2018-04-09 10:48:37 +02:00
|
|
|
# Docker Container for Syncthing
|
|
|
|
|
|
|
|
Use the Dockerfile in this repo, or pull the `syncthing/syncthing` image
|
2019-02-25 21:37:59 +01:00
|
|
|
from Docker Hub.
|
2018-04-09 10:48:37 +02:00
|
|
|
|
2019-02-25 21:37:59 +01:00
|
|
|
Use the `/var/syncthing` volume to have the synchronized files available on the
|
|
|
|
host. You can add more folders and map them as you prefer.
|
2018-04-09 10:48:37 +02:00
|
|
|
|
2018-07-04 02:42:29 -04:00
|
|
|
Note that Syncthing runs as UID 1000 and GID 1000 by default. These may be
|
2022-09-26 13:39:41 +02:00
|
|
|
altered with the `PUID` and `PGID` environment variables. In addition
|
2021-04-01 14:04:15 +03:00
|
|
|
the name of the Syncthing instance can be optionally defined by using
|
2022-09-26 13:39:41 +02:00
|
|
|
`--hostname=syncthing` parameter.
|
|
|
|
|
|
|
|
To grant Syncthing additional capabilities without running as root, use the
|
|
|
|
`PCAP` environment variable with the same syntax as that for `setcap(8)`.
|
|
|
|
For example, `PCAP=cap_chown,cap_fowner+ep`.
|
2018-04-09 10:48:37 +02:00
|
|
|
|
2024-02-22 00:47:43 -08:00
|
|
|
To set a different umask value, use the `UMASK` environment variable. For
|
|
|
|
example `UMASK=002`.
|
|
|
|
|
2019-02-25 21:37:59 +01:00
|
|
|
## Example Usage
|
2018-04-09 10:48:37 +02:00
|
|
|
|
2021-04-01 14:04:15 +03:00
|
|
|
**Docker cli**
|
2018-04-09 10:48:37 +02:00
|
|
|
```
|
|
|
|
$ docker pull syncthing/syncthing
|
2022-03-08 01:06:45 -06:00
|
|
|
$ docker run -p 8384:8384 -p 22000:22000/tcp -p 22000:22000/udp -p 21027:21027/udp \
|
2018-04-09 10:48:37 +02:00
|
|
|
-v /wherever/st-sync:/var/syncthing \
|
2021-04-01 14:04:15 +03:00
|
|
|
--hostname=my-syncthing \
|
2018-04-09 10:48:37 +02:00
|
|
|
syncthing/syncthing:latest
|
|
|
|
```
|
|
|
|
|
2021-04-01 14:04:15 +03:00
|
|
|
**Docker compose**
|
2022-07-31 20:46:57 +02:00
|
|
|
```yml
|
2021-04-01 14:04:15 +03:00
|
|
|
---
|
|
|
|
version: "3"
|
|
|
|
services:
|
|
|
|
syncthing:
|
|
|
|
image: syncthing/syncthing
|
|
|
|
container_name: syncthing
|
|
|
|
hostname: my-syncthing
|
|
|
|
environment:
|
|
|
|
- PUID=1000
|
|
|
|
- PGID=1000
|
|
|
|
volumes:
|
|
|
|
- /wherever/st-sync:/var/syncthing
|
|
|
|
ports:
|
2022-03-08 01:06:45 -06:00
|
|
|
- 8384:8384 # Web UI
|
|
|
|
- 22000:22000/tcp # TCP file transfers
|
|
|
|
- 22000:22000/udp # QUIC file transfers
|
|
|
|
- 21027:21027/udp # Receive local discovery broadcasts
|
2021-04-01 14:04:15 +03:00
|
|
|
restart: unless-stopped
|
2024-09-29 11:53:13 -03:00
|
|
|
healthcheck:
|
|
|
|
test: curl -fkLsS -m 2 127.0.0.1:8384/rest/noauth/health | grep -o --color=never OK || exit 1
|
|
|
|
interval: 1m
|
|
|
|
timeout: 10s
|
|
|
|
retries: 3
|
2021-04-01 14:04:15 +03:00
|
|
|
```
|
|
|
|
|
2019-09-22 11:33:29 +01:00
|
|
|
## Discovery
|
|
|
|
|
2022-07-31 20:46:57 +02:00
|
|
|
Note that Docker's default network mode prevents local IP addresses from
|
|
|
|
being discovered, as Syncthing is only able to see the internal IP of the
|
|
|
|
container on the `172.17.0.0/16` subnet. This will result in poor transfer rates
|
|
|
|
if local device addresses are not manually configured.
|
2018-04-09 10:48:37 +02:00
|
|
|
|
2022-07-31 20:46:57 +02:00
|
|
|
It is therefore advisable to use the [host network mode](https://docs.docker.com/network/host/) instead:
|
2018-04-09 10:48:37 +02:00
|
|
|
|
2022-07-31 20:46:57 +02:00
|
|
|
**Docker cli**
|
2018-04-09 10:48:37 +02:00
|
|
|
```
|
|
|
|
$ docker pull syncthing/syncthing
|
|
|
|
$ docker run --network=host \
|
|
|
|
-v /wherever/st-sync:/var/syncthing \
|
|
|
|
syncthing/syncthing:latest
|
|
|
|
```
|
|
|
|
|
2022-07-31 20:46:57 +02:00
|
|
|
**Docker compose**
|
|
|
|
```yml
|
|
|
|
---
|
|
|
|
version: "3"
|
|
|
|
services:
|
|
|
|
syncthing:
|
|
|
|
image: syncthing/syncthing
|
|
|
|
container_name: syncthing
|
|
|
|
hostname: my-syncthing
|
|
|
|
environment:
|
|
|
|
- PUID=1000
|
|
|
|
- PGID=1000
|
|
|
|
volumes:
|
|
|
|
- /wherever/st-sync:/var/syncthing
|
|
|
|
network_mode: host
|
|
|
|
restart: unless-stopped
|
2024-09-29 11:53:13 -03:00
|
|
|
healthcheck:
|
|
|
|
test: curl -fkLsS -m 2 127.0.0.1:8384/rest/noauth/health | grep -o --color=never OK || exit 1
|
|
|
|
interval: 1m
|
|
|
|
timeout: 10s
|
|
|
|
retries: 3
|
2022-07-31 20:46:57 +02:00
|
|
|
```
|
|
|
|
|
2018-04-09 10:48:37 +02:00
|
|
|
Be aware that syncthing alone is now in control of what interfaces and ports it
|
|
|
|
listens on. You can edit the syncthing configuration to change the defaults if
|
|
|
|
there are conflicts.
|
2019-09-22 11:33:29 +01:00
|
|
|
|
|
|
|
## GUI Security
|
|
|
|
|
|
|
|
By default Syncthing inside the Docker image listens on 0.0.0.0:8384 to
|
|
|
|
allow GUI connections via the Docker proxy. This is set by the
|
|
|
|
`STGUIADDRESS` environment variable in the Dockerfile, as it differs from
|
|
|
|
what Syncthing would otherwise use by default. This means you should set up
|
|
|
|
authentication in the GUI, like for any other externally reachable Syncthing
|
|
|
|
instance. If you do not require the GUI, or you use host networking, you can
|
|
|
|
unset the `STGUIADDRESS` variable to have Syncthing fall back to listening
|
|
|
|
on 127.0.0.1:
|
|
|
|
|
|
|
|
```
|
|
|
|
$ docker pull syncthing/syncthing
|
|
|
|
$ docker run -e STGUIADDRESS= \
|
|
|
|
-v /wherever/st-sync:/var/syncthing \
|
|
|
|
syncthing/syncthing:latest
|
|
|
|
```
|
|
|
|
|
|
|
|
With the environment variable unset Syncthing will follow what is set in the
|
|
|
|
configuration file / GUI settings dialog.
|