Reverse Proxy Setup

A reverse proxy allows you to “pass” requests through your web server to another site or program. The reverse proxy will make it look like Syncthing’s GUI is a page within your existing site.

This is especially useful if:

  • You need to access the GUI on port 80 or 443 but you already host a website on the same device.

  • You want to share SSL certificates with an existing site.

  • You want to share authentication with an existing setup.

Server Configuration

If you have access to your web server’s configuration use the following examples to pass the location /syncthing on your web server to Syncthing’s GUI hosted on localhost:8384.

Apache

First of all, execute the following command to enable the Apache HTTP Proxy module: a2enmod proxy_http.

Then, you may add the following to your Apache httpd configuration:

  1. ProxyPass /syncthing/ http://localhost:8384/
  2. <Location /syncthing/>
  3. ProxyPassReverse http://localhost:8384/
  4. Require all granted
  5. </Location>

Nginx

  1. location /syncthing/ {
  2. proxy_set_header Host $host;
  3. proxy_set_header X-Real-IP $remote_addr;
  4. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  5. proxy_set_header X-Forwarded-Proto $scheme;
  6. proxy_pass http://localhost:8384/;
  7. proxy_read_timeout 600s;
  8. proxy_send_timeout 600s;
  9. }

Caddy

  1. proxy /syncthing localhost:8384 {
  2. transparent
  3. }
  4. timeouts {
  5. read none
  6. write none
  7. header none
  8. }

Folder Configuration

If you don’t have access to your web server configuration files you might try the following technique.

Apache

Add the configuration below to a .htaccess file in the folder of your webroot which should redirect to the WebUI, /syncthing to produce the same behaviour as above

  1. RewriteEngine On
  2. RewriteCond %{HTTPS} !=on
  3. RewriteCond %{ENV:HTTPS} !=on
  4. RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
  5. RewriteRule ^(.*) http://localhost:8384/$1 [P]

This method also redirects to HTTPS to prevent opening the GUI unencrypted.