Syncthing by default runs on localhost on port 8384

I wasn’t too keen to run syncthing publicly directly, so I created an nginx reverse proxy for it.

The other reason being I wanted to put a basic authentication to access the syncthing main page so nginx seemed perfect for this job.

For this, I first created a basic auth file for which apache2-utils is required.

Operations below performed as root.

Create a Basic-Auth password file

apt-get install -y apache2-utils
cd ~/basic-auth
htpassword -cb <password file> <basic auth username> <password>

Configure Nginx

Have a subdomain to point to syncthing and set the reverse-proxy.

This file is /etc/nginx/conf.d/syncthing.conf

server {
  listen 80;
  listen [::]:80;

  server_name <url>;

  auth_basic "Restricted";
  auth_basic_user_file /home/<username>/basic-auth/<password-file from step 1>;

  location / {
    root   /home/<username>/syncthing/;
    index  index.html index.htm;

  location /syncthing/ {
    proxy_set_header        X-Real_IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_set_header        Upgrade $http_upgrade;
    proxy_pass              http://localhost:8384/;

Of course, it’s better to serve this on an https port, in which case an ssl cert would be required.

Test and restart Nginx

nginx -t
nginx -s reload

Now, the syncthing page is not accessible without a password which is a big relief. I wanted it to be accessible and configurable only by me!