timloha.blogg.se - Syncthing server

# Local IP address:port for discovery serverĪccess_log /var/log/nginx/access.log vhost Proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto Proxy_set_header Connection $proxy_connection Use as the discovery server URL in the Syncthing settings. The following is a complete example Nginx configuration file. Proxy_set_header X-SSL-Cert $ssl_client_cert Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for These three lines in the configuration take care of the last three requirements listed

The proxy must request the client SSL certificate but not require it to be signed by a.

The “X-SSL-Cert” must be passed through with the PEM-encoded client SSL certificate.

The “X-Forwarded-For” http header must be passed through with the client’s real IP.

SSL certificate/key configured for the reverse proxy.

Run the discovery server using the -http flag stdiscosrv -http.

Sharing an SSL certificate with multiple services on the same server.

Use of a subdomain name without requiring a port number added to the URL.

The discovery server can be run behind an SSL-secured reverse proxy. Otherwise, the URL (note the trailing slash after the v2) will be: Non CA signed certificate, this device ID (fingerprint) must be given to the clients in The discovery server prints it’s device ID at startup.

Server device ID is 7DDRT7J-UICR4PM-PBIZY元-MZOJ7X7-EX56JP6-IK6HHMW-S7EK32W-G3EUPQA $ stdiscosrv -cert /path/to/cert.pem -key /path/to/key.pem Seeįor the first two options, the discovery server must be given the paths to the certificateĪnd key at startup. Pass the -http flag if the discovery server is behind an SSL-secured reverse proxy.In this case, using syncthing -generate is a good option to create a certificate pair. ID” (similar to Syncthing-to-Syncthing authentication). Use any certificate pair and let clients authenticate the server based on it’s “device.This is like any other HTTPS website clients will authenticate the server based Use a CA-signed certificate pair for the domain name you will use for the discovery.The discovery server provides service over HTTPS. If you are running an instance of Syncthing on the discovery server, you must eitherĪdd that instance to other devices using a static address or bind the discovery serverĪnd Syncthing instances to different IP addresses. Stdiscosrv doesn’t have permission to do so, create the directory and set the ownerĪppropriately or use the command line switches (see below) to select a different location.

Partition stdiscosrv.exe is executed from) with configuration. Generate the directory /var/stdiscosrv ( X:\var\stdiscosrv on Windows, where X is the Start this in whatever way you are most comfortable with ĭouble clicking should work in any graphical environment.

Unpacking it will yield a binary called stdiscosrv If you haven’t yet, head overĪppropriate for your operating system. This guide assumes that you have already set up Syncthing. If you wish to use only your own discovery server, remove the default entry from the list. Stdiscosrv to be available over the internet with a dynamic IP address, you will need a Note that stdiscosrv uses port 8443 by default. Stdiscosrv’s host address to the comma-separated list, e.g. Go to settings, Global Discovery Server and add To make Syncthing use your own instance of POINTING SYNCTHING AT YOUR DISCOVERY SERVERīy default, Syncthing uses a number of global discovery servers, signified by the entryĭefault in the list of discovery servers. http Listen on HTTP (behind an HTTPS proxy).Īllowed average package rate, per 10 s (default 5).Īllowed burst size, packets (default 20).įile to write periodic operation stats to. Anyone can run aĭiscovery server and point Syncthing installations to it.ĭatabase DSN (default “memory://stdiscosrv”). Syncthing relies on a discovery server to find peers on the internet.