I’m new here but I could not find any related discussion.
I’ve just set up two syncthing devices in my local network at home and synchronisation is going great.
Since I’m synchronising a minecraft instance between a laptop and a desktop (only client data, not the world), I’d like to disable synchronisation while I’m playing and synchronise afterwards.
syncthingctl pause / resume is great for that, but it only works if I set the address to 127.0.0.1
As soon as I change the listening address to 0.0.0.0, even after completely reconfiguring both devices from scratch, syncthingctl errors out:
Error: TLS error: The host name did not match any of the valid hosts for this certificate (22)
and at the end of the output:
Request: https://0.0.0.0:8081/rest/system/status
Error: TLS error: The certificate is self-signed, and untrusted (9)
Certificate: same as last
Request: https://0.0.0.0:8081/rest/system/status
+++ exited with 253 +++
If I change the address back to 127.0.0.1, syncthingctl works, but I can’t access the webinterface from the other host any more. Using a ssh tunnel would be possible, but slightly awkward.
Is there a simple solution that allows me to use both the webinterface remotely as well as the command line tool?
Long story short: The tool only automatically considers the cert from Syncthing’s local configuration If it can determine that the URL is local. Otherwise you’ll have to specify the expected certificate manually via --cert - just like you’ll have to accept the self-signed certificate when accessing the web interface from a browser. You could also use --url https://127.0.0.1:8081 to explicitly use the local IP address. Maybe that’s what syncthingctl should do by default if it sees 0.0.0.0 in the config. For now, check out --help for more information, e.g. what environment variables you can use as alternative to the mentioned arguments.
How about just using the built-in Syncthing CLI to do the operations?
syncthing cli config folders abcde-12345 paused set true
If not running this from the same host, you can mix in --gui-address and --gui-apikey, but for the local machine these are automatically read from the config.
syncthing cli works fine for me, although it is a bit more low level than syncthingctl. (I can’t simply pause all devices without enumerating them first, unless I’m missing something.)
Unfortunately I had tried Martchus suggestion already, at least with –url https://127.0.0.1:8081 and it just hangs for me. Same with giving the cert explicitly.
Strace shows that it’s waiting for an event notification:
Ah, looks like syncthing from ubuntu is a bit old, that’s maybe why it’s still hanging with the –url switch, as described in the github issue… I’ll try a more recent version from the official repo.
Edit: Sorry, I aborted that attempt. While I can get syncthing from the ubuntu repo, I found no working repo for syncthing-gtk, flatpak install would not read my config out of my home or something (and started the config wizard) and manual install dropped me into dependency hell. (Which python modules do I need exactly, which dev packages in order to compile them? No thanks!)
I guess I’ll have to do some testing first before I can give you further advice then. The only thing that comes to mind for debugging is the env variable LIB_SYNCTHING_CONNECTOR_LOG_CERT_LOADING=1 which might be better than strace. However, before doing that I also recommend updating to the latest version.
Note that the official GNU/Linux build of Syncthing Tray bundles OpenSSL because different GNU/Linux distributions come with different incompatible versions of that library. It will use your OpenSSL configuration, though. In case that config is not compatible with the bundled version of OpenSSL, preventing TLS support from working, you need to set the environment variable OPENSSL_CONF=.
And yes, the CLI of Syncthing itself is now a good alternative for many low-level config changes. (I developed syncthingctl when Syncthing itself had no CLI and was focusing more on high-level commands.)
By the way, there’s documentation about syncthingctl and I’ve already extended it to cover the TLS certificate. I’ll probably update it after doing some changes/tests with my findings.
The Dolphin plug-in will actually have a similar limitation when it comes to accepting custom certificates.
I’m wondering whether I can simply make it use 127.0.0.1 in case it encounters 0.0.0.0 in the config file. Maybe it shouldn’t even directly use the address from the config file at all and only use it to determine whether IPv4 or IPv6 should be used (and then always use 127.0.0.1 or ::1). Maybe it could also detect the use of a UNIX domain socket out of the box but that should then really be all it should deduce from the address.
Right, hence I put (years ago) code in into Syncthing Tray which would determine whether the IP address is local by also checking QNetworkInterface::allAddresses().contains(hostAddress). This doesn’t cover the 0.0.0.0 case, though. So I guess I need to handle this specifically.
Just for the record, I tested this with the latest version of syncthingctl it works just fine. I guess this is one of the problems I’ve already fixed at some point but aren’t yet in Ubuntu.
syncthing-gtk is yet another GUI for Syncthing. It has nothing to do with Syncthing Tray and syncthingctl. Only Syncthing Tray and syncthingctl are developed by me. I provide generic GNU/Linux executables for both; no Flatpak required.
