Syncthing in docker + Raspberry Pi 4 + Synchronize from everywhere

  • Hello everybody,


    I succeeded to install Syncthing in docker on my Raspberry Pi 4 with OMV 5. It works perfectly between the server and my computer.


    Now I'd like to keep on synchronizing files when I'm not at home (at work for exemple).


    I think it's possible but I don't know how. I read things about LetsEncrypt, Nginx... I created a domain on duckdns, but I don't really understand how to use LetsEncrypt or Nginx with Syncthing to synchronize from everywhere...


    Could someone help me?


    Thanx in advance.

    "La fleeeeeeeur en bouquet fââââne et jamais ne renaîîîît !!!", Le Roi Burgonde, Kaamelott.

    • Official Post

    Are you talking about keeping a laptop synced back and forth to work or syncing files on a desktop at work?

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

  • When I’m home syncing files between my laptop and the rpi4 is ok.

    Now how syncing files between the rpi4 and another computer at work?


    Thanx

    "La fleeeeeeeur en bouquet fââââne et jamais ne renaîîîît !!!", Le Roi Burgonde, Kaamelott.

    • Official Post

    These links might point you in the right direction.

    https://blog.linuxserver.io/20…rypt-nginx-starter-guide/

    https://docs.linuxserver.io/general/swag


    Please note that swag and letsencrypt are more or less the same thing.

    https://blog.linuxserver.io/2020/08/21/introducing-swag/

  • Thanx for the docs! :)


    I read it twice but I understood it partially. So I want your expert analysis just to know if I did things correctly.

    I'm going to detailed my work now :


    After reading the docs I decided to use SWAG container in my docker compose to install Syncthing. Here is the Stack I used in Portainer:


    As you can see I used Duckdns as authorization method.


    I forwarded port 443 in my web router.


    The stack installed without error and I had got two new containers : "swag" and "syncthing" which are working together (if my understanding of the docs is correct).


    Then I renamed syncthing.subdomain.conf.sample to syncthing.subdomain.conf in appdata/swag/nginx/proxy-confs/ and modified it like this:


    As you can see I put yellow font color to indicate the changes. But I don't know here if the changes are correct. The address is my NAS address where OMV is installed.


    Thanks to changes, I could access to the Synchting GUI of the NAS using https://syncthing.*********.duckdns.org.

    I add a username and a password to access the GUI.


    After that I installed the syncthing client on my Mac. And I shared a folder between my Mac and my server (using Show ID to accept new Remote Devices in the web GUI).


    I succeeded to share and sync files between my Mac and my NAS on the same network.


    Then I wanted to know if I could do the same things on different networks, so i stopped my Mac wifi and I shared my internet phone to connect the Mac. The NAS was always on my router network.


    I tried to make changes in the Mac shared folder (add files, delete files) and it seemed that files were added or deleted also on the folder NAS.


    So to resume, I think I did it! All seems to work. But... although i understand why I can reach the server GUI, I don't understand why the files syncs between the server and the MacBook when the two are on different networks.


    So now my question is : does my work seem to be good for experts? Am i well protected ? Is it a risk that somebody could access to my data?


    Thanx in advance.


    N.B: English is not my native language so I hope all was clear for you...

    "La fleeeeeeeur en bouquet fââââne et jamais ne renaîîîît !!!", Le Roi Burgonde, Kaamelott.

    • Official Post

    Am i well protected ? Is it a risk that somebody could access to my data?

    There is always a risk.

    You can reduce the risk by using a STRONG password.

    In addition SWAG uses fail2ban which supports intrusion prevention. After too many failed login trials it will block further attempts for a certain amount of time. AFAIK for SWAG the config is 5x failed logins to be banned for 10min. That makes it difficult for brute force attacks.


    You can (and should) try it. Use several times wrong credentials and then try to use the correct ones.

    • Official Post

    I am a great fan of swag/reverse proxy and of DuckDNS. I have several services deployed from one yml file and I love it. But I think Syncthing is a horse of a different color. I use it to keep certain document folders synchronized between a desktop and a laptop Mac. It isn’t intended to work in a client/server relationship. With Syncthing in a container on OMV your server is just another “device.” You install Syncththing on the “devices” you want to share/sync data between/among and the installation generates a unique “device ID” that you then share with the other “devices.” As it says in the documentation, “It just works.”I may be missing something but I don’t see the need to involve Swag and reverse proxy to use Syncthing.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

  • Ok,


    The new question is : is Fail2ban automatically activated or do I have to activate myself? How configure it?


    For the moment the only strong password I use is to access the web GUI.


    Thanx

    "La fleeeeeeeur en bouquet fââââne et jamais ne renaîîîît !!!", Le Roi Burgonde, Kaamelott.

    • Official Post

    The new question is : is Fail2ban automatically activated or do I have to activate myself? How configure it?

    Yes, it is already configured.


    But consider the comment from Agricola

    I do not use syncthing, but makes sense to me.

    • Official Post

    I have never used Syncthing in a docker on OMV, so that could involve some differences from my use on two Macs. For instance , in the yml you have to set all of your file paths. In other words, if you have folders a, b, and c you want to sync among the three machines, those folders’ paths need to be set in your yml file. On the PCs those folders can be added to Syncthing after it has been installed. If you want to add another folder at a later date you can do so on the PCs on the fly, but you will have to add it to your yml file and redeploy the container.


    SWAG does include reverse_proxy.conf files for Syncthing. Why? I don’t see why. All of the reverse_proxy files that I have used have worked without a hitch super easily. It’s great to be able to access Airsonic or Navidrome from a remote location on someone else’s machine, but I can’t see why anyone would want to do that with Syncthing, or if it’s even possible.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

  • Hi Agricola,


    Ok what you say makes sense.

    So I tried to reinstall the docker container without SWAG, and files sync when my two devices are on different networks.

    So it is much easier than I thought at the beginning! As we say in France "Why do easy when you can do difficult?" (I don't know if it is well traduced :P)


    In fact I just want a personal cloud, without using Google, Apple or others... I want to save my files in case of drive failure...

    At the beginning, when I created my NAS, I discovered Nextcloud, so I tried it, and abandoned it because of some issues (and there were too much applications in it I didn't use). Next I discovered Seafile which seemed to be a good solution for what I want. But I never succeeded to install it (I didn't find any official Seafile container for Rpi4).

    Finally I found Syncthing. Now that it seems to work, I hope I won't have issues with it...


    Thanx for your help!

    "La fleeeeeeeur en bouquet fââââne et jamais ne renaîîîît !!!", Le Roi Burgonde, Kaamelott.

    • Official Post

    RoiBurgonde I’m glad it suits your needs. Merry Christmas.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

  • RoiBurgonde In case you still want to give Seafile a try:
    https://github.com/haiwen/seafile-rpi/releases


    This is a specific build for ARM machines, which I use since a few years already.

    Works perfectly fine as an self-hosted Dropbox-like solution.


    There is also a - bit outdated - guide on how to Seafile here in the forum: How to install Seafile with MySQL and SSL


    Now it is actually simpler to setup than this guide, once you have a mysql or mariaDB instance running - e.g. as docker container.


    I prefer it over Syncthing, as I had a hard time getting Syncthing to run as I wanted to.

    OMV 5.x | Banana PI (M1) | Seafile Server
    OMV 4.x | ShuttlePC SH55J2

  • sieben

    In fact Syncthing suits perfectly now for my needs.

    I’d really want to try Seafile once, just to see... but only if I can install it easily in a docker container.


    But thanx for your answer to this thread.


    Agricola

    SWAG does include reverse_proxy.conf files for Syncthing. Why? I don’t see why. All of the reverse_proxy files that I have used have worked without a hitch super easily. It’s great to be able to access Airsonic or Navidrome from a remote location on someone else’s machine, but I can’t see why anyone would want to do that with Syncthing, or if it’s even possible.

    I can answer : I used reverse proxy with syncthing once to share folders and files on someone’s else’s machine. Very useful...

    "La fleeeeeeeur en bouquet fââââne et jamais ne renaîîîît !!!", Le Roi Burgonde, Kaamelott.

  • RoiBurgonde

    Got your point, I would also prefer having it in a docker container.

    However I believe it is not trivial to have it running as docker container on ARM, caused by the dependencies Seafile has. That is the reason why the specific build for ARM based boards is (still) there and not yet replaced :)

    OMV 5.x | Banana PI (M1) | Seafile Server
    OMV 4.x | ShuttlePC SH55J2

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!