diff --git a/users/proxying.rst b/users/proxying.rst index 1a6274ca..1af5880e 100644 --- a/users/proxying.rst +++ b/users/proxying.rst @@ -5,12 +5,16 @@ Using Proxies .. versionadded:: 0.12.0 -Syncthing can run behind a SOCKS5 proxy. This enables use behind some corporate +Syncthing can run behind a SOCKS5, HTTP, or HTTPS proxy. This enables use behind some corporate firewalls, tunneling via SSH, and over Tor. The Syncthing instance that is behind the proxy is limited to outbound connections - it can not listen for incoming connections via the proxy. It is however possible to receive incoming connections via :ref:`relaying`. +.. versionadded:: 2.0.15 + + Support for HTTP and HTTPS proxies via ``all_proxy``. + There is no graphical configuration to enable proxy usage in Syncthing. Instead, an environment variable ``all_proxy`` must be set that points to the proxy. The value of this variable is the proxy URL. For example, on a @@ -22,6 +26,17 @@ Linux-like system:: ... [monitor] 11:25:40 INFO: Proxy settings detected +Or for an HTTP/HTTPS proxy:: + + $ export all_proxy=http://10.20.30.40:8080 + $ # Or with authentication and encryption + $ export all_proxy=https://user:password@proxy.example.com:8443 + $ syncthing + +HTTP proxies requiring basic authentication can be specified by embedding +credentials in the proxy URL. When credentials are used over a cleartext HTTP +proxy, a warning will be logged. + Note that this environment variable is *not* named with capital letters - it must be exactly ``all_proxy``. The "Proxy settings detected" log message indicates that Syncthing is using the proxy configuration. @@ -50,7 +65,12 @@ Caveats ------- Syncthing will use the ``http_proxy`` / ``https_proxy`` settings in combination with -``all_proxy``. Proxies specified with ``http_`` variants will be used behind the socks proxy. +``all_proxy``. Proxies specified with ``http_`` variants will be used behind the +configured proxy. If this is not desired, make sure to undefine the ``http_proxy`` / ``https_proxy`` variables for syncthing. + +When using an HTTP proxy via ``all_proxy``, only outbound TCP connections are +supported. Non-TCP transports and listening sockets are not supported through +HTTP or HTTPS proxies.