Syncthing in iocage Jail on FreeNAS v11.1-U5 "host check error"


(Jonathan) #1

Hi All

I’m trying to setup a Syncthing “server” on my FreeNAS server and having problems with “Host check error”.

I’m using FreeNAS v11.1-U5 (which runs on FreeBSD v11.1), and am using iocage to create a Jail to install Syncthing into, I’m using the following to create the Jail (via SSH with Putty):

iocage create -n Syncthing ip4_addr="igb0|192.168.0.106" -r 11.1-RELEASE

Then starting the Jail with:

iocage start Syncthing

Once I’ve logged into the Jail (with iocage console Syncthing), I then do the following to install Syncthing:

(setting up the base Jail)

pkg

pkg update

pkg install bash

pkg upgrade -y

portsnap fetch

portsnap extract

(Portmaster: Used to managed upgrades to Ports)

cd /usr/ports/ports-mgmt/portmaster

make install clean

(Syncthing)

cd /usr/ports/net/syncthing

make config-recursive

make install

(Configure syncthing to start on reboots)

sysrc syncthing_enable=YES

I then exit the iocage Jail, and restart it (iocage restart Syncthing)

However, when I then try to connect to the admin page from my PC, by connecting to https://192.168.0.106:8384/, i get the error “Host check error”.

I’ve read the following in the FAQ:

https://docs.syncthing.net/users/faq.html?highlight=host%20check%20error#why-do-i-get-host-check-error-in-the-gui-api

But to be honest, I not sure what I need to do to fix the issue?

Any help/guidance would be welcomed.

Thanks

Jonathan (edits: to fix layout)


(Audrius Butkevicius) #2

It explicitly states:

To pass this test, ensure that you are accessing the GUI using an URL that begins with http://localhost, http://127.0.0.1 or http://[::1]. HTTPS is fine too, of course


(Jonathan) #3

So does this mean that I cannot connect to it remotely?

Jonathan


(Jakob Borg) #4

No it means that since you are doing funky stuff with proxies and jails and whatnot you need to take care to make sure this part is correct. Currently Syncthing thinks it’s listening on localhost only, and yet it’s getting connections from the outside world. That’s fundamentally insecure.


(Jonathan) #5

Ahh, thanks. Looking at the docs, I think I need to change some settings in config.xml.

I have tried making the following changes to the gui element, but after a restart still getting the Host check error:

<gui enabled="true" tls="false" debugging="false">
    <address>0.0.0.0:8384</address>
    <theme>default</theme>
    <insecureAdminAccess>true</insecureAdminAccess>
</gui>

Any hints?

Yours Jonathan


(Audrius Butkevicius) #6

It says in the docs that its insecureSkipHostCheck and not the one you are setting.


(Jonathan) #7

Ok, I’ve found that now in the docs, however I had added the following into the GUI element, and still getting the error.

<insecureSkipHostCheck>true</insecureSkipHostCheck>

Jonathan


(Audrius Butkevicius) #8

What version of syncthing are you running. It should already be in the config. Otherwise use the web ui from the local machine to be enable it from the advanced settings.


(Audrius Butkevicius) #9

It’s lowercase c in check.


(Jonathan) #10

Hi, I’m using Syncthing v0.14.48 via FreeBSD ports. Have changed to a lowercase c, but still getting the error.

Jonathan


(Jonathan) #11

Ignore that, working now. Helps if I remember to restart the service :slight_smile:

Jonathan


(Jonathan) #12

Thanks for your help.