What is "Use HTTPS for GUI" and should I be using it?

I searched the documentation but couldn’t find a description for this setting.

Tell me about it, please.

The WebUI is normally accessible via http:// and https://. If you activate this setting, every attempt to access it via http:// will redirect to https://.

https:// means that the data send to the WebUI (e.g. login) will be encrypted.

If you can access the WebUI from other machines or even the internet, the WebUI should probably only be accessible via https:// (or should only be, in case of “accessible from the internet”).

I you use http:// and someone captures your traffic, they can sniff out your login and access your WebUI and therefore can configure Syncthing to sync whatevery data with them.

The default setting is to only allow local connections, so you don’t need https://.

1 Like

I don’t connect to the PC from any other device; it’s one of several in use on a home network. So, from your description, enabling or disabling that setting wouldn’t make a difference in either performance or security. Is that right?

If you only access the WebUI locally (like http://localhost:8384 or on each of the machines, it makes no difference in security if you enable this or not. Using https generally has a slight impact on performance, but I think with Syncthing, this will not be noticeable, as there are other things impacting performance way more than this.

1 Like

Alright, thanks. For my use case, I’ll just let it go.

1 Like