 Tom here from Lawrence Systems, and we're going to dive into SyncThing, a continuous file synchronization program that is open source and free and lets you take care of your data privately without third parties being involved. If you want to learn more about me and my company, head over to LawrenceSystems.com. If you'd like to hire a sharp project, there's a hires button up at the top. If you want to support this channel in other ways, there's affiliate links down below to get you deals and discounts on products and services we talk about on this channel. I've talked about SyncThing starting maybe three or four years ago. I started doing videos about it, but we've been using it for, well, probably a little longer than that. I'm trying to remember. I was trying to find the exact date I started using it, but a long time, and I've loved watching a project come together, all the features it has, and it's been a really great tool. That being said, I haven't done an updated video on how to use it. Easy to use, powerful, portable, simple, private, fully encrypted authentication options, including external authentication like YLDAP. I'm not going to get into some of the real advanced features, but yes, they have it. Yes, they have extensive documentation in here for SyncThing, but I wanted to walk you through the functional parts of getting it started because even after you read the documentation, sometimes people are, they have trouble with some of the concepts of how SyncThing works. And that's why I wanted to walk you through a step-by-step of both how to set this up on Windows and how to set this up on a Linux machine. The prerequisite for Windows, have Windows, Windows 10, pretty simple. The prerequisite for running this on Linux, just have Linux set up. I'm running it on Debian 10, but it supports a huge number of platforms. So let's go ahead and go over to the download section. And it has SyncThing, currently we're looking at version 1.42. We have OpenBSD support, NetBSD, DragonflyBSD, Mac OS support, FreeBSD, Linux, many different flavors, even including compilations for MIPS and S390X, even some obscure stuff in here that you don't see as often, but they have it. So they've got a wide range. So yes, if you're wondering if those will work on like your Raspberry Pis, yes, ARM support in here as well. There is an Android package. I have not used or tested it, but I do know it exists to my knowledge. And I could be wrong about this. I've not seen anything for iPhone for those wondering. And we're going to focus on doing it for in Linux here. This will be the Linux install we follow. But first we're going to set it up on Windows. So we have two machines that we can set up and get going at it. Now this is what it looks like installed. I've got it installed on my Linux computer. And I'm not going to cover installing it on like a Windows or a Linux desktop with a UI on it, such as PopOS, because well, you can do it very simply. You just do the install, which that process is going to be the same, whether you're doing this on a Linux server or you're doing this on a PopOS, like I did on mine. The difference is when you do it on a Linux server, if you don't have a UI installed, I'm going to cover the steps in which you can easily get to it without having to go through things like a reverse proxy. When you do have a UI installed, it's just by install localhost, 127018384. And pretty simple to get to it. So here's all the different files and documents I sync. And we've got it loaded on my computer that's running PopOS right now. So we'll go ahead and close that. So we're going to cover it as far as features and stuff of actually getting it set up from scratch. So here I am on the Windows computer. It's a virtual machine running inside of my system. I don't usually use Windows, but for the demo of this, I wanted to set it up in Windows first and then we'll set it up in Linux. So here is the syncing GTK cross-platform wrapper. It's kind of a nice one. There's a couple of different options where you can completely run it from the command line in Windows as well and just use the browser. But I've already loaded the syncing GTK one here. It's pretty straightforward, small load. And we type in sync, we'll pull up the app. And what this will let you do is you can use it with this little app window right here instead of it's just a wrapper for the browser one. And if you still want to use the browser, you can, you can go open web interface and here it is. Now the first thing about syncing by default out of the box, Linux or Windows, it only binds to local host. What that means is the IP address of this computer will not allow the interface to manage syncing to be accessible. You have to be local on the computer. That's why when we get to the steps of installing it's on a Linux server, you'll see that we have to do a couple of things to make it accessible outside there. Once you have access to the admin though, there is the option to and this is cross platform. It's the same either way. Well, not here open up the wrong window actions, settings and you can choose to create a username password and change the listen address for the UI here. So I could change the listen address to be a specific IP address. So it's bound there. That way it would allow it to be accessible outside of there. Maybe you want that. Maybe you don't. But there's something, you know, it is an option to do that. So if you didn't want it just listening on local host, but it will give you a warning. And of course, one of the options to use HPS, which is a good idea. If you're using it outside of local host, you get warnings that if you do this, you could potentially be exposing this. And for example, let's say you want to host this in a maybe a digital ocean droplet. If you expose the UI, you now have a potential attack surface where people could poke at it. So that's just something to think about whenever you're setting it up. Obviously it's less of a risk if it's on a private network. But it's not something you necessarily need to do. And when we get to Linux, I don't cover that. But it is completely changeable right here once you have the UI fired up. So we have this default folder that is not really shared. And well, where is this at? This is under user Tom's sync. It's easy enough to add another folder. So let's go and add one folder label documents. And we can give it a folder name. Tom's windows documents. And it defaulted figuring out I must want to call it documents. But if you wanted to have subfolders and things like that, that's absolutely an option on there. So let me just look at the folder structure, downloads, documents. Yeah, that seems like a good place to have it. So that should work. All right. So we'll leave it like that and we'll just hit save. So let's just save those documents. Now the default folder is just the user Tom's sync. I don't really need it. So we're going to go ahead and edit and remove it. Yep, I don't really need that one. And this one's not shared yet. And we'll get to how to do the sharing in a second. We have to set up another system for that. So if we edit this, we have the folder, the sharing. We'll get to that when we have some device shared with file versioning. So a lot of different options in here. And you can choose this on each individual sync thing system. So I can say there's versioning on this one, but maybe not versioning in my cloud one. Or maybe I want all the versioning done in the cloud one, but not locally. What that versioning means is anytime there's a file change, do we keep that old version of the file? Simple file versioning, staggered file versioning. There's a lot of different options in here. So files move to .stversions directory when it replaced but it deleted. And maybe we want to clean those out after 10 days or that we 100. So we'll change it to 10. So every 10 days clean these out or maybe 30 days clean these out. This allows you to every time there's a change because you remember all these changes the way sync thing works is it's changed across all the sessions that are shared for this Tom's folder. When we have it shared within our system, we'll be able to edit that on an individual basis. Then we have simple file versioning. Files are moved to a date stamp in a .stversions directory where they're replaced or deleted by sync thing. Just keep five versions of every file. Stagger versioning, files are moved to a date stamp version with stversions and replaced or deleted with sync thing. Versions are automatically deleted if they're older than a max days. So you can have a versioning path and it even has a, if you wanna get real advanced you can set up external file versioning. So you can get really deep in here and say things like execute this command and do these functions whenever someone deletes a file. So there's more options you can do. For now we're gonna say actually on the local computers as you don't do versioning as you save the versionings for the server but it's here. Ignore patterns. If you have some specific file you wanna back up everything in a folder except it's got file matching patterns that say don't match this, don't match that and they have full documentation of course on the different ways you can do prefixes and comments for creating special patterns to ignore. So if you're doing a very active folder, if you're doing this and we've got clients that have set this up to synchronize different computers that have unusual files in there but they only want certain ones backed up they just create ignore patterns in there. Scanning, watch for changes. Generally you can leave this at default but if you want you have the option to change the re-scan intervals and send receive receive only and maybe you want this to only ever receive but never send or if you set it to send only no version changes that happen on the other systems if someone were to edit a file it won't come back over year. This can be kind of a good for backup so if you set this as a server or if you were to load this on a server where you have it dropping backup files but you never want those backup files pushed back you just want them to always send that way if anything ever happens to the other end of the receiver no one can sit delete and it would synchronize the delete change across there you can set this up to send only. Same thing will receive only so you kind of get the idea all those are options on here so we're going to leave it as send and receive we're going to leave the file versioning off and just call it documents and save and we're good to go so now we need to have something to connect it to now a couple of ways this connects and we're going to go here and go to the settings and we have connections natural, global discovery, local discovery relay what these are is they do have a global discovery server you can go ahead and tell the system to relay through like UPNP so if you've done this in a very basic setup and your firewall supports UPNP this will likely talk to your firewall and open that up now I'm using PF Sense which doesn't have that turned on by default and I don't recommend turning on it's not a necessity to do this it just has some options for doing that it also has the auto discovery and global relay servers now those are their relay servers that they're running what this does is creates a discoverability if you're trying to get two different systems that are not on the same network to find each other as local discovery when they're on the same network but if they're not on the same network you can use their global relay system to find other sync things servers based on the ID you put in there so you can have two separate systems and rely on them to relay for purposes of the way we're going to do this we're going to show you that we can do it with all of this turned off even though we're going to set this up on somewhat separate networks because I'm going to show you how to do everything on a manual discovery because if your goal is to lock every down and keep this completely private so to speak where you implicitly list each system that you want to go to and you don't want this beaconing out the fact that it exists at all you can turn all of these off and it'll still work you just have to manually specify each address when you do that so it's up to you which way you want to go I'm going to go for the manual method because the auto one is auto and it's pretty easy I like it but we're going to go for more privacy where I want no announcement that this server exists so save and whenever you save a configuration change hit restart and simultaneously it's going to be restarting in here these are just one and the same with yours in the GTK one so however you want to do it the GTK one like I said is kind of cool if you like it but because it's going to have a nice little tray thing down here at the bottom so you'll be able to see that pretty straightforward all right now let's get over to our Linux setup so we can tie this to another one now you can tie it windows to windows you can tie this to a Windows server if you want you don't have to do anything in Linux it's just I figured Linux to Windows is probably more likely what people are going to do so this covers both sides of that all right so back over to the downloads page we have all the different ones we can download directly the images but what we're going to do here because I'm on Debian is I want to go ahead and add the repository in here and what this does is allows me to pull directly from their package base that Sync thing maintains so if I add this in here I'm going to get the latest version of it each time so every time I do an apt update it'll be the latest version now this is Debian 10 Buster that I have set up just for Sync thing and one of the things about it and by the way just so we are clear from networking standpoint this is 192.1683.200 you'll see that come up a few times that's the IP address design here and I can just install Sync thing so if I do install it is in the Debian repository except it's going to be a slightly older version that's why we're going to go ahead and follow these instructions right here curl dash s and pull the latest keys and install theirs this is just going to allow us to have the latest and greatest version just so it's all the way completely up to date now I am running this as root so we're going to do it this way I'm just taking out the sudo that they have on there so if you are installing this as root and you don't have sudo setup or you don't need sudo because of your configuration do that if you do need sudo leave it in there and this is the same when I installed on Papa West I do use sudo because I install it as that particular user so I'm installing it on my workstation I just I did have that in there so copy paste then we're going to add this next line and the same thing here we're not going to take sudo but if you're doing this on like Papa West or Ubuntu in the UI version so speak if you're running as user leave the sudo in there so that allowed us to put sync thing in there and then from there the next part of the instructions are pretty simple apt-get update, apt-get install sync thing so let's go ahead and update this you have the latest packages and we're going to go whoops install sync thing all right sync thing's installed next step is going to be adding a user for sync thing to run as you can run sync thing as root this is not the best method to do this the reason why is if something ever happened with sync thing someone compromised sync thing it's running a root level privilege therefore whoever gains control of your sync thing instance but also gain control of root level access to your system they don't recommend running sync thing as root not that you can't it's just for security reasons maybe not so from here the next step is going to be add user sync thing user sync thing that way we have a user to run it as give it a password that I think I take that wrong yep yes and I will be putting instructions on step by step on how to do this within the forums where this video will be posted as well in my forums so you'll find a link to that at the bottom of this video so you can actually copy and paste these but it's add user sync thing then the next thing you know you we need to do and we'll put this in here is system control enable sync thing at sync thing dot service what we told us to do was enable a service to start at sync thing user and sync thing the process what this does and we're going to go ahead and start it now sync thing start sync thing service now we've kicked off the sync thing stat service status or service running and we'll do a status right here and all I did was sync thing system control status that's the command right here and we can see it's up and running now this is where the challenge comes in because this is a you know a Debian server with no UI so it says the API is listening at one two seven zero zero one eight three eight four the default port and I can just go there by doing this but I can't and even though the IP address of this is one nine two one six eight two three dot two hundred and for those wondering yes I'm using T-Mux we're going to go ahead and tell that over here and we'll tell that to one nine two one six eight three dot two hundred and we're going to go eight three eight four connection refused so how do we get to the UI well that's where we're going to use SSH forwarding to make this work so we're actually going to exit out and we're going to set a local listening port of eight thousand and we're going to listen localhost eight three eight four now you could put eight three eight four twice like to listen at eight three four and rap eight three four but the problem you run into if you do that is I have syncing already running on my computer and I wouldn't put the conflict so we don't really want that so you can do this if you're using Windows and you have the Windows subsystem for Linux loaded this will work in Windows you can SSH in to that particular server and do the same command and it works the same way if you're using putty look up how to do port mapping on putty to do the local remote ports on putty and it's local and follow kind of this idea how to do it but I'm not a big fan I used to use putty I don't use anymore for forever ago and because Windows has a bash built in if you load bash this works perfectly fine to do this but you can do this you can look up how to do the port the SSH porting in putty it is an option and you may have noticed too I'm not using a password login I'm using SSH keys goes beyond the scope of this explain SSH keys but it is the function I'm using to make this work but we did though was we had SSH listen at port 8000 wrap it to this systems localhost 834 and log in to root at 192.168.3.200 so now we're loaded in sync thing but that did like I said this works in both Windows and Linux is I'm now able to go to HTTP colon slash slash localhost 8000 and it lets me into this particular server so as long as my SSH system is open I can get into sync thing and I'm able to get in here to start configuring setting things up and it's running as users same thing so it works great we'll do the same things here we're going to go into the settings and connections and we'll turn off all this because we're not going to use any of the relaying local discovery global discovery we're not going to do any of that in here just hit save it'll want to restart so just like it just like it is in Windows it's one and the same when you're using the web UI here so I'm in here and now I want to add that folder from the Windows system over to here so how do we get that in there well go back over here our Windows session and we want to add a remote device we need the device ID from it and then we need a device name and then we're going to need to fill in where it lives okay easy enough so the device ID action show ID just do a copy device ID give it a name sharing we're going to go ahead and share my documents folder advanced like I said we're not using the discovery so we're going to go and do this via TCP so we type in TCP colon slash slash 192.168 3.200 colon 2200 that is the default port now port 2200 is open there's nothing special we have to do on that if you were to install this into a cloud server and like I said a digital ocean droplet for example port 2200 would absolutely be open to the public but all that's encrypted the whole transport layer and everything and the way that this connects is first we have to have that device ID so it's not like any random stranger can talk to the port I'm sorry not 2200 22,000 sorry I read that wrong so port 22,000 cannot be talked to by any stranger they have to have the device ID how do we get the device ID we had to get it this long key right from the server and paste it in here and even then that doesn't mean they automatically get access so what we did was we saved it and we said share it with this remote device here I'm gonna go switch back over to it and now this new device that had our key that we gave it would you like to add this device this is another layer of protection where did that come from 192.168.3.9 let's me know the port that it came from yes so we're gonna head and confirm and save it device ID desktop and we can rename it here if we want Windows computer and hit save now this is normal there's a pause after you do this it restarts and pauses and it sometimes takes about 20, 30 seconds there's gonna be a prompt where it wants to say hey once they wanna share a folder with you how do you wanna handle the sharing of this folder so we're gonna give it a second here there's our Windows computer wants to share folder documents Tom Windows documents add new folder yes we like to add it where would you like to put this well these are Tom's Windows documents and we'll go ahead and see that it says home sync thing so this is a standard Linux file path naming scheme no problem save same thing file versioning we want some file version let's just simple trash can file versioning and we'll keep them for 30 days because this is gonna be the server that we save everything on not worried about advanced and all those ones are the same options again now we save it once again there's a pause it's disconnected and the reason it's disconnected is it's gotta think resave this and after about 10, 15 seconds it'll reconnect and then the files will be saved in there and we've set up two way synchronization that quickly in here let's talk about how that works now that we have things synchronized well once this sets up we'll go over here this is up to date well there's nothing really to update so we need to probably put some documents in there so let's drop this test document in there copy paste there's our test dot text some test document that I am changing save and then we'll rename this one a test two there we go we got test one test two dot text simple enough so two documents some a second there we go test document save close alright and if we look rescan give it a second make sure it's all up to date alright let's look over the other system all those files probably are synchronized yeah this one's up to date up to date yeah updated test two dot text we can look at the versions of it so we can see that there's more than one version of this let's go and edit them again and see what happens so just so we have some more data so we're gonna open up this file some more changes so that one's is and changing again whoops I think I spelled again wrong whatever alright close that document and probably drag something else let me see if there's something else on this computer I can't even copy over there anything in the downloads folder so we can actually have some data okay we'll copy the installer over here too so alright so we drop some things over there or go back over to our other system here and it's synchronizing it up to date we can go look at the versions now because we're just doing the simpler trash can versioning there's only one version it doesn't keep all the versions of it so I can restore these original ones but it doesn't have all the versions back so what if we wanted to change that that's the reason to have a couple different ones let's go back over here to the file versioning and we'll change it to just simple version and keep five versions of it so files are moved date stamped with ST versions with trash can versioning all that will do is let me restore the one recent change but not all the revisions of changes on there so that's why I wanted to demo why I changed it a couple times even though I did those different changes it only has the one now the nice thing is and we'll go head back over here real quick we have this one we're going to delete it and it's now deleted and even with trash can versioning so we can go over here that's re-scan and we'll go back over here to versions and we have the ability to restore it and if we hit restore we're restoring it are you sure you want to restore one file we restore it here it'll take a second and uh... and refresh it by hitting re-scan took a second here we go now that file just got pushed back so you can kind of get the idea of how that works now let's change the versioning type so we'll go ahead and uh... edit this one file versioning and we're going to say just simple file versioning and we're going to keep five versions of the files let's go back and edit those text files disconnected is going to think for a second and restart each time you make these changes there's like a restart and a pause but while we're waiting for that let's go ahead and make a completely new version simple version simple revisions revision two save give it a second to synchronize if you do change them faster than the synchronization happens well then it's not going to catch it so we'll give it a second to synchronize here and jump back make sure it's seen on this side yep right there updated simple revisions so now we're going to go ahead and make this one revision three now save I'll just hit re-scan so it kind of forces it to synchronize cool I go over here you go to uh... recent changes you can see alright there's two different versions of the file now what happens when we hit versions well we can go here and there's the other one to restore so now we have different versions of that file we can restore let's change it one more time and just show me even more versions of that file to restore so we've only got two right now so we'll call this one now revision four and now we can restore these other versions so there's the version we initially started with revision two, revision four so revision four is current so we don't have that one showing here revision three is if we restored this and revision two if we restored this one and the same thing it'll just overwrite the file and it'll cascade backwards to actually everywhere this is shared we're only doing this between two systems so there's only two to share it with but you kind of get the idea that you can do these different version types on there and it's pretty easy to use now as far as how this system goes so when we look at this how it relates back so it has the device ID the sharing advanced address dynamic that's on our server side right here what that means is dynamically that other system can come to any address and we're assuming our servers always had a fixed address 192.1683.200 but our other system here can be at any address so if our windows computer is wandering around or early any computer that's one of the reasons I chose to have the connection initiate from this particular system to the server this is how we set ours up I have a server that's had a static address all the time even if that address is behind a VPN for example that's we run ours even though it's an encrypted protocol we still keep it behind a VPN you know just for good safekeeping and less risk exposure when you have things behind a VPN so when I have my laptop roaming around out in the field I do have syncing on it I'm running linux on there and I VPN in and it connects then back into that particular server all the time it doesn't matter where my laptop is if my laptop changes address it doesn't really matter as long as the server has a static address that's probably initiated the connection there but the question I've seen people ask is can you initiate the connection either way and the answer is always yes you could have started the server to connect it to a desktop the problem you run into is if the desktop changes the servers are statistically depending on how you're configuring things but statistically usually servers are going to be a static address and especially if you want to run this in the cloud let's see you're going to throw this in digital ocean you'll get a static address on a digital ocean droplet and no matter where your IP address comes from if you initiated it to the server and did the you know connecting to specifically TCP your server IP address colon 2200 you're fine to do that and if you do run this in a server on the cloud you're not going to really have a problem doing it in terms of security as of right now it's a pretty well vetted protocol it's very open it's open source they're using proper implementation of TLS it's been gone through I don't know if they've gone through a full code audit but it looks pretty secure overall that being said this is still why I keep it behind a VPN in case someone discovers a flaw there are people who have lots of publicly discoverable port 22 000s out there and changing a port security through obscurity doesn't really work people can still find it and if someone figures out that particular port and finds out that the system has some flaw in it that would obviously possibly create a problem for you but once it's all set up and running it's pretty straightforward to do here now last little thing we're going to cover is just to show you the reverse issue so right here where we are logged into sync thing and we'll actually go to su we'll change to user sync thing here and there's the toms windows documents and there's those files and simple versions that test and if we did this we're going to cp test two to test three dot text whoops a second test document actually this is going to be a third one and uh it edited in vim there we go now i've edited on this computer the same thing applies just so you know because we have two-way synchronization so even though i edited this document in linux it's now going to show up in fact over here whoops back there's that test three and edited in vim so it's two-way synchronization but the reason i did that was because we don't have any type of revisioning here anything i change on here will not necessarily be revisioned because it was revisioned on the source server coming back so something else to consider when you're doing that i usually don't have revisioning as i said on my end points because that's where i'm making the file changes i have the server holding the revisions um you may if you have you're working with documents unless you're sharing with another user and you want to use this well in that case you may want to have revisioning on both devices it all depends on how much space you have and have available on there but it's pretty easy to set these up it's pretty easy to add another folder it's even easier to add a folder like we'll add our downloads folder add the downloads folder tom downloads and you can just check the box save now we've added one more folder it's going to do the restart and disconnect we go back over here to this machine and it'll just prompt us to add the next folder and away we go windows computer wants to share folder downloads add new folder we'll say yes or do you want to put it i think i can leave everything at default uh from windows just why not and it's going to create that file folder here and we go over here and download from windows and we we go we now have that folder i don't know if there's anything in there or if it may not have synced yet yeah i don't see anything in there just yet it does the same thing up to date then this is going to synchronize after a few seconds here and away we go so that's it for getting started with syncing and how it works it's pretty straightforward to use once you kind of get the concept of how to connect these two devices it is fairly secure and when i exit out of here we're going to exit out of this and exit out of this it does hang right here it controls c threes and hungers because i left this open and now i don't have access to it now i've seen a few other people in the last comment i'll have in this is someone says why not set up a reverse proxy with it or why not just bind it to the ip address so you can access it remotely absolutely you can do either one of those things reverse proxies i've seen a lot of people suggest that for syncing it has its own ssl transport layer for the web interface as well for the ui so i don't feel like a reverse proxies needed but of course if you wanted to do something like uh not have a self-signed certificate well yeah reverse proxy would do it or i've done a video on pfSense and he proxy and it works through that as well but from a security standpoint when you're setting your server unless you're really changing things a lot it's usually go through the setup process get it locked down you're minimizing your exposure by only binding it to local host and only doing it this way i have right here this ssh with the local port versus the port forwarding through ssh doing it this way in my opinion it reduces your threat service especially if you plan on putting this in a cloud somewhere and if you want to have it exposed now the only thing you'll need exposed in your cloud is one the port 2200 and two ssh just those two things open are the only ports you would need open on an external server to be able to get to this like you said a digital ocean droplet for example so as a pretty solid use case it's a pretty good way to keep this secure and one of the reasons i like seeing thing i've talked about this before is the threat surface is very very small and even smaller if you're doing it behind a vpn i've been using it for a number of years it works really really well um it does work of course in free nas it's a plugin in free nas so that's another way you can get this going and set up they have it set up as you can run into jail and that's another frequently popular place you can put it where you can build out your storage and have a very large system as far as backing it up a matter of fact that is how we do it even my video synchronization is done with syncing so i can synchronize videos between systems as they're created they get moved over to other systems and replicated and revised in case i accidentally goof up and delete a video i keep so many days for the revisions i keep it simple because of the size of video files but it will scale it does handle quite a bit of documents and it's a fairly lightweight service to keep running in a background and being cross compatible makes it pretty great all right and once again all these instructions and the step by steps i will put in the forums um so there'll be a link in the bottom of this video to our forums where i'll have all those step by step instructions for getting this set up and how i did it thanks and thank you for making it to the end of the video if you like this video please give it a thumbs up if you like to see more content from the channel hit the subscribe button and hit the bell icon if you like youtube to notify you when new videos come out if you like to hire us head over to laurancesystems.com fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on if you want to carry on the discussion head over to forums.laurancesystems.com where we can carry on the discussion about this video other videos or other tech topics in general even suggestions for new videos they're accepted right there on our forums which are free also if you like to help the channel out in other ways head over to our affiliate page we have a lot of great tech offers for you and once again thanks for watching and see you next time