mirror of
https://github.com/octoleo/syncthing.git
synced 2025-01-13 03:11:41 +00:00
429672e0b4
### Purpose Syncthing had a healthcheck API for a while, and the example Dockerfile for it has it in the form of: HEALTHCHECK --interval=1m --timeout=10s \ CMD curl -fkLsS -m 2 127.0.0.1:8384/rest/noauth/health | grep -o --color=never OK || exit 1 Let's add it to the docker-compose as well ### Testing I use this docker-compose.yml file to deploy via ansible (using community.docker.docker_compose_v2) to my machine with success, using `wait: true` in ansible for it to use `docker compose up --wait`. ```yml - name: Enable syncthing docker community.docker.docker_compose_v2: project_src: /srv/syncthing wait: true wait_timeout: 90 ```
123 lines
3.7 KiB
Markdown
123 lines
3.7 KiB
Markdown
# Docker Container for Syncthing
|
|
|
|
Use the Dockerfile in this repo, or pull the `syncthing/syncthing` image
|
|
from Docker Hub.
|
|
|
|
Use the `/var/syncthing` volume to have the synchronized files available on the
|
|
host. You can add more folders and map them as you prefer.
|
|
|
|
Note that Syncthing runs as UID 1000 and GID 1000 by default. These may be
|
|
altered with the `PUID` and `PGID` environment variables. In addition
|
|
the name of the Syncthing instance can be optionally defined by using
|
|
`--hostname=syncthing` parameter.
|
|
|
|
To grant Syncthing additional capabilities without running as root, use the
|
|
`PCAP` environment variable with the same syntax as that for `setcap(8)`.
|
|
For example, `PCAP=cap_chown,cap_fowner+ep`.
|
|
|
|
To set a different umask value, use the `UMASK` environment variable. For
|
|
example `UMASK=002`.
|
|
|
|
## Example Usage
|
|
|
|
**Docker cli**
|
|
```
|
|
$ docker pull syncthing/syncthing
|
|
$ docker run -p 8384:8384 -p 22000:22000/tcp -p 22000:22000/udp -p 21027:21027/udp \
|
|
-v /wherever/st-sync:/var/syncthing \
|
|
--hostname=my-syncthing \
|
|
syncthing/syncthing:latest
|
|
```
|
|
|
|
**Docker compose**
|
|
```yml
|
|
---
|
|
version: "3"
|
|
services:
|
|
syncthing:
|
|
image: syncthing/syncthing
|
|
container_name: syncthing
|
|
hostname: my-syncthing
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
volumes:
|
|
- /wherever/st-sync:/var/syncthing
|
|
ports:
|
|
- 8384:8384 # Web UI
|
|
- 22000:22000/tcp # TCP file transfers
|
|
- 22000:22000/udp # QUIC file transfers
|
|
- 21027:21027/udp # Receive local discovery broadcasts
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: curl -fkLsS -m 2 127.0.0.1:8384/rest/noauth/health | grep -o --color=never OK || exit 1
|
|
interval: 1m
|
|
timeout: 10s
|
|
retries: 3
|
|
```
|
|
|
|
## Discovery
|
|
|
|
Note that Docker's default network mode prevents local IP addresses from
|
|
being discovered, as Syncthing is only able to see the internal IP of the
|
|
container on the `172.17.0.0/16` subnet. This will result in poor transfer rates
|
|
if local device addresses are not manually configured.
|
|
|
|
It is therefore advisable to use the [host network mode](https://docs.docker.com/network/host/) instead:
|
|
|
|
**Docker cli**
|
|
```
|
|
$ docker pull syncthing/syncthing
|
|
$ docker run --network=host \
|
|
-v /wherever/st-sync:/var/syncthing \
|
|
syncthing/syncthing:latest
|
|
```
|
|
|
|
**Docker compose**
|
|
```yml
|
|
---
|
|
version: "3"
|
|
services:
|
|
syncthing:
|
|
image: syncthing/syncthing
|
|
container_name: syncthing
|
|
hostname: my-syncthing
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
volumes:
|
|
- /wherever/st-sync:/var/syncthing
|
|
network_mode: host
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: curl -fkLsS -m 2 127.0.0.1:8384/rest/noauth/health | grep -o --color=never OK || exit 1
|
|
interval: 1m
|
|
timeout: 10s
|
|
retries: 3
|
|
```
|
|
|
|
Be aware that syncthing alone is now in control of what interfaces and ports it
|
|
listens on. You can edit the syncthing configuration to change the defaults if
|
|
there are conflicts.
|
|
|
|
## GUI Security
|
|
|
|
By default Syncthing inside the Docker image listens on 0.0.0.0:8384 to
|
|
allow GUI connections via the Docker proxy. This is set by the
|
|
`STGUIADDRESS` environment variable in the Dockerfile, as it differs from
|
|
what Syncthing would otherwise use by default. This means you should set up
|
|
authentication in the GUI, like for any other externally reachable Syncthing
|
|
instance. If you do not require the GUI, or you use host networking, you can
|
|
unset the `STGUIADDRESS` variable to have Syncthing fall back to listening
|
|
on 127.0.0.1:
|
|
|
|
```
|
|
$ docker pull syncthing/syncthing
|
|
$ docker run -e STGUIADDRESS= \
|
|
-v /wherever/st-sync:/var/syncthing \
|
|
syncthing/syncthing:latest
|
|
```
|
|
|
|
With the environment variable unset Syncthing will follow what is set in the
|
|
configuration file / GUI settings dialog.
|