Syncthing in iocage Jail on FreeNAS v11.1-U5 "host check error"

Hazimil · June 13, 2018, 11:01am

Hi All

I’m trying to setup a Syncthing “server” on my FreeNAS server and having problems with “Host check error”.

I’m using FreeNAS v11.1-U5 (which runs on FreeBSD v11.1), and am using iocage to create a Jail to install Syncthing into, I’m using the following to create the Jail (via SSH with Putty):

iocage create -n Syncthing ip4_addr="igb0|192.168.0.106" -r 11.1-RELEASE

Then starting the Jail with:

iocage start Syncthing

Once I’ve logged into the Jail (with iocage console Syncthing), I then do the following to install Syncthing:

(setting up the base Jail)

pkg

pkg update

pkg install bash

pkg upgrade -y

portsnap fetch

portsnap extract

(Portmaster: Used to managed upgrades to Ports)

cd /usr/ports/ports-mgmt/portmaster

make install clean

(Syncthing)

cd /usr/ports/net/syncthing

make config-recursive

make install

(Configure syncthing to start on reboots)

sysrc syncthing_enable=YES

I then exit the iocage Jail, and restart it (iocage restart Syncthing)

However, when I then try to connect to the admin page from my PC, by connecting to https://192.168.0.106:8384/, i get the error “Host check error”.

I’ve read the following in the FAQ:

https://docs.syncthing.net/users/faq.html?highlight=host%20check%20error#why-do-i-get-host-check-error-in-the-gui-api

But to be honest, I not sure what I need to do to fix the issue?

Any help/guidance would be welcomed.

Thanks

Jonathan (edits: to fix layout)

AudriusButkevicius · June 13, 2018, 11:29am

It explicitly states:

To pass this test, ensure that you are accessing the GUI using an URL that begins with http://localhost, http://127.0.0.1 or http://[::1]. HTTPS is fine too, of course

Hazimil · June 14, 2018, 8:17am

So does this mean that I cannot connect to it remotely?

Jonathan

calmh · June 14, 2018, 8:46am

No it means that since you are doing funky stuff with proxies and jails and whatnot you need to take care to make sure this part is correct. Currently Syncthing thinks it’s listening on localhost only, and yet it’s getting connections from the outside world. That’s fundamentally insecure.

Hazimil · June 14, 2018, 10:30am

Ahh, thanks. Looking at the docs, I think I need to change some settings in config.xml.

I have tried making the following changes to the gui element, but after a restart still getting the Host check error:

<gui enabled="true" tls="false" debugging="false">
    <address>0.0.0.0:8384</address>
    <theme>default</theme>
    <insecureAdminAccess>true</insecureAdminAccess>
</gui>

Any hints?

Yours Jonathan

AudriusButkevicius · June 14, 2018, 11:09am

It says in the docs that its insecureSkipHostCheck and not the one you are setting.

Hazimil · June 14, 2018, 11:31am

Ok, I’ve found that now in the docs, however I had added the following into the GUI element, and still getting the error.

<insecureSkipHostCheck>true</insecureSkipHostCheck>

Jonathan

AudriusButkevicius · June 14, 2018, 11:44am

What version of syncthing are you running. It should already be in the config. Otherwise use the web ui from the local machine to be enable it from the advanced settings.

AudriusButkevicius · June 14, 2018, 11:51am

It’s lowercase c in check.

Hazimil · June 14, 2018, 12:00pm

Hi, I’m using Syncthing v0.14.48 via FreeBSD ports. Have changed to a lowercase c, but still getting the error.

Jonathan

Hazimil · June 14, 2018, 12:02pm

Ignore that, working now. Helps if I remember to restart the service

Jonathan

Hazimil · June 14, 2018, 1:05pm

Thanks for your help.

system · July 14, 2018, 1:05pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.