup username and password for the UI.