How does my setup layout looking? + questions from a new user

I have looked for the perfect backup system for a while, and now I have found syncthing, looks like a almost perfect solution to me. But I am new to this and have some questions.

First, look at the picture, this is what I have in mind. In short: Everything backs up to UnRAID NAS, then everything from the NAS backs up to both my workstation and a remote-client I set at work or at some family’s house. Also, all sync is one-way besides the phone, because I also want to be able to remote-change files on that.

So The questions:

  1. Are the transfer encrypted by default? As I understand: The relays are able to see filenames and other metadata but no content?
  2. If I want the data encrypted on the remote machine, do I set password for sharing just on the unraid side when I share, or also when receiving remote server?
  3. For the data that is stored on my NAS (most of my data), I kind of want local file versioning, but I don’t need duplicate of all files on the same array, is this possible to do?
  4. When It comes to file versioning, If I want that for my workstations and phone, how should I set this up, on all places, or just on workstations? or just on unraid? or just on remote-servers? I guess it can be messy with multiple steps of file versioning? Also, is it true that data encryption on drives (untrusted device) don’t play good with file versioning?
  5. Is there a smart way to access the remote client GUI whitout port openings?

Anything other I should think about?

Please note that syncthing is a file synchronization program, not a backup program. The difference is simple: Syncthing overwrites and deletes files as they’re changed on one side, while a backup should never do that. Syncthing’s versioning is a poor replacement of a fully dedicated backup solution.

With that said, you can use syncthing to enhance a backup system. I personally use syncthing to move data around to NAS systems, where I then proceed to back them up properly (I’m currently using borgbackup, but there are many other excellent solutions available).

This combination gives me fast, plain access to all my files when I just quickly need to grab something, but if e.g. a ransomware were to infect the entire synchronization cycle, there would always be at least one (if not more) immutable full-data backups.

All data in transit is encrypted using Transport Layer Security (TLS). TLS is always on and cannot be disabled. TLS encrypts all data that is being send, including

  • file content
  • filenames
  • timestamps
  • lists of files, other metadata

End-to-End TLS encryption is always used, independent of whether a relay or a direct connection is being used.

For syncthing’s encryption at rest, you need to set the password on all nodes that should have access to the plain (unencrypted) data.

There are deduplicating filesystems available, but syncthing does not deduplicate by itself. There are also backup tools available that deduplicate.

Not sure what you mean, but playing with versioning on the untrusted device is not something I would recommend (you would be versioning encrypted data). If this is something desired, you’re most likely looking at the wrong tool.

Versioning can only ever version changes made by a remote device (as opposed to local changes from the local device). Where you want to use versioning depends on your use case. A robust choice is versioning everywhere, because that will always create a version somewhere. Typically, you want versioning at least on your NAS. Versioned files are not synchronized and stay on the device that created them.

Well, your webbrowser needs to open a connection somehow. The docs explain a SSH tunneling approach if you favor that.

More details here, though the article assumes you want to tunnel sync connections, not GUI connections: SSH Tunneling — Syncthing documentation

Thank you for clear explanations Nummer378 :slight_smile:

A few things to cleare more:

  • The syncing, If I have this setup, If I turn on “File versioning” on “A”, will the versioned files exist on just “A” or just “B”? I guess it will exist on both just if i enable “File versioning” on both?


  • If I create a folder on one computer but don’t share it, but enable “File versioning” on it, will it create versioned files?


  • If I want “one-way-sync” from A to B, witch settings should I use?
1	A: Send Only B: Receive only
2	A: Send Only B: Send and Receive
3	A: Send and Receive B: Receive only

Well that depends.

Case A: Assume versioning is enabled on A, but not B:

  • If A modifies a file → Local change for A, nothing is versioned anywhere
  • If B modifies a file → Remote change for A (from B), A creates a version

Case B: Assume versioning is enabled on B, but not A:

  • If A modifies a file → Remote change for B (from A), B creates a version
  • If B modifies a file → Local change for B, nothing is versioned anywhere

Case C: Assume versioning is enabled on both:

  • If A modifies a file → Remote change for B (from A), B creates a version
  • If B modifies a file → Remote change for A (from B), A creates a version

Its always the “opposite” side that creates a version, never “our” side. Syncthing cannot version local changes. Its not a backup tool, remember?

No, because local changes are never versioned.

They all work more or less the same. I typically use Send-Only + Send-Receive, because that allows me to temporarily sync back changes by flipping the Send Only folder to Send-Receive for a short moment. They mostly differ from a UI perspective, how out-of-sync is displayed (local changes on a Receive Only folder will allow you to revert them, while Send-Receive against a Send-Only folder will show as out of sync from the send-receive side, if there are changes “against the flow”).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.