- self-hostingZola2023-05-30T00:00:00+00:00https://www.callumirving.com/tags/self-hosting/atom.xmlRunning Syncthing on a VPS2023-05-30T00:00:00+00:002023-05-30T00:00:00+00:00
Unknown
https://www.callumirving.com/blog/syncthing-vps/<p>I've been going down the self-hosting rabbit hole recently and decided to try out <a rel="external" href="https://syncthing.net/">Syncthing</a> as a way of syncing notes across my devices. I decided to run a node on a VPS so that I would have one node running 24/7 that my devices can sync to. This guide will help you set up Syncthing on a VPS and secure it using <a rel="external" href="https://launchpad.net/ufw">ufw</a> and <a rel="external" href="https://www.fail2ban.org/wiki/index.php/Main_Page">fail2ban</a>. This guide will only use the command line (no web GUI).</p>
<h2 id="installing">Installing</h2>
<p>The installation process varies depending on which OS you are running on the server but most common Linux distros should have a version of Syncthing packaged in the default repositories. We are also going to install <code>fail2ban</code> for security.</p>
<p>For Ubuntu or Debian server:</p>
<pre class="giallo" style="color: #BFBDB6; background-color: #0D1017;"><code data-lang="shellscript"><span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> sudo apt install syncthing fail2ban</span></span></code></pre>
<p>For Arch:</p>
<pre class="giallo" style="color: #BFBDB6; background-color: #0D1017;"><code data-lang="shellscript"><span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> sudo pacman</span><span style="color: #95E6CB;"> -S</span><span style="color: #AAD94C;"> syncthing ufw fail2ban</span></span></code></pre>
<p>For Fedora:</p>
<pre class="giallo" style="color: #BFBDB6; background-color: #0D1017;"><code data-lang="shellscript"><span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> sudo dnf install syncthing ufw fail2ban</span></span></code></pre><h2 id="security">Security</h2>
<h3 id="disclaimer">Disclaimer</h3>
<p>I am not a security expert. Do your own research before following these instructions.</p>
<h3 id="enable-fail2ban">Enable <code>fail2ban</code></h3>
<p>All you have to do to enable fail2ban is run</p>
<pre class="giallo" style="color: #BFBDB6; background-color: #0D1017;"><code data-lang="shellscript"><span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> systemctl enable fail2ban</span></span>
<span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> systemctl start fail2ban</span></span></code></pre><h3 id="opening-ports-on-vps">Opening ports on VPS</h3>
<p>The ports we are going to need open for Syncthing are 22000 and 21027/udp. Your VPS provider should have instructions on opening ports.</p>
<h3 id="setting-up-ufw">Setting up <code>ufw</code></h3>
<p><code>ufw</code> (uncomplicated firewall) is an easy-to-use firewall tool that we will use to drop all incoming traffic on ports other than the Syncthing ports. We can allow traffic on Syncthing ports by running</p>
<pre class="giallo" style="color: #BFBDB6; background-color: #0D1017;"><code data-lang="shellscript"><span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> sudo ufw allow syncthing</span></span></code></pre>
<p>If you are using SSH to access your VPS it is also important that your open the SSH port so you don't get locked out. To do this, run <code>sudo ufw allow ssh</code>.</p>
<h2 id="configuration">Configuration</h2>
<p>To generate a Syncthing config on the server, run</p>
<pre class="giallo" style="color: #BFBDB6; background-color: #0D1017;"><code data-lang="shellscript"><span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> syncthing generate</span></span></code></pre>
<p>This should output a device ID, make sure to save this for later. I will refer to this as <code>SERVER_ID</code> from now on.</p>
<h3 id="connecting-a-device">Connecting a device</h3>
<p>These next instructions will show you how to connect a device, such as a laptop or desktop computer, to the server. First, make sure Syncthing is running on both the device and the server. Start Syncthing on the server by running the following two commands:</p>
<pre class="giallo" style="color: #BFBDB6; background-color: #0D1017;"><code data-lang="shellscript"><span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> systemctl enable syncthing@USER.service</span></span>
<span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> systemctl start syncthing@USER.service</span></span></code></pre>
<p>where <code>USER</code> is replaced by your username.</p>
<p>First, we will need the device ID of the device. Run <code>syncthing -device-id</code> to get it. I will refer to this as <code>LOCAL_ID</code> from now on. On your local device, run</p>
<pre class="giallo" style="color: #BFBDB6; background-color: #0D1017;"><code data-lang="shellscript"><span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> syncthing cli config devices add</span><span style="color: #95E6CB;"> --device-id</span><span style="color: #AAD94C;"> LOCAL_ID</span></span></code></pre>
<p>and on your local device run</p>
<pre class="giallo" style="color: #BFBDB6; background-color: #0D1017;"><code data-lang="shellscript"><span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> syncthing cli config devices add</span><span style="color: #95E6CB;"> --device-id</span><span style="color: #AAD94C;"> SERVER_ID</span></span></code></pre>
<p>To configure the server to auto-accept folders from the local device, run the following command on the server:</p>
<pre class="giallo" style="color: #BFBDB6; background-color: #0D1017;"><code data-lang="shellscript"><span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> syncthing cli config devices LOCAL_ID auto-accept-folders set</span><span style="color: #D2A6FF;"> true</span></span></code></pre>
<p>Now you can add a folder from your local device. On the local device, run</p>
<pre class="giallo" style="color: #BFBDB6; background-color: #0D1017;"><code data-lang="shellscript"><span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> syncthing cli config folders list</span></span></code></pre>
<p>and copy the folder ID of the folder you want to add. Then run</p>
<pre class="giallo" style="color: #BFBDB6; background-color: #0D1017;"><code data-lang="shellscript"><span class="giallo-l"><span style="color: #59C2FF;">$</span><span style="color: #AAD94C;"> syncthing cli config folders FOLDER_ID devices add</span><span style="color: #95E6CB;"> --device-id</span><span style="color: #AAD94C;"> SERVER_ID</span></span></code></pre>
<p>to add the folder.</p>
<h2 id="credits">Credits</h2>
<ul>
<li>Thanks to <a rel="external" href="https://gist.github.com/Jonny-exe">jonny-exe</a> for creating <a rel="external" href="https://gist.github.com/Jonny-exe/9bad76c3adc6e916434005755ea70389">this gist</a>.</li>
<li><a rel="external" href="https://superuser.com/questions/1397683/how-can-i-configure-syncthing-from-command-line-to-share-a-folder-with-another-c/1731999#1731999?s=0744928a5f9d4717b7445d039785ba53">This superuser post</a> was also great.</li>
</ul>