I’m running Syncthing on a TrueNAS jail, and can only access and launch the GUI from within TrueNAS itself. I’m looking to change that, but safely.
Right now, Syncthing listens on 127.0.0.1:8384 from within TrueNAS’, but I’d like to be able to access it from any machine on my LAN. What would be the safest way to enable that? Should I just change the address to 0.0.0.0:8384 and rely on my firewall/IDS/IPS to keep it safe from the outside? Or is there a “better” way? A password protected GUI is always an option, I know… but how likely is it to be a problem?
I use Syncthing for more of a temporary document standpoint. It’s for the stuff I’m working on and want across all machines. Once it’s something I’ll permanently keep, I store it on a NAS share after that. So I’m trying to keep Syncthing relatively painless.
The general recommendation is that if you change the GUI address to 0.0.0.0 and thus allow remote access, then you’re supposed to protect it with a password.
If you find having to log in to the GUI cumbersome, you could always embed the username and password in the URL itself (e.g. https://username:email@example.com:8384) and save it as a bookmark or something to be used to access the GUI locally while still protecting it from remote access. Of course, this assumes that the local device is well-protected as well.