config.xml

The configuration file, in XML format.

cert.pem, key.pem

The device’s ECDSA public and private key. These form the basis for the device ID. The key must be kept private.

https-cert.pem, https-key.pem

The certificate and key for HTTPS GUI connections. These may be replaced with a custom certificate for HTTPS as desired.

csrftokens.txt

A list of recently issued CSRF tokens (for protection against browser cross site request forgery).

• If a database exists in the old default location, that location is still used.
• If $XDG_DATA_HOME is set, use $XDG_DATA_HOME/syncthing.
• If ~/.local/share/syncthing exists, use that location.
• Use the old default location (same as config).

index-*.db

A directory holding the database with metadata and hashes of the files currently on disk and available from peers.

version

The config version. Increments whenever a change is made that requires migration from previous formats.

remoteIgnoredDevice

Contains the ID of the device that should be ignored. Connection attempts from this device are logged to the console but never displayed in the web GUI.

id (mandatory)

The folder ID, which must be unique.

label

The label of a folder is a human readable and descriptive local name. May be different on each device, empty, and/or identical to other folder labels. (optional)

filesystemType

The internal file system implementation used to access this folder, detailed in a separate chapter.

path (mandatory)

The path to the directory where the folder is stored on this device; not sent to other devices.

type

Controls how the folder is handled by Syncthing. Possible values are:

rescanIntervalS

The rescan interval, in seconds. Can be set to 0 to disable when external plugins are used to trigger rescans.

fsWatcherEnabled

If set to true, this detects changes to files in the folder and scans them.

fsWatcherDelayS

The duration during which changes detected are accumulated, before a scan is scheduled (only takes effect if fsWatcherEnabled is set to true).

ignorePerms

If true, files originating from this folder will be announced to remote devices with the “no permission bits” flag. The remote devices will use whatever their default permission setting is when creating the files. The primary use case is for file systems that do not support permissions, such as FAT, or environments where changing permissions is impossible.

autoNormalize

Automatically correct UTF-8 normalization errors found in file names. The mechanism and how to set it up is described in a separate chapter.

device

These must have the id attribute and can have an introducedBy attribute, identifying the device that introduced us to share this folder with the given device. If the original introducer unshares this folder with this device, our device will follow and unshare the folder (subject to skipIntroductionRemovals being false on the introducer device).

All mentioned devices are those that will be sharing the folder in question. Each mentioned device must have a separate device element later in the file. It is customary that the local device ID is included in all folders. Syncthing will currently add this automatically if it is not present in the configuration file.

The encryptionPassword sub-element contains the secret needed to decrypt this folder’s data on the remote device. If left empty, the data is plainly accessible (but still protected by the transport encryption). The mechanism and how to set it up is described in a separate chapter.

minDiskFree

The minimum required free space that should be available on the disk this folder resides. The folder will be stopped when the value drops below the threshold. The element content is interpreted according to the given unit attribute. Accepted unit values are % (percent of the disk / volume size), kB, MB, GB and TB. Set to zero to disable.

versioning

Specifies a versioning configuration.

SEE ALSO:

copiers

hashers

The number of copier and hasher routines to use, or 0 for the system determined optimums. These are low-level performance options for advanced users only; do not change unless requested to or you’ve actually read and understood the code yourself. :)

pullerMaxPendingKiB

Controls when we stop sending requests to other devices once we’ve got this much unserved requests. The number of pullers is automatically adjusted based on this desired amount of outstanding request data.

order

The order in which needed files should be pulled from the cluster. It has no effect when the folder type is “send only”. The possibles values are:

Note that the scanned files are sent in batches and the sorting is applied only to the already discovered files. This means the sync might start with a 1 GB file even if there is 1 KB file available on the source device until the 1 KB becomes known to the pulling device.

ignoreDelete

WARNING:

When set to true, this device will pretend not to see instructions to delete files from other devices. The mechanism is described in a separate chapter.

scanProgressIntervalS

The interval in seconds with which scan progress information is sent to the GUI. Setting to 0 will cause Syncthing to use the default value of two.

pullerPauseS

Tweak for rate limiting the puller when it retries pulling files. Don’t change this unless you know what you’re doing.

maxConflicts

The maximum number of conflict copies to keep around for any given file. The default, -1, means an unlimited number. Setting this to 0 disables conflict copies altogether.

disableSparseFiles

By default, blocks containing all zeros are not written, causing files to be sparse on filesystems that support this feature. When set to true, sparse files will not be created.

disableTempIndexes

By default, devices exchange information about blocks available in transfers that are still in progress, which allows other devices to download parts of files that are not yet fully downloaded on your own device, essentially making transfers more torrent like. When set to true, such information is not exchanged for this folder.

paused

True if this folder is (temporarily) suspended.

weakHashThresholdPct

Use weak hash if more than the given percentage of the file has changed. Set to -1 to always use weak hash. Default is 25.

markerName

Name of a directory or file in the folder root to be used as marker-faq. Default is .stfolder.

copyOwnershipFromParent

On Unix systems, tries to copy file/folder ownership from the parent directory (the directory it’s located in). Requires running Syncthing as a privileged user, or granting it additional capabilities (e.g. CAP_CHOWN on Linux).

modTimeWindowS

Allowed modification timestamp difference when comparing files for equivalence. To be used on file systems which have unstable modification timestamps that might change after being recorded during the last write operation. Default is 2 on Android when the folder is located on a FAT partition, and 0 otherwise.

maxConcurrentWrites

Maximum number of concurrent write operations while syncing. Increasing this might increase or decrease disk performance, depending on the underlying storage. Default is 2.

disableFsync

WARNING:

Disables committing file operations to disk before recording them in the database. Disabling fsync can lead to data corruption. The mechanism is described in a separate chapter.

blockPullOrder

Order in which the blocks of a file are downloaded. This option controls how quickly different parts of the file spread between the connected devices, at the cost of causing strain on the storage.

Available options:

copyRangeMethod

Provides a choice of method for copying data between files. This can be used to optimise copies on network filesystems, improve speed of large copies or clone the data using copy-on-write functionality if the underlying filesystem supports it. The mechanism is described in a separate chapter.

caseSensitiveFS

Affects performance by disabling the extra safety checks for case insensitive filesystems. The mechanism and how to set it up is described in a separate chapter.

junctionsAsDirs

NTFS directory junctions are treated as ordinary directories, if this is set to true.

id (mandatory)

The device ID.

name

A friendly name for the device. (optional)

compression

Whether to use protocol compression when sending messages to this device. The possible values are:

introducer

Set to true if this device should be trusted as an introducer, i.e. we should copy their list of devices per folder when connecting.

SEE ALSO:

skipIntroductionRemovals

Set to true if you wish to follow only introductions and not de-introductions. For example, if this is set, we would not remove a device that we were introduced to even if the original introducer is no longer listing the remote device as known.

introducedBy

Defines which device has introduced us to this device. Used only for following de-introductions.

certName

The device certificate’s common name, if it is not the default “syncthing”.

address (mandatory: At least one must be present.)

Contains an address or host name to use when attempting to connect to this device. Entries other than dynamic need a protocol specific prefix. For the TCP protocol the prefixes tcp:// (dual-stack), tcp4:// (IPv4 only) or tcp6:// (IPv6 only) can be used. The prefixes for the QUIC protocol are analogous: quic://, quic4:// and quic6:// Note that IP addresses need not use IPv4 or IPv6 prefixes; these are optional. Accepted formats are:

You can set multiple addresses and combine it with the dynamic keyword for example:

<device id="...">


    <address>tcp://192.0.2.1:22001</address>


    <address>quic://192.0.1.254:22000</address>


    <address>dynamic</address>
</device>

paused

True if synchronization with this devices is (temporarily) suspended.

allowedNetwork

If given, this restricts connections to this device to only this network. The mechanism is described in detail in a separate chapter).

autoAcceptFolders

If true, folders shared from this remote device are automatically added and synced locally under the default path. For the folder name, Syncthing tries to use the label from the remote device, and if the same label already exists, it then tries to use the folder’s ID. If that exists as well, the folder is just offered to accept manually. A local folder already added with the same ID will just be shared rather than created separately.

maxSendKbps

Maximum send rate to use for this device. Unit is kibibytes/second, despite the config name looking like kilobits/second.

maxRecvKbps

Maximum receive rate to use for this device. Unit is kibibytes/second, despite the config name looking like kilobits/second.

ignoredFolder

Contains the ID of the folder that should be ignored. This folder will always be skipped when advertised from the containing remote device, i.e. this will be logged, but there will be no dialog shown in the web GUI.

maxRequestKiB

Maximum amount of data to have outstanding in requests towards this device. Unit is kibibytes.

remoteGUIPort

If set to a positive integer, the GUI will display an HTTP link to the IP address which is currently used for synchronization. Only the TCP port is exchanged for the value specified here. Note that any port forwarding or firewall settings need to be done manually and the link will probably not work for link-local IPv6 addresses because of modern browser limitations.

untrusted

This boolean value marks a particular device as untrusted, which disallows ever sharing any unencrypted data with it. Every folder shared with that device then needs an encryption password set, or must already be of the “receive encrypted” type locally. Refer to the detailed explanation under untrusted.

enabled

If not true, the GUI and API will not be started.

tls

If set to true, TLS (HTTPS) will be enforced. Non-HTTPS requests will be redirected to HTTPS. When set to false, TLS connections are still possible but not required.

debugging

This enables /users/profiling and additional endpoints in the REST API, see /rest/debug.

address (mandatory: Exactly one element must be present.)

Set the listen address. Allowed address formats are:

unixSocketPermissions

When address is set to a UNIX socket location, set this to an octal value to override the default permissions of the socket.

user

Set to require authentication.

password

Contains the bcrypt hash of the real password.

apikey

If set, this is the API key that enables usage of the REST interface.

insecureAdminAccess

If true, this allows access to the web GUI from outside (i.e. not localhost) without authorization. A warning will displayed about this setting on startup.

insecureSkipHostcheck

When the GUI / API is bound to localhost, we enforce that the Host header looks like localhost. This option bypasses that check.

insecureAllowFrameLoading

Allow rendering the GUI within an <iframe>, <frame> or <object> by not setting the X-Frame-Options: SAMEORIGIN HTTP header. This may be needed for serving the Syncthing GUI as part of a website through a proxy.

theme

The name of the theme to use.

authMode

Authentication mode to use. If not present, the authentication mode (static) is controlled by the presence of user/password fields for backward compatibility.

address (mandatory)

bindDN (mandatory)

transport

insecureSkipVerify

Skip verification (true or false).

searchBaseDN

Base DN for user searches.

searchFilter

Search filter for user searches.

listenAddress

The listen address for incoming sync connections. See Listen Addresses for the allowed syntax.

globalAnnounceServer

A URI to a global announce (discovery) server, or the word default to include the default servers. Any number of globalAnnounceServer elements may be present. The syntax for non-default entries is that of an HTTP or HTTPS URL. A number of options may be added as query options to the URL: insecure to prevent certificate validation (required for HTTP URLs) and id=<device ID> to perform certificate pinning. The device ID to use is printed by the discovery server on startup.

globalAnnounceEnabled

Whether to announce this device to the global announce (discovery) server, and also use it to look up other devices.

localAnnounceEnabled

Whether to send announcements to the local LAN, also use such announcements to find other devices.

localAnnouncePort

The port on which to listen and send IPv4 broadcast announcements to.

localAnnounceMCAddr

The group address and port to join and send IPv6 multicast announcements on.

maxSendKbps

Outgoing data rate limit, in kibibytes per second.

maxRecvKbps

Incoming data rate limits, in kibibytes per second.

reconnectionIntervalS

The number of seconds to wait between each attempt to connect to currently unconnected devices.

relaysEnabled

When true, relays will be connected to and potentially used for device to device connections.

relayReconnectIntervalM

Sets the interval, in minutes, between relay reconnect attempts.

startBrowser

Whether to attempt to start a browser to show the GUI when Syncthing starts.

natEnabled

Whether to attempt to perform a UPnP and NAT-PMP port mapping for incoming sync connections.

natLeaseMinutes

Request a lease for this many minutes; zero to request a permanent lease.

natRenewalMinutes

Attempt to renew the lease after this many minutes.

natTimeoutSeconds

When scanning for UPnP devices, wait this long for responses.

urAccepted

Whether the user has accepted to submit anonymous usage data. The default, 0, mean the user has not made a choice, and Syncthing will ask at some point in the future. -1 means no, a number above zero means that that version of usage reporting has been accepted.

urSeen

The highest usage reporting version that has already been shown in the web GUI.

urUniqueID

The unique ID sent together with the usage report. Generated when usage reporting is enabled.

urURL

The URL to post usage report data to, when enabled.

urPostInsecurely

When true, the UR URL can be http instead of https, or have a self-signed certificate. The default is false.

urInitialDelayS

The time to wait from startup for the first usage report to be sent. Allows the system to stabilize before reporting statistics.

restartOnWakeup

Whether to perform a restart of Syncthing when it is detected that we are waking from sleep mode (i.e. an unfolding laptop).

autoUpgradeIntervalH

Check for a newer version after this many hours. Set to 0 to disable automatic upgrades.

upgradeToPreReleases

If true, automatic upgrades include release candidates (see releases).

keepTemporariesH

Keep temporary failed transfers for this many hours. While the temporaries are kept, the data they contain need not be transferred again.

cacheIgnoredFiles

Whether to cache the results of ignore pattern evaluation. Performance at the price of memory. Defaults to false as the cost for evaluating ignores is usually not significant.

progressUpdateIntervalS

How often in seconds the progress of ongoing downloads is made available to the GUI.

limitBandwidthInLan

Whether to apply bandwidth limits to devices in the same broadcast domain as the local device.

minHomeDiskFree

The minimum required free space that should be available on the partition holding the configuration and index. The element content is interpreted according to the given unit attribute. Accepted unit values are % (percent of the disk / volume size), kB, MB, GB and TB. Set to zero to disable.

releasesURL

The URL from which release information is loaded, for automatic upgrades.

alwaysLocalNet

Network that should be considered as local given in CIDR notation.

overwriteRemoteDeviceNamesOnConnect

If set, device names will always be overwritten with the name given by remote on each connection. By default, the name that the remote device announces will only be adopted when a name has not already been set.

tempIndexMinBlocks

When exchanging index information for incomplete transfers, only take into account files that have at least this many blocks.

unackedNotificationID

ID of a notification to be displayed in the web GUI. Will be removed once the user acknowledged it (e.g. an transition notice on an upgrade).

trafficClass

Specify a type of service (TOS)/traffic class of outgoing packets.

stunServer

Server to be used for STUN, given as ip:port. The keyword default gets expanded to stun.callwithus.com:3478, stun.counterpath.com:3478, stun.counterpath.net:3478, stun.ekiga.net:3478, stun.ideasip.com:3478, stun.internetcalls.com:3478, stun.schlund.de:3478, stun.sipgate.net:10000, stun.sipgate.net:3478, stun.voip.aebc.com:3478, stun.voiparound.com:3478, stun.voipbuster.com:3478, stun.voipstunt.com:3478 and stun.xten.com:3478 (this is the default).

stunKeepaliveStartS

Interval in seconds between contacting a STUN server to maintain NAT mapping. Default is 24 and you can set it to 0 to disable contacting STUN servers. The interval is automatically reduced if needed, down to a minimum of stunKeepaliveMinS.

stunKeepaliveMinS

Minimum for the stunKeepaliveStartS interval, in seconds.

setLowPriority

Syncthing will attempt to lower its process priority at startup. Specifically: on Linux, set itself to a separate process group, set the niceness level of that process group to nine and the I/O priority to best effort level five; on other Unixes, set the process niceness level to nine; on Windows, set the process priority class to below normal. To disable this behavior, for example to control process priority yourself as part of launching Syncthing, set this option to false.

maxFolderConcurrency

This option controls how many folders may concurrently be in I/O-intensive operations such as syncing or scanning. The mechanism is described in detail in a separate chapter.

crashReportingURL

Server URL where automatic crash reports will be sent if enabled.

crashReportingEnabled

Switch to opt out from the automatic crash reporting feature. Set false to keep Syncthing from sending panic logs on serious troubles. Defaults to true, to help the developers troubleshoot.

databaseTuning

Controls how Syncthing uses the backend key-value database that stores the index data and other persistent data it needs. The available options and implications are explained in a separate chapter.

maxConcurrentIncomingRequestKiB

This limits how many bytes we have “in the air” in the form of response data being read and processed.

announceLANAddresses

Enable (the default) or disable announcing private (RFC1918) LAN IP addresses to global discovery.

sendFullIndexOnUpgrade

Controls whether all index data is resent when an upgrade has happened, equivalent to starting Syncthing with --reset-deltas. This used to be the default behavior in older versions, but is mainly useful as a troubleshooting step and causes high database churn. The default is now false.

featureFlag

Feature flags are simple strings that, when added to the configuration, may unleash unfinished or still-in-development features to allow early user testing. Any supported value will be separately announced with the feature, so that regular users do not enable it by accident.

connectionLimitEnough

The number of connections at which we stop trying to connect to more devices, zero meaning no limit. Does not affect incoming connections. The mechanism is described in detail in a separate chapter.

connectionLimitMax

The maximum number of connections which we will allow in total, zero meaning no limit. Affects incoming connections and prevents attempting outgoing connections. The mechanism is described in detail in a separate chapter.

insecureAllowOldTLSVersions

Only for compatibility with old versions of Syncthing on remote devices, as detailed in /advanced/option-insecure-allow-old-tls-versions.

device

Template for a device element, with the same internal structure. Any fields here will be used for a newly added remote device. The id attribute is meaningless in this context.

folder

Template for a folder element, with the same internal structure. Any fields here will be used for a newly added shared folder. The id attribute is meaningless in this context.

The UI will propose to create new folders at the path given in the path attribute (used to be defaultFolderPath under options). It also applies to folders automatically accepted from a remote device.

Even sharing with other remote devices can be done in the template by including the appropriate folder.device element underneath.