I have installed Syncthing on my website on a subdomain.site.com .
But the GUI is at subdomain.site.com:8080 .
How can I redirect all users from subdomain.site.com to subdomain.site.com:8080 ? Anyone can see my Syncthing root now!
I would like to do it editing my .htaccess as I’m doing this on a shared hosting.
I have already asked somewhere but the answer didn’t worked:
That answer requires mod_rewrite to be enabled in the (Apache) server installation, probably nothing you can change or install by yourself as it is a shared hosting. I’m not sure how else you can do it with .htaccess but there are alternatives.
You can use PHP or whichever language your hosting supports. From here:
<?php
header("Location: http://subdomain.site.com:8080/"); /* Redirect browser */
/* Make sure that code below does not get executed when we redirect. */
exit;
?>
Or you can just put an index.html and do it in Javascript.
<html>
<head>
<script>window.location.href = 'http://subdomain.site.com:8080/';</script>
</head>
</html>
Alternatively you can make Syncthing run the GUI at port 80 (though this might not work since the web server would be running at 80 as well) from Actions > Advanced or by changing the config (~/.config/syncthing/config.xml:
<gui enabled="true" tls="false">
<address>0.0.0.0:80</address>
<apikey>[API_KEY]</apikey>
</gui>
* Edit 127.0.0.1 > 0.0.0.0
Please set TLS to true when binding to a public address. You will get a warning from Syncthing because every one can intercept your GUI password.
Thanks @Zillode, yes, that’s absolutely necessary. I copy/pasted the config from my local instance and seemingly missed a couple things.
Depending on hoster this may also work: for this you can keep listen address on 127.0.0.1 because the web server will access the gui from localhost and redirect that. http://docs.syncthing.net/users/reverseproxy.html#folder-configuration
I’m doing that on the shared hoster I run syncthing on, this also has the advantage that the https certificate of the webserver can be used.
With <gui enabled="true" tls="true"> and the service on port 0.0.0.0:80 I wasn’t able to run ./syncthing, this was the output:
[GKBO4] 05:00:56 FATAL: Cannot start GUI: listen tcp 0.0.0.0:80: bind: permission denied
[monitor] 05:00:56 INFO: Syncthing exited: exit status 1
[monitor] 05:00:57 WARNING: 4 restarts in 5.460191436s; not retrying further
I had to set back tls="false" and the service on port 0.0.0.0:8080.
No problem, I will keep it like that, maybe is the shared hosting that that has got some strange setup. Question: is there any security implication with tls="false"?
tls=“true” and address “0.0.0.0:8080” should also work
FYI You have to be root bind to a privileged port (anything anything less than 1024) on Linux.
@Zillode, I have tried but it doesn’t works. God only know why. I cannot investigate further as I’m not root: I’m on a shared hosting. Thank you anyway, the important thing is that Syncthing works fine
On shared hosting this may also work (works for the hoster I use): http://docs.syncthing.net/users/reverseproxy.html#folder-configuration like this the web server handles https, if that has a valid certificate (from https://letsencrypt.org/ in my case) you will not even get a warning like you get for syncthings generated one.
@Alex: WOW, wait a second, how is this possible?!
You are blowing my mind, man!
I have setup the .htaccess following your first link and I have then setup the GUI with HTTPS.
…and it worked!
But who is the owner of this certificate?
Who has created this certificate can possibly intercept my traffic, now.
You’re talking about LetsEncrypt? That’s not how it works: certificates are generated on your local machine, then signed by LetsEncrypt. LetsEncrypt never see your private key, and cannot decrypt your data.
If you have previously connected to your Syncthing instance and stored the certificate then it will not warn you anymore.
The steps in the first link will not generate a certificate.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.