access remote GUI not working; port closed?


(ruud) #1

I’m trying to get Syncthing to work on my qnap nas. I’ve installed the qpkg, and now it appears to be running, but I can’t access the GUI from my laptop.

From command line while having ssh access to the nas (output shortened):

[~] # syncsh status full
 syncthing is Enable
 herefater task running one with select multiple with fork
14760 admin      3164 S   /share/HDA_DATA/.qpkg/syncthing/syncthing -home /shar
14807 admin     16604 S N /share/HDA_DATA/.qpkg/syncthing/syncthing -home /shar
 QPKG version 
1
 Syncthing version from qpkg.conf

 QPKG Config File 
[global]
# use x86 bin in place of x86_64
Use_x86=FALSE
# global_discovery=FALSE
Log=YES
guiAddress=0.0.0.0:8090
guihttps=NO
user=admin
gogc=100
gomaxprocs=0
(...)
 Syncthing config file 
<configuration version="28">
    <gui enabled="true" tls="false" debugging="false">
        <address>127.0.0.1:8384</address>
        <apikey>YgHGXQvWz6EkyAKbmA6TEnSWEgDfMFS6</apikey>
        <theme>default</theme>
    </gui>
    <ldap></ldap>
    <options>
        (...)
    </options>
</configuration>

The localhost and port mentioned don’t seem to be open though:

[~] # nc -vz 127.0.0.1 8384
localhost [127.0.0.1] 8384 (?) : Connection refused

Any idea, what I could do?

(Eventually I want to access the GUI from my laptop via $ ssh -L 9090:127.0.0.1:8384 user@othercomputer.example.com as described in the FAQ section 2.2.21.)


(Simon) #2

The config file says 8090

not 8384


(ruud) #3

Thanks Simon for your reply. You are right, port 8090 is open:

[~] # nc -vz 127.0.0.1 8090 
localhost [127.0.0.1] 8090 (?) open

And in fact, I can access the nas’ GUI through its IP address (192.168.1.100 in my case) and that port, from my laptop’s browser (so, on http://192.168.1.100:8090/)

However, that port is listed in syncsh status full together with ip address 0.0.0.0, which, if I understand correctly, is not recommended for security reasons, as it’s accessible by anyone on the network. Instead of putting a password on the GUI to reduce the risk, my preferred option is to turn off the 0.0.0.0 address (as recommended here) and use ssh's security, so that the GUI is only shown to those that are able to ssh into the nas. And I actually thought that is what I was doing, as syncthing’s config.xml file mentions (as is shown in my code-snipped):

<address>127.0.0.1:8384</address>

The 0.0.0.0 address does not appear in config.xml.

So my questions now:

  1. Where is the 0.0.0.0 address configured?
  2. Is there a reason it takes precedence over the address configured in config.xml?

Many thanks!


(Simon) #4

Again from your own post:

So this is due to a qpkg config file. Where that file is placed is a question for qpkg documentation or support.


(ruud) #5

Yes, I had seen that line QPKG Config File as well.

There is only one file I can find that I think might be meant, and that is /etc/config/qpkg.conf. It does not have the mentioned entries, however. The section on syncthing:

[syncthing]
Name = syncthing
Version = 1-
Enable = TRUE
QPKG_File = syncthing.qpkg
Date = 2018-11-03
Shell = /share/HDA_DATA/.qpkg/syncthing/syncthing.sh
Install_Path = /share/HDA_DATA/.qpkg/syncthing
Web_Port = 8090
WebUI /
Author = Father_mande

To see if this file’s contents is used, I first changed changing the 3rd to last line to Web_Port = 8384, and restartet the service (syncsh restart) This does not change anything:

[~] # nc -zv 127.0.0.1 8090      
localhost [127.0.0.1] 8090 (?) open
[~] # nc -zv 127.0.0.1 8384      
localhost [127.0.0.1] 8384 (?) : Connection refused

and also, the GUI is still available at the nass IP address and port 8090, and status (syncsh status full) still shows the 0.0.0.0 ip address, just like before:

[/] # syncsh status full                              
 syncthing is Enable
 herefater task running one with select multiple with fork
29452 admin     22080 S   /share/HDA_DATA/.qpkg/syncthing/syncthing -home /shar
29511 admin     35408 S N /share/HDA_DATA/.qpkg/syncthing/syncthing -home /shar
 QPKG version 
1
 Syncthing version from qpkg.conf

 QPKG Config File 
[global]
# use x86 bin in place of x86_64
Use_x86=FALSE
# global_discovery=FALSE
Log=YES
guiAddress=0.0.0.0:8090
guihttps=NO
user=admin
gogc=100
gomaxprocs=0
# localAnnoun...

This file’s contents is used, though, as changing the line to WebUI = / (so with a =), makes the GUI no longer available. In that case nothing is running at either port 8384 or 8090. I wouldn’t know where else to look. I’ve tried finding the files with pattern *qpkg*conf*, but apart from the one I edited, only an empty log file (/etc/config/qpkq_log.conf) came up.

If you have any more suggestions I’d love to hear them. I’ll try my luck at the forum for the qpkg file otherwise.

Many thanks


(Audrius Butkevicius) #6

I think you shouls go to the qpkg forums for this, as this is miles away from being an actual issue caused by syncthing.


(ruud) #7

Alright, I’ll do that for future questions.

For anyone having the same problem, I’ll post the next step here now, though it doesn’t completely clear things up.

The main config files for syncthing on my nas (they might be in different location on different qnap devices) are in /share/HDA_DATA/.qpkg/syncthing/config/, but it turns out there is another file located in the parent: share/HDA_DATA/.qpkg/syncthing/syncthing.conf. This one contains the configuration:

[global]
# use x86 bin in place of x86_64
Use_x86=FALSE
# global_discovery=FALSE
Log=YES
guiAddress=0.0.0.0:8090
guihttps=NO
user=admin
gogc=100
gomaxprocs=0
# localAnnouncePort=21025
# listenAddress=0.0.0.0:22000
# upnp=TRUE
# Cert_Path=""
# home="/root/.config/syncthing"
ENV=""
### create here for each repository to change rescan (sec)
# [Repository_name]
# rescan=60

Commenting guiAddress out doesn’t seem to have any effect though, so it’s not the end solution yet. But getting closer, I hope.


(Catfriend1) #8

I’ve just edited “/share/CACHEDEV1_DATA/.qpkg/syncthing/syncthing.conf” to:

guiAddress=0.0.0.0:8384

guihttps=NO

user=admin