I have a Windows server with a domain name. Without connecting to any other servers, I’d like to set up something on the server to facilitate connections between my devices, as well as devices and the server. Would running Syncthing on the server be enough? Do I also need to run Syncthing Discovery Server? And/Or a Relay server? Can I change ports to make it harder for an intruder to find them? Thanks!
If you want to run completly standalone, you either need to disable global discovery (and thus rely on local discovery alone, or make static address configurations in syncthing), otherwise you need to run your own global discovery server.
Relay server depends on your needs.
Sure you can, but this only stops random bots from connecting (which don’t do much harm anyway, plus bots targeting syncthing’s ports are rare in my experience). Anyone with network knowledge can trivially find any port used by the system, you do not gain any “secrecy” by changing it. But if you feel safer doing this, yes you can.
If you want to go the completly standalone route you also need to figure out how to do updates, as syncthing’s inbuild update mechanism connects to external servers to check and/or download updates.
My personal opinion:
I have done all of the above, e.g I run my own discovery servers & relay servers. I do this just because I like the challenge, and the thought of being a bit more independent. You do not gain security worth mentioning by doing this, and doing it correctly requires some technical knowledge. If you feel up for the challenge, sure you can do that.
Syncthing’s inbuild defaults (e.g global discovery on, auto update on) is reasonably secure by default.
If you do not want to run 100% standalone, but just want all sync connections to be as local as possible:
This is what syncthing does by default. Syncthing always tries to establish direct links, if possible. If your network setup does not allow direct connections, you need a relay. You can self host these, and configure your instances to connect only to your own relays.
If you want some type of asynchronous sync (“devices not online at the same time”), you need to run an intermediate syncthing instance (preferably one that is always on), that serves as some receive-only node that just holds the current data set to have it available when another syncthing node connects. From a technical view this is just another normal syncthing instance, just like the others. You can set the folders to receive-only on that machine, but you don’t need to - send-receive will work too.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.