So I whipped up my own alpine docker image compiling syncthing with go and then tried to use this as the stdiscosrv discovery server on my local network. I’m currently building from git repository and am using stdiscosrv v1.29.0-rc.1.dev.11.g8bd6bdd3 “Gold Grasshopper” (go1.23.4 linux-amd64)
I attempting to run the stdiscosrv directly using https with acme.sh certificates without a reverse proxy. I obtained ecc certs for the domain using acme.sh with zero-ssl.
The stdiscosrv executable is started with the command line (this taken directly from the Dockerfile (entire dockerfile is given below):
CMD ${USER_HOME}/dev/syncthing/bin/stdiscosrv \
--debug \
--listen="${SERV_PORT}" \
--db-dir="${USER_HOME}/db" \
--cert="${USER_HOME}/certs/cert.pem" \
--key="${USER_HOME}/certs/key.pem"
I’m receiving an error however using a syncthing client trying to use this discovery server:
global@https://disco.gohilton.com:8443: Post "https://disco.gohilton.com:8443": stream error: stream ID 1; INTERNAL_ERROR; received from peer
I have no idea if the INTERNAL error is due to the ecc certs or just some other variable.
Only other thing I’ve noticed is the records.db created on stdiscosrv launch is always 0 bytes.
I attempt connecting to the stdisoserv using the following options within the syncthing client: https://disco..com:8443 https://disco..com:8443?id=I2PMJWN-H5OKMKG-3JAGJVZ-YXSUGEJ-RPP7POJ-RWEIBAE-SKR7SJX-IBBJ3A4
My Dockerfile is shown below:
FROM alpine:latest
################################
# Settings #
################################
# Syncthing-Discovery Server
ENV SERV_PORT :8443
ENV DISCO_OPTS "--http"
################################
# Setup #
################################
ENV BUILD_REQUIREMENTS curl openssl git go
ENV REQUIREMENTS ca-certificates bash shadow
ENV PUID 6000
ENV PGID 6000
ENV USER_HOME /home/discosrv
ENV USERNAME discosrv
ENV USERGROUP discosrv
################################
###############################
# Build #
###############################
ARG VERSION v1.18.1
#ARG DOWNLOAD="https://github.com/syncthing/discosrv/releases/download/${VERSION}/stdiscosrv-linux-amd64-v1.18.1.tar.gz"
ARG DOWNLOADURL="https://github.com/syncthing/discosrv/releases/download/v1.18.1/stdiscosrv-linux-amd64-v1.18.1.tar.gz"
###############################
USER root
# setup
SHELL ["/bin/sh", "-c"]
RUN apk update \
&& apk upgrade \
&& apk add --no-cache ${BUILD_REQUIREMENTS} ${REQUIREMENTS} \
&& mkdir -p ${USER_HOME} \
&& addgroup -S -g ${PGID} ${USERGROUP} \
&& adduser \
--disabled-password \
--gecos "" \
--home ${USER_HOME} \
--ingroup ${USERGROUP} \
--uid ${PUID} \
${USERNAME} \
&& echo "${USERNAME}:$(openssl rand 512 | openssl sha256 | awk '{print $2}')" | chpasswd \
&& chown -R ${USERNAME}:${USERGROUP} ${USER_HOME} \
&& git config --global user.name "${USERNAME}" \
&& git config --global user.email "${USERNAME}@gmail.com" \
&& git config --global color.ui auto
EXPOSE ${SERV_PORT}
HEALTHCHECK --interval=1m --timeout=10s \
CMD nc -z localhost ${SERV_PORT} || exit 1
# install disco
# WORKDIR /tmp/
# RUN curl -Ls ${DOWNLOADURL} --output discosrv.tar.gz \
# && tar -zxf discosrv.tar.gz \
# && rm discosrv.tar.gz \
# && mkdir -p ${USER_HOME}/server ${USER_HOME}/certs ${USER_HOME}/db \
# && cp /tmp/*discosrv*/*discosrv ${USER_HOME}/server/discosrv \
# && chown -R ${USERNAME}:${USERGROUP} ${USER_HOME}
# install synthing from git
WORKDIR ${USER_HOME}
ADD https://github.com/syncthing/syncthing/commits?per_page=1 latest_commit
RUN mkdir -p ${USER_HOME}/dev \
&& cd ${USER_HOME}/dev \
&& git clone https://github.com/syncthing/syncthing.git \
&& cd syncthing \
&& go run build.go
# cleanup
#RUN apk del ${BUILD_REQUIREMENTS} \
# && rm -rf /var/cache/apk/* \
# && rm -rf /tmp/*
#WORKDIR ${USER_HOME}
USER ${USERNAME}
VOLUME ${USER_HOME}/certs
# CMD ${USER_HOME}/server/discosrv \
CMD ${USER_HOME}/dev/syncthing/bin/stdiscosrv \
# ${DISCO_OPTS} \
--debug \
--listen="${SERV_PORT}" \
--db-dir="${USER_HOME}/db" \
--cert="${USER_HOME}/certs/cert.pem" \
--key="${USER_HOME}/certs/key.pem"
My build statement is the following:
sudo docker build -f './Dockerfile-alpine' -t disco:1.29.0 .
My compose for the image is the following:
disco:
build:
context: .
dockerfile: Dockerfile-alpine
image: disco:1.29.0
container_name: disco
hostname: disco
domainname: <domain>.com
restart: unless-stopped
tty: True
stdin_open: True
depends_on:
swag:
condition: service_healthy
healthcheck:
<<: *disco-healthcheck
networks:
- net
ports:
- 8443:8443
environment:
TZ: America/Chicago
PUID: 6000
PGID: 6000
volumes:
- /data/disco/db:/home/discosrv/db
- /data/disco/certs:/home/discosrv/certs
My logs from the container when running:
2024/12/19 01:25:58 stdiscosrv v1.29.0-rc.1.dev.11.g8bd6bdd3 "Gold Grasshopper" (go1.23.4 linux-amd64) root@buildkitsandbox 2024-12-18 07:56:06 UTC
2024/12/19 01:25:58 Server device ID is I2PMJWN-H5OKMKG-3JAGJVZ-YXSUGEJ-RPP7POJ-RWEIBAE-SKR7SJX-IBBJ3A4
2024/12/19 01:25:58 Read 0 records from database
2024/12/19 01:27:24 104a3a793a43e605 POST / HTTP/2.0
2024/12/19 01:28:04 0d657903faa9e9d5 GET /?device=TDKPN7Z-OMBAXMV-PK65ZTP-UAPQDXB-IMJ3ZNT-HSQUVRJ-3BVRZYP-PAN7TQE HTTP/2.0
2024/12/19 01:30:58 Calculating statistics
2024/12/19 01:30:58 Flushing database
2024/12/19 01:30:58 Finished flushing database
2024/12/19 01:32:24 4bfe8a8f6f789702 POST / HTTP/2.0
2024/12/19 01:35:58 Calculating statistics
2024/12/19 01:35:58 Flushing database
2024/12/19 01:35:58 Finished flushing database
My cert.pem is the following:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7c:9c:7d:ff:c6:f8:b8:89:c5:d4:9c:df:30:2a:b7:6d
Signature Algorithm: ecdsa-with-SHA384
Issuer: C = AT, O = ZeroSSL, CN = ZeroSSL ECC Domain Secure Site CA
Validity
Not Before: Dec 18 00:00:00 2024 GMT
Not After : Mar 18 23:59:59 2025 GMT
Subject: CN = disco.<domain>.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:71:3d:38:45:af:a0:e6:24:6b:5f:09:a8:a0:44:
35:d1:8a:ef:4b:00:a4:53:7b:b9:d4:1e:a9:5d:42:
3e:c2:d9:72:b1:16:27:49:62:82:c3:86:95:43:47:
c8:71:40:a2:8b:1b:9f:43:1f:28:68:1e:27:32:39:
fe:b7:f2:fa:4b:67:d5:74:b2:8c:cc:c4:52:d6:da:
72:cf:eb:c3:0a:5d:d3:51:8e:55:2d:2c:28:55:8f:
26:95:3f:a1:a7:e6:20
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Authority Key Identifier:
0F:6B:E6:4B:CE:39:47:AE:F6:7E:90:1E:79:F0:30:91:92:C8:5F:A3
X509v3 Subject Key Identifier:
EC:83:36:2B:73:A7:CF:0F:07:7F:24:37:D3:7B:0F:98:31:8B:45:30
X509v3 Key Usage: critical
Digital Signature
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.78
CPS: https://sectigo.com/CPS
Policy: 2.23.140.1.2.1
Authority Information Access:
CA Issuers - URI:http://zerossl.crt.sectigo.com/ZeroSSLECCDomainSecureSiteCA.crt
OCSP - URI:http://zerossl.ocsp.sectigo.com
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
Timestamp : Dec 18 20:27:05.225 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:4E:A9:C2:98:A5:94:83:D5:11:A5:71:52:
80:94:2F:53:9E:22:7A:E6:01:F6:B3:F4:6B:CA:AF:39:
17:DB:E4:99:02:21:00:F0:7B:F7:F0:B4:20:C9:32:E9:
05:40:E8:C5:96:4E:9C:C7:D3:6A:39:37:26:75:D9:1E:
FE:7E:71:14:B9:00:7C
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
Timestamp : Dec 18 20:27:05.233 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:E6:FA:68:38:7E:1A:DC:B3:A7:01:D7:
A8:96:49:35:20:3D:77:0F:F9:E8:F1:83:A6:A4:68:D0:
98:3C:4D:13:47:02:20:53:F3:DF:BF:17:33:75:5E:71:
4F:7F:DE:8B:A6:29:A6:BD:68:AC:38:78:E8:F1:A0:DA:
49:B0:DD:F0:8F:C9:C4
X509v3 Subject Alternative Name:
DNS:disco.<domain>.com
Signature Algorithm: ecdsa-with-SHA384
Signature Value:
30:66:02:31:00:8c:21:ce:ba:c8:8c:e4:9f:72:ae:25:8c:5c:
96:2f:ca:b8:48:63:30:62:c5:78:c0:fb:7d:07:68:66:85:17:
d9:c9:8d:18:90:70:60:f1:bb:65:78:2d:69:bc:e4:c8:c8:02:
31:00:a7:16:73:37:b5:6c:0d:ac:f9:15:26:0c:31:4f:86:2f:
a5:f5:9f:b1:82:24:c9:5f:db:7b:e0:4e:ec:a9:b7:03:87:e4:
b8:95:82:14:8c:bc:5d:fb:1a:7f:61:49:01:47
Any help would be great. I’m not sure how to debug this