Securing Syncthing settings and ways to use Syncthing securely?

There are 4 settings regarding using Syncthing as secure as possible and for privacy reasons–Nat Traversal (UPnP), Local Discovery, Global Discovery, and Enable Relaying. I know that the data itself is encrypted, but metadata reveals sensitive information.

For Nat Traversal, when is the setting needed to have machines communicate within or across networks? I’ve read that UPnP is a security risk, so is it fine to disable it and expect things to work?

As for Local Discovery and Global Discovery, I know that they involve servers hosted by Syncthing and certain metadata are retrieved, such as the IP addresses of what machine are synced with each other. I believe these servers can be self-hosted, meaning a third-party like Syncthing won’t get the metadata involved, but are there complete guides to set it up? If I set up static IP addresses for machines to connect to each other, can I disable both Local and Global Discovery and expect things to work? Are there caveats?

Finally, for Enable Relaying, this also involves data flowing to a third-party. Why are relay servers used (i.e. why can’t machines communicate with each other using Local/Global Discovery? Is there a thorough guide to set this up as well?

I got a Raspberry Pi and I hope to put it to good use by setting up Local/Discovery/Relay servers to make Syncthing truly self-hostable. Do you guys think this is impractical?

Much appreciated.

If you are able to use static IPs and port forwarding or internet accessable IPs you do not need the rest of the options turned on.

Relays are ony used when a connection cannot be made directly, when you can’t forward ports for example.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.