This is a short recipe on how to setup Syncthing for syncing files between my Windows workstation and a Debian web server over internet. Syncing is done through a ssh tunnel, no need to expose any public ports to the internet.

Prerequisites

• Putty bundle installed on the Windows workstation (this time we need plink.exe)

Syncthing setup on Debian server

1. Follow the instructions provided here
   Just in case, here they are:

    # Add the release PGP keys:
    curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
   
    # Add the "release" channel to your APT sources:
    echo "deb http://apt.syncthing.net/ syncthing release" | sudo tee /etc/apt/sources.list.d/syncthing.list
   
    # Update and install syncthing:
    sudo apt-get update
    sudo apt-get install syncthing
   

2. In case you need to edit any settings like ports you need to edit ~/.config/syncthing/config.xml

3. Create the file /etc/init.d/syncthing

    sudo touch /etc/init.d/syncthing
    sudo chmod 755 /etc/init.d/syncthing
    sudo chown root:root /etc/init.d/syncthing
   

4. With the following content:

    #!/bin/sh
    ### BEGIN INIT INFO
    # Provides: syncthing
    # Required-Start: $local_fs $remote_fs
    # Required-Stop: $local_fs $remote_fs
    # Should-Start: $network
    # Should-Stop: $network
    # Default-Start: 2 3 4 5
    # Default-Stop: 0 1 6
    # Short-Description: Multi-user daemonized version of syncthing.
    # Description: Starts the syncthing daemon for all registered users.
    ### END INIT INFO
   
    # Replace with users you want to run syncthing clients for
    syncthing_USERS="myusername"
    DAEMON=/usr/bin/syncthing
   
    startd() {
    for stuser in $syncthing_USERS; do
        HOMEDIR=$(getent passwd $stuser | awk -F: '{print $6}')
        if [ -f $config ]; then
        echo "Starting syncthiing for $stuser"
        start-stop-daemon -b -o -c $stuser -S -u $stuser -x $DAEMON
        else
        echo "Couldn't start syncthing for $stuser (no $config found)"
        fi
    done
    }
   
    stopd() {
    for stuser in $syncthing_USERS; do
        dbpid=$(pgrep -fu $stuser $DAEMON)
        if [ ! -z "$dbpid" ]; then
        echo "Stopping syncthing for $stuser"
        start-stop-daemon -o -c $stuser -K -u $stuser -x $DAEMON
        fi
    done
    }
   
    status() {
    for stuser in $syncthing_USERS; do
        dbpid=$(pgrep -fu $stuser $DAEMON)
        if [ -z "$dbpid" ]; then
        echo "syncthing for USER $stuser: not running."
        else
        echo "syncthing for USER $stuser: running (pid $dbpid)"
        fi
    done
    }
   
    case "$1" in
    start) startd
        ;;
    stop) stopd
        ;;
    restart|reload|force-reload) stopd && startd
        ;;
    status) status
        ;;
    *) echo "Usage: /etc/init.d/syncthing {start|stop|reload|force-reload|restart|status}"
        exit 1
    ;;
    esac
   
    exit 0
   

   Don’t forget to set syncthing_USERS to the desired user for running syncthing.

5. Now run

    /etc/init.d/syncthing start
   

   Which will start the daemon.

6. To make it autostart on bootup run

    sudo update-rc.d syncthing defaults
    sudo update-rc.d syncthing enable
   

   Windows workstation setup

7. Download the Syncthing Core (CLI & Web UI) for Windows
8. Extract it to C:\Program Files\syncthing
9. Create “C:\Program Files\syncthing\SYNCNOW.bat” with the following content:

   start syncthing.exe
   start "" http://localhost:8385
   "C:\Program Files (x86)\PuTTY\plink.exe" -L 22001:127.0.0.1:22000 -L 8385:127.0.0.1:8384 yoursshuser@your.debian.server.com
   

10. Two web pages should open http://localhost:8385/ and http://127.0.0.1:8384/

    

11. Proceed to adding both machines IDs so they can see each other. (Check Syncthing instructions for more info on basic setup)

That’s it. I prefer to run syncthing on the workstation manually only when I need to. So when file syncing is needed, SYNCNOW.bat should be ran manually and syncing should work. You can easily stop the process by simply closing all the opened cmd windowns.

Permissions clash

Someone asked what to do if syncthng is creating files and directories with a syncuser:syncgroup different from what apache is using and thus apache cannot access file/dirs created by sync user. One solution that comes to mind is the following:

1. Modify /etc/init.d/syncthing from

   start-stop-daemon -b -o -c $stuser -S -u $stuser -x $DAEMON
   

   to

   start-stop-daemon -b -o -c $stuser -S -u $stuser -x $DAEMON --umask 002
   

2. In the windows workstation web ui set “Ignore Permissions” to true. This seems to be required to have newly-created files on linux-based server be writable by the group https://github.com/syncthing/syncthing/issues/1339

3. Run the following commands on server (presuming that /var/www/sync is the dir shared by apache and syncthing):

   chown -R syncuser:www-data /var/www
   chmod -R g+s /var/www
   

Now all new dirs and files should preserve www-data group and have rw-rw-r– permissions.

(If anyone knows a more better way, please let me know.)