Syncthing and apache

Hi, I have an apache web server. I would like syncthing in a subdomain like syncthing.mydomain.com. Syncthing is running and I can access to gui from lan at 192.168.x.x:8384. When I try to connect to syncthing.mydomain.com the browser show me this message: “Service Unavailable. The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.” This is my config of the virtual host in apache but I cant connect from internet. Firewall and nat are correctly setted.

<VirtualHost *:80>
RewriteEngine On
ProxyRequests Off
ProxyPreserveHost On

ServerName syncthing.mydomain.com

<Proxy *>
    Require all granted
</Proxy>

ProxyPass "/" "http://localhost:8384/" connectiontimeout=5 timeout=30 keepalive=on
ProxyPassReverse "/" "http://localhost:8384/"

ErrorLog ${APACHE_LOG_DIR}/syncthing-error.log
CustomLog ${APACHE_LOG_DIR}/syncthing-access.log combined

Thanks for help and sorry for my bad english

There are some docs here: https://docs.syncthing.net/users/reverseproxy.html

But to be honest, none of us are Apache experts, so this question is better suited on the Apache forums.

Check the logs, maybe there are some clues there.

I have read the docs at https://docs.syncthing.net/users/reverseproxy.html, but I don’t have an httpd file in my apache installation

This is the log but I can’t understand why the connection is refused!

[Sat May 23 18:16:11.069881 2020] [proxy:error] [pid 29547] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8384 (localhost) failed [Sat May 23 18:16:11.069930 2020] [proxy_http:error] [pid 29547] [client 172.68.198.28:28712] AH01114: HTTP: failed to make connection to backend: localhost, referer: https://syncthing.mydomain.com/

Is syncthing on the same machine as apache? Is it docker container or something?

Yes is on the same machine.

No It isn’t dockerized.

Normal debian/linux installation: apt install syncthing.

Syncthing is running under root: systemctl status syncthing@root.service

Presumably you can curl it from the shell fine and it works? Does the address syncthing prints line up with what you specified in apache?

Not sure, maybe it’s your firewall.

from the shell syncthing is working

    root@ubuntu:~# systemctl status syncthing@root.service
● syncthing@root.service - Syncthing - Open Source Continuous File Synchronization for root
   Loaded: loaded (/etc/systemd/system/syncthing@.service; indirect; vendor preset: enabled)
   Active: active (running) since Sat 2020-05-23 11:48:35 UTC; 7h ago
     Docs: man:syncthing(1)
 Main PID: 1632 (syncthing)
    Tasks: 30 (limit: 4915)
   CGroup: /system.slice/system-syncthing.slice/syncthing@root.service
           ├─1632 /usr/bin/syncthing -no-browser -gui-address=192.168.1.10:8384 -no-restart -logflags=0
           └─2015 /usr/bin/syncthing -no-browser -gui-address=192.168.1.10:8384 -no-restart -logflags=0

May 23 11:48:38 ubuntu syncthing[1632]: [J3GAA] INFO: Access the GUI via the following URL: https://192.168.1.
May 23 11:48:38 ubuntu syncthing[1632]: [J3GAA] INFO: My name is "ubuntu"
May 23 11:48:38 ubuntu syncthing[1632]: [J3GAA] WARNING: Syncthing should not run as a privileged or system us
May 23 11:48:49 ubuntu syncthing[1632]: [J3GAA] INFO: Detected 1 NAT service
May 23 11:48:57 ubuntu syncthing[1632]: [J3GAA] INFO: quic://0.0.0.0:22000 detected NAT type: Port restricted
May 23 11:48:57 ubuntu syncthing[1632]: [J3GAA] INFO: quic://0.0.0.0:22000 resolved external address quic://94
May 23 11:49:08 ubuntu syncthing[1632]: [J3GAA] INFO: Joined relay relay://94.130.20.120:22067
May 23 11:54:55 ubuntu syncthing[1632]: [J3GAA] INFO: quic://0.0.0.0:22000 resolved external address quic://94
May 23 12:41:25 ubuntu syncthing[1632]: [J3GAA] INFO: quic://0.0.0.0:22000 resolved external address quic://94
May 23 12:45:10 ubuntu syncthing[1632]: [J3GAA] INFO: quic://0.0.0.0:22000 

The firewall on ubuntu server is ok and the firewall and nat on mikrotik router too

The listen address is set to your public interface, so it’s not listening on localhost. If you want it to be accessible on local host, it should listen on 127.0.0.1. If you want to listen on both, use 0.0.0.0.

Also, the logs don’t show the port so I have no idea.

this is my syncthing settings for gui under /root/.config/syncthing/config.xml

 <gui enabled="true" tls="true" debugging="false">
        <address>127.0.0.1:8384</address>

If it works via curl, it should work via apache. Yeah, sorry, no idea.

what do you mean it works via curl ?

As in, you can access the ui via command line tools like curl.

I don’t know how to access gui from shell

At the moment I’m only able to access from lan at 192.168.1.10:8384

Well, you can check that it works using curl

The fact that the address is 127.0.0.1 and you are able to access it from a different machine makes no sense.

Sure, that doesn’t mean much if you are on the machine that owns that ip address. If not, then you are probably you are looking at the wrong config file.

I’m not on the same machine

Where could be the correct config file ?

Depends on how you installed, who packaged the package and which user it’s running as.

Usually in ~/.config/syncthing of the user who’s running syncthing.

You can modify the listen address via the web ui.

this is my syncthing settings for gui under /root/.config/syncthing/config.xml

 <gui enabled="true" tls="true" debugging="false">
        <address>127.0.0.1:8384</address>

In the gui panel options i read:

“The GUI address is overridden by startup options. Changes here will not take effect while the override is in place.”

the setting in the panel options anyway is the same 127.0.0.1:8384

Right, so the UI address is preconfigured either via environment variable or via command line options. We don’t do that, so either you’ve set it up that way or whoever packaged it did that.