How to Install Syncthing on Ubuntu Desktop/Server

This tutorial will show you how to install Syncthing on Ubuntu. Syncthing is a free, peer-to-peer continuous file synchronization program that allows you to synchronize your files across multiple devices, available for Linux, BSD, macOS, Windows, Android and Solaris.

It’s an open-source alternative to the popular Resilio Sync (formerly known as BitTorrent Sync) application. The creation, modification or deletion of files on one machine will automatically be replicated to your other devices. Syncthing does not upload your files to a central server like Nextcloud, but exchange your data directly between your devices. All your data is encrypted with TLS when transmitting between your devices.

Syncthing Features

  • Free & open source.
  • Fast syncing speed.
  • Supports one-way syncing.
  • It can use relay servers if two peers can’t connect to each other.
  • Supports LDAP authentication.

Install Syncthing on Ubuntu via Official Deb Repository

Syncthing is included in the default Ubuntu repository since 18.04 Bionic Beaver. However, it’s recommended to install Syncthing from the upstream official repository, so you will get the latest version.

Use curl to download the GPG key then import the key with apt-key.

sudo apt-get install curl

curl -s https://syncthing.net/release-key.txt | sudo apt-key add -

If you see OK in the terminal, that means the GPG key is successfully imported. Then add the official deb repository with the following command.

echo "deb https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list

Because this repository uses https, we need to install the apt-transport-https package, so the APT package manager can establish https connection with this repository.

sudo apt-get install apt-transport-https

Update local package index and install syncthing on Ubuntu.

sudo apt-get update

sudo apt-get install syncthing

Using Systemd to Set Up Syncthing as a System Service

The official Syncthing deb package ships with the needed systemd service file. Under /lib/systemd/system/ directory, you will find a syncthing@.service file. Enable syncthing to auto start at boot time by running the below command. Replace username with your actual username.

sudo systemctl enable syncthing@username.service

The above command will create a symbolic link that points to the syncthing@.service file.

Created symlink from /etc/systemd/system/multi-user.target.wants/syncthing@linuxbabe.service to /lib/systemd/system/syncthing@.service.

Now we can start the Syncthing service with the following command.

sudo systemctl start syncthing@username.service

Check status

systemctl status syncthing@username.service

Output:

syncthing ubuntu

Hint: If the above command doesn’t quit immediately, press Q to gain back control of the terminal.

We can see that Syncthing autostart is enabled and it’s running.

The syncthing systemd service creates configuration files under /home/username/.config/syncthing/ and a folder /home/username/Sync as the default sync folder. The main config file is /home/username/.config/syncthing/config.xml.

Install Syncthing on other OS

Go to Syncthing download page and install Syncthing on other operating systems like Windows, macOS, BSD, Android.

Open Port 22000 in the Firewall

Syncthing uses port 22000 to communicate with peers. If your computer or server enabled the UFW firewall, then you need to allow port 22000 with the following command.

sudo ufw allow 22000/tcp

Accessing the Ubuntu Syncthing Web Interface

By default, Syncthing service listens on 127.0.0.1:8384. Now in your Web browser’s address bar, type 127.0.0.1:8384 to access the Syncthing Web interface. You can add other Syncthing devices and share folders with them.

debian syncthing web interface

If you install Syncthing on a remote Ubuntu server, you need to set up a reverse proxy with Nginx or Apache in order to access the web UI, which is explained later in this tutorial.

Start Syncing Files between Your Devices

Once we have two devices running Syncthing, we can start syncing files between them.

In the Syncthing web interfce, click on Actions > Show ID on the upper-right corner. You will see the device ID, which is a long string of letters and numbers. The QR code, which is also the device ID, is used for configuring Syncthing on smartphones.

Syncthing Device ID

Copy the device ID, then open the Syncthing Web interface of the second device, click Add Remote Device on the bottom-right corner. Then paste the Device ID and give the device a name. Click the Save button.

Syncthing add remote device

Now the second device will try to connect to the first device. Refresh the Web interface on the first device, you will see the following message. Click Add Device to add the second device to the device list of the first device.

Syncthing add device

Now the two devices are connected.

On the left pane of Web interface is the default sync folder (/home/username/Sync). Click the Add Folder button to add a new folder. Give a descriptive label for this folder and set the folder path.

syncthing add new folder

Syncthing runs as your own user account, so you need to have write permission on the shared folder. If you see the following error message while sharing a folder, it means you don’t have write permission on that folder.

2020-06-21 20:05:49: Failed to create folder marker: mkdir .stfolder: read-only file system

You can grant write permission with setfacl.

sudo apt install acl
sudo setfacl -R -m u:username:rx /folder/path/

In the Sharing tab, select your other Syncthing device.

syncthing sharing devices

In the Advanced tab, you can choose the folder type, rescan interval, etc.

sycnthing advanced sharing settings

Click Save button to begin syncing. A message will appear in the Web interface of the other device. Click Add to receive files.

syncthing add share folder

Now the two devices are syncing files. On the right side, you can see the download rate, upload rate, local folder size, etc.

syncthing check sycning progress

Set Up Reverse Proxy

Since it listens on 127.0.0.1:8384, Syncthing Web interface is only available to connections from the same computer. To be able to access the Syncthing Web interface from a remote computer, we can set up a reverse proxy for Syncthing with Nginx or Apache.

Nginx

Nginx is a very populuar web server and reverse proxy. If you prefer to use Nginx, run the following command to install it.

sudo apt install nginx

Then create a server config file.

sudo nano /etc/nginx/conf.d/syncthing.conf

Add the following content to this file. Replace syncthing.example.com with your preferred domain name. You should also add a DNS A record for this sub-domain. If you don’t have a real domain name, I recommend going to NameCheap to buy one. The price is low and they give whois privacy protection free for life.

server {
  listen 80;
  server_name syncthing.example.com;

  access_log /var/log/nginx/syncthing.access.log;
  error_log /var/log/nginx/syncthing.error.log;
  location / {
    proxy_pass http://127.0.0.1:8384;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}

Save and close the file. Test Nginx configuration and reload Nginx.

sudo nginx -t

sudo systemctl reload nginx

After you point your domain name to the IP address of Ubuntu, type your domain name in the browser address bar and you should see the Syncthing Web interface.

syncthing web interface

If your browser can’t connect to the Syncthing web interface, perhaps you need to open port 80 in firewall. For example, if you use UFW, then run the following command.

sudo ufw allow 80/tcp

Apache

Apache is well-known web server that can also be used as a reverse proxy. If you prefer Apache to Nginx, install it with:

sudo apt install apache2

Start Apache and enable auto start.

sudo systemctl start apache2

sudo systemctl enable apache2

To use Apache as a reverse proxy, we need to enable the proxy modules and the header module.

sudo a2enmod proxy proxy_http headers proxy_wstunnel

Now create a virtual host file for Syncthing.

sudo nano /etc/apache2/sites-available/syncthing.conf

Copy and paste the following lines in to the file. Replace syncthing.example.com with your real domain name. You should also add a DNS A record for this sub-domain. If you don’t have a real domain name, I recommend going to NameCheap to buy one. The price is low and they give whois privacy protection free for life.

<VirtualHost *:80>
   ServerName syncthing.example.com
   ErrorDocument 404 /404.html

   ProxyPass / http://127.0.0.1:8384/
   ProxyPassReverse / http://127.0.0.1:8384/

   ErrorLog ${APACHE_LOG_DIR}/syncthing_error.log
   CustomLog ${APACHE_LOG_DIR}/syncthing_access.log combined

</VirtualHost>

Save and close the file. Then enable this virtual host.

sudo a2ensite syncthing.conf

Restart Apache

sudo systemctl restart apache2

Now you can access the Web UI via syncthing.example.com.

If your browser can’t connect to the Syncthing web interface, perhaps you need to open port 80 in firewall. For example, if you use UFW, then run the following command.

sudo ufw allow 80/tcp

Secure the Syncthing Web UI with HTTPS

To encrypt the HTTP traffic when you visit Syncthing web UI via a domain name, we can enable HTTPS by installing a free TLS certificate issued from Let’s Encrypt. First, open port 443 in the firewall.

sudo ufw allow 443/tcp

Then run the following command to install Let’s Encrypt client (certbot).

sudo apt install certbot

If you use Nginx, then you also need to install the Certbot Nginx plugin.

sudo apt install python3-certbot-nginx

Next, run the following command to obtain and install TLS certificate.

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d syncthing.example.com

If you use Apache, install the Certbot Apache plugin.

sudo apt install python3-certbot-apache

And run this command to obtain and install TLS certificate.

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d syncthing.example.com

Where

  • --nginx: Use the nginx plugin.
  • --apache: Use the Apache plugin.
  • --agree-tos: Agree to terms of service.
  • --redirect: Force HTTPS by 301 redirect.
  • --hsts: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.
  • --staple-ocsp: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.

The certificate should now be obtained and automatically installed.
syncthing ubuntu https certbot
Refresh your Syncthing Web GUI, you will find HTTP connection is automatically redirected to HTTPS secure connection.

Enable User Authentication

By default, anyone can access your Syncthing web interface after reverse proxy is setup. We can enable user authentication to restrict access. Click the Actions button on the upper-right corner, then select Settings -> GUI.

install syncthing on Debian 8

Enter a username in GUI Authentication User field, enter a password in GUI Authentication Password field. Then save your settings.

syncthing gui user authentication

Please note that you don’t need to tick on the Use HTTPS for GUI box, which enables Syncthing to use a self-signed certificate. We have already installed a valid certificate in Apache/Nginx which is trusted by mainstream Web browsers.

Once you save the changes, restart Syncthing systemd service, or you might see a 502 bad gateway error when reloading the page.

sudo systemctl restart syncthing@username.service

Now log into the Syncthing Web interface with your new username and password.

How to Use A Self-Signed TLS Certificate

If you don’t want to use a domain name and valid TLS certificate to access the Syncthing web interface. You can use a self-signed certificate. Edit the Syncthing configuration file.

nano ~/.config/syncthing/config.xml

Find the following lines.

    <gui enabled="true" tls="false" debugging="false">
        <address>127.0.0.1:8384</address>
        <apikey>P4sYoeq2CNQRdfq33dq823dakE2</apikey>
        <theme>default</theme>

To use a self-signed certificate, simply change tls="false" to tls="true". And if you are going to access the Syncthing web interface from a remote computer, change 127.0.0.1 to 0.0.0.0.

Save and close the file. Then restart Syncthing for the changes to take effect.

sudo systemctl restart syncthing@username.service

Send-Only & Receive-Only Folders

When sharing a folder in Syncthing, you can go to the Advanced tab and choose one of three folder types:

  • Send & Receive (default)
  • Send Only
  • Receive Only

You might want to choose send-only or receive-only. For example, If you have 3 computers: A, B, and C, and you want to aggregate folders on computer A and B to a single folder on computer C. Then you can set the folder type to receive-only on computer C. In this way, computer C will have all of the files in a single folder. Computer A and B still have the original files. No more and no less.

syncthing folder type

When you use the same folder path on computer C, Syncthing might warn you that “this path is a subdirectory of an existing folder”. You can ignore this warning because you have a receive-only folder. Existing files in the folder won’t be deleted.

Syncing via Relay Servers

If two Syncthing instances can’t connect to each other, then Syncthing will try to use a relay server to transfer files.

syncthing

Syncing Large Amounts of Small Files

Syncthing isn’t suitable for syncing large amounts of small files like osm tile files, because it will quickly hit the Linux file system inotify limits. If the two devices both run Linux, then you can use the rsync (remote sync) tool to sync large amounts of small files, like this:

rsync -aP /path/to/source/folder/  user@12.34.56.78:/path/to/destination/folder

Troubleshooting

If your Syncthing instances can’t connect to each other, you can use the ss (socket stats) utility to check if Syncthing is listening on TCP port 22000.

sudo ss -lnpt | grep syncthing

As you can see from the screenshot below, my Syncthing is listening on port 8384 (web interface) and 22000 (peer to peer connection).

ubuntu syncthing listen port 22000

If not, you can edit the configuration file.

nano ~/.config/syncthing/config.xml

Find the following line.

<listenAddress>default</listenAddress>

Change default to tcp://your-IP-address.

<listenAddress>tcp://12.34.56.78</listenAddress>

Save and close the file. Then restart Syncthing.

sudo systemctl restart syncthing@username.service

Wrapping Up

I hope this tutorial helped you install and use Syncthing on Ubuntu. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂

Rate this tutorial
[Total: 22 Average: 4.3]

3 Responses to “How to Install Syncthing on Ubuntu Desktop/Server

  • The Device identification data that was obscured is available in the QR code, if one uses a QR code reader app.

  • BangkokBob
    3 months ago

    I found this this very useful. I had a problem with my proxy set up. It worked once then didn’t. So, as I had a firewall exception from from my IP address, I stopped syncthing on the server (systemctl) then started again from the command line: syncthing – ip-gui-address=0.0.0.0:8384 This allowed me to use the syncthing web interface remotely; I then made made changes in the syncthing settings and then restarted by systemctl and was able to continue to use the web interface without the proxy.
    This may help others struggling with trying to access remotely, with no web interface to start.

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.


The maximum upload file size: 2 MB.
You can upload: image.