Reverse Proxy Setup

A reverse proxy allows you to “pass” requests through your web server to another site or program. The reverse proxy will make it look like Syncthing’s GUI is a page within your existing site.

This is especially useful if:

  • You need to access the GUI on port 80 or 443 but you already host a website on the same device.

  • You want to share SSL certificates with an existing site.

  • You want to share authentication with an existing setup.

Server Configuration

If you have access to your web server’s configuration use the following examples to pass the location /syncthing on your web server to Syncthing’s GUI hosted on localhost:8384.

Apache

First of all, execute the following command to enable the Apache HTTP Proxy module: a2enmod proxy_http.

Then, you may add the following to your Apache httpd configuration:

ProxyPass /syncthing/ http://localhost:8384/
<Location /syncthing/>
    ProxyPassReverse http://localhost:8384/
    Require all granted
</Location>

Nginx

location /syncthing/ {
  proxy_set_header        Host $host;
  proxy_set_header        X-Real-IP $remote_addr;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header        X-Forwarded-Proto $scheme;

  proxy_pass              http://localhost:8384/;

  proxy_read_timeout      600s;
  proxy_send_timeout      600s;
}

Caddy

proxy /syncthing localhost:8384 {
    transparent
}

timeouts {
    read none
    write none
    header none
}

Caddy v2

handle_path /syncthing/* {
    uri strip_prefix /syncthing
    reverse_proxy http://localhost:8384
}

Folder Configuration

If you don’t have access to your web server configuration files you might try the following technique.

Apache

Add the configuration below to a .htaccess file in the folder of your webroot which should redirect to the WebUI, /syncthing to produce the same behaviour as above

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{ENV:HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
RewriteRule ^(.*) http://localhost:8384/$1 [P]

This method also redirects to HTTPS to prevent opening the GUI unencrypted.