However, this works currently without a vpn.
When i change the listen address in the syncthing conf to the vpn address (WAN IP), and connect to it using the vpn, it doesn’t work and i’m not sure what to do here. It shows a 502 Bad Gateway when I do this.
Can someone help me?
Edit: I had used https://github.com/Nyr/openvpn-install to install the vpn
Edit: Should I be using some sort of allow/deny in nginx instead?
Edit: Would I need something in the hosts file?
If you set syncthing to listen only on the vpn address, then nginx cannot connect, as it uses the local / loopback address.
One solution could be to use the vpn address for the proxy_pass instead of localhost.
I would do the config the other way around. Set the remote device address inside syncthing on the “clients” to the internal address of the “server” so it can only be reached when connected to the vpn.
You could probably also set a require (or how it is called in nginx; this is from apache) for your local / vpn subnet.
Thanks! I don’t really understand your suggested solution - did you mean that I could use this?
<gui>
<address>10.x.x.x:8384</address>
</gui>
I got the 10.x.x.x address under tun0 from doing a ifconfig -a
Edit: No, I definitely misunderstood or did something wrong!
Edit: I tried all addresses which ‘hostname -I’ gave me with the same nginx configuration in the first post. All gave me a 502 Error
If you want syncthing to be behind nginx, then syncthing needs to listen to 127.0.0.1 or localhost only, as all “external” connections need to go through nginx.
My first suggestion is invalid, as is wouldn’t result in what you want (if it even works).
My second suggestion is invalid, as it was about other syncthing instances connecting, not about Web GUI ;).
Restricting nginx to only VPN IPs should go like this inside your / block: