How to Install Syncthing on Ubuntu 22.04/20.04 Desktop/Server

This tutorial will show you how to install Syncthing on Ubuntu. Syncthing is a free, peer-to-peer continuous file synchronization program that allows you to synchronize your files across multiple devices, available for Linux, BSD, macOS, Windows, Android and Solaris.

It’s an open-source alternative to the popular Resilio Sync (formerly known as BitTorrent Sync) application. The creation, modification or deletion of files on one machine will automatically be replicated to your other devices. Syncthing does not upload your files to a central server like Nextcloud, but exchange your data directly between your devices. All your data is encrypted with TLS when transmitting between your devices.

Syncthing Features

  • Free & open source.
  • Fast syncing speed.
  • Supports one-way syncing.
  • Selective Sync (Ignore patterns).
  • It can use relay servers if two peers can’t connect to each other.
  • Supports LDAP authentication.

Install Syncthing on Ubuntu via Official Deb Repository

Syncthing is included in the default Ubuntu repository since 18.04 Bionic Beaver. However, it’s recommended to install Syncthing from the upstream official repository, so you will get the latest version.

Use curl to download the GPG key then import the key with apt-key.

sudo apt-get install curl

curl -s https://syncthing.net/release-key.txt | sudo apt-key add -

If you see OK in the terminal, that means the GPG key is successfully imported. Then add the official deb repository with the following command.

echo "deb https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list

Because this repository uses https, we need to install the apt-transport-https package, so the APT package manager can establish https connection with this repository.

sudo apt-get install apt-transport-https

Update local package index and install syncthing on Ubuntu.

sudo apt-get update

sudo apt-get install syncthing

Using Systemd to Set Up Syncthing as a System Service

The official Syncthing deb package ships with the needed systemd service file. Under /lib/systemd/system/ directory, you will find a [email protected] file. Enable syncthing to auto start at boot time by running the below command. Replace username with your actual username.

sudo systemctl enable syncthing@username.service

The above command will create a symbolic link that points to the [email protected] file.

Created symlink from /etc/systemd/system/multi-user.target.wants/[email protected] to /lib/systemd/system/[email protected].

Now we can start the Syncthing service with the following command.

sudo systemctl start syncthing@username.service

Check status

systemctl status syncthing@username.service

Output:

syncthing ubuntu

Hint: If the above command doesn’t quit immediately, press Q to gain back control of the terminal.

We can see that Syncthing autostart is enabled and it’s running.

The syncthing systemd service creates configuration files under /home/username/.config/syncthing/ and a folder /home/username/Sync as the default sync folder. The main config file is /home/username/.config/syncthing/config.xml.

Install Syncthing on other OS

Go to Syncthing download page and install Syncthing on other operating systems like Windows, macOS, BSD, Android.

Open Port 22000 in the Firewall

Syncthing uses port 22000 to communicate with peers. If your computer or server enabled the UFW firewall, then you need to allow port 22000 with the following command.

sudo ufw allow 22000/tcp

Accessing the Ubuntu Syncthing Web Interface

By default, Syncthing service listens on 127.0.0.1:8384. Now in your Web browser’s address bar, type 127.0.0.1:8384 to access the Syncthing Web interface. You can add other Syncthing devices and share folders with them.

debian syncthing web interface

If you install Syncthing on a remote Ubuntu server, you need to set up a reverse proxy with Nginx or Apache in order to access the web UI, which is explained later in this tutorial.

Start Syncing Files between Your Devices

Once we have two devices running Syncthing, we can start syncing files between them.

In the Syncthing web interfce, click on Actions > Show ID on the upper-right corner. You will see the device ID, which is a long string of letters and numbers. The QR code, which is also the device ID, is used for configuring Syncthing on smartphones.

Syncthing Device ID

Copy the device ID, then open the Syncthing Web interface of the second device, click Add Remote Device on the bottom-right corner. Then paste the Device ID and give the device a name. Click the Save button.

Syncthing add remote device

Now the second device will try to connect to the first device. Refresh the Web interface on the first device, you will see the following message. Click Add Device to add the second device to the device list of the first device.

Syncthing add device

Now the two devices are connected.

On the left pane of Web interface is the default sync folder (/home/username/Sync). Click the Add Folder button to add a new folder. Give a descriptive label for this folder and set the folder path.

syncthing add new folder

Syncthing runs as your own user account, so you need to have write permission on the shared folder. If you see the following error message while sharing a folder, it means you don’t have write permission on that folder.

2020-06-21 20:05:49: Failed to create folder marker: mkdir .stfolder: read-only file system

You can grant write permission with setfacl.

sudo apt install acl
sudo setfacl -R -m u:username:rwx /folder/path/

Note: If the problem still persists, please see the troubleshooting tips at the end of this article.

In the Sharing tab, select your other Syncthing device.

syncthing sharing devices

In the Ignore Pattens tab, you can enter the name patterns for files that should not be synchronized.

In the Advanced tab, you can choose the folder type, rescan interval, etc. The default full scan interval is 3600 seconds (60 minutes). You can set a smaller interval like 360 seconds (6 minutes), but don’t set it too small (less than 2 minutes), or Syncthing will use lots of CPU resources.

sycnthing advanced sharing settings

Click Save button to begin syncing. A message will appear in the Web interface of the other device. Click Add to receive files.

syncthing add share folder

Now the two devices are syncing files. On the right side, you can see the download rate, upload rate, local folder size, etc.

syncthing check sycning progress

Set Up Reverse Proxy

Since it listens on 127.0.0.1:8384, Syncthing Web interface is only available to connections from the same computer. To be able to access the Syncthing Web interface from a remote computer, we can set up a reverse proxy for Syncthing with Nginx or Apache.

Nginx

Nginx is a very populuar web server and reverse proxy. If you prefer to use Nginx, run the following command to install it.

sudo apt install nginx

Then create a server config file.

sudo nano /etc/nginx/conf.d/syncthing.conf

Add the following content to this file. Replace syncthing.example.com with your preferred domain name. You should also add a DNS A record for this sub-domain. If you don’t have a real domain name, I recommend going to NameCheap to buy one. The price is low and they give whois privacy protection free for life.

server {
  listen 80;
  server_name syncthing.example.com;

  access_log /var/log/nginx/syncthing.access.log;
  error_log /var/log/nginx/syncthing.error.log;
  location / {
    proxy_pass http://127.0.0.1:8384;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}

Save and close the file. Test Nginx configuration and reload Nginx.

sudo nginx -t

sudo systemctl reload nginx

After you point your domain name to the IP address of Ubuntu, type your domain name in the browser address bar and you should see the Syncthing Web interface.

syncthing web interface

If your browser can’t connect to the Syncthing web interface, perhaps you need to open port 80 in firewall. For example, if you use UFW, then run the following command.

sudo ufw allow 80/tcp

Apache

Apache is well-known web server that can also be used as a reverse proxy. If you prefer Apache to Nginx, install it with:

sudo apt install apache2

Start Apache and enable auto start.

sudo systemctl start apache2

sudo systemctl enable apache2

To use Apache as a reverse proxy, we need to enable the proxy modules and the header module.

sudo a2enmod proxy proxy_http headers proxy_wstunnel

Now create a virtual host file for Syncthing.

sudo nano /etc/apache2/sites-available/syncthing.conf

Copy and paste the following lines in to the file. Replace syncthing.example.com with your real domain name. You should also add a DNS A record for this sub-domain. If you don’t have a real domain name, I recommend going to NameCheap to buy one. The price is low and they give whois privacy protection free for life.

<VirtualHost *:80>
   ServerName syncthing.example.com
   ErrorDocument 404 /404.html

   ProxyPass / http://127.0.0.1:8384/
   ProxyPassReverse / http://127.0.0.1:8384/

   ErrorLog ${APACHE_LOG_DIR}/syncthing_error.log
   CustomLog ${APACHE_LOG_DIR}/syncthing_access.log combined

</VirtualHost>

Save and close the file. Then enable this virtual host.

sudo a2ensite syncthing.conf

Restart Apache

sudo systemctl restart apache2

Now you can access the Web UI via syncthing.example.com.

If your browser can’t connect to the Syncthing web interface, perhaps you need to open port 80 in firewall. For example, if you use UFW, then run the following command.

sudo ufw allow 80/tcp

Secure the Syncthing Web UI with HTTPS

To encrypt the HTTP traffic when you visit Syncthing web UI via a domain name, we can enable HTTPS by installing a free TLS certificate issued from Let’s Encrypt. First, open port 443 in the firewall.

sudo ufw allow 443/tcp

Then run the following command to install Let’s Encrypt client (certbot).

sudo apt install certbot

If you use Nginx, then you also need to install the Certbot Nginx plugin.

sudo apt install python3-certbot-nginx

Next, run the following command to obtain and install TLS certificate.

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d syncthing.example.com

If you use Apache, install the Certbot Apache plugin.

sudo apt install python3-certbot-apache

And run this command to obtain and install TLS certificate.

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d syncthing.example.com

Where

  • --nginx: Use the nginx plugin.
  • --apache: Use the Apache plugin.
  • --agree-tos: Agree to terms of service.
  • --redirect: Force HTTPS by 301 redirect.
  • --hsts: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.
  • --staple-ocsp: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.

The certificate should now be obtained and automatically installed.
syncthing ubuntu https certbot
Refresh your Syncthing Web GUI, you will find HTTP connection is automatically redirected to HTTPS secure connection.

Enable User Authentication

By default, anyone can access your Syncthing web interface after reverse proxy is setup. We can enable user authentication to restrict access. Click the Actions button on the upper-right corner, then select Settings -> GUI.

install syncthing on Debian 8

Enter a username in GUI Authentication User field, enter a password in GUI Authentication Password field. Then save your settings.

syncthing gui user authentication

Please note that you don’t need to tick on the Use HTTPS for GUI box, which enables Syncthing to use a self-signed certificate. We have already installed a valid certificate in Apache/Nginx which is trusted by mainstream Web browsers.

Once you save the changes, restart Syncthing systemd service, or you might see a 502 bad gateway error when reloading the page.

sudo systemctl restart syncthing@username.service

Now log into the Syncthing Web interface with your new username and password.

How to Use A Self-Signed TLS Certificate

If you don’t want to use a domain name and valid TLS certificate to access the Syncthing web interface. You can use a self-signed certificate. Edit the Syncthing configuration file.

nano ~/.config/syncthing/config.xml

Find the following lines.

    <gui enabled="true" tls="false" debugging="false">
        <address>127.0.0.1:8384</address>
        <apikey>P4sYoeq2CNQRdfq33dq823dakE2</apikey>
        <theme>default</theme>

To use a self-signed certificate, simply change tls="false" to tls="true". And if you are going to access the Syncthing web interface from a remote computer, change 127.0.0.1 to 0.0.0.0.

Save and close the file. Then restart Syncthing for the changes to take effect.

sudo systemctl restart syncthing@username.service

Send-Only & Receive-Only Folders

When sharing a folder in Syncthing, you can go to the Advanced tab and choose one of three folder types:

  • Send & Receive (default)
  • Send Only
  • Receive Only

You might want to choose send-only or receive-only. For example, If you have 3 computers: A, B, and C, and you want to aggregate folders on computer A and B to a single folder on computer C. Then you can set the folder type to receive-only on computer C. In this way, computer C will have all of the files in a single folder. Computer A and B still have the original files. No more and no less.

syncthing folder type

When you use the same folder path on computer C, Syncthing might warn you that “this path is a subdirectory of an existing folder”. You can ignore this warning because you have a receive-only folder. Existing files in the folder won’t be deleted.

Syncing via Relay Servers

If two Syncthing instances can’t connect to each other, then Syncthing will try to use a relay server to transfer files.

syncthing

A common reason why they can’t connect to each other is that one of them is behind a NAT device and didn’t configure port forwarding. Once you configure port forwarding, you can disable relay servers. Here’s how. Click the Edit button and select the Advanced tab, Change the address from dynamic to tcp://ip-address:22000. Of course you need to use your real IP address.

syncthing disable relay servers

Syncing Large Amounts of Small Files

Syncthing isn’t suitable for syncing large amounts of small files like osm tile files, because it will quickly hit the Linux file system inotify limits. If the two devices both run Linux, then you can use the rsync (remote sync) tool to sync large amounts of small files, like this:

rsync -aP /path/to/source/folder/  [email protected]:/path/to/destination/folder

Running Multiple Instances of Syncthing

If you have multiple shared folders that belong to different users, it’s a good idea to run multiple instances of Syncthing for each user.

sudo systemctl start [email protected]
sudo systemctl start [email protected]

If you run Syncthing as user1 and share folders belonging to user2, you are going to have out-of-sync/permission denied problems, because Syncthing will create the files with the user it runs as.

Each instance needs to have a unique GUI port and sync port, which can be configured in the user’s syncthing configuration file under the home directory.

nano ~/.config/syncthing/config.xml

GUI port configuration is

<address>127.0.0.1:8384</address>

The default sync port configuration is

<listenAddress>default</listenAddress>

You can change it to

<listenAddress>tcp://0.0.0.0:22001</listenAddress>

If you don’t want to create a sub-domain for each Syncthing instance, you can create a subdirectory in your domain name. For example, the Nginx subdirectory configuration for Syncthing is as follows.

 location /user2/ {
    proxy_pass http://127.0.0.1:8385/;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }

I use user2 as the subdirectory. You can choose whatever name you like. Note that in proxy_pass http://127.0.0.1:8385/;, the trailing slash / is needed. If you delete it, it won’t work.

Troubleshooting Tips

Unable to connect

If your Syncthing instances can’t connect to each other, you can use the ss (socket stats) utility to check if Syncthing is listening on TCP port 22000.

sudo ss -lnpt | grep syncthing

As you can see from the screenshot below, my Syncthing is listening on port 8384 (web interface) and 22000 (peer-to-peer connection).

ubuntu syncthing listen port 22000

If not, you can edit the configuration file.

nano ~/.config/syncthing/config.xml

Find the following line.

<listenAddress>default</listenAddress>

Change default to tcp://your-IP-address.

<listenAddress>tcp://12.34.56.78</listenAddress>

Save and close the file. Then restart Syncthing.

sudo systemctl restart syncthing@username.service

Failed to Create Folder Marker

If you want to sync a system folder such as /etc/, you will probably see the following error message:

Failed to create folder marker, read-only file system

This is because the syncthing systemd service (/lib/systemd/system/[email protected]) has the following ProtectSystem variable that forbids write operation on systemd folders (/usr/, /boot/, /etc/).

ProtectSystem=full

We can add exclusions, so Syncthing can write to the folder. Create a folder to store our custom systemd configurations.

sudo mkdir /etc/systemd/system/syncthing@username.service.d/

Then create a file under this directory.

sudo nano /etc/systemd/system/syncthing@username.service.d/permission.conf

Add the following lines in this file.

[Service]
ReadWritePaths=/shared/foler/one/  /shared/foler/two/

Folders are separated by empty space. You can add as many folders as you like. The folder must exist on your system, or Syncthing will fail to restart.

Save and close the file. Then reload systemd.

sudo systemctl daemon-reload

And restart Syncthing.

sudo systemctl restart syncthing@username.service

The Folder Size in Global State is inaccurate

This can happen if you share folders with multiple devices. Let’s say you share a folder from device 1 to device 2. If device 2 isn’t finished syncing files and you share the folder from device 2 to device 3, then the global folder size displayed on device 3 will be smaller than the actual size.

Folder Synchronization Stops

Check the Syncthing logs to find out why it stopped syncing.

sudo journalctl -eu [email protected]

Problem Processing Requests

If you see the following error, you can check the Nginx error log (/var/log/nginx/syncthing.error.log) or the Apache error log (/var/log/apache/syncthing_error.log) to find out what caused this problem.

Syncthing seems to be experiencing a problem processing your request. Please refresh the page or restart Syncthing if the problem persists.

In my case, it’s because I enabled ModSecurity web application firewall.

Asynchronous Replication

Note that Syncthing uses the asynchronous method, so changes made on one node will take some time to replicate to other nodes. If your application is sensitive to sync delay, it’s recommended to designate a node as the master node. Make changes on the master node only and use the slave nodes as a backup.

Wrapping Up

I hope this tutorial helped you install and use Syncthing on Ubuntu. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂

Rate this tutorial
[Total: 22 Average: 4.3]

9 Responses to “How to Install Syncthing on Ubuntu 22.04/20.04 Desktop/Server

  • The Device identification data that was obscured is available in the QR code, if one uses a QR code reader app.

    • Xiao Guoan (Admin)
      4 years ago

      It’s a test server, which was destroyed after publishing this article, so no harm can be done with the QR code 🙂

  • BangkokBob
    3 years ago

    I found this this very useful. I had a problem with my proxy set up. It worked once then didn’t. So, as I had a firewall exception from from my IP address, I stopped syncthing on the server (systemctl) then started again from the command line: syncthing – ip-gui-address=0.0.0.0:8384 This allowed me to use the syncthing web interface remotely; I then made made changes in the syncthing settings and then restarted by systemctl and was able to continue to use the web interface without the proxy.
    This may help others struggling with trying to access remotely, with no web interface to start.

  • Wonderful article!

    About relay servers phrase: “A common reason why they can’t connect to each other is that one of them is behind a NAT device and didn’t configure port forwarding.”

    Relay servers are needed if BOTH are inaccessible. If ONLY ONE is behind a NAT, you can disable relay if you wish. There are other configs related to NAT but the defaults just work if one end accepts direct connection and the other is behind a NAT.

  • Don Jenkins
    3 years ago

    Does anyone know what this means??

    [email protected] - Syncthing - Open Source Continuous File Synchronization for don
         Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: enabled)
         Active: failed (Result: exit-code) since Mon 2021-04-05 09:56:23 MST; 5s ago
           Docs: man:syncthing(1)
        Process: 6562 ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0 (code=exited, status=2)
       Main PID: 6562 (code=exited, status=2)
    
    Apr 05 09:56:22 piggy-mint syncthing[6562]:  upnp            - UPnP discovery and port mapping
    Apr 05 09:56:22 piggy-mint syncthing[6562]:  ur              - Usage reporting
    Apr 05 09:56:22 piggy-mint syncthing[6562]:  versioner       - File versioning
    Apr 05 09:56:22 piggy-mint syncthing[6562]:  walkfs          - Filesystem access while walking
    Apr 05 09:56:22 piggy-mint syncthing[6562]:  watchaggregator - Filesystem event watcher
    Apr 05 09:56:23 piggy-mint systemd[1]: [email protected]: Scheduled restart job, restart counter is at 4.
    Apr 05 09:56:23 piggy-mint systemd[1]: Stopped Syncthing - Open Source Continuous File Synchronization for don.
    Apr 05 09:56:23 piggy-mint systemd[1]: [email protected]: Start request repeated too quickly.
    Apr 05 09:56:23 piggy-mint systemd[1]: [email protected]: Failed with result 'exit-code'.
    Apr 05 09:56:23 piggy-mint systemd[1]: Failed to start Syncthing - Open Source Continuous File Synchronization for don.
    
  • Syncthing install killed my Ubuntu server’s internet access. aaargh

  • Very good work again, as always!

    Just curious comment, I “found” from Syncthing FAQ possible solution for “Syncing Large Amounts of Small Files”
    What do you think, is this acceptable solution?
    https://docs.syncthing.net/users/faq.html#how-do-i-increase-the-inotify-limit-to-get-my-filesystem-watcher-to-work

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here