Syncthing on VPS: Installation, Configuration, and Maintenance

Installing Syncthing on a VPS allows you to create a reliable, decentralized, and self-hosted file synchronization system, ensuring full control over your data, its privacy, and accessibility from any device without reliance on third-party cloud services.

What is Syncthing and why choose a VPS for hosting it?

Syncthing is a free, cross-platform, and open-source program for continuous real-time file synchronization between two or more computers. Unlike traditional cloud services such as Dropbox or Google Drive, Syncthing uses a decentralized P2P architecture. This means that files are transferred directly between your devices, bypassing central servers. All data transmitted between Syncthing nodes is encrypted using TLS, ensuring a high level of security and privacy.

The main advantage of Syncthing is complete control over your data. You do not entrust your files to third-party companies, are not subject to their privacy policies, and are not dependent on their infrastructure. You decide where and how your data is stored. This makes Syncthing an ideal solution for those looking for a syncthing self-hosted file synchronization option.

Hosting Syncthing on a VPS (Virtual Private Server) offers several additional advantages:

1. 24/7 Availability: Your VPS operates around the clock, ensuring constant availability of your files for synchronization, even if other devices are offline. This is critically important for maintaining data currency across all connected clients.
2. Dedicated Resources: A VPS provides guaranteed resources (CPU, RAM, disk, network channel) that are not shared with other users, unlike shared hosting. This ensures stable and high performance for Syncthing, especially when dealing with large volumes of data or many files.
3. Static IP Address: Most VPS instances have a static public IP address, which simplifies Syncthing setup and reverse proxy configuration for accessing the web interface from anywhere in the world.
4. Scalability: As your file storage and synchronization needs grow, you can easily scale your VPS resources by increasing disk space, RAM, or the number of CPU cores.
5. Geographical Location: You can choose a VPS in a specific region, which may be important for regulatory compliance or minimizing network latency for users in a particular geographical area.
6. Central Node: A VPS can act as a reliable "mediator" or "hub" for all your devices. Even if two devices are behind NAT and cannot directly "see" each other, they can synchronize through your VPS. This significantly simplifies setup and increases system reliability.

Thus, the syncthing vps combination offers an ideal balance between the convenience of cloud services and complete control over your data, providing security, reliability, and flexibility that neither public clouds nor local solutions without a dedicated server can offer.

Syncthing vs. Cloud Storage: Key Differences

The choice between Syncthing on a VPS and commercial cloud storage services like Google Drive, Dropbox, or OneDrive often comes down to user priorities. Commercial clouds offer ease of use, are often integrated into ecosystems, and require no user-side configuration. However, they have fundamental drawbacks:

• Privacy: Your data is stored on third-party servers, which have access to it (even if encryption is claimed, keys are often held by the provider).
• Dependence: You are dependent on the provider's policies, prices, limitations, and potential account blocks.
• Cost: Large storage volumes incur a monthly subscription fee, which can increase over time.
• Control: Lack of control over infrastructure, software versions, and data location.

Syncthing on a VPS, in contrast, offers:

• Full Data Sovereignty: Your data belongs only to you and resides on your server.
• Open Source: Transparency and the ability to audit security.
• Flexibility: Full customization to your needs, including choice of disk subsystem, network settings, etc.
• Cost Savings: The long-term cost of owning a VPS is often lower than subscriptions for large volumes of cloud storage.
• Scalability: You can choose a server with the exact characteristics you need.

The choice is clear if privacy, control, and flexibility are your priorities.

Syncthing System Requirements on VPS: Which Server to Choose?

Syncthing is relatively undemanding in terms of resources in its basic configuration, but its appetite can significantly increase depending on the volume of data being synchronized, the number of files, the number of connected devices, and the intensity of changes. The correct choice of VPS configuration is key to stable and fast operation.

CPU and RAM: How much is needed?

CPU (Processor):

• Minimum: 1 vCPU with a clock speed of 2.0 GHz or higher. This is sufficient for small personal use (up to 5 devices, up to 50 GB of data, a few thousand files).
• Recommended: 2 vCPU with 2.5 GHz or higher. Optimal for family use or a small team (up to 15 devices, up to 200 GB of data, tens of thousands of files). Syncthing actively uses the processor for file hashing, compression (optional), and data encryption. With a large number of small files or intensive changes, a multi-core processor will process operations significantly faster.
• High Load: 4+ vCPU for corporate scenarios, hundreds of gigabytes of data, hundreds of thousands of files, and a large number of active devices.

RAM (Random Access Memory):

• Minimum: 1 GB RAM. Sufficient for a basic installation and working with small data volumes.
• Recommended: 2-4 GB RAM. Syncthing caches file information (hashes, metadata) in RAM. The more files, the more RAM will be needed. For 100,000 files, Syncthing can consume up to 1 GB of RAM just for the index. For 1 million files, consumption can reach 4-8 GB of RAM.
• High Load: 8+ GB RAM. If you plan to synchronize millions of files or use Syncthing as a central hub for many devices, a large amount of RAM will be critically important for performance.

Disk Subsystem and Network

Disk:

• Type: NVMe SSD is highly recommended. Syncthing operations are very sensitive to disk I/O speed. Hashing, reading, and writing many files (especially small ones) will be significantly faster on NVMe compared to SATA SSD or, even more so, HDD. The performance difference can be colossal.
• Volume: Determined solely by the volume of data you plan to synchronize, plus a reserve for system files and logs. It is recommended to have at least 10-20% free space for the normal operation of the file system and Syncthing. If you plan to store 100 GB of data, choose a VPS with a disk of 120-150 GB or more.

Network:

• Speed: Minimum 100 Mbps. 1 Gbps or higher is recommended. The speed of the VPS network channel directly affects synchronization speed. If you frequently transfer large files or large volumes of data, a fast network channel will be a key factor.
• Traffic: Pay attention to the traffic limits provided by your hosting provider. Syncthing can generate a significant amount of traffic, especially during initial synchronization or frequent file changes.

When choosing a VPS, always consider the potential growth of your needs. It's better to take a bit more resources than to face performance issues and the need for an upgrade in the near future.

Preparing Your VPS for Syncthing Installation: Docker and Docker Compose

For installing Syncthing on a VPS, we will use Docker and Docker Compose. This is a modern and flexible approach that allows isolating the Syncthing application with all its dependencies in a container, simplifying management, updates, and migration. Docker Compose allows you to define the entire service configuration in a single YAML file.

System Update and Docker Installation

It is assumed that your VPS is running Ubuntu 22.04 LTS (or a similar Debian-based distribution). All commands are executed as a user with sudo privileges or as root.

First, update the package list and installed packages:

sudo apt update && sudo apt upgrade -y

Then, install the necessary packages for working with Docker:

sudo apt install ca-certificates curl gnupg lsb-release -y

Add Docker's official GPG key:

sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

Add the Docker repository to APT sources:

echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Update the package list again and install Docker Engine, containerd, and Docker Compose:

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

Verify that Docker is installed and running by launching a test container:

sudo docker run hello-world

If you see a welcome message, Docker is successfully installed. To avoid using sudo before every Docker command, add your current user to the docker group:

sudo usermod -aG docker $USER

Log out of your SSH session and log back in for the changes to take effect. After logging in again, you will be able to execute Docker commands without sudo.

UFW Firewall Configuration

To enhance the security of your VPS, it is recommended to configure the UFW (Uncomplicated Firewall). Allow SSH access, as well as the ports required for Syncthing and the future reverse proxy.

sudo ufw allow ssh # Port 22, if not changed
sudo ufw allow 8384/tcp # Syncthing web interface
sudo ufw allow 22000/tcp # Port for Syncthing synchronization (TCP)
sudo ufw allow 22000/udp # Port for Syncthing synchronization (UDP)
sudo ufw allow 21027/udp # Port for Syncthing discovery (UDP)
sudo ufw allow http # Port 80 for HTTP (for Let's Encrypt and Caddy)
sudo ufw allow https # Port 443 for HTTPS
sudo ufw enable

Confirm firewall activation by pressing y. Check the firewall status:

sudo ufw status verbose

Now your VPS is ready for Syncthing installation.

Step-by-Step Syncthing Installation on VPS with Docker Compose

Now that Docker and Docker Compose are installed, we can proceed with deploying Syncthing. We will create a docker-compose.yml file that will define how Docker should run our Syncthing container, which ports to open, and which directories to mount.

Creating the Directory and docker-compose.yml File

Create a directory for your Syncthing project and navigate into it:

mkdir -p ~/syncthing
cd ~/syncthing

Now, create the docker-compose.yml file:

nano docker-compose.yml

Insert the following content. This file defines the Syncthing service, uses the official Docker image, and configures ports, volumes, and environment variables.

version: '3.8'

services:
  syncthing:
    image: lscr.io/linuxserver/syncthing:latest
    container_name: syncthing
    hostname: your-vps-syncthing # Replace with your hostname, e.g., syncthing-server
    environment:
      - PUID=1000 # User ID under which Syncthing will run
      - PGID=1000 # Group ID under which Syncthing will run
      - TZ=Europe/Moscow # Your timezone
    volumes:
      - ./config:/config # Directory for Syncthing configuration files
      - ./data:/data # Directory for your synchronized data
    ports:
      - 8384:8384 # Syncthing web interface
      - 22000:22000/tcp # Port for TCP synchronization
      - 22000:22000/udp # Port for UDP synchronization
      - 21027:21027/udp # Port for device discovery
    restart: unless-stopped
    networks:
      - syncthing_network

networks:
  syncthing_network:
    driver: bridge

Explanations for the docker-compose.yml file:

• image: lscr.io/linuxserver/syncthing:latest: We use an image from LinuxServer.io, which is well-optimized and regularly updated.
• container_name: syncthing: The name of your container.
• hostname: your-vps-syncthing: The hostname that will appear in the Syncthing UI for this node. Replace with something meaningful.
• PUID and PGID: These are the user and group IDs on your VPS under which files and directories will be created within the ./config and ./data volumes. Typically, for the first user in the system, this is 1000. You can find your IDs by running the commands id -u and id -g on your VPS. Ensure that the user running Docker Compose has write permissions to these directories.
• TZ: Set your timezone.
• volumes:
  • ./config:/config: This is a critically important volume. It mounts the config directory on your VPS (relative to the current directory) to the /config directory inside the container. All Syncthing settings, keys, device IDs, and logs will be stored here. Be sure to back up this directory!
  • ./data:/data: This is the directory where your synchronized files will be stored. Everything you place here will be available for synchronization.
• ports:
  • 8384:8384: Proxies port 8384 of your VPS to port 8384 of the container. This is the Syncthing web interface port.
  • 22000:22000/tcp and 22000:22000/udp: Ports for actual data synchronization.
  • 21027:21027/udp: Port for discovering other Syncthing devices on the local network (or via a global relay).
• restart: unless-stopped: The container will automatically restart if it stops, or upon VPS reboot, unless you stop it manually.
• networks: Defines the internal Docker network for the container.

Starting the Syncthing Container

Save the file (Ctrl+X, Y, Enter in nano) and start the Syncthing container using Docker Compose:

docker-compose up -d

The -d (detach) command will run the container in the background. You can check the container status:

docker-compose ps

Or view the logs:

docker-compose logs -f syncthing

After starting the container, Syncthing will be accessible at http://YOUR_VPS_IP:8384. Upon first access, Syncthing may prompt you to create a login/password for the web interface. Be sure to set a strong password! Syncthing may also ask to allow anonymous data usage – this is at your discretion.

Initial Syncthing Setup

Log in to the Syncthing web interface. You will need to perform the following steps:

1. Set a password for the web interface: Go to "Actions" -> "Settings" -> "GUI" -> "GUI Username" and "GUI Password". Save the changes.
2. Add other devices: Click "Add Remote Device" in the bottom right corner. You will need the device ID (a long string of characters), which can be found on other Syncthing devices under "Actions" -> "Show ID".
3. Configure folders: Create a new folder in the web interface or select an existing one. Specify the path to the folder inside the container (e.g., /data/my_synced_folder). Then select which remote devices you want to synchronize this folder with.

Now your Syncthing server is ready to operate. However, for secure and convenient access to the web interface, it is recommended to set up a reverse proxy with HTTPS.

Configuring Reverse Proxy and HTTPS for Syncthing: Nginx or Caddy

Direct access to the Syncthing web interface via IP address and port 8384 is neither secure nor convenient. Using a reverse proxy with HTTPS provides traffic encryption, allows the use of a domain name, and can add an extra layer of authentication. We will consider two popular options: Nginx and Caddy.

Before starting, ensure you have a domain name pointing to your VPS's IP address.

Option 1: Nginx with Let's Encrypt

Nginx is a powerful and widely used web server and reverse proxy. For HTTPS, we will use Let's Encrypt via Certbot.

Nginx and Certbot Installation:

sudo apt install nginx certbot python3-certbot-nginx -y

Nginx Configuration:

Create a new configuration file for your domain:

sudo nano /etc/nginx/sites-available/syncthing.conf

Insert the following content, replacing your_domain.com with your domain name:

server {
    listen 80;
    listen [::]:80;
    server_name your_domain.com; # Replace with your domain

    location / {
        proxy_pass http://127.0.0.1:8384; # Syncthing port inside the container
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # WebSocket support for Syncthing
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Create a symbolic link to this file in sites-enabled and check the Nginx syntax:

sudo ln -s /etc/nginx/sites-available/syncthing.conf /etc/nginx/sites-enabled/
sudo nginx -t

If the syntax is okay, reload Nginx:

sudo systemctl restart nginx

Now you should be able to access Syncthing at http://your_domain.com.

Obtaining an SSL certificate with Let's Encrypt:

sudo certbot --nginx -d your_domain.com

Follow the Certbot instructions. It will automatically configure Nginx to use HTTPS and add a redirect from HTTP to HTTPS. After completion, restart Nginx:

sudo systemctl restart nginx

Now your Syncthing is accessible via https://your_domain.com, and traffic is encrypted.

Option 2: Caddy (Simplified HTTPS Setup)

Caddy is a modern web server that automatically manages Let's Encrypt SSL certificates. It is significantly simpler to configure for HTTPS.

Caddy Installation:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

Caddyfile Configuration:

Create or edit the /etc/caddy/Caddyfile file:

sudo nano /etc/caddy/Caddyfile

Remove all default content and insert the following, replacing your_domain.com with your domain:

your_domain.com {
    reverse_proxy 127.0.0.1:8384
}

That's it! Caddy will automatically obtain and renew the SSL certificate for your domain. Restart Caddy:

sudo systemctl restart caddy

Now Syncthing is accessible via https://your_domain.com.

As you can see, Caddy is significantly simpler to configure for HTTPS, especially if you don't need complex Nginx configurations.

Ensuring Reliability: Backups, Updates, and Syncthing Monitoring

Deploying Syncthing on a VPS is just the beginning. To ensure the long-term stability and security of your system, it is crucial to set up regular backups, keep the software up-to-date, and monitor its status.

Syncthing Data Backup Strategies

Syncthing backup on a VPS involves two main components:

1. Syncthing Configuration Files: This is the ~/syncthing/config directory on your VPS. It contains your device ID, settings for all synchronized folders, a list of connected devices, encryption keys, and version history. Losing this directory means losing all settings and the need to reconfigure Syncthing from scratch.
2. Synchronized Data: This is the ~/syncthing/data directory. These are your actual files. Although Syncthing itself is a synchronization tool, it is not a full-fledged backup solution (e.g., it does not store long-term file versions by default). Therefore, it is important to have backups of this data.

Backup Recommendations:

• Configuration Backup: It is sufficient to do this once a day or every few days. You can simply copy the ~/syncthing/config directory to another secure location, such as another server, object storage, or a local disk that is then synchronized with the cloud.

  sudo rsync -av --delete ~/syncthing/config /path/to/backup/location/syncthing_config_backup/
  

• Data Backup: Depends on the importance of the data and the frequency of its changes. For very important data, daily or even hourly backups are recommended. Use tools like rsync for incremental backups or rclone for sending backups to cloud storage.

  sudo rsync -av --delete --exclude '.*' ~/syncthing/data /path/to/backup/location/syncthing_data_backup/
  

• VPS Snapshots: Many hosting providers offer the ability to create snapshots of the entire VPS. This is the simplest way to make a full system backup, but it can be more expensive and less flexible for restoring individual files. Use it as an additional security measure.

Updating Syncthing and the System

Regular updates are key to security and stability. Since we are using Docker, the Syncthing update process is very simple:

1. Stop the container:

   cd ~/syncthing
   docker-compose down
   

2. Download the new image version:

   docker-compose pull
   

3. Start the container with the new version:

   docker-compose up -d
   

To update the base operating system and Docker:

sudo apt update && sudo apt upgrade -y
sudo systemctl restart docker # If Docker updates were applied

It is recommended to perform these operations regularly, for example, once a month or once a quarter.

Monitoring Performance and Status

Monitoring allows for timely identification of performance issues, resource shortages, or failures. For Syncthing and your VPS, you can use the following tools:

• docker stats: Shows CPU, RAM, disk I/O, and network traffic usage for all running containers.

  docker stats
  

• htop: An interactive process monitor for Linux that shows CPU and RAM usage for the entire system.

  sudo apt install htop -y
  htop
  

• Syncthing Logs: Check the Syncthing container logs for errors or warnings.

  docker-compose logs syncthing
  

• Syncthing Web Interface: In the "Devices" and "Folders" sections, you can see synchronization status, data transfer speed, and errors.
• Monitoring Systems: For more advanced monitoring, consider installing specialized tools such as Netdata on VPS. Netdata provides detailed metrics for CPU, RAM, disk, network, and even Docker containers in real-time through a convenient web interface.

Regular monitoring will help you understand when it's time to scale your VPS resources or optimize Syncthing settings.

Optimal VPS Configuration for Syncthing under Real Load: Needs Analysis

Choosing the right VPS for Syncthing directly depends on the scale of use. an "Optimal" configuration for a single user with a couple of gigabytes of photos will be completely insufficient for a small company synchronizing hundreds of gigabytes of documents. Let's consider various usage scenarios and their corresponding recommendations.

Usage Scenarios and Recommended Configurations

1. Personal Use (Light Load):
   • Description: Synchronization of personal documents, photos, small projects. Up to 2-3 devices, total data volume up to 50 GB, up to 10,000 files. Infrequent changes.
   • Recommended Config:
     • CPU: 1 vCPU (2.0+ GHz)
     • RAM: 1 GB
     • Disk: 50 GB NVMe SSD (with reserve)
     • Network: 100 Mbps
     • Approximate Cost: $5-10/month.
2. Family Use / Small Team (Medium Load):
   • Description: Synchronization of shared family archives, work documents for a small team. Up to 5-10 devices, total data volume 50-200 GB, up to 100,000 files. Moderate changes.
   • Recommended Config:
     • CPU: 2 vCPU (2.5+ GHz)
     • RAM: 2-4 GB
     • Disk: 100-200 GB NVMe SSD
     • Network: 1 Gbps
     • Approximate Cost: $10-25/month.
3. Intensive Use / Medium Company (High Load):
   • Description: Central node for multiple users, synchronization of large data volumes (video, CAD files, large databases). More than 10 devices, total data volume 200 GB - 1 TB+, hundreds of thousands or millions of files. Frequent changes.
   • Recommended Config:
     • CPU: 4+ vCPU (3.0+ GHz)
     • RAM: 8+ GB
     • Disk: 500 GB+ NVMe SSD (or several TB depending on needs)
     • Network: 1 Gbps (with guaranteed channel)
     • Approximate Cost: $25-100+/month.

Comparison Table of VPS Configurations for Syncthing

Usage Scenario	CPU (vCPU)	RAM (GB)	Disk (NVMe SSD)	Network	Approximate Cost/month
Personal (light)	1	1	50 GB	100 Mbps	$5 - $10
Family / Small Team (medium)	2	2-4	100-200 GB	1 Gbps	$10 - $25
Intensive / Medium Company (high)	4+	8+	500 GB+	1 Gbps (guaranteed)	$25 - $100+

Important Notes:

• NVMe SSD: This is not just a recommendation, but almost a requirement for Syncthing. Disk I/O performance is critically important for hashing and indexing a large number of files. The difference between NVMe and a regular SATA SSD can be twofold, and with an HDD – tenfold.
• RAM and File Count: Remember that Syncthing stores file metadata in RAM. The more unique files you synchronize, the more RAM will be required. If you are working with millions of small files, choose a VPS with ample RAM.
• Network Traffic: Clarify outgoing and incoming traffic limits with your provider. Initial synchronization of large data volumes can quickly exhaust monthly limits.
• Processor: With frequent file changes and a large number of connected devices, the processor will be actively used for hashing and encryption. A multi-core processor will provide better parallel processing.

Choosing the right VPS is an investment in the stability and performance of your synchronization system. Do not skimp on critically important resources, especially the disk subsystem and RAM, if you plan to actively use Syncthing. As with choosing a VPS for game servers, for example, Minecraft, always focus on peak load and potential growth.

Conclusion

Installing Syncthing on a VPS is a powerful solution for creating a fully controlled and secure file synchronization system, surpassing cloud alternatives in terms of privacy and flexibility. For most users, an optimal choice would be a VPS with 2 vCPU, 2-4 GB RAM, and 100-200 GB NVMe SSD, which will ensure stable operation and sufficient resource headroom. Always prioritize NVMe drives and ample RAM for efficient metadata processing and high synchronization speed.