Sync Dev: Securely Deploying Sync

Developing on the Resilio Sync API? Our developer evangelist is here to work with you.

This is a cross-post from CloudSigma’s blog by Viktor Petersson.

Configure the server

You should think twice before handing over your sensitive data to a cloud backup service. As convenient as it may be, you should still ask if it is worth the price you pay by allowing third parties to snoop on your data.

The problem however is that keeping your files both save and in sync across devices by yourself isn’t trivial. Fortunately, Sync makes this a lot easier.

While it is possible to simply use Sync to keep two devices in sync, it does rely on the fact that both devices are online. For instance, if you want to keep your laptop and desktop computer at home in sync, both must be powered on and able to talk with each other. This may not always be the case.

The solution to this problem is to add a server into the mix that is always accessible. This also gives you the added benefit of an extra copy.

While this server could be at home, it might make more sense to use a cloud-based server for resilience purposes. In order to avoid going back to square one, you need to chose a provider and geographical location that takes privacy serious, such as CloudSigma and our Zurich location in Switzerland plus, for increased security, you may also consider using disk encryption.

Installing Resilio Sync (formerly BitTorrent Sync) is very straightforward. As an example, if you are using an Ubuntu 14.04 for your server, all you will have to do is to run the following commands:

$ wget https://download-cdn.resilio.com/stable/linux-x64/resilio-sync_x64.tar.gz -O btsync.tgz
$ tar xvfz btsync.tgz
$ sudo mv btsync /usr/local/bin/
$ sudo useradd btsync
$ sudo mkdir /btsync
$ sudo chown -R btsync:btsync /btsync/

Next we need to create a configuration file. A minimal configuration would look as follows. A full sample config is available here.

{
  "device_name": "MyNode",
  "listening_port" : 0,
  "pid_file" : "/tmp/btsync.pid",
  "download_limit" : 0,
  "upload_limit" : 0,
  "webui" :
  {
    "listen" : "127.0.0.1:8888",
    "login" : "myuser",
    "password" : "mypassword",
    "allow_empty_password" : false,
    "directory_root" : "/btsync",
    "dir_whitelist" : [ "/btsync" ]
  }
}

Modify this to your needs and save it as /usr/local/etc/btsync.conf using your favorite text editor.

Please note that:

  • Your password is stored in plaintext in the config file. There is an option to save it encrypted instead.
  • The above configuration listens on 127.0.0.1 (localhost). As a result, you will not be able to access the server from the outside without using an SSH tunnel (covered below). You can change this to ’0.0.0.0:8888′ to make it accessible to the world, but if you do this I would only recommend that you do this combined with the built-in SSL support (or place your server behind a reverse proxy that adds SSL support).

With your config file populated, we can now start the server using the following command:

$ sudo -u btsync btsync --config /usr/local/etc/btsync.conf

If you get the following error, simply try starting the server with ‘-u btsync’ the first time:

btsync: /mnt/jenkins/workspace/Build-Sync-x64/linux/breakpad/client/linux/handler/minidump_descriptor.h:55: google_breakpad::MinidumpDescriptor::MinidumpDescriptor(const string&): Assertion `!directory.empty()' failed.

Since we used configured Sync to only listen on 127.0.0.1, the server won’t be accessible to the world. To access the server, we will have to use an SSH tunnel. If you’re on OS X or Linux, this is very simple. All you need to do is to open a terminal window and run the following command:

$ ssh -L 8888:127.0.0.1:8888 -N user@remoteserver.com -v

What this will do is to create a secure tunnel on your local machine that will allow you to access the remote server on your local port 8888.

If you’re using Windows, there are a few tools available for creating SSH tunnels. The most popular one is probably PuTTY.

With the SSH tunnel active we can just point our browser to http://127.0.0.1:8888 and login using the credentials specified.

BitTorrent Sync web interface

Syncing a folder

Once you’re able to login to the web interface, it’s time to add a folder for synchronization. To do this, you need to download and install Resilio Sync on your local computer.

On your local computer, click the Add Folder button and select the folder that you’d like to sync. After selecting the folder, you’d get the following dialogue window. Close this dialogue window and then bring up the preferences for the newly created share:

btsync_preferences_dialogue

Sync Preferences

We will use the Read Only key for this, since that protects our local computer in case the remote server would for some reason get compromised. If we were to use the Read Write key, an intruder would be able to push back changes to your local computer.

Let’s now go back to the browser window for the remote server and click the ‘Enter a key or link’ icon.

btsync_remote_enter_key

Since we already copied our Read Only key, we just need to paste in the key.

btsync_remote_enter_key2

Lastly, we need to select where to store the folder. Remember that it needs to go in the ‘/btsync’ folder as per our configuration above (directory_root).

btsync_remote_select_destination

The remote server and your local computer will now start synchronizing. Depending on the size of the folder and your connection, this may take some time. You will be able to follow the process both locally and in the web interface. When done, it will look as follows:

btsync_remote_finished_sync

Repeat this process for each folder you’d like to synchronize.

Wrap up

That’s all folks. You should now be able to get your data in sync using Resilio Sync. If you want to add another desktop, you can simply add the Read Write key to it. That will allow you to work on the same files and have both devices in sync. It is also worth noting that there are mobile clients for iOS, Android, and Windows Phone here, which allows you to both backup data from your phone (such as photos) as well as accessing remote data from a share.

If you want to reconfigure the remote server, all you need to do is to open the SSH tunnel described above and point your browser to the local URL.