Changing Syncthing Admin Portal from HTTP to HTTPS/TLS

[habouji]

Running TrueNAS-13.0-U3.1

I'm trying to change the Syncthing Admin Portal from HTTP (default setting) to HTTPS/TLS.

I assume it should be a matter of taking following steps:

1. In the Admin Portal, navigate to Actions -> Settings -> GUI and enable "Use HTTPS for GUI"
2. Stop the jail
3. Edit jail, change Network Properties: change TCP 80 -> 8384 to TCP 443 -> 8384
4. Start the jail

I'm unable to reach the interface after the jail comes up, neither via HTTP or HTTPS, on port 8384 (http://mytruenas:8384/ and https://mytruenas:8384).

From https://docs.syncthing.net/users/guilisten.html:

The GUI (and, together with it, the REST API) listens on a single TCP port for HTTP and HTTPS connections.

The default port number is 8384.

I see the config on Syncthing is done properly, per https://docs.syncthing.net/users/config.html:

<gui enabled="true" tls="true" debugging="false">

When reverting all changes I can reach my Syncthing portal again, but only over HTTP.

Any idea what I'm doing wrong?

 

[neptunus]

I have the same issue, did you solve it? Or is there someone how could share tips to get HTTPS working?

 

[habouji]

No I didn't solve it. Running HTTP right now which I don't like.

 

[matematz]

Maybe this comes late but I have solution, This removes the plugin packaged reverse proxy entirely form the chain.
1. Syncthing GUI / Actions / Advanced / Address -> 0.0.0.0:8384 - to make it listen on all addresses not only localhost!
2. Syncthing GUI / Actions / Advanced / Use TLS -> True / Check
3. TrueNAS GUI / Jails / syncthing / EDIT / Network Properties / NAT Port forwarding -> tcp - 8384 (jail port) - 8384 (host port)

This eliminates the traffic going to the nginx, instead connecting directly to the syncthing server.
Do not forget to set user / pass for the admin interface!!!

 

[Liquid3564]

Hey, sorry for bumping an old post.
I have an issue with this. I checked the box "Use HTTPS for GUI" in the admin page of my Syncthing plugin (version 1.24.0_1) on my TrueNAS Core 13.0-U5.3 install. Now I can no longer access the admin page.

When I try to access the page in my browser with: http://<ip>:8384 I get a "Welcome to nginx!" page. When I try to access the admin page with http://<ip>:8384/syncthing (what I've always done) I get redirected to the TrueNAS login page of my TrueNAS server.

When I try https://<ip>:8384 I get an "ERR_SSL_PROTOCOL_ERROR" and I get the same error when trying https://<ip>:8384/syncthing to access the admin page.

Is there a way to revert the change I made to the "Use HTTPS for GUI" box?

 

[Liquid3564]

Hey, sorry for bumping an old post.
I have an issue with this. I checked the box "Use HTTPS for GUI" in the admin page of my Syncthing plugin (version 1.24.0_1) on my TrueNAS Core 13.0-U5.3 install. Now I can no longer access the admin page.

When I try to access the page in my browser with: http://<ip>:8384 I get a "Welcome to nginx!" page. When I try to access the admin page with http://<ip>:8384/syncthing (what I've always done) I get redirected to the TrueNAS login page of my TrueNAS server.

When I try https://<ip>:8384 I get an "ERR_SSL_PROTOCOL_ERROR" and I get the same error when trying https://<ip>:8384/syncthing to access the admin page.

Is there a way to revert the change I made to the "Use HTTPS for GUI" box?

Well I fixed it. Used the shell to manually change

Code:

tls="true"

to

Code:

tls="false"

under the GUI settings. The config file was found at

Code:

/mnt/<jails mount>/iocage/jails/<syncthing>/root/./root/usr/local/etc/syncthing/config.xml

If anyone needs this in the future.