Multiple nodes behind loadbalancer


We want to test the following scenario.

We have Group A and Group B servers.

1 -> Generate two distinct Device ID’s (group A will share same Device ID). 2 -> Copy the various certificates (each group would have its own certificates across all the group) 3 - > Setup loadbalancer in front of GroupA and Group B

Tell GroupA how to connect to Group B using the loadbalancer in the config.xml Tell GroupB how to connect to Group A using the loadbalancer in the config.xml

Is this something possible, or would it cause problems? The goal is that only 1 server would sync data per group as the data is on an NFS share.

Any input would be appreciated. Also, is there any way to pre-define the device ID’s ie:

Group A device id would be : GROUPXA-AAAAAA-AAAAA-AAAAA-AAAA Group B device id would be : GROUPXB-BBBBBB-BBBBB-BBBBB-BBBB

I understand there could be security issues, we would actually generate a random name that we pre-define somehow.

Thank you, Eric

Don’t do this. It’s against the design of Syncthing and will certainly cause you issues, if you can even get it to work (and I don’t see how it would). Syncthing does load balancing on it’s own - just add the devices as you would normally.

1 Like

I am just trying to think of shortcomings: The goups databases could all be in different states.

All of the servers in the group will clobber the NFS with scans. Depending on the size of the group this could be a lot of overhead on the NFS

All of the members of the group will try to connect to the other group essentially spamming handshakes to one of the nodes in the receiving group (which thinks all of these connection are from the one device) or depending on the IP configuration they could all end up connecting to different nodes.

If the connections are established you will have the same issues as if the nodes were all using unique IDs but still sharing the NFS.


The goal here is to minimize the number of data transferred (since data is already being replicated per groups), and minimize the scans. The goal here is to solve wan replication between two clusters.

I want to only have a single node doing the Sync per Groups.

Let say in a group we have ServerA1, ServerA2, ServerA3.

I want all of them to have the same “.config/syncthing” in term of config / key with a pre-determined Device ID.

Only one of them would be running Syncthing (let say the master would be ServerA1).

In the event of ServerA1 dies, ServerA2 would know and launch syncthing.

Its metadata configuration would not be synchronized across nodes.

Doing it this way, the master of Group B would re-connect to the Group A, and ServerA2 would connect to Group B (which would be the most up-to-date), and would proceed with differential updates.

This should work then, transferring the configuration is easy enough in the way you say. I would be very careful about only having one instance per group at a time though.

Is there anyway i could generate a cert.pem / key.pem using openssl to hard-code the “Device ID” ?

I could do it without it, but i would like to know how it is done. Not sure that I would hard-code it though.

You can use Syncthing with the -generate flag to pre generate the certificates.

You could promote one machine in each group to “primary”. Peer the two primaries with each other, and the primary to the other devices in it’s group.

You almost certainly do not want this. In sync status and conflict resolution is based on device ID and the device ID should be unique per device.

You can use the utility stvanity, available in the syncthing-utils bundle to brute force a key pair with a desired prefix. It may take a long time for a long prefix.

Apart from that though, don’t do what you’re proposing above.