I have Syncthing behind Traefik as a reverse proxy (in a docker swarm cluster in my LAN), and I have already configured SSO with Authelia. Is it possible to hide the danger warning complaining about no set credentials?
I found a post in this forum specifying after acknowledging this warning it should be gone, however, I have no options to hide it. Also, I looked if there is maybe an option to configure in the container, but I did not found one.
P.S: Thanks four all of your work on Syncthing, it is really an amazing project and I really like the aspect that you don’t need a public IP for it and you basically simulate cloud sync behavior.
The suggestion is to have Traefik pass a set of (static) credentials to Syncthing. That way Syncthing is happy, and there is some sort of protection against someone talking directly to it. Or, indeed the “insecure admin access” flag among the advanced GUI options, which mostly silences the complaint.
You mean like configuring traefik basic auth for Syncthing for a user like “user:password”? I still don’t get it, this would results in me typing in a password twice.
Isn’t this like a standard RFC-compliant header which should be normally processed by the application itself?
However, where can I configure this?
Search — Syncthing v1 documentation does not return useful information.
So I went with enabling Insecure Admin Access since I ran into the following problem:
I configured Authelia to use the basic auth header for the Syncthing host
This worked fine, the Authorization basic header was submitted with the correct credentials (checked with base64 decode) by Traefik
However, the frontend took ages to load and was broken, and I checked the network console. A lot of resource requests for Javascript files failed with 500 errors.
I thought maybe it’s because I need to configure these credentials in the GUI, however, no luck, it also failed in the same way after that (also 500 errors for external resource requests)