├── .travis.yml ├── Dockerfile ├── LICENSE ├── README.md └── init └── docker-syncthing-relay.service /.travis.yml: -------------------------------------------------------------------------------- 1 | services: 2 | - docker 3 | 4 | before_install: 5 | - docker --version 6 | 7 | install: 8 | - git clone https://github.com/docker-library/official-images.git official-images 9 | 10 | # Assist with ci test debugging: 11 | # - DEBUG=1 12 | before_script: 13 | - image="kylemanna/syncthing-relay" 14 | - docker build -t "$image" . 15 | - docker inspect "$image" 16 | 17 | script: 18 | - official-images/test/run.sh -t utc -t cve-2014--shellshock -t no-hard-coded-passwords "$image" 19 | 20 | after_script: 21 | - docker images 22 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS builder 2 | LABEL maintainer="Kyle Manna " 3 | 4 | ENV PKGVER 1.12.0 5 | 6 | # Busybox wget needs TLS support, curl is less painful to get working 7 | RUN apk add --no-cache ca-certificates curl && \ 8 | mkdir /go || true && \ 9 | cd /go && \ 10 | mkdir -p src/github.com/syncthing && \ 11 | export SRCDIR=$PWD && \ 12 | cd src/github.com/syncthing && \ 13 | curl -L https://github.com/syncthing/syncthing/releases/download/v$PKGVER/syncthing-source-v${PKGVER}.tar.gz | tar xzf - && \ 14 | cd syncthing && \ 15 | export GOPATH="$SRCDIR" GOROOT_FINAL="/usr/bin" && \ 16 | go run build.go -no-upgrade -version v${PKGVER} build strelaysrv 17 | 18 | #Building thin container 19 | FROM alpine 20 | 21 | RUN apk add --no-cache ca-certificates 22 | COPY --from=builder /go/src/github.com/syncthing/syncthing/strelaysrv /usr/bin/strelaysrv 23 | 24 | # Run unprivileged out of /relaysrv 25 | RUN mkdir /relaysrv && chown nobody:nobody /relaysrv 26 | VOLUME /relaysrv 27 | USER nobody 28 | WORKDIR /relaysrv 29 | 30 | EXPOSE 22067 22070 31 | 32 | ENTRYPOINT ["/usr/bin/strelaysrv"] 33 | CMD [""] 34 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Kyle Manna 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Syncthing Relay Docker Image 2 | 3 | [![Build Status](https://travis-ci.org/kylemanna/docker-syncthing-relay.svg)](https://travis-ci.org/kylemanna/docker-syncthing-relay) 4 | [![Docker Stars](https://img.shields.io/docker/stars/kylemanna/syncthing-relay.svg)](https://hub.docker.com/r/kylemanna/syncthing-relay/) 5 | [![Docker Pulls](https://img.shields.io/docker/pulls/kylemanna/syncthing-relay.svg)](https://hub.docker.com/r/kylemanna/syncthing-relay/) 6 | [![ImageLayers](https://images.microbadger.com/badges/image/kylemanna/syncthing-relay.svg)](https://microbadger.com/#/images/kylemanna/syncthing-relay) 7 | 8 | ## Overview 9 | Syncthing Relay to help Syncthing clients relay data when they can't communicate directly due to things like NAT routers and firewalls blocking inbound TCP connections. 10 | 11 | More detailed description on [my blog](https://blog.kylemanna.com/sharing/syncthing-relay-docker-container/). 12 | 13 | Extensively tested on [Digital Ocean $5/mo node](http://do.co/2d7vkfJ) 14 | 15 | ## Upstream Links 16 | 17 | * Docker Registry @ [kylemanna/openvpn](https://hub.docker.com/r/kylemanna/syncthing-relay/) 18 | * GitHub @ [kylemanna/docker-openvpn](https://github.com/kylemanna/docker-syncthing-relay) 19 | 20 | ## Quick Start 21 | 22 | Just run: 23 | 24 | docker run --rm -p 22067:22067 -p 22070:22070 kylemanna/syncthing-relay 25 | 26 | Verify your server shows up at http://relays.syncthing.net/ 27 | 28 | Or private relay: 29 | 30 | docker run --rm -p 22067:22067 -p 22070:22070 kylemanna/syncthing-relay -pools="" 31 | 32 | ## Private relays and persistent keys 33 | 34 | When using the commands above, docker will remove the old container once it's no longer running. This is fine for public relays where the key does not matter, but becomes impractical for private relays where the URL must contain the key signature. 35 | 36 | For those using private relays, it may be a good idea to use persistent storage for the certificate. To that effect, the first step is to create a volume with the command below (only needs to be done once): 37 | 38 | docker volume create syncthing-relay 39 | 40 | Then run the container mapping the `/relaysrv` directory into the volume: 41 | 42 | docker run -p 22067:22067 -p 22070:22070 --mount source=syncthing-relay,target=/relaysrv -d kylemanna/syncthing-relay -pools="" 43 | 44 | ## Automatically restarting the container on reboot 45 | 46 | To automatically restart the container after a host reboot, replace the `--rm` option in any of the docker invocations above with `--restart=always`. This is a simple solution for those who want to have a relay server that survives host restarts but prefer not to deal with systemd. 47 | 48 | ## Using Systemd to Auto Start the Docker Container 49 | 50 | Here's the quick start guide for setting up a systemd service that will listen on the defualt ports and start at boot time. It will also attempt to pull down image updates each time the service starts and automatically restart after 10 seconds if the process exits. This Docker container preserves no state across starts. 51 | 52 | cd /etc/systemd/system 53 | sudo curl -O https://raw.githubusercontent.com/kylemanna/docker-syncthing-relay/master/init/docker-syncthing-relay.service 54 | sudo systemctl daemon-reload 55 | sudo systemctl enable --now docker-syncthing-relay.service 56 | sudo systemctl status docker-syncthing-relay.service 57 | -------------------------------------------------------------------------------- /init/docker-syncthing-relay.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Syncthing Relay Docker Container 3 | Documentation=https://github.com/kylemanna/docker-syncthing-relay 4 | After=network.target docker.socket 5 | Requires=docker.socket 6 | 7 | [Service] 8 | RestartSec=10 9 | Restart=always 10 | 11 | Environment="IMG=kylemanna/syncthing-relay:latest" 12 | Environment="NAME=syncthing-relay" 13 | Environment="PORT_DATA=22067:22067/tcp" 14 | Environment="PORT_STAT=22070:22070/tcp" 15 | 16 | # To override environment variables, `systemctl edit docker-syncthing-relay`: 17 | # https://www.freedesktop.org/software/systemd/man/systemctl.html 18 | 19 | # Clean-up bad state if still hanging around 20 | ExecStartPre=-/usr/bin/docker rm -f $NAME 21 | 22 | # Attempt to pull new image for security updates 23 | ExecStartPre=-/usr/bin/docker pull $IMG 24 | 25 | # Main process 26 | ExecStart=/usr/bin/docker run --rm --name ${NAME} -p ${PORT_DATA} -p ${PORT_STAT} ${IMG} 27 | 28 | [Install] 29 | WantedBy=multi-user.target 30 | --------------------------------------------------------------------------------