Personal discosrv & relaysrv

Hi all First, thank you for this great ST thing I hoped for so long.

After reading the documentation, I learned a lot of things and I wander if it makes sense and is possible to run a non-published private discosrv like for relaysrv -pools="" so only my pairs know I’m using ST and both servers running on a home pc with small Internet bw wouldn’t be overloaded.

Please could you explain relaysrv -status-srv port (def 22070) ? i feel the name would be self-explanatory enough… as long as I know who repports what status to who :wink: Also, what does “Ann” stands for in client conf parameter relayWithoutGlobalAnn ?

Thank you

Sure. Discovery servers don’t announce themselves anywhere, so if you set one up and only tell your Syncthing clients about it, it’s private to you.

This is a port it runs an HTTP server on that can be queried for current status. If it’s not reachable from the outside, no one will be able to collect that status info. It doesn’t report the information to the outside by itself.

“Announce” (i.e. discovery; we have two names for historical reasons…). This option is deprecated - it does nothing any more and won’t be written into the config file by “modern” Syncthing. Relaying is running (when enabled) regardless of whether you’re also running global discovery or not.

Thank for replies Jakob… well so I have a little more questions, please:

  1. Why do I have to have ST installed/setup to run my own discosrv ? Is relaysrv exempted from this mandatory prerequisite ?

  2. Is it ok to create the dirs for the relay & disco binaries before first launch if we have the (bad ?) idea to drop these bins into their respective config dir?

  3. Relaying->Running doc says: You will need to start relaysrv with -ext-address “:443”. This tells relaysrv that it can be contacted on port 443, even though it is listening on port 22067. You will also need to let both port 443 and 22067 through your firewall.

Can I use a different port than 443, e.g. 465 or 993 as long I have no mail server behind the NAT?

  1. In the case discosrv/relaysrv was never ran before, will discosrv -help / relaysrv --help trigger the first run the initial process stated in the doc?

  2. How does relaysrv -status-srv distinguishes between “blank=disabled” and default ? Maybe it is blank-parameter-line (fully missing) = default , and present line with ="" string appended means explicitly disabled?

  3. Why aren’t discosrv and relaysrv downloads not signed ?

  4. How the hell did you fall in this project and you find time to manage it and reply to nerds like me :wink:

Thanks again for you job, I already sent a link to a ten of my best friends

  1. You don’t and I am not sure why you think you do, yet it makes no sense to have a discovery server with nothing using it.
  2. Not sure what you mean.
  3. This only applies if you want to punch through corporate firewalls et al or run on some custom port which is not symmetrically mapped, as explained in the description.
  4. Not sure, probably not, but it shouldn’t matter.
  5. Not provided, implies default, which is not empty, and explicitly empty means non-default and disabled.
  6. Because they don’t deal with your files, nor can inspect them, hence not much need to trust them, though that’s more of an excure than a reason. The real answer is probably because nobody bothered.

In addition to what Audrius said… Try it. It will probably become more clear then. :slight_smile:

I asked because I got this very info there in the official doc:

Running a Discovery Server

Note This describes the procedure for a v0.12 discovery server.

Description This guide assumes that you have already set up Syncthing. If you haven’t yet, head over to Getting Started first.

and I may don’t need ST on the machine running either a relay or a dico or both, isn’t it ? Well, honnestly, after a night of thinking and reading your reply and reading the doc again, I must admit it isn’t explicitely said that ST must be installed on the same machine. My idea was I could set relay/disco, then first run ST using these servers.

It’s time to try.

Kind Thanks

I guess that’s more of a sales pitch than a pre-requisite. The documentation can be edited directly from github with the web editor, so I would appreciate if you would reword it to make that more obvious.

Well, reading further, and leaving time enough to my stand-alone neuron to establish connections to the doc, I think I understood this point : please confirm. I’d only need to have ST installed, which only means having the downloaded syncthing bin available (not mandatoryly set up to run ST as a final node) somewhere, to be able to to run syncthing -generate “path” in the case I’ll don’t use a CA signed key/cert pair, then if the somewhere above is a different machine than discosrv one, move these 2 files to the discosrv machine config folder.

  1. Could this rewording match the thoughts of the Doc author?

  2. I see relaysrv didn’t need this: it generated its own key/cert without needing I run syncthing -generate. Why is there a difference with discosrv ? Just to make discosrv footprint smaller?

  3. And last a question about relaysrv firewall : the doc says

You will also need to let both port 443 and 22067 through your firewall

Assumed I run relaysrv -ext-address ":443" -listen ":22067" behind a nat gateway does this mean I need 2 port-forwards: one from 443 to 22067, the other from 22067 to 22067, and a single 22067 rule in the machine firewall? A better rewording in the doc for This tells relaysrv that it can be contacted on port 443, even though it is listening on port 22067. would be This tells relaysrv to advertise the relays pool server that it can be contacted on port 443 (when it really listens on port 22067. isn’t? Then why would I need the 22067 to 22067 port-forward, the 443 to 22067 being enough IIUC?

Thank you and sorry for silly questions.

You don’t need syncthing (the binary) installed anywhere to run the relay or discovery servers. But from the viewpoint of a guide for settings things up, assuming that you already have a Syncthing installation somewhere to make use of your new services makes sense to me.

The difference in behavior between the two is just an effect of them being written at different times by different people. We could harmonize.

No, it means the relay server needs to be able to be contacted on 443 (for actual connections) and 22067 (for status reporting; optional). If you’re behind a firewall, open those two ports. If you’re behind a NAT, forward 443→443 and 22067→22067. Or skip the latter if it’s for a private server.

You mean 22070, not 22067, I think?

I think so : 20070

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.