I used to use Nextcloud for a lot of different things, but at this point, I only really use it for handling files across devices.
I’d like to get away from Nextcloud entirely, and I’m thinking about Syncthing. I like the fact that it’s not a web server (and thus I don’t have to poke holes in the firewall), and it seems like a more lightweight product (since it’s not trying to do all of the the things that NC does).
Has anybody made the switch from using Nextcloud for file sycing to something like Syncthing?
Here is my opinion and please note that you have many ways to skin a cat. I choose a potato peeler.
I am going to assume that you are currently hosting nextcloud on your own equipment. If this is true then I would like to ask you, how you are connecting to the server. I have all of my stuff hosted on my servers at home which I typically tunnel back to my house when away to access my server as I am not a fan of poking holes in my firewall.
If you are going to be using syncthing then to my knowledge you are still going to have to ports for the devices to communicate.
TCP port 8384: This is the main communication port for Syncthing.
UDP port 8385: This is used for direct peer-to-peer connections.
You stated that you wanted to remove from Nexcloud because you only need file syncing. However, to my knowledge Nextcloud does not force you to use the other features and actually you can disable them.
I did the opposite (though I use nextcloud for calendar and contacts too). I wouldn’t go back but the best option depends on your use case.
Syncthing is much lighter to run.
Syncthing is not really a hosted server, it is peer to peer exchange. If you share a folder among 3 clients all 3 are ‘equal’. There is not one server and 2 clients.
Setup therefore can be a bit annoying/confusing since you need to manage folders across all devices, rather than logging in to a server which defines the common truth.
You do not need open/accessible ports, if there is no peer-to-peer connection a relay server is used to establish connection. You DO need direct communication to set up peers (local network or accessible ports).
I don’t access my home network from remote locations. I don’t think I’m your use case. Please note the following:
I like having my android phone photos and SD Card music sync’d using SyncThing, but the Android App has been booted out of the Google’s Play Store because it wasn’t updated enough(?) or some other reason. It remains on FDroid and I’ve backed up the APK, but I didn’t trust the clone version packaged by another name.
For a tunnel, you also need to poke a hole in the firewall.
In my opinion, poking holes gets a bad rep.
Holes are not the problem, it is the shit that is behind that hole.
Disclaimer: I have never used syncthing.
But they state this on their website:
UPnP will do if you don’t want to port forward or you don’t know how.
UPnP is not only poking a hole into your firewall but also like giving your drunk neighbour your routers password to poke a hole into your firewall That is why and half decent router/modem/firewall will have UPnP disabled by default.
I don’t think poking holes in the firewall is necessary for the file syncing. As I understand it, it uses something like UDP holepunching or reverse proxy or some such.
I currently have Nextcloud hosted as a Docker app on my TrueNAS box, with port forwarding to HAProxy.
As I understand it, Syncthing will support automatically deleting data from the source once it’s synced to the target, which is something I am interested in. I often deal with a lot of files on my laptop when I am traveling, and space on the laptop’s drive is a concern.
My issue with Nextcloud is that updates are quite frequent, probably because it’s trying to be much more than just a file sycing app, and I worry about stability of having such frequent changes to the codebase (especially since I don’t benefit from many/most of those changes). Plus, being a “web app” gives it a bigger threat surface.
I use a Sonicwall at home and I don’t even have the option for UPnP but I do agree with you in regards to the holes. However in the enterprise, I generally do not open ports at the firewall unless the server is serving something that needs to be public facing.
you should set up a port forwarding for ports 22000/TCP and 22000/UDP
and then
In the absence of port forwarding, Relaying may work well enough to get devices connected and synced, but will perform poorly in comparison to a direct connection.
So yeah, either you punch some holes (which again, is no bad or insecure thing, it is just not risk free) or you have poor performance and have to rely on others.
It’s not necessary to open ingress ports in the firewall, if you are fine with using the STUN server of a third party.
It’s not necessary to open ingress ports in the firewall, if you have an ISP that supports IPv6 where you don’t have to deal with NAT or CG-NAT shenanigans and your ISP router by default allows all incoming IPv6 connections on port 22000, because port scanning isn’t really a thing in IPv6 because there are to many addresses. If that is the case, your ISP already has opened up ingress ports for you, because your ISP knows what is good for most users
That is why and half decent router/modem/firewall will have UPnP disabled by default.