Edit: Solution is in Nginx I disabled these: Cache Assets, Block Common Exploits, Websockets Support.
I can login using the local IP 192.168.1.2:9101, but when I route that with Nginx, It won’t.
I have the GUI listen address as : 0.0.0.0:9101
I’ve been googling for hours but I can’t find anything, In browser console it says
Failed to load resource: the server responded with a status of 403 ()
syncthing.my.domain.com/:1 Refused to execute script from 'https://syncthing.my.domain.com/meta.js' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.
I’m a bit confused about those ports (9000 and 9101) because afaik Syncthing only listens on 8384 (GUI) and 22000 (transfers).
I’m using it with NPM as well and I haven’t needed to do anything special to access the GUI through NPM beyond pointing NPM at the syncthing address and port (which, again, I used 8384).
Please note that 22000 is unrelated to the GUI, that needs to be handled as a stream. It’s not HTTP so you won’t be able to do domain routing with it. You can add it as a stream host in NPM but it will use the IP/name of the machine/container that NPM runs on.
I currently expose 22000 to Tailscale through the tailnet IP/name. But you only need to define that in the other syncthing clients anyway, shouldn’t impact using the GUI.
Sorry it’s just 9101, I updated it.
In GUI you can change the port of the GUI and that’s what I did, so I can right now actually access it using 192.168.1.2:9101 and it works. Do you have NPM configured in anyway other than pointing? have you made any changes in Syncthing itself to give it a domain name or an address?
No relevant changes in Syncthing. The GUI is on 0.0.0.0:8384, transfer is on tcp4://0.0.0.0:22000.
NPM is a simple forward to IP:8384. I have unchecked cache, block exploits and websockets in NPM.
The forwarding is actually taking place, the problem is that when I write credintials and try to login it doesn’t
Can you post the syncthing logs, as well as the nginx logs?
I assume you’ve seen this: https://stackoverflow.com/questions/48626459/refused-to-execute-script-because-strict-mime-type-checking-is-enabled
Can you post your nginx config? Is it just this one with different variables? https://docs.syncthing.net/users/reverseproxy.html
I’m using the Web GUI Nginx Proxy Manager https://nginxproxymanager.com/
I tried to add what’s in the docs.syncthing using the GUI but it failed, I wasn’t sure if I should modify something inside the ngnix docker container or not.
I’d definitely take a look at the syncthing logs…
The log doesn’t mention anything regarding a login attempt
403 Forbidden doesn’t necessarily mean a bad login attempt. Are you sure that’s the error? My troubleshooting steps would be to access directly (no nginx), and look at the logs for a successful login. Then, look try to login with nginx, and look at those logs (both access.log and error.log on nginx, and any/all logs from syncthing). Find out where the two cases diverge and go from there.
Does syncthing have a domain name specified? If it doesn’t know its domain name it may work from IP directly but not via reverse proxy. Just a hunch.
In Syncthing logs the difference between success and fail
Success
2024-04-29 00:46:58 http: POST "/rest/noauth/auth/password": status 204, 0 bytes in 62.48 ms 2024-04-29 00:46:58 http: GET "/rest/events?since=174": status 200, 240 bytes in 54538.81 ms 2024-04-29 00:46:58 http: GET "/": status 304, 0 bytes in 0.00 ms 2024-04-29 00:46:58 http: GET "/vendor/bootstrap/css/bootstrap.css": status 304, 0 bytes in 1.24 ms 2024-04-29 00:46:58 http: GET "/vendor/daterangepicker/daterangepicker.css": status 304, 0 bytes in 0.00 ms 2024-04-29 00:46:58 http: GET "/vendor/fork-awesome/css/fork-awesome.css": status 304, 0 bytes in 0.00 ms 2024-04-29 00:46:58 http: GET "/assets/font/raleway.css": status 304, 0 bytes in 0.00 ms
Fail
2024-04-29 00:44:09 http: POST "/rest/noauth/auth/password": status 403, 10 bytes in 237.16 ms 2024-04-29 00:44:09 http: GET "/modal.html": status 304, 0 bytes in 0.00 ms 2024-04-29 00:44:09 http: GET "/syncthing/core/editShareTemplate.html": status 304, 0 bytes in 0.07 ms 2024-04-29 00:44:10 http: POST "/rest/noauth/auth/password": status 204, 0 bytes in 85.43 ms 2024-04-29 00:44:11 http: GET "/": status 304, 0 bytes in 0.00 ms 2024-04-29 00:44:11 http: GET "/rest/svc/lang": status 200, 22 bytes in 0.00 ms
Does syncthing have a domain name specified I can’t find an option to do so
This suggests nginx options to use re: hostname. Unsure of your nginx config…
https://forum.syncthing.net/t/web-gui-over-nginx-proxy-only/13767
I managed to get it to work finally, I disabled these Cache Assets, Block Common Exploits, Websockets Support.
My npm has web sockets enabled and blocking common exploits.
Just checked syncthing and it’s set to 0.0.0.0:8384 internally but that shouldn’t matter if you changed the port.
When Syncthing is set to listen on 0.0.0.0, it means it’s listening on all available network interfaces on the device. This allows it to accept connections from any IP address on the network, rather than just the local interface. Essentially, it makes Syncthing accessible from any device within the network.
Just make sure you open those firewall ports on the server syncthing is running on.
Btw the syncthing protocol utilizes port 22000 tcp and udp. Udp utilizing a type of quic if you let it.
So it’s a good idea to allow udp and tcp on 22000 if you have a firewall configured on the syncthing server.
Edit
Wording for firewall ports and the purpose of 0.0.0.0
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol nginx Popular HTTP server
3 acronyms in this thread; the most compressed thread commented on today has 13 acronyms.
[Thread #721 for this sub, first seen 29th Apr 2024, 04:15] [FAQ] [Full list] [Contact] [Source code]