Though I did find some hints the topics were a bit old, so I’m asking a new question. A rent a server in a datacenter, which I want to use as a central point for syncing data across several devices. Basically:
Main server: always on, large bandwidth (200Mbps both ways), fixed address.
Devices: transient connection, average download (10Mbps), poor upload (1Mbps), dynamic address, typically behind NAT. Bandwidth subject to quota restrictions.
This aims at covering two needs: synchronizing data across the devices, and as part of a backup solution (the directory on the main server is backed up daily using duplicity).
My understanding is there are two ways I can setup syncthing:
Only tell each device about the main server. Let the main server propagate changes.
Or double the main server as a discovery server and a relay, letting devices talk to each other when more than one is online.
Is one of those way recommended or canonical? I believe the first approach would be much faster, due to the main server being 100x faster at sending data. Is it correct? Will the server properly propagate the changes ?
Both of those topologies will work, and in your case if the devices do have severely limited upload speeds and are capped on usage then the first option (usually known as “hub and spokes”) would probably be best.
With a distributed topology where every node talks to every other node, you may find that your bandwidth-capped devices use more bandwidth and spend more time talking to one another, where it would be faster for the central node to do all the talking.
The only down side, as with every centralised model, is that if your VPS become unavailable then none of your devices can sync until it returns.
If your devices connect to the same LAN at times a direct connection between them will be faster and reduce WAN utilisation.
Using the same server as a discovery and relay would not benefit you unless you created shares that were not on the central server for some reason.
Are you trying to avoid the community relays and discovery server to not leak any data? Connection are secure end to end so there is very little a relay or discovery server can snoop on beyond what nodes communicate and their common IP addresses.
Alright, thanks for your advice. I ended up with what, I hope, will be a good compromise:
All devices know about all devices.
Devices know only the IP of the main server, other devices are dynamic.
Global discovery is completely disabled.
LAN discovery is disabled by default on devices, but I know I can enable it in two clicks if I want to.
So the thinking is: devices can always connect to the main server. They can also connect to other devices when they are on the same LAN, and only when they are on the same LAN.
@kluppy> yes, I want to avoid community servers. Not because I don’t trust them, but because I don’t want the use of syncthing to be too obvious. I run it on non-standard port as well. And updates are done through a package manager, not with the auto-update feature.