1SYNCTHING-CONFIG(5)                Syncthing               SYNCTHING-CONFIG(5)
2
3
4

NAME

6       syncthing-config - Syncthing Configuration
7

SYNOPSIS

9          $HOME/.config/syncthing
10          $HOME/Library/Application Support/Syncthing
11          %LOCALAPPDATA%\Syncthing
12

DESCRIPTION

14       New  in  version  1.5.0: Database and config can now be set separately.
15       Previously the database was always located in the same directory as the
16       config.
17
18
19       Syncthing  uses  a  single  directory to store configuration and crypto
20       keys.  Syncthing also has a database, which is often stored in this di‐
21       rectory  too.   The config location defaults to $HOME/.config/syncthing
22       (Unix-like), $HOME/Library/Application Support/Syncthing (Mac), or %LO‐
23       CALAPPDATA%\Syncthing (Windows). It can be changed at runtime using the
24       -config flag. In this directory the following files are located:
25
26       config.xml
27              The configuration file, in XML format.
28
29       cert.pem, key.pem
30              The device’s ECDSA public and private key. These form the  basis
31              for the device ID. The key must be kept private.
32
33       https-cert.pem, https-key.pem
34              The  certificate and key for HTTPS GUI connections. These may be
35              replaced with a custom certificate for HTTPS as desired.
36
37       csrftokens.txt
38              A list of recently issued CSRF tokens  (for  protection  against
39              browser cross site request forgery).
40
41       The database is stored either in the same directory as the config (usu‐
42       ally the default), but may also be located in one of the following  di‐
43       rectories (Unix-like platforms only):
44
45       • If  a  database  exists in the old default location, that location is
46         still used.
47
48       • If $XDG_DATA_HOME is set, use $XDG_DATA_HOME/syncthing.
49
50       • If ~/.local/share/syncthing exists, use that location.
51
52       • Use the old default location (same as config).
53
54       The location of the database can be changed using the -data  flag.  The
55       -home  flag  sets  both config and database locations at the same time.
56       The database contains the following files:
57
58       index-*.db
59              A directory holding the database with metadata and hashes of the
60              files currently on disk and available from peers.
61

CONFIG FILE FORMAT

63       The  following  shows  an  example of a default configuration file (IDs
64       will differ):
65
66       NOTE:
67          The config examples are present for illustration. Do not  copy  them
68          entirely  to use as your config. They are likely out-of-date and the
69          values may no longer correspond to the defaults.
70
71          <configuration version="30">
72              <folder id="default" label="Default Folder" path="/Users/jb/Sync/" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
73                  <filesystemType>basic</filesystemType>
74                  <device id="3LT2GA5-CQI4XJM-WTZ264P-MLOGMHL-MCRLDNT-MZV4RD3-KA745CL-OGAERQZ"></device>
75                  <minDiskFree unit="%">1</minDiskFree>
76                  <versioning></versioning>
77                  <copiers>0</copiers>
78                  <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
79                  <hashers>0</hashers>
80                  <order>random</order>
81                  <ignoreDelete>false</ignoreDelete>
82                  <scanProgressIntervalS>0</scanProgressIntervalS>
83                  <pullerPauseS>0</pullerPauseS>
84                  <maxConflicts>-1</maxConflicts>
85                  <disableSparseFiles>false</disableSparseFiles>
86                  <disableTempIndexes>false</disableTempIndexes>
87                  <paused>false</paused>
88                  <weakHashThresholdPct>25</weakHashThresholdPct>
89                  <markerName>.stfolder</markerName>
90                  <copyOwnershipFromParent>false</copyOwnershipFromParent>
91                  <modTimeWindowS>0</modTimeWindowS>
92                  <maxConcurrentWrites>2</maxConcurrentWrites>
93                  <disableFsync>false</disableFsync>
94                  <blockPullOrder>standard</blockPullOrder>
95                  <copyRangeMethod>standard</copyRangeMethod>
96              </folder>
97              <device id="3LT2GA5-CQI4XJM-WTZ264P-MLOGMHL-MCRLDNT-MZV4RD3-KA745CL-OGAERQZ" name="syno" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
98                  <address>dynamic</address>
99                  <paused>false</paused>
100                  <autoAcceptFolders>false</autoAcceptFolders>
101                  <maxSendKbps>0</maxSendKbps>
102                  <maxRecvKbps>0</maxRecvKbps>
103                  <maxRequestKiB>0</maxRequestKiB>
104                  <remoteGUIPort>0</remoteGUIPort>
105              </device>
106              <gui enabled="true" tls="false" debugging="false">
107                  <address>127.0.0.1:8384</address>
108                  <apikey>k1dnz1Dd0rzTBjjFFh7CXPnrF12C49B1</apikey>
109                  <theme>default</theme>
110              </gui>
111              <ldap></ldap>
112              <options>
113                  <listenAddress>default</listenAddress>
114                  <globalAnnounceServer>default</globalAnnounceServer>
115                  <globalAnnounceEnabled>true</globalAnnounceEnabled>
116                  <localAnnounceEnabled>true</localAnnounceEnabled>
117                  <localAnnouncePort>21027</localAnnouncePort>
118                  <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
119                  <maxSendKbps>0</maxSendKbps>
120                  <maxRecvKbps>0</maxRecvKbps>
121                  <reconnectionIntervalS>60</reconnectionIntervalS>
122                  <relaysEnabled>true</relaysEnabled>
123                  <relayReconnectIntervalM>10</relayReconnectIntervalM>
124                  <startBrowser>true</startBrowser>
125                  <natEnabled>true</natEnabled>
126                  <natLeaseMinutes>60</natLeaseMinutes>
127                  <natRenewalMinutes>30</natRenewalMinutes>
128                  <natTimeoutSeconds>10</natTimeoutSeconds>
129                  <urAccepted>0</urAccepted>
130                  <urSeen>0</urSeen>
131                  <urUniqueID></urUniqueID>
132                  <urURL>https://data.syncthing.net/newdata</urURL>
133                  <urPostInsecurely>false</urPostInsecurely>
134                  <urInitialDelayS>1800</urInitialDelayS>
135                  <restartOnWakeup>true</restartOnWakeup>
136                  <autoUpgradeIntervalH>12</autoUpgradeIntervalH>
137                  <upgradeToPreReleases>false</upgradeToPreReleases>
138                  <keepTemporariesH>24</keepTemporariesH>
139                  <cacheIgnoredFiles>false</cacheIgnoredFiles>
140                  <progressUpdateIntervalS>5</progressUpdateIntervalS>
141                  <limitBandwidthInLan>false</limitBandwidthInLan>
142                  <minHomeDiskFree unit="%">1</minHomeDiskFree>
143                  <releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
144                  <overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
145                  <tempIndexMinBlocks>10</tempIndexMinBlocks>
146                  <trafficClass>0</trafficClass>
147                  <defaultFolderPath>~</defaultFolderPath>
148                  <setLowPriority>true</setLowPriority>
149                  <maxFolderConcurrency>0</maxFolderConcurrency>
150                  <crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
151                  <crashReportingEnabled>true</crashReportingEnabled>
152                  <stunKeepaliveStartS>180</stunKeepaliveStartS>
153                  <stunKeepaliveMinS>20</stunKeepaliveMinS>
154                  <stunServer>default</stunServer>
155                  <databaseTuning>auto</databaseTuning>
156                  <maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
157              </options>
158          </configuration>
159

CONFIGURATION ELEMENT

161          <configuration version="30">
162              <folder></folder>
163              <device></device>
164              <gui></gui>
165              <ldap></ldap>
166              <options></options>
167              <ignoredDevice>5SYI2FS-LW6YAXI-JJDYETS-NDBBPIO-256MWBO-XDPXWVG-24QPUM4-PDW4UQU</ignoredDevice>
168              <ignoredFolder>bd7q3-zskm5</ignoredFolder>
169          </configuration>
170
171       This is the root element. It has one attribute:
172
173       version
174              The config version. Increments whenever a change  is  made  that
175              requires migration from previous formats.
176
177       It  contains the elements described in the following sections and these
178       two additional child elements:
179
180       ignoredDevice
181              Contains the ID of the device that should be ignored. Connection
182              attempts  from  this  device are logged to the console but never
183              displayed in the web GUI.
184
185       ignoredFolder
186              Contains the ID of the  folder  that  should  be  ignored.  This
187              folder  will always be skipped when advertised from a remote de‐
188              vice, i.e. this will be logged, but  there  will  be  no  dialog
189              about it in the web GUI.
190

FOLDER ELEMENT

192          <folder id="default" label="Default Folder" path="/Users/jb/Sync/" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
193              <filesystemType>basic</filesystemType>
194              <device id="3LT2GA5-CQI4XJM-WTZ264P-MLOGMHL-MCRLDNT-MZV4RD3-KA745CL-OGAERQZ"></device>
195              <minDiskFree unit="%">1</minDiskFree>
196              <versioning></versioning>
197              <copiers>0</copiers>
198              <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
199              <hashers>0</hashers>
200              <order>random</order>
201              <ignoreDelete>false</ignoreDelete>
202              <scanProgressIntervalS>0</scanProgressIntervalS>
203              <pullerPauseS>0</pullerPauseS>
204              <maxConflicts>-1</maxConflicts>
205              <disableSparseFiles>false</disableSparseFiles>
206              <disableTempIndexes>false</disableTempIndexes>
207              <paused>false</paused>
208              <weakHashThresholdPct>25</weakHashThresholdPct>
209              <markerName>.stfolder</markerName>
210              <copyOwnershipFromParent>false</copyOwnershipFromParent>
211              <modTimeWindowS>0</modTimeWindowS>
212              <maxConcurrentWrites>2</maxConcurrentWrites>
213              <disableFsync>false</disableFsync>
214              <blockPullOrder>standard</blockPullOrder>
215              <copyRangeMethod>standard</copyRangeMethod>
216          </folder>
217
218       One  or  more folder elements must be present in the file. Each element
219       describes one folder. The following attributes may be set on the folder
220       element:
221
222       id     The folder ID, must be unique. (mandatory)
223
224       label  The  label of a folder is a human readable and descriptive local
225              name. May be different on each device, empty,  and/or  identical
226              to other folder labels. (optional)
227
228       path   The path to the directory where the folder is stored on this de‐
229              vice; not sent to other devices. (mandatory)
230
231       type   Controls how the folder is handled by Syncthing. Possible values
232              are:
233
234              sendreceive
235                     The  folder is in default mode. Sending local and accept‐
236                     ing remote changes.  Note that this type  was  previously
237                     called “readwrite” which is deprecated but still accepted
238                     in incoming configs.
239
240              sendonly
241                     The folder is in “send only” mode – it will not be  modi‐
242                     fied  by  Syncthing  on this device.  Note that this type
243                     was previously called “readonly” which is deprecated  but
244                     still accepted in incoming configs.
245
246              receiveonly
247                     The folder is in “receive only” mode – it will not propa‐
248                     gate changes to other devices.
249
250       rescanIntervalS
251              The rescan interval, in seconds. Can be set to zero  to  disable
252              when external plugins are used to trigger rescans.
253
254       fsWatcherEnabled
255              If enabled this detects changes to files in the folder and scans
256              them.
257
258       fsWatcherDelayS
259              The duration during which changes detected are accumulated,  be‐
260              fore  a scan is scheduled (only takes effect if fsWatcherEnabled
261              is true).
262
263       ignorePerms
264              True if the folder should ignore permissions.
265
266       autoNormalize
267              Automatically correct UTF-8 normalization errors found  in  file
268              names.
269
270       The following child elements may exist:
271
272       device These  must  have  the id attribute and can have an introducedBy
273              attribute, identifying the device that introduced  us  to  share
274              this  folder  with the given device.  If the original introducer
275              unshares this folder with this device, our  device  will  follow
276              and  unshare the folder (subject to skipIntroductionRemovals be‐
277              ing false on the introducer device).  All mentioned devices  are
278              those  that  will  be sharing the folder in question.  Each men‐
279              tioned device must have a separate device element later  in  the
280              file.   It  is customary that the local device ID is included in
281              all folders.  Syncthing will currently add this automatically if
282              it is not present in the configuration file.
283
284       minDiskFree
285              The  minimum required free space that should be available on the
286              disk this folder resides. The folder will be  stopped  when  the
287              value  drops  below the threshold. Accepted units are %, kB, MB,
288              GB and TB. Set to zero to disable.
289
290       versioning
291              Specifies a versioning configuration.
292
293       SEE ALSO:
294          versioning
295
296       copiers, pullers, hashers
297              The number of copier, puller and hasher routines to use, or zero
298              for  the  system determined optimum. These are low level perfor‐
299              mance options for advanced users only; do not change unless  re‐
300              quested to or you’ve actually read and understood the code your‐
301              self. :)
302
303       order  The order in which needed files should be pulled from the  clus‐
304              ter.  The possibles values are:
305
306              random Pull  files in random order. This optimizes for balancing
307                     resources among the devices in a cluster.
308
309              alphabetic
310                     Pull files ordered by file name alphabetically.
311
312              smallestFirst, largestFirst
313                     Pull files ordered by file  size;  smallest  and  largest
314                     first respectively.
315
316              oldestFirst, newestFirst
317                     Pull  files ordered by modification time; oldest and new‐
318                     est first respectively.
319
320              Note that the scanned files are sent in batches and the  sorting
321              is  applied only to the already discovered files. This means the
322              sync might start with a 1 GB file even if there  is  1  KB  file
323              available  on  the source device until the 1 KB becomes known to
324              the pulling device.
325
326       ignoreDelete
327              WARNING:
328                 Enabling this is highly not recommended -  use  at  your  own
329                 risk.
330
331              When  set  to true, this device will pretend not to see instruc‐
332              tions to delete files from other devices.
333
334       scanProgressIntervalS
335              The interval with which scan progress information is sent to the
336              GUI. Zero means the default value (two seconds).
337
338       pullerPauseS
339              Tweak  for  rate  limiting  the  puller  when it retries pulling
340              files. Don’t change these unless you know what you’re doing.
341
342       maxConflicts
343              The maximum number of conflict copies to  keep  around  for  any
344              given file.  The default, -1, means an unlimited number. Setting
345              this to zero disables conflict copies altogether.
346
347       disableSparseFiles
348              By default, blocks containing all zeroes are not written,  caus‐
349              ing  files to be sparse on filesystems that support the concept.
350              When set to true, sparse files will not be created.
351
352       disableTempIndexes
353              By default, devices exchange information about blocks  available
354              in  transfers that are still in progress, which allows other de‐
355              vices to download parts of files that are not  yet  fully  down‐
356              loaded  on  your  own  device, essentially making transfers more
357              torrent like. When set to true,  such  information  is  not  ex‐
358              changed for this folder.
359
360       paused True if this folder is (temporarily) suspended.
361
362       weakHashThresholdPct
363              Use  weak hash if more than the given percentage of the file has
364              changed. Set to -1 to always use weak hash. Default value is 25.
365
366       markerName
367              Name of a directory or file in the folder root  to  be  used  as
368              marker-faq. Default is “.stfolder”.
369
370       copyOwnershipFromParent
371              On  Unix  systems,  tries to copy file/folder ownership from the
372              parent directory (the directory it’s located in).  Requires run‐
373              ning Syncthing as privileged user, or granting it additional ca‐
374              pabilities (e.g. CAP_CHOWN on Linux).
375
376       modTimeWindowS
377              Allowed modification timestamp difference when  comparing  files
378              for  equivalence. To be used on file systems which have unstable
379              modification timestamps that might change after  being  recorded
380              during  the  last write operation. Defaults to 2 on Android when
381              the folder is located on a FAT partition, and always to 0  else‐
382              where.
383
384       maxConcurrentWrites
385              Maximum number of concurrent write operations while syncing. De‐
386              faults to 2. Increasing this might  increase  or  decrease  disk
387              performance, depending on the underlying storage.
388
389       disableFsync
390
391          WARNING:
392              This is a known insecure option - use at your own risk.
393
394          Disables committing file operations to disk before recording them in
395          the database.  Disabling fsync can lead to data corruption.
396
397       blockPullOrder
398              Order in which the blocks of a file are downloaded. This  option
399              controls  how quickly different parts of the file spread between
400              the connected devices, at the cost  of  causing  strain  on  the
401              storage.
402
403              Available options:
404
405              standard (default):
406                     The  blocks  of  a file are split into N equal continuous
407                     sequences, where N is the number  of  connected  devices.
408                     Each  device  starts downloading it’s own sequence, after
409                     which it picks other devices sequences  at  random.  Pro‐
410                     vides  acceptable  data distribution and minimal spinning
411                     disk strain.
412
413              random:
414                     The blocks of a file are downloaded in  a  random  order.
415                     Provides  great  data  distribution,  but  very taxing on
416                     spinning disk drives.
417
418              inOrder:
419                     The blocks of a file are  downloaded  sequentially,  from
420                     start  to  finish. Spinning disk drive friendly, but pro‐
421                     vides no improvements to data distribution.
422
423       copyRangeMethod
424              Provides a choice of method for copying data between files. This
425              can  be  used to optimise copies on network filesystems, improve
426              speed of large copies or  clone  the  data  using  copy-on-write
427              functionality if the underlying filesystem supports it.
428
429              See folder-copyRangeMethod for details.
430

DEVICE ELEMENT

432          <device id="5SYI2FS-LW6YAXI-JJDYETS-NDBBPIO-256MWBO-XDPXWVG-24QPUM4-PDW4UQU" name="syno" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="2CYF2WQ-AKZO2QZ-JAKWLYD-AGHMQUM-BGXUOIS-GYILW34-HJG3DUK-LRRYQAR">
433              <address>dynamic</address>
434              <paused>false</paused>
435              <autoAcceptFolders>false</autoAcceptFolders>
436              <maxSendKbps>0</maxSendKbps>
437              <maxRecvKbps>0</maxRecvKbps>
438              <maxRequestKiB>0</maxRequestKiB>
439              <remoteGUIPort>0</remoteGUIPort>
440          </device>
441          <device id="2CYF2WQ-AKZO2QZ-JAKWLYD-AGHMQUM-BGXUOIS-GYILW34-HJG3DUK-LRRYQAR" name="syno local" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
442              <address>tcp://192.0.2.1:22001</address>
443              <paused>true</paused>
444              <allowedNetwork>192.168.0.0/16</allowedNetwork>
445              <autoAcceptFolders>false</autoAcceptFolders>
446              <maxSendKbps>100</maxSendKbps>
447              <maxRecvKbps>100</maxRecvKbps>
448              <maxRequestKiB>65536</maxRequestKiB>
449              <remoteGUIPort>8384</remoteGUIPort>
450          </device>
451
452       One  or  more device elements must be present in the file. Each element
453       describes a device participating in the cluster. It is customary to in‐
454       clude  a  device element for the local device; Syncthing will currently
455       add one if it is not present. The following attributes may  be  set  on
456       the device element:
457
458       id     The device ID. (mandatory)
459
460       name   A friendly name for the device. (optional)
461
462       compression
463              Whether  to  use  protocol  compression when sending messages to
464              this device.  The possible values are:
465
466              metadata
467                     Compress metadata packets,  such  as  index  information.
468                     Metadata  is usually very compression friendly so this is
469                     a good default.
470
471              always Compress all packets, including file data. This is recom‐
472                     mended  if  the  folders contents are mainly compressible
473                     data such as documents or text files.
474
475              never  Disable all compression.
476
477       introducer
478              Set to true if this device should be trusted as  an  introducer,
479              i.e.  we  should copy their list of devices per folder when con‐
480              necting.
481
482       SEE ALSO:
483          introducer
484
485       skipIntroductionRemovals
486              Set to true if you wish to follow  only  introductions  and  not
487              de-introductions.  For example, if this is set, we would not re‐
488              move a device that we were introduced to even  if  the  original
489              introducer is no longer listing the remote device as known.
490
491       introducedBy
492              Defines which device has introduced us to this device. Used only
493              for following de-introductions.
494
495       certName
496              The device certificate common name, if it  is  not  the  default
497              “syncthing”.
498
499       From following child elements at least one address child must exist.
500
501       address
502              Contains  an address or host name to use when attempting to con‐
503              nect to this device.  Entries other than dynamic need a protocol
504              specific  prefix.  For  the  TCP  protocol  the  prefixes tcp://
505              (dual-stack), tcp4:// (IPv4 only) or tcp6:// (IPv6 only) can  be
506              used.   The  prefixes  for  the  QUIC  protocol  are  analogous:
507              quic://, quic4:// and quic6:// Note that IP addresses  need  not
508              use  IPv4 or IPv6 prefixes; these are optional. Accepted formats
509              are:
510
511              IPv4 address (tcp://192.0.2.42)
512                     The default port (22000) is used.
513
514              IPv4 address and port (tcp://192.0.2.42:12345)
515                     The address and port is used as given.
516
517              IPv6 address (tcp://[2001:db8::23:42])
518                     The default port (22000) is used. The address must be en‐
519                     closed in square brackets.
520
521              IPv6 address and port (tcp://[2001:db8::23:42]:12345)
522                     The  address  and port is used as given. The address must
523                     be enclosed in square brackets.
524
525              Host name (tcp6://fileserver)
526                     The host name will be used on the  default  port  (22000)
527                     and connections will be attempted only via IPv6.
528
529              Host name and port (tcp://fileserver:12345)
530                     The  host name will be used on the given port and connec‐
531                     tions will be attempted via both IPv4 and IPv6, depending
532                     on name resolution.
533
534              dynamic
535                     The  word dynamic (without any prefix) means to use local
536                     and global discovery to find the device.
537
538              You can set multiple addresses and combine it with  the  dynamic
539              keyword for example:
540
541                 <device id="...">
542                     <address>tcp://192.0.2.1:22001</address>
543                     <address>quic://192.0.1.254:22000</address>
544                     <address>dynamic</address>
545                 </device>
546
547       paused True  if synchronization with this devices is (temporarily) sus‐
548              pended.
549
550       allowedNetwork
551              If given, this restricts connections to this device to only this
552              network (see allowed-networks).
553
554       maxSendKbps
555              Maximum send rate to use for this device. Unit is kibibytes/sec‐
556              ond, despite the config name looking like kilobits/second.
557
558       maxRecvKbps
559              Maximum  receive  rate  to  use  for  this   device.   Unit   is
560              kibibytes/second,  despite  the  config  name looking like kilo‐
561              bits/second.
562
563       maxRequestKiB
564              Maximum amount of data to have outstanding in  requests  towards
565              this device.  Unit is kibibytes.
566
567       remoteGUIPort
568              If  set to a positive integer, the GUI will display an HTTP link
569              to the IP address which is currently used  for  synchronization.
570              Only  the  TCP  port  is exchanged for the value specified here.
571              Note that any port forwarding or firewall settings  need  to  be
572              done manually and the link will probably not work for link-local
573              IPv6 addresses because of modern browser limitations.
574

GUI ELEMENT

576          <gui enabled="true" tls="false" debugging="false">
577              <address>127.0.0.1:8384</address>
578              <apikey>l7jSbCqPD95JYZ0g8vi4ZLAMg3ulnN1b</apikey>
579              <theme>default</theme>
580          </gui>
581
582       There must be exactly one gui element. The GUI  configuration  is  also
583       used by the rest-api and the event-api. The following attributes may be
584       set on the gui element:
585
586       enabled
587              If not true, the GUI and API will not be started.
588
589       tls    If set to true, TLS (HTTPS) will be enforced. Non-HTTPS requests
590              will be redirected to HTTPS. When this is set to false, TLS con‐
591              nections are still possible but it is not mandatory.
592
593       debugging
594              This enables profiling and additional debugging endpoints in the
595              rest-api.
596
597       The following child elements may be present:
598
599       address
600              Set the listen address. One address element must be present. Al‐
601              lowed address formats are:
602
603              IPv4 address and port (127.0.0.1:8384)
604                     The address and port is used as given.
605
606              IPv6 address and port ([::1]:8384)
607                     The address and port is used as given. The  address  must
608                     be enclosed in square brackets.
609
610              Wildcard and port (0.0.0.0:12345, [::]:12345, :12345)
611                     These are equivalent and will result in Syncthing listen‐
612                     ing on all interfaces via both IPv4 and IPv6.
613
614              UNIX socket location (/var/run/st.sock)
615                     If the address is an absolute path it is  interpreted  as
616                     the path to a UNIX socket.  (Added in v0.14.52.)
617
618       unixSocketPermissions
619              In the case that a UNIX socket location is used for address, set
620              this to an octal to override  the  default  permissions  of  the
621              socket.
622
623       user   Set to require authentication.
624
625       password
626              Contains the bcrypt hash of the real password.
627
628       apikey If  set,  this is the API key that enables usage of the REST in‐
629              terface.
630
631       insecureAdminAccess
632              If true, this allows access to the web GUI  from  outside  (i.e.
633              not  localhost)  without authorization. A warning will displayed
634              about this setting on startup.
635
636       theme  The name of the theme to use.
637
638       authMode
639              Authentication mode to use. If not present  authentication  mode
640              (static)  is  controlled by presence of user/password fields for
641              backward compatibility.
642
643              static Authentication using user and password.
644
645              ldap   LDAP authentication. Requires ldap top level config  sec‐
646                     tion to be present.
647

LDAP ELEMENT

649          <ldap>
650              <address>localhost:389</address>
651              <bindDN>cn=%s,ou=users,dc=syncthing,dc=net</bindDN>
652              <transport>nontls</transport>
653              <insecureSkipVerify>false</insecureSkipVerify>
654          </ldap>
655
656       The ldap element contains LDAP configuration options.
657
658       address
659              LDAP server address (server:port).
660
661       bindDN BindDN  for  user authentication.  Special %s variable should be
662              used to pass username to LDAP.
663
664       transport
665
666          nontls Non secure connection.
667
668          tls    TLS secured connection.
669
670          starttls
671                 StartTLS connection mode.
672
673       insecureSkipVerify
674              Skip verification (true or false).
675

OPTIONS ELEMENT

677          <options>
678              <listenAddress>default</listenAddress>
679              <globalAnnounceServer>default</globalAnnounceServer>
680              <globalAnnounceEnabled>true</globalAnnounceEnabled>
681              <localAnnounceEnabled>true</localAnnounceEnabled>
682              <localAnnouncePort>21027</localAnnouncePort>
683              <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
684              <maxSendKbps>0</maxSendKbps>
685              <maxRecvKbps>0</maxRecvKbps>
686              <reconnectionIntervalS>60</reconnectionIntervalS>
687              <relaysEnabled>true</relaysEnabled>
688              <relayReconnectIntervalM>10</relayReconnectIntervalM>
689              <startBrowser>true</startBrowser>
690              <natEnabled>true</natEnabled>
691              <natLeaseMinutes>60</natLeaseMinutes>
692              <natRenewalMinutes>30</natRenewalMinutes>
693              <natTimeoutSeconds>10</natTimeoutSeconds>
694              <urAccepted>0</urAccepted>
695              <urSeen>0</urSeen>
696              <urUniqueID></urUniqueID>
697              <urURL>https://data.syncthing.net/newdata</urURL>
698              <urPostInsecurely>false</urPostInsecurely>
699              <urInitialDelayS>1800</urInitialDelayS>
700              <restartOnWakeup>true</restartOnWakeup>
701              <autoUpgradeIntervalH>12</autoUpgradeIntervalH>
702              <upgradeToPreReleases>false</upgradeToPreReleases>
703              <keepTemporariesH>24</keepTemporariesH>
704              <cacheIgnoredFiles>false</cacheIgnoredFiles>
705              <progressUpdateIntervalS>5</progressUpdateIntervalS>
706              <limitBandwidthInLan>false</limitBandwidthInLan>
707              <minHomeDiskFree unit="%">1</minHomeDiskFree>
708              <releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
709              <overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
710              <tempIndexMinBlocks>10</tempIndexMinBlocks>
711              <trafficClass>0</trafficClass>
712              <defaultFolderPath>~</defaultFolderPath>
713              <setLowPriority>true</setLowPriority>
714              <maxFolderConcurrency>0</maxFolderConcurrency>
715              <crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
716              <crashReportingEnabled>true</crashReportingEnabled>
717              <stunKeepaliveStartS>180</stunKeepaliveStartS>
718              <stunKeepaliveMinS>20</stunKeepaliveMinS>
719              <stunServer>default</stunServer>
720              <databaseTuning>auto</databaseTuning>
721              <maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
722          </options>
723
724       The options element contains all other global configuration options.
725
726       listenAddress
727              The listen address for incoming sync connections. See Listen Ad‐
728              dresses for allowed syntax.
729
730       globalAnnounceServer
731              A  URI  to a global announce (discovery) server, or the word de‐
732              fault to include the default servers. Any  number  of  globalAn‐
733              nounceServer elements may be present. The syntax for non-default
734              entries is that of a HTTP or HTTPS URL. A number of options  may
735              be  added  as query options to the URL: insecure to prevent cer‐
736              tificate validation (required for HTTP URLs) and id=<device  ID>
737              to  perform certificate pinning. The device ID to use is printed
738              by the discovery server on startup.
739
740       globalAnnounceEnabled
741              Whether to announce this device to the global announce  (discov‐
742              ery) server, and also use it to look up other devices.
743
744       localAnnounceEnabled
745              Whether  to  send  announcements to the local LAN, also use such
746              announcements to find other devices.
747
748       localAnnouncePort
749              The port on which to listen and send  IPv4  broadcast  announce‐
750              ments to.
751
752       localAnnounceMCAddr
753              The  group  address and port to join and send IPv6 multicast an‐
754              nouncements on.
755
756       maxSendKbps
757              Outgoing data rate limit, in kibibytes per second.
758
759       maxRecvKbps
760              Incoming data rate limits, in kibibytes per second.
761
762       reconnectionIntervalS
763              The number of seconds to wait between each attempt to connect to
764              currently unconnected devices.
765
766       relaysEnabled
767              When  true, relays will be connected to and potentially used for
768              device to device connections.
769
770       relayReconnectIntervalM
771              Sets the interval, in minutes, between relay reconnect attempts.
772
773       startBrowser
774              Whether to attempt to start a browser to show the GUI when Sync‐
775              thing starts.
776
777       natEnabled
778              Whether  to  attempt  to perform a UPnP and NAT-PMP port mapping
779              for incoming sync connections.
780
781       natLeaseMinutes
782              Request a lease for this many minutes; zero to request a  perma‐
783              nent lease.
784
785       natRenewalMinutes
786              Attempt to renew the lease after this many minutes.
787
788       natTimeoutSeconds
789              When scanning for UPnP devices, wait this long for responses.
790
791       urAccepted
792              Whether  the  user  has accepted to submit anonymous usage data.
793              The default, 0, mean the user has not made a choice,  and  Sync‐
794              thing  will ask at some point in the future. -1 means no, a num‐
795              ber above zero means that that version of  usage  reporting  has
796              been accepted.
797
798       urSeen The  highest usage reporting version that has already been shown
799              in the web GUI.
800
801       urUniqueID
802              The unique ID sent together with  the  usage  report.  Generated
803              when usage reporting is enabled.
804
805       urURL  The URL to post usage report data to, when enabled.
806
807       urPostInsecurely
808              When  true,  the  UR URL can be http instead of https, or have a
809              self-signed certificate. The default is false.
810
811       urInitialDelayS
812              The time to wait from startup to the first  usage  report  being
813              sent.  Allows  the  system to stabilize before reporting statis‐
814              tics.
815
816       restartOnWakeup
817              Whether to perform a restart of Syncthing when  it  is  detected
818              that we are waking from sleep mode (i.e. a folded up laptop).
819
820       autoUpgradeIntervalH
821              Check  for a newer version after this many hours. Set to zero to
822              disable automatic upgrades.
823
824       upgradeToPreReleases
825              If true, automatic upgrades include release candidates (see  re‐
826              leases).
827
828       keepTemporariesH
829              Keep  temporary  failed transfers for this many hours. While the
830              temporaries are kept, the data they contain need not  be  trans‐
831              ferred again.
832
833       cacheIgnoredFiles
834              Whether  to cache the results of ignore pattern evaluation. Per‐
835              formance at the price of memory. Defaults to false as  the  cost
836              for evaluating ignores is usually not significant.
837
838       progressUpdateIntervalS
839              How  often  in seconds the progress of ongoing downloads is made
840              available to the GUI.
841
842       limitBandwidthInLan
843              Whether to apply bandwidth limits to devices in the same  broad‐
844              cast domain as the local device.
845
846       minHomeDiskFree
847              The  minimum required free space that should be available on the
848              partition holding the configuration and  index.  Accepted  units
849              are %, kB, MB, GB and TB.
850
851       releasesURL
852              The  URL from which release information is loaded, for automatic
853              upgrades.
854
855       alwaysLocalNet
856              Network that should be considered as local given in  CIDR  nota‐
857              tion.
858
859       overwriteRemoteDeviceNamesOnConnect
860              If  set,  device  names will always be overwritten with the name
861              given by remote on each connection. By default,  the  name  that
862              the remote device announces will only be adopted when a name has
863              not already been set.
864
865       tempIndexMinBlocks
866              When exchanging index information for incomplete transfers, only
867              take into account files that have at least this many blocks.
868
869       unackedNotificationID
870              ID of a notification to be displayed in the web GUI. Will be re‐
871              moved once the user acknowledged it (e.g. an  transition  notice
872              on an upgrade).
873
874       trafficClass
875              Specify  a type of service (TOS)/traffic class of outgoing pack‐
876              ets.
877
878       stunServer
879              Server to be used for STUN, given as ip:port.  The  keyword  de‐
880              fault  gets  expanded to stun.callwithus.com:3478, stun.counter‐
881              path.com:3478,  stun.counterpath.net:3478,  stun.ekiga.net:3478,
882              stun.ideasip.com:3478,              stun.internetcalls.com:3478,
883              stun.schlund.de:3478,     stun.sipgate.net:10000,      stun.sip‐
884              gate.net:3478,                          stun.voip.aebc.com:3478,
885              stun.voiparound.com:3478,  stun.voipbuster.com:3478,  stun.voip‐
886              stunt.com:3478 and stun.xten.com:3478 (this is the default).
887
888       stunKeepaliveSeconds
889              Interval in seconds between contacting a STUN server to maintain
890              NAT mapping. Default is 24 and you can set it to  0  to  disable
891              contacting STUN servers.
892
893       defaultFolderPath
894              The UI will propose to create new folders at this path. This can
895              be disabled by setting this to an empty string.
896
897       setLowPriority
898              Syncthing will attempt to lower its process priority at startup.
899              Specifically:  on Linux, set itself to a separate process group,
900              set the niceness level of that process group to nine and the I/O
901              priority  to  best  effort  level five; on other Unixes, set the
902              process niceness level to nine; on Windows, set the process pri‐
903              ority class to below normal. To disable this behavior, for exam‐
904              ple to control process priority yourself as  part  of  launching
905              Syncthing, set this option to false.
906
907   Listen Addresses
908       The  following  address  types are accepted in sync protocol listen ad‐
909       dresses. If you want Syncthing to listen on multiple addresses, you can
910       either:  add multiple <listenAddress> tags in the configuration file or
911       enter several addresses separated by commas in the GUI.
912
913       Default listen addresses (default)
914              This is equivalent to tcp://0.0.0.0:22000,  quic://0.0.0.0:22000
915              and dynamic+https://relays.syncthing.net/endpoint.
916
917       TCP wildcard and port (tcp://0.0.0.0:22000, tcp://:22000)
918              These  are  equivalent and will result in Syncthing listening on
919              all interfaces, IPv4 and IPv6, on the specified port.
920
921       TCP IPv4 wildcard and port (tcp4://0.0.0.0:22000, tcp4://:22000)
922              These are equivalent and will result in Syncthing  listening  on
923              all interfaces via IPv4 only.
924
925       TCP IPv4 address and port (tcp4://192.0.2.1:22000)
926              This results in Syncthing listening on the specified address and
927              port, IPv4 only.
928
929       TCP IPv6 wildcard and port (tcp6://[::]:22000, tcp6://:22000)
930              These are equivalent and will result in Syncthing  listening  on
931              all interfaces via IPv6 only.
932
933       TCP IPv6 address and port (tcp6://[2001:db8::42]:22000)
934              This results in Syncthing listening on the specified address and
935              port, IPv6 only.
936
937       QUIC address and port (e.g. quic://0.0.0.0:22000)
938              Syntax is the same as for TCP, also quic4 and quic6 can be used.
939
940       Static relay address (relay://192.0.2.42:22067?id=abcd123...)
941              Syncthing will connect to and listen  for  incoming  connections
942              via the specified relay address.
943
944   Todo
945       Document available URL parameters.
946
947       Dynamic relay pool (dynamic+https://192.0.2.42/relays)
948              Syncthing  will  fetch  the  specified HTTPS URL, parse it for a
949              JSON payload describing relays, select a relay from  the  avail‐
950              able  ones and listen via that as if specified as a static relay
951              above.
952
953   Todo
954       Document available URL parameters.
955

SYNCING CONFIGURATION FILES

957       Syncing configuration files between devices (such that multiple devices
958       are  using the same configuration files) can cause issues. This is easy
959       to do accidentally if you sync your home folder between devices. A com‐
960       mon  symptom  of  syncing  configuration files is two devices ending up
961       with the same Device ID.
962
963       If you want to use Syncthing to backup your configuration files, it  is
964       recommended  that the files you are backing up are in a folder-sendonly
965       to prevent other devices from overwriting the per device configuration.
966       The  folder on the remote device(s) should not be used as configuration
967       for the remote devices.
968
969       If you’d like to sync your home folder in non-send only mode,  you  may
970       add  the folder that stores the configuration files to the ignore list.
971       If you’d also like to backup  your  configuration  files,  add  another
972       folder in send only mode for just the configuration folder.
973

AUTHOR

975       The Syncthing Authors
976
978       2014-2019, The Syncthing Authors
979
980
981
982
983v1                               Apr 15, 2021              SYNCTHING-CONFIG(5)
Impressum