In the Settings->GUI App Settings → Syncthing Options → GUI Listen Address panel you can change the listening address from 127.0.0.1:8384 to 0.0.0.0:8384 and then it does work.
The app overrides that. The address can be changed, but you need to do it in the app settings, not the Web GUI. Already fixed in the post above .
On a side note, in the Web GUI, you can use :8384 and it will automatically resolve to 0.0.0.0:8384, but in the app settings, you need to input 0.0.0.0:8384 explicitly. If you input just the port, the GUI will fail to load.
The GUI is limited to 127.0.0.1/localhost by default everywhere (see https://docs.syncthing.net/intro/getting-started.html). This isn’t something specific to Android. Have you maybe encountered any third party installations/wrappers which used different settings?
Thanks you @er-pa and @tomasz86 for the answers. Updating the configuration, changing the password and restarting worked.
The GUI is limited to 127.0.0.1 /localhost by default everywhere (see Getting Started — Syncthing documentation). This isn’t something specific to Android. Have you maybe encountered any third party installations/wrappers which used different settings?
Well, I was under the impression that my Linux devices (Arch, Debian, RaspberryOS) used a 0.0.0.0 setting out of the box. I am probably mistaken and memory fails me - I must have set that manually.
What is a bit surprising is that I would naturally have gone to my Android Syncthing settings to switch to 0.0.0.0 if I would have remembered that I did it elsewhere. It must be the age showing
I just checked and SyncTrazor is on 127.0.0.1 but I would not have tried to changed that anyway because it is my central machine for tinkering (i.e. I do not need to access its web interface remotely ever)
That as default would be very unsafe, especially on public Wi-Fi and similar . Syncthing actually displays a large warning message if you attempt to change the address to 0.0.0.0 with no username and password set in the GUI.
I did see that message on all my devices, including the Linux ones (and I disabled the message because it is not relevant in my case). If it appears after a manual override of a default 127.0.0.1 binding, it means that I indeed must have changed it on the Linux boxes and forgot about that.
I will be doing a DRP test of my home systems and services soon, I will test that comprehensively then.