Docker Installation

Sync-in can be installed using the official Docker image available here: https://hub.docker.com/r/syncin/server.

This image is designed to be used in a docker compose setup.

---

📋 Requirements

⚙️ Minimum Hardware Requirements

• RAM: 4 GB
• CPU: 2 cores/vCPU
• Disk Space: 2 GB

🐳 Docker

This setup relies on Docker Compose files using the x-include extension.
You need:

• Docker Engine version 24 or higher
• Docker Compose version 2.20 or higher

✅ You can check your installed versions with:

docker --version
docker compose version

🔗 If Docker is not installed, follow the official Docker installation guide.

📦 Setup files

To get the sync-in-docker package from https://github.com/Sync-in/server/releases, use one of the following methods:

• curl and unzip:

  curl -L -o sync-in-docker.zip \
  https://github.com/Sync-in/server/releases/latest/download/sync-in-docker.zip && \
  unzip sync-in-docker.zip

• or with curl and tar:

  curl -L -o sync-in-docker.tar.gz \
  https://github.com/Sync-in/server/releases/latest/download/sync-in-docker.tar.gz && \
  tar zxvf sync-in-docker.tar.gz

You should have the following file structure in the sync-in-docker directory:

├── config
│   ├── nginx
│   │   ├── docker-compose.nginx.yaml
│   │   └── nginx.conf
│   │   └── onlyoffice.conf
│   ├── onlyoffice
│   │   └── docker-compose.onlyoffice.yaml
│   └── sync-in-desktop-releases
│       └── docker-compose.sync-in-desktop-releases.yaml
│       └── update.sh
├── docker-compose.yaml
└── environment.yaml

You can check the structure and contents from the GitHub repository.

---

🚀 QuickStart

1. Default secrets

Move into the Docker Compose directory:

cd sync-in-docker

Before starting the server, make sure to replace the default secrets for security purposes.

Edit the environment.yaml file and update the values as follows:

auth:
  token:
    access:
      secret: "changeAccessWithStrongSecret"
    refresh:
      secret: "changeRefreshWithStrongSecret"
mysql:
  # Use the MySQL root password as defined in docker-compose.yaml
  url: mysql://root:MySQLRootPassword@mariadb:3306/sync_in

Then, edit the docker-compose.yaml file and make sure the MySQL root password matches:

services:
  mariadb:
    environment:
      MYSQL_ROOT_PASSWORD: "MySQLRootPassword"

security

Use long, randomly generated strings for secrets to ensure proper security.

info

Make sure to wrap your passwords in quotes if they contain special characters.

tip

You can use environment variables to configure the secrets previously defined. See the Environment variables section for more details.

2. Launch the Sync-in server

To define your own administrator credentials on first launch, use:

INIT_ADMIN=true INIT_ADMIN_LOGIN='user' INIT_ADMIN_PASSWORD='password' docker compose up -d

Replace user and password with your preferred login and password for the initial admin account.

If you omit these variables and run:

INIT_ADMIN=true docker compose up -d

The server will use the default administrator credentials:

• Login: sync-in
• Password: sync-in

warning

Important: For security reasons, it’s strongly recommended to change both the default login and password immediately after your first login.

info

To check the container status, use: docker compose ps

3. Access the web interface

Once the server is running, open your browser and navigate to:

http://localhost:8080

Log in using the administrator credentials you configured in step 2.

---

🛠️ Configuration

Nginx (recommended)

In a production setup, a reverse proxy helps ensure secure and efficient access to your Sync-in instance.

The official Nginx Docker image is used, and a Sync-in-specific Nginx configuration is included in this repository.

To enable it, edit the docker-compose.yaml file and uncomment the following lines at the top of the file:

include:
  - ./config/nginx/docker-compose.nginx.yaml

To configure HTTPS, edit the file ./config/nginx/nginx.conf and add your SSL certificate settings.

info

docker compose up -d to apply

Nginx is now enabled on port 80, making Sync-in accessible via http://localhost.

OnlyOffice (optional)

⚠️ To enable OnlyOffice integration with Sync-in, make sure the Nginx configuration is set up first.

Edit ./config/nginx/nginx.conf and uncomment the following line at the end of the file:

include onlyoffice.conf;

To enable the container, edit the docker-compose.yaml file and uncomment the following lines at the top of the file:

include:
  - ./config/nginx/docker-compose.nginx.yaml
  - ./config/onlyoffice/docker-compose.onlyoffice.yaml

Update the environment.yaml configuration file to activate the integration:

applications:
  files:
    onlyoffice:
      # enable integration
      enabled: true
      # use the same secret as in docker-compose.yaml
      secret: onlyOfficeSecret

Replace the default secret above with a strong value, and ensure it matches the one in ./config/onlyoffice/docker-compose.onlyoffice.yaml:

services:
  onlyoffice:
    environment:
      - JWT_SECRET=onlyOfficeSecret

info

docker compose up -d && docker compose restart nginx sync_in to apply

Sync-in and OnlyOffice run in Docker containers and communicate through Nginx.
It is essential to access the interface using either the server’s IP address or a properly configured domain name.

warning

Accessing Sync-in via http://localhost or http://127.0.0.1 will not allow OnlyOffice to function properly (documents won't be viewable or editable).

Clients repository (optional)

If desktop applications do not have internet access, the Sync-in server can act as a local repository for desktop client releases.
This allows users to download the applications directly from their account and benefit from automatic updates.

To enable it, edit the docker-compose.yaml file and uncomment the following lines at the top of the file:

include:
  - ./config/sync-in-desktop-releases/docker-compose.sync-in-desktop-releases.yaml

Then, in the environment.yaml file, add the appStore section under applications/files path:

applications:
  files:
    appStore:
      repository: local

To enable this feature or update the releases, you need to run the following commands:

chmod +x ./config/sync-in-desktop-releases/update.sh
./config/sync-in-desktop-releases/update.sh

---

🌱 Environment variables

During initialization

• SKIP_INIT : Skips the initialization step (database migration, admin account creation, permissions update, etc.)
• INIT_ADMIN : If defined (set to true or any non-empty value), forces the creation of the administrator account during initialization.
• INIT_ADMIN_LOGIN : The username of the admin account to be created during initialization.
• INIT_ADMIN_PASSWORD : The password of the admin account to be created during initialization.
• PUID : Defines the user ID the container should run as (for file ownership and permissions).
• PGID : Defines the group ID the container should run as (useful for shared volume access).

During execution

All Sync-in server configuration parameters can be set using environment variables prefixed with SYNCIN_, see the relevant section.

---

🔐 Managing Docker Secrets

Docker Secrets, particularly in Swarm or Compose environments, provide a secure way to store sensitive data (such as passwords, API keys, etc.) by mounting them into containers as files, typically located in the /run/secrets/<secret_name> directory.

By design, Docker never directly exposes these secrets as environment variables, in order to reduce the risk of leakage (for example, via docker inspect or environment variables accessible by the process).
The Sync-in Docker image, like many official images (MySQL, PostgreSQL, etc.), adopts and supports the *_FILE convention.

For example, instead of defining the environment variable SYNCIN_MYSQL_URL directly, it is recommended to use
SYNCIN_MYSQL_URL_FILE=/run/secrets/mysql_password. The Sync-in server will then read the contents of the specified file to initialize the corresponding variable internally.

This approach ensures secure secret handling while maintaining compatibility with existing configuration mechanisms.

For more information, refer to the official Docker documentation on secret management.

---

🧾 Useful Commands

These commands should be executed from the root of the sync-in-docker directory, within the Sync-in Docker Compose environment.

Sync-in Container

👤 Create a User

Once the Sync-in container is running, you can create new accounts directly inside the container.

Replace "user" and "password" with the credentials you want to assign.

docker compose exec -it sync_in sh -c 'node server/infrastructure/database/scripts/create-user.js --role user --login "user" --password "password"'

tip

Replace --role user with --role admin to create an administrator account.

🔄 Update the Container

Pull the latest Sync-in image, recreate/restart the container, and remove unused images.

docker compose pull sync_in && docker compose up -d && docker image prune -f

Docker Compose

🚀 Start Services

Start the services defined in docker-compose.yml in the background.

docker compose up -d

🛑 Stop and Clean Services

Stop the services and remove containers and networks.

docker compose down

⚠️ Full Cleanup (also removes volume data!)

Stop the services, remove containers, networks, images, volumes, and orphaned containers.

docker compose down --rmi all --volumes --remove-orphans

📜 View Logs

Display real-time logs of all services.

docker compose logs -f --tail 100

View logs of a specific service (e.g. Sync-in):

docker compose logs -f --tail 100 sync_in