Is it possible to sync over http(s)?

Hello,

I would like to know if it is possible or there are any plans to do synchronization over http(s) protocol.

I drvelop Syncloud device software and our users are not always tech-savvy and mapping even a single port can be a problem. Devices are usually begind home router and some users want to have a second device in a different location for backups.

Thanks

No. But the need to map a port or not wouldn’t change if we did?

Edit: I mean, the outer layer is TLS, and we’d want to retain the property of having a direct encrypted channel between A and B - for authentication and security. At that point, what we speak inside the TLS channel doesn’t matter because it’s opaque to the outside. It could already be HTTP for all anyone knows.

For your question to make sense, and implied by the S-in-parenthesis, is that we would speak unencrypted HTTP and sit behind a proxy of some kind. We then lose integrity (we’re being man-in-the-middled by design), can’t do the usual device ID authentication, etc. I doubt this will happen.

Many apps are completely http based today, meaning their UI and other features go through the same http. Nextcloud for example. So we already have http/https port open, but Syncthing wants additional port to be open and it is not ideal.

I have two devices https://device1 and https://device2 and imagine they can only see https port of each other (routers, firewall …). To me that should be enough to do any communication.

It could be, if Syncthing owned and managed that port. But that doesn’t help you. As for comparison to Nextcloud, I expect that it is probably not using mutual certificate authentication but something like username and password. This is different from what we’re doing. Technically I’m sure we could accept an unencrypted HTTP-wrapped (websocket?) connection and trust who the proxy says is on the other side. It would be some amount of work and I’m not sure it’s desirable…

Also keep in mind that for most installation this port sharing is undesired - usually the GUI/API should not be exposed to the outside world, while the sync port might be. Combining them would be a net loss in security.

You can of course set up Syncthing to listen on port 80 / 443. Syncthing won’t be speaking HTTP, but if all you’re interested is getting past a firewall, that might be good enough.

I guess I will not see the UI then :slight_smile:

The GUI, on the other hand, is perfectly happy behind a reverse proxy. Not sure this helps any in your case.

Thinking further on it, running our own TLS etc over a websocket inside unencrypted HTTP should be fine. Wrapping it further into HTTPS would hurt performance, but not really matter for us otherwise…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.