From 875377981dd92b2162f73d931408cdd99d65f7bf Mon Sep 17 00:00:00 2001 From: Jakob Borg Date: Sun, 22 Sep 2019 11:33:29 +0100 Subject: [PATCH 1/2] docker: Make it easy to disable the GUI, document it (#6021) --- Dockerfile | 3 ++- README-Docker.md | 27 ++++++++++++++++++++++++++- README.md | 5 +++++ 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 701681adb..7321089bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,4 +24,5 @@ ENV PUID=1000 PGID=1000 HEALTHCHECK --interval=1m --timeout=10s \ CMD nc -z localhost 8384 || exit 1 -ENTRYPOINT ["/bin/entrypoint.sh", "-home", "/var/syncthing/config", "-gui-address", "0.0.0.0:8384"] +ENV STGUIADDRESS=0.0.0.0:8384 +ENTRYPOINT ["/bin/entrypoint.sh", "-home", "/var/syncthing/config"] diff --git a/README-Docker.md b/README-Docker.md index 8f1614834..8c078ae5f 100644 --- a/README-Docker.md +++ b/README-Docker.md @@ -18,7 +18,11 @@ $ docker run -p 8384:8384 -p 22000:22000 \ syncthing/syncthing:latest ``` -Note that local device discovery will not work with the above command, resulting in poor local transfer rates if local device addresses are not manually configured. +## Discovery + +Note that local device discovery will not work with the above command, +resulting in poor local transfer rates if local device addresses are not +manually configured. To allow local discovery, the docker host network can be used instead: @@ -32,3 +36,24 @@ $ docker run --network=host \ Be aware that syncthing alone is now in control of what interfaces and ports it listens on. You can edit the syncthing configuration to change the defaults if there are conflicts. + +## GUI Security + +By default Syncthing inside the Docker image listens on 0.0.0.0:8384 to +allow GUI connections via the Docker proxy. This is set by the +`STGUIADDRESS` environment variable in the Dockerfile, as it differs from +what Syncthing would otherwise use by default. This means you should set up +authentication in the GUI, like for any other externally reachable Syncthing +instance. If you do not require the GUI, or you use host networking, you can +unset the `STGUIADDRESS` variable to have Syncthing fall back to listening +on 127.0.0.1: + +``` +$ docker pull syncthing/syncthing +$ docker run -e STGUIADDRESS= \ + -v /wherever/st-sync:/var/syncthing \ + syncthing/syncthing:latest +``` + +With the environment variable unset Syncthing will follow what is set in the +configuration file / GUI settings dialog. diff --git a/README.md b/README.md index 894ab4c25..cb5ba8a3f 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,10 @@ There are a few examples for keeping Syncthing running in the background on your system in [the etc directory][3]. There are also several [GUI implementations][11] for Windows, Mac and Linux. +## Docker + +To run Syncthing in Docker, see [the Docker README](16). + ## Vote on features/bugs We'd like to encourage you to [vote][12] on issues that matter to you. @@ -110,4 +114,5 @@ All code is licensed under the [MPLv2 License][7]. [13]: https://github.com/syncthing/syncthing/blob/master/GOALS.md [14]: assets/logo-text-128.png [15]: https://syncthing.net/ +[16]: https://github.com/syncthing/syncthing/blob/master/README-Docker.md From 2c88e473cb089e377628cdd4ea086eb60ff2b195 Mon Sep 17 00:00:00 2001 From: Ilya Brin <464157+ilyabrin@users.noreply.github.com> Date: Mon, 23 Sep 2019 07:28:42 +0300 Subject: [PATCH 2/2] readme: Fix broken link to README-Docker.md (#6025) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cb5ba8a3f..6f2e54580 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ implementations][11] for Windows, Mac and Linux. ## Docker -To run Syncthing in Docker, see [the Docker README](16). +To run Syncthing in Docker, see [the Docker README][16]. ## Vote on features/bugs