Syncthing

From ArchWiki
Revision as of 08:21, 20 February 2017 by Ataraxy (talk | contribs) (Add caveats on inotify)
Jump to navigation Jump to search

Syncthing is an open-source file synchronization client/server application, written in Go, implementing its own, equally free Block Exchange Protocol. All transit communications between syncthing nodes are encrypted, and all nodes are uniquely identified with cryptographic certificates.

Installation

Syncthing can be installed with the syncthing or the syncthing-gtk package, which depends on the former.

syncthing-gtk includes additional features such as synchronization by inotify (for caveats, see inotify), desktop notifications and integration with Nautilus, Nemo and Caja.

After installing, you can start Syncthing.

Starting Syncthing

Tip: You can run multiple copies of syncthing, but only one instance per user as syncthing locks the database to it. Check logs for errors related to locked database.

Run binary

Run the syncthing binary manually from a terminal.

System service

Running Syncthing as a system service ensures that it is running at startup even if the user has no active session, it is intended to be used on a server.

Enable and start the syncthing@myuser.service where myuser is the actual name of your user.

User service

Running Syncthing as a user service ensures that Syncthing only starts after the user has logged into the system (e.g., via the graphical login screen, or ssh). Thus, the user service is intended to be used on a (multiuser) desktop computer. To use the user service, start/enable the user unit syncthing.service (i.e. with the --user flag).

The systemd services need to be started for a specific user in any case, see Autostart-syncthing with systemd for detailed information on the services.

Accessing the web-interface

Tip: To access the configuration GUI for a remote computer, see the FAQ.

When Syncthing is started, a web interface will be provided by default on http://localhost:8384. If you started syncthing manually, it should open the admin page in your browser.

Configuration

After installation Syncthing already has a proper start-up configuration. You may now add new servers and/or folders by visiting the web interface. For detailed instructions on how to set up a simple network, read Syncthing's getting started.

After a successful first start, it will create the default repository at ~/Sync. You can see this in the web admin interface. On the right is the list of nodes you have added. On the left is the list of repositories, which are folders you can choose to share with other nodes.

To add another node, click "Add Node" underneath the list of nodes. You will be prompted for their Node ID (which can be found on the other machine by clicking Edit > Show ID) as well as a short name and the address. If you specify "dynamic" for the address, the syncthing announce server will be used to automatically exchange addresses between nodes. If you want to know more about Node IDs, including the cryptographic implications, you can read the appropriate Syncthing documentation page.

After saving the configuration, you will be prompted to restart the syncthing server, and once restarted, the changes will be applied.

Next, you can either change the configuration of the default node (click its name and then Edit), or create a new one to share data with. Simply tick the node you wish to share the data with, and they will have permission to access it.

Tips and tricks

Use inotify

Inotify (inode notify) is a Linux kernel subsystem that acts to extend filesystems to notice changes to the filesystem, and report those changes to applications. Syncthing does not support inotify yet but there is an official extension module which talks to the Syncthing REST API. The usage of inotify avoids expensive rescans every minute. The inotify extension can be installed with the syncthing-inotify package. Restart the syncthing service (user or system) for changes to take effect.

Note that while syncthing-gtk includes inotify, it does not depend upon syncthing-inotify, and as such inotify will only work while the GUI is running.

Run a Relay

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements. See Help:Style for reference.Tango-edit-clear.png

Reason: (Discuss in Talk:Syncthing#)

Since version 0.12 Syncthing has the ability to connect two devices via a relay when there exists no direct path between them. There is a default set of relays that is used out of the box. Relayed connections are encrypted in the usual manner, end to end, so the relay has no more insight into the connection than any other random eavesdropper on the internet [1]. To run a relay install syncthing-relaysrv, then start and enable the syncthing-relaysrv.service service.

There is also a git version in the AUR. More information about the syncthing-relaysrv-gitAUR package are available in the Syncthing forum.

Per default the relay joins the Syncthing relay pool and is publicy available. Rate limiting and other options can be configured via command line flags (check syncthing-relaysrv -help). To edit the command line flags just create a drop-in snippet for syncthing-relaysrv.service and replace the ExecStart directive:

/etc/systemd/system/syncthing-relaysrv.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/bin/syncthing-relaysrv FLAGS

A traffic statistics page is available at port 22070, e.g. http://78.47.248.86:22070/status.

Stop journal spam

Syncthing can be quite noisy even while it isn't doing anything. The service ExecStart can be overridden like this to filter output directly without an extra script (adjust "grep" as needed):

/etc/systemd/system/syncthing@.service.d/nospam.conf
[Service]
ExecStart=
ExecStart=/bin/bash -c 'set -o pipefail; /usr/bin/syncthing -no-browser -no-restart -logflags=0 | grep -v "INFO: "'

Discovery Server

The Syncthing Discovery Server is available in the AUR under syncthing-discosrvAUR. Documentation is provided here.

Note, that the discovery server requires certificates to run, which should ideally be placed in /var/discosrv, and the user/group syncthing needs permissions to able to read the certificate files. Currently, you will need to edit the systemd unit file to correctly point to the certificates (as well as any other configuration changes you want to undertake, see list).

/usr/lib/systemd/system/syncthing-discosrv.service
[Unit]
Description=Syncthing discovery server
After=network.target

[Service]
User=syncthing
Group=syncthing
ExecStart=/bin/sh -c "/usr/bin/syncthing-discosrv -db-dsn='file:///var/discosrv/discosrv.db' -cert /var/discosrv/chain.pem -key /var/discosrv/key.pem"
Restart=on-failure
SuccessExitStatus=2

PrivateDevices=true
ProtectSystem=full
ProtectHome=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

To point the client at your discovery server, change the Global Discovery Servers variable under Settings, to point to https://yourserver:8443/ (default port) or whatever port you have reconfigured to. The variable takes a comma-seperated list of discovery servers, it is possible to include multiple ones, including the default one.

If you are using self-signed certificates, the client will refuse to connect unless you append the discovery server ID to its domain. The ID is printed to stdout upon launching the discovery server. Amend the Global Discovery Servers entry to add the ID: https://yourserver.com:8443/?id=AAAAAAA-BBBBBBB-CCCCCCC-DDDDDDD-EEEEEEE-FFFFFFF-GGGGGGG-HHHHHHH.

Troubleshooting

See Debugging syncthing.