Use case: passing a proxy silently

Hi, a newcomer on this forum, I’d like first to thank the Syncthing developers for this great tool.

I use Syncthing to replicate a small-size directory between various devices. Unfortunately, I can’t make Syncthing work at my work place due to various network configurations (among which an HTTP(S) proxy). SSH tunneling is not an option as it can be detected.

Reading the documentation, it’s not totally clear whether it would be possible to only use port 80? It looks like it may be possible by relying on specific relay servers also running on port 80 but I’m not sure… Hope you can help!

It could possibly work if you had a relay server on port 80, and manually configured your Syncthing to listen on that specific relay server and set it as the other devices’ address as well. And then do the same on your other device(s) on the outside. All that manual stuff required because you wouldn’t have automatic discovery as that is HTTPS. And assuming your port 80 traffic is in fact untouched, which might not be the case.

Syncthing works through an HTTPS proxy though, I think. Though not if it does MITM inspection.

Thank you for your quick answer. Meanwhile, I realized that I may have been imprecise. HTTPS works perfectly at work so the port 443 should be OK too (I’m so used to every site being on HTTPS nowadays that I had forgotten that it’s not on port 80 :slight_smile: ), and I gather there are already relays listening on this port.

So I understand that I could have Syncthing work with 443 solely. Now my question is what parameters should I set or switch off in the web GUI? The documentation is thorough but, for some parameters in the GUI, it’s sometimes hard (for me) to see to what part of the doc they correspond to (for instance, it seems there is an ID to add when specifying a specific relay server but the documentaion is not written there yet). My aim is to configure Syncthing to the most “minimal” setting possible, meaning I want to keep the lowest profile inside the corporate environment (some sysadmins are grumpy!). What can I switch off among these:

  • Enable NAT traversal
  • Local Discovery
  • Global Discovery
  • Enable Relaying?

What should I write for

  • Sync Protocol Listen Addresses
  • Global Discovery Servers?

Regarding a device configuration, should I change the Addresses field in the Advanced tab?

Finally, should I change the Folder Type setting for a folder?

Best,

If you have working outgoing port 443 things should pretty much work out of the box (albeit slowly while finding some of the few relays available on 443). You can turn off local discovery and NAT traversal as these will not work and result in packets being broadcast on your LAN. Apart from that I’d leave things as they are unless you need to change them for other reasons, they don’t really change your “exposure” on the local network much.

OK thank you, I’ll try and update you.