How to deploy Syncthing

Syncthing is a useful tool for synchronize files between servers.

How to deploy

Installation

Log in your server as root.

# Add the release PGP keys:
sudo mkdir -p /etc/apt/keyrings
sudo curl -L -o /etc/apt/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg
# Add the "stable" channel to your APT sources:
echo "deb [signed-by=/etc/apt/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list
# Add the "candidate" channel to your APT sources:
echo "deb [signed-by=/etc/apt/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing candidate" | sudo tee /etc/apt/sources.list.d/syncthing.list
# Update and install syncthing:
sudo apt-get update
sudo apt-get install syncthing
adduser sync-user
systemctl edit syncthing@sync-user.service # Notice that any edits you make need to be between these two comment blocks.

### Editing /etc/systemd/system/syncthing@sync-user.service.d/override.conf
### Anything between here and the comment below will become the new contents of the file

[Service]
UMask=0002
AmbientCapabilities=CAP_CHOWN CAP_FOWNER

### Lines below this comment will be discarded

systemctl enable syncthing@sync-user.service
systemctl start syncthing@sync-user.service

Web server configuration

For Nginx

vim /etc/nginx/sites-available/your.domain

server {
    listen 80;
    listen [::]:80;
    server_name your.domain;

    # Redirect all HTTP requests to HTTPS
    return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/your.domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your.domain/privkey.pem;
    
    server_name your.domain;
    location / {
    proxy_pass http://localhost:8384/;
    }
}

sudo certbot certonly --nginx -d your.domain
ln -s /etc/nginx/sites-available/your.domain /etc/nginx/sites-enabled/your.domain
service nginx restart

For Apache2

vim /etc/apache2/sites-available/your.domain.conf

<VirtualHost *:80>
    ServerName your.domain
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>

<VirtualHost *:443>
    ServerName your.domain

    ErrorLog ${APACHE_LOG_DIR}/sync_error.log
    CustomLog ${APACHE_LOG_DIR}/sync_access.log combined

    # comment these lines related to ssl until you get your ssl certificate
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/your.domain/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/your.domain/privkey.pem

    <Location />
    ProxyPass http://localhost:8384/
    ProxyPassReverse http://localhost:8384/
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
    Require all granted
    </Location>

    ProxyTimeout 600

    TraceEnable off
</VirtualHost>

a2enmod proxy_http headers
a2ensite your.domain
systemctl reload apache2
certbot certonly --apache -d your.domain
systemctl reload apache2

Reference

1. https://docs.syncthing.net/intro/getting-started.html
2. https://apt.syncthing.net/
3. https://docs.syncthing.net/users/config#config-option-folder.type
4. https://docs.syncthing.net/advanced/folder-sync-ownership.html#elevated-permissions
5. https://docs.syncthing.net/users/autostart.html#autostart-systemd-permissions
6. https://github.com/systemd/systemd/issues/24208
7. https://docs.syncthing.net/users/reverseproxy.html