-
Notifications
You must be signed in to change notification settings - Fork 503
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(stdiscosrv): update command line flags, remove legacy replication
- Loading branch information
Showing
1 changed file
with
29 additions
and
82 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,9 +6,10 @@ Synopsis | |
|
|
||
| :: | ||
|
|
||
| stdiscosrv [-cert=<file>] [-db-dir=<string>] [-debug] [-http] [-key=<string>] | ||
| [-listen=<address>] [-metrics-listen=<address>] | ||
| [-replicate=<peers>] [-replication-listen=<address>] | ||
| stdiscosrv [--debug] [--http] [--compression] [--version] | ||
| [--cert=<file>] [--key=<string>] | ||
| [--listen=<address>] [--metrics-listen=<address>] | ||
| [--db-dir=<string>] [--db-flush-interval=<string>] | ||
|
|
||
|
|
||
| Description | ||
|
|
@@ -21,41 +22,47 @@ Syncthing project also maintains a global cluster for public use. | |
| Options | ||
| ------- | ||
|
|
||
| .. cmdoption:: -cert=<file> | ||
| .. cmdoption:: --debug | ||
|
|
||
| Certificate file (default "./cert.pem"). | ||
| Enable debug output. | ||
|
|
||
| .. cmdoption:: -db-dir=<string> | ||
| .. cmdoption:: --http | ||
|
|
||
| Database directory, where data is stored (default "./discovery.db"). | ||
| Listen on HTTP (behind an HTTPS proxy). | ||
|
|
||
| .. cmdoption:: -debug | ||
| .. cmdoption:: --version | ||
|
|
||
| Enable debug output. | ||
| Print the current version number and exit. | ||
|
|
||
| .. cmdoption:: -http | ||
| .. cmdoption:: --compression | ||
|
|
||
| Listen on HTTP (behind an HTTPS proxy). | ||
| Enable GZIP compression of HTTP responses. | ||
|
|
||
| .. cmdoption:: -key=<file> | ||
| .. cmdoption:: --cert=<file> | ||
|
|
||
| Key file (default "./key.pem"). | ||
| Certificate file (default "./cert.pem"). Unused in --http mode. | ||
|
|
||
| .. cmdoption:: -listen=<address> | ||
| .. cmdoption:: --key=<file> | ||
|
|
||
| Key file (default "./key.pem"). Unused in --http mode. | ||
|
|
||
| .. cmdoption:: --listen=<address> | ||
|
|
||
| Listen address (default ":8443"). | ||
|
|
||
| .. cmdoption:: -metrics-listen=<address> | ||
| .. cmdoption:: --metrics-listen=<address> | ||
|
|
||
| Prometheus compatible metrics endpoint listen address (default disabled). | ||
| Prometheus compatible metrics endpoint listen address (default | ||
| disabled). | ||
|
|
||
| .. cmdoption:: -replicate=<peers> | ||
| .. cmdoption:: --db-dir=<string> | ||
|
|
||
| Replication peers, id@address, comma separated | ||
| Database directory, where data is stored (default "."). | ||
|
|
||
| .. cmdoption:: -replication-listen=<address> | ||
| .. cmdoption:: --db-flush-interval=<string> | ||
|
|
||
| Listen address for incoming replication connections (default ":19200"). | ||
| Interval at which the in-memory database is flushed to disk (default | ||
| "5m"). | ||
|
|
||
| Pointing Syncthing at Your Discovery Server | ||
| ------------------------------------------- | ||
|
|
@@ -124,13 +131,13 @@ from clients there are three options: | |
| option can be used with the certificate automatically generated by the | ||
| discovery server. | ||
|
|
||
| - Pass the ``-http`` flag if the discovery server is behind an SSL-secured | ||
| - Pass the ``--http`` flag if the discovery server is behind an SSL-secured | ||
| reverse proxy. See below for configuration. | ||
|
|
||
| For the first two options, the discovery server must be given the paths to | ||
| the certificate and key at startup. This isn't necessary with the ``http`` flag:: | ||
|
|
||
| $ stdiscosrv -cert=/path/to/cert.pem -key=/path/to/key.pem | ||
| $ stdiscosrv --cert=/path/to/cert.pem --key=/path/to/key.pem | ||
| Server device ID is 7DDRT7J-UICR4PM-PBIZYL3-MZOJ7X7-EX56JP6-IK6HHMW-S7EK32W-G3EUPQA | ||
|
|
||
| The discovery server prints its device ID at startup. In case you are using | ||
|
|
@@ -143,64 +150,6 @@ Otherwise, the URL will be:: | |
|
|
||
| https://disco.example.com:8443/ | ||
|
|
||
| Replication | ||
| ^^^^^^^^^^^ | ||
|
|
||
| The discovery server can be deployed in a redundant, load sharing fashion. | ||
| In this mode announcements are replicated from the server that receives them | ||
| to other peer servers and queries can be answered equally by all servers. | ||
|
|
||
| Replication connections are encrypted and authenticated using TLS. The | ||
| certificate is selected by the ``-cert`` and ``-key`` options and is thus | ||
| shared with the main discovery API. If the ``-http`` mode is used the | ||
| certificate is not used for client requests but only for replication | ||
| connections. | ||
|
|
||
| Authentication of replication connections is done using `Syncthing-style | ||
| device IDs <https://docs.syncthing.net/dev/device-ids.html#id1>`__ only - CA | ||
| verification is not available. The device IDs in question are those printed | ||
| by the discovery server on startup. | ||
|
|
||
| Replication connections are unidirectional - announcements are replication | ||
| from the **sender** to a **listener**. In order to have a bidirectional | ||
| replication relationship between two servers both need to be configured as | ||
| sender and listener. | ||
|
|
||
| As an example, lets assume two discovery servers: | ||
|
|
||
| - Server one is on 192.0.2.20 and has certificate ID I6K...H76 | ||
| - Server two is on 192.0.2.55 and has certificate ID MRI...7OK | ||
|
|
||
| In order for both to replicate to the other and thus form a redundant pair, | ||
| use the following commands. | ||
|
|
||
| On server one:: | ||
|
|
||
| $ stdiscosrv [email protected]:19200 <other options> | ||
|
|
||
| On server two:: | ||
|
|
||
| $ stdiscosrv [email protected]:19200 <other options> | ||
|
|
||
| The ``-replicate`` directive sets which remote device IDs are expected and | ||
| allowed for both outgoing (sending) and incoming (listening) connections, | ||
| and which addresses to use when connecting out to those peers. Both IP and | ||
| port must be specified in peer addresses. | ||
|
|
||
| It is possible to only allow incoming connections from a peer without | ||
| establishing an outgoing replication connection. To do so, give only the | ||
| device ID without "@ip:port" address:: | ||
|
|
||
| $ stdiscosrv -replicate=I6K...H76 <other options> | ||
|
|
||
| Discosrv will listen on the replication port only when ``-replicate`` is | ||
| given. The default replication listen address is ":19200". | ||
|
|
||
| To achieve load balancing over two mutually replicating discovery server | ||
| instances, add multiple A / AAAA DNS records for a given name and point | ||
| Syncthing towards this name. The same certificate must be used on both | ||
| discovery servers. | ||
|
|
||
| Reverse Proxy Setup | ||
| ~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
|
|
@@ -368,8 +317,6 @@ page. Note that that page is directed at setting up a proxy for the | |
| Syncthing web UI. You should do the proper path and port adjustments to proxying | ||
| the discovery server and your particular setup. | ||
|
|
||
|
|
||
|
|
||
| See Also | ||
| -------- | ||
|
|
||
|
|
||