Some data (like password databases) are best kept local â but then, how do you sync them to all or some of your devices, without involving a cloud service?
We recommend Syncthing for that. When properly configured, all devices will directly communicate to synchronize files, as defined by you.
Thereâs a little catch though, when multiple users are logged in on the same device, e.g., a desktop machine. They will face problems with its default configuration. Weâll sort them out here.
When a »device« actually isnât a device
Consider Jay and Robin, two users who may be logged in to the same PC, each wanting privacy and file synchronization, without interference from the other one.
When you install Syncthing, and have it auto-start upon Jayâs login, Jay gets their own personal instance of it. That instance will listen to the world on a specific port, and its Web GUI for Jay will be available on a second port. Unfortunately, in Syncthing terminology, Jayâs Syncthing instance is called a »device«.
When you do the same for Robin, their instance of Syncthing will try to start, but doesnât know anything about Jay already being logged in. Robinâs instance of Syncthing will try to grab the same default ports, like Jayâs. This canât possibly work, so Robinâs instance wonât start.
Even worse: If you havenât enabled user names and passwords for the Jayâs Web GUI, Robin will erroneously access Jayâs file synchronization settings â and be granted full access.
What to do
You need to modify each userâs configuration of Syncthing, immediately after having installed Syncthing for that user, when calling the Web GUI for the first time.
Step 0: Install Syncthing, if you havenât so far
Pick the appropriate installation option on Syncthingâs website, and follow the instructions.
Step 1: Set up a list of users, and their private Syncthing ports
Every instance of Sycthing, Jayâs as well as Robinâs, needs their own private listener port, and their own private Web GUI port. The default ports are 8384
and 22000
, respectively â every freshly installed Syncthing instance will grab those defaults, upon start. Thatâs why you shouldnât assign them to any user.
Letâs say you have scribbled down this table:
User | Listener port | Web GUI port |
---|---|---|
Jay | 22001 | 8385 |
Robin | 22002 | 8386 |
⊠| ⊠| ⊠|
Itâs a good idea to maintain this list in a document. To keep things simple, we suggest that you use these parameters for all machines where Jay, Robin, and others have accounts.
Now, reboot the device, to make sure no personal instance of Syncthing is running yet.
Step 2: Per-user configuration
- Log in, as a user (or ask a user to do so). It doesnât matter which user you pick first from the table above â in our example, itâll be Jay.
- Start Syncthing. On most Linux distributions, the installation will have added a menu entry for that. (How to make Syncthing autostart is beyond the scope of this text). After a few seconds, Jayâs instance of Syncthing will be listening to the world on the default port, and offer a Web GUI under a second port, also the default. Unfortunately, every private instance of Syncthing like the one we just have started is called a »device«, in Syncthingâs terminology. Additional instances started by other users will also be considered a »device«, although all of them run on the same physical machine.
- The default URL for the Web GUI is http://127.0.0.1:8284. Open it in a browser, and the Web GUI should show up. Sadly, by default no login will be required.
- Weâll now change the default settings to Jayâs, taken from the table above. In the top right corner, open the
Actions
dropdown menu and click onAdvanced
, to access the Advanced Configuration screen. - Click on the
GUI
accordion tab to open it. The field Address will show the default value of127.0.0.1:8384
Change it to127.0.0.1:8385
. Similarly, click on theOptions
accordion tab to open it. The field Listen Addresses will havedefault
as its content â change that to22001
, the value defined for Jay in the table above. - Scroll down, and press the
Save
button. Syncthing will restart, and since we have changed the Web GUI port to8385
, it will immediately become unavailable â Jay will have to browse to http://127.0.0.1:8285, from now on. - Thatâs the bare minimum. Jayâs instance of Syncthing will now listen to the world on its own port, and Jay will be able to change their file synchronization settings under http://127.0.0.1:8285. Have Jay log out, and repeat steps all steps until here for Robin, using their private values from the table.
- While Jay and Robin now have their private instances of Syncthing up and running, Jay can now access Robinâs configuration, and vice versa: by default, there is no login protection, so they can simply browse the other oneâs URL. Even other users on that machine can! Letâs change that.
Step 3: Secure the Web GUI
Weâll set a password for user »Jay«, as an example. Optionally, you can (and should) enable HTTPS for the Web GUI.
- Launch the Web GUI. Remember you changed the Web GUI port, so you have to use http://127.0.0.1:8285
- In the top right corner, open the
Actions
dropdown menu and click onAdvanced
, to access the Advanced Configuration screen. - Click on the
GUI
accordion tab to open it. In the fieldUser
, enter »Jay«; enter a good-quality password intoPassword
. - Optional, but recommended: Enable
[x] Use TLS
. Pro: access to the Web GUI willl now be secured via TLS (the URL changes tohttps://...
) Con: Since Syncthing is using self-signed certificates, your browser will most likely alert you about a security risk, when accessing the Web GUI. Weâd rather live with that annoyance than disable TLS.
If you mess up
When playing with Web GUI options, you might accidentally end up with the Web GUI being inaccessible. The options discussed above reside in a file called config.xml
. Depending on your operating system, itâs location varies.
You can open config.xml
with a text editor fill in the default values, again:
Reset listener port
<options> <listenAddress>default</listenAddress>
Reset Web GUI port; disable user name & password, TLS
<gui enabled="true"> <address>127.0.0.1:8384</address>
- Removing
tls="true"
from<gui ...>
disables TLS / HTTPS. - Removing
<user>...</user>
and<password>...</password>
disables the login requirement.
You should now be able to restart Syncthing.
Image Credits:
Papirus icon for Syncthing-gtk (modified) | GNU General Public License, version 3
Licensing:
This content is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
For your attributions to us please use the word »tuxwise«, and the link https://tuxwise.net.