|
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
|
..
|
|
|
-.TH "STDISCOSRV" "1" "Sep 04, 2024" "v1.27.11" "Syncthing"
|
|
|
+.TH "STDISCOSRV" "1" "Sep 13, 2024" "v1.27.11" "Syncthing"
|
|
|
.SH NAME
|
|
|
stdiscosrv \- Syncthing Discovery Server
|
|
|
.SH SYNOPSIS
|
|
@@ -35,9 +35,10 @@ stdiscosrv \- Syncthing Discovery Server
|
|
|
.INDENT 3.5
|
|
|
.sp
|
|
|
.EX
|
|
|
-stdiscosrv [\-cert=<file>] [\-db\-dir=<string>] [\-debug] [\-http] [\-key=<string>]
|
|
|
- [\-listen=<address>] [\-metrics\-listen=<address>]
|
|
|
- [\-replicate=<peers>] [\-replication\-listen=<address>]
|
|
|
+stdiscosrv [\-\-debug] [\-\-http] [\-\-compression] [\-\-version]
|
|
|
+ [\-\-cert=<file>] [\-\-key=<string>]
|
|
|
+ [\-\-listen=<address>] [\-\-metrics\-listen=<address>]
|
|
|
+ [\-\-db\-dir=<string>] [\-\-db\-flush\-interval=<string>]
|
|
|
.EE
|
|
|
.UNINDENT
|
|
|
.UNINDENT
|
|
@@ -49,48 +50,55 @@ Syncthing project also maintains a global cluster for public use.
|
|
|
.SH OPTIONS
|
|
|
.INDENT 0.0
|
|
|
.TP
|
|
|
-.B \-cert=<file>
|
|
|
-Certificate file (default “./cert.pem”).
|
|
|
+.B \-\-debug
|
|
|
+Enable debug output.
|
|
|
.UNINDENT
|
|
|
.INDENT 0.0
|
|
|
.TP
|
|
|
-.B \-db\-dir=<string>
|
|
|
-Database directory, where data is stored (default “./discovery.db”).
|
|
|
+.B \-\-http
|
|
|
+Listen on HTTP (behind an HTTPS proxy).
|
|
|
.UNINDENT
|
|
|
.INDENT 0.0
|
|
|
.TP
|
|
|
-.B \-debug
|
|
|
-Enable debug output.
|
|
|
+.B \-\-version
|
|
|
+Print the current version number and exit.
|
|
|
.UNINDENT
|
|
|
.INDENT 0.0
|
|
|
.TP
|
|
|
-.B \-http
|
|
|
-Listen on HTTP (behind an HTTPS proxy).
|
|
|
+.B \-\-compression
|
|
|
+Enable GZIP compression of HTTP responses.
|
|
|
.UNINDENT
|
|
|
.INDENT 0.0
|
|
|
.TP
|
|
|
-.B \-key=<file>
|
|
|
-Key file (default “./key.pem”).
|
|
|
+.B \-\-cert=<file>
|
|
|
+Certificate file (default “./cert.pem”). Unused in –http mode.
|
|
|
.UNINDENT
|
|
|
.INDENT 0.0
|
|
|
.TP
|
|
|
-.B \-listen=<address>
|
|
|
+.B \-\-key=<file>
|
|
|
+Key file (default “./key.pem”). Unused in –http mode.
|
|
|
+.UNINDENT
|
|
|
+.INDENT 0.0
|
|
|
+.TP
|
|
|
+.B \-\-listen=<address>
|
|
|
Listen address (default “:8443”).
|
|
|
.UNINDENT
|
|
|
.INDENT 0.0
|
|
|
.TP
|
|
|
-.B \-metrics\-listen=<address>
|
|
|
-Prometheus compatible metrics endpoint listen address (default disabled).
|
|
|
+.B \-\-metrics\-listen=<address>
|
|
|
+Prometheus compatible metrics endpoint listen address (default
|
|
|
+disabled).
|
|
|
.UNINDENT
|
|
|
.INDENT 0.0
|
|
|
.TP
|
|
|
-.B \-replicate=<peers>
|
|
|
-Replication peers, \X'tty: link mailto:id@address'\fI\%id@address\fP <\fBid@address\fP>\X'tty: link', comma separated
|
|
|
+.B \-\-db\-dir=<string>
|
|
|
+Database directory, where data is stored (default “.”).
|
|
|
.UNINDENT
|
|
|
.INDENT 0.0
|
|
|
.TP
|
|
|
-.B \-replication\-listen=<address>
|
|
|
-Listen address for incoming replication connections (default “:19200”).
|
|
|
+.B \-\-db\-flush\-interval=<string>
|
|
|
+Interval at which the in\-memory database is flushed to disk (default
|
|
|
+“5m”).
|
|
|
.UNINDENT
|
|
|
.SH POINTING SYNCTHING AT YOUR DISCOVERY SERVER
|
|
|
.sp
|
|
@@ -153,7 +161,7 @@ its “device ID” (similar to Syncthing\-to\-Syncthing authentication). This
|
|
|
option can be used with the certificate automatically generated by the
|
|
|
discovery server.
|
|
|
.IP \(bu 2
|
|
|
-Pass the \fB\-http\fP flag if the discovery server is behind an SSL\-secured
|
|
|
+Pass the \fB\-\-http\fP flag if the discovery server is behind an SSL\-secured
|
|
|
reverse proxy. See below for configuration.
|
|
|
.UNINDENT
|
|
|
.sp
|
|
@@ -163,7 +171,7 @@ the certificate and key at startup. This isn’t necessary with the \fBhttp\fP f
|
|
|
.INDENT 3.5
|
|
|
.sp
|
|
|
.EX
|
|
|
-$ stdiscosrv \-cert=/path/to/cert.pem \-key=/path/to/key.pem
|
|
|
+$ stdiscosrv \-\-cert=/path/to/cert.pem \-\-key=/path/to/key.pem
|
|
|
Server device ID is 7DDRT7J\-UICR4PM\-PBIZYL3\-MZOJ7X7\-EX56JP6\-IK6HHMW\-S7EK32W\-G3EUPQA
|
|
|
.EE
|
|
|
.UNINDENT
|
|
@@ -190,83 +198,6 @@ https://disco.example.com:8443/
|
|
|
.EE
|
|
|
.UNINDENT
|
|
|
.UNINDENT
|
|
|
-.SS Replication
|
|
|
-.sp
|
|
|
-The discovery server can be deployed in a redundant, load sharing fashion.
|
|
|
-In this mode announcements are replicated from the server that receives them
|
|
|
-to other peer servers and queries can be answered equally by all servers.
|
|
|
-.sp
|
|
|
-Replication connections are encrypted and authenticated using TLS. The
|
|
|
-certificate is selected by the \fB\-cert\fP and \fB\-key\fP options and is thus
|
|
|
-shared with the main discovery API. If the \fB\-http\fP mode is used the
|
|
|
-certificate is not used for client requests but only for replication
|
|
|
-connections.
|
|
|
-.sp
|
|
|
-Authentication of replication connections is done using \X'tty: link https://docs.syncthing.net/dev/device-ids.html#id1'\fI\%Syncthing\-style
|
|
|
-device IDs\fP <\fBhttps://docs.syncthing.net/dev/device-ids.html#id1\fP>\X'tty: link' only \- CA
|
|
|
-verification is not available. The device IDs in question are those printed
|
|
|
-by the discovery server on startup.
|
|
|
-.sp
|
|
|
-Replication connections are unidirectional \- announcements are replication
|
|
|
-from the \fBsender\fP to a \fBlistener\fP\&. In order to have a bidirectional
|
|
|
-replication relationship between two servers both need to be configured as
|
|
|
-sender and listener.
|
|
|
-.sp
|
|
|
-As an example, lets assume two discovery servers:
|
|
|
-.INDENT 0.0
|
|
|
-.IP \(bu 2
|
|
|
-Server one is on 192.0.2.20 and has certificate ID I6K…H76
|
|
|
-.IP \(bu 2
|
|
|
-Server two is on 192.0.2.55 and has certificate ID MRI…7OK
|
|
|
-.UNINDENT
|
|
|
-.sp
|
|
|
-In order for both to replicate to the other and thus form a redundant pair,
|
|
|
-use the following commands.
|
|
|
-.sp
|
|
|
-On server one:
|
|
|
-.INDENT 0.0
|
|
|
-.INDENT 3.5
|
|
|
-.sp
|
|
|
-.EX
|
|
|
-$ stdiscosrv \[email protected]:19200 <other options>
|
|
|
-.EE
|
|
|
-.UNINDENT
|
|
|
-.UNINDENT
|
|
|
-.sp
|
|
|
-On server two:
|
|
|
-.INDENT 0.0
|
|
|
-.INDENT 3.5
|
|
|
-.sp
|
|
|
-.EX
|
|
|
-$ stdiscosrv \[email protected]:19200 <other options>
|
|
|
-.EE
|
|
|
-.UNINDENT
|
|
|
-.UNINDENT
|
|
|
-.sp
|
|
|
-The \fB\-replicate\fP directive sets which remote device IDs are expected and
|
|
|
-allowed for both outgoing (sending) and incoming (listening) connections,
|
|
|
-and which addresses to use when connecting out to those peers. Both IP and
|
|
|
-port must be specified in peer addresses.
|
|
|
-.sp
|
|
|
-It is possible to only allow incoming connections from a peer without
|
|
|
-establishing an outgoing replication connection. To do so, give only the
|
|
|
-device ID without “@ip:port” address:
|
|
|
-.INDENT 0.0
|
|
|
-.INDENT 3.5
|
|
|
-.sp
|
|
|
-.EX
|
|
|
-$ stdiscosrv \-replicate=I6K...H76 <other options>
|
|
|
-.EE
|
|
|
-.UNINDENT
|
|
|
-.UNINDENT
|
|
|
-.sp
|
|
|
-Discosrv will listen on the replication port only when \fB\-replicate\fP is
|
|
|
-given. The default replication listen address is “:19200”.
|
|
|
-.sp
|
|
|
-To achieve load balancing over two mutually replicating discovery server
|
|
|
-instances, add multiple A / AAAA DNS records for a given name and point
|
|
|
-Syncthing towards this name. The same certificate must be used on both
|
|
|
-discovery servers.
|
|
|
.SS Reverse Proxy Setup
|
|
|
.sp
|
|
|
Added in version 1.8.0: A new “X\-Client\-Port” HTTP header was added.
|