Server edition ... usable for remote workers?

Is not the price, it’s the idea of shallow sync which I prefer that DTTG for this use case. DT does not have this option.

A VPN is not specific to DT, nor are public IP addresses. And VPNs can be set up in a number of ways. The easiest would be if your router could work as a VPN server, like FritzBoxes can do.

1 Like

This is not something we are considering. DEVONthink and DEVONthink To Go are not the same application and macOS ≠ iOS.

1 Like

The other consideration to bear in mind is whether the (significantly) more limited feature set of the browser-based interface to DT Server will be adequate for what you’d like your remote users to be able to do with the database. If you haven’t already done so, it would be worth running DT Server on your local network and trying out the kinds of task you’d like them to be able to do. (You can do this from a browser on the same Mac that DT itself is running on.)

I am asking for a list of other people that have done some work regarding getting DevonThink usable over the internet. This is a use case scenario that a number of people would like to try.

This list could be presented as “opinions of other people, that do not reflect DevonThink’s opinion, and no warranties apply. Use at your own risk”

I expect you’ve already done this, but a search of this forum is a good place to start. Here for a starter is @chrillek’s own guidance on How to use Synology NAS as sync store, and this thread on port forwarding has some useful-looking if router-specific troubleshooting.

2 Likes

I recommend you engage the services of a qualified networking engineer. Setting up and testing VPNs, port forwarding, etc. to be secure is their “bread and butter”.

Exposing your network to the internet also exposes your network to the “bad guys” out there running “bots”. They already are poking at your network router hundreds of times per hour (or more) but can’t (hopefully) get thru. But with a VPN and port forwarding, adds one more vulnerability to your network that if not set up correctly, could lead to serious and perhaps automated hacking into your network.

1 Like

I’d suggest doing one of that (preferably VPN). Not both.

1 Like

That’s why I don’t claim to be an expert! I am experienced with a network getting hacked (not mine but I had a stake). Not nice.

Tailscale (a WireGuard-based VPN solution) is a perfect solution for your problem. I was able to set up everything in about 15 minutes by following these steps:

  1. Create two Tailscale accounts (https://login.tailscale.com/login)
    • You (@CanadaSteven) create Account_A
    • Your research assistant creates Account_B
  2. Install Tailscale (c.f. https://tailscale.com/download/)
    • Install it on the host (server) and log in with Account_A
    • Install it on the client (your research assistant’s device) and log in with Account_B
  3. Share the host over the tailscale VPN
    • Go to the Admin console of Account_A (https://login.tailscale.com/admin/machines)
    • Find your host and share this device by creating an invitation link.
    • Note down of the IP address of the host machine (e.g. 100.100.100.100)
  4. Accept the share invitation with Account_B
    • Send the invitation link to your research assistant.
    • They accept the invitation using Account_B
  5. Start the DEVONthink server on the host (From DEVONthink preferences)
    • Set up DEVONthink server with a specific port. (e.g. 12345)
    • Create a username/password for your research assistant
    • Start the server
  6. Visit the DEVONthink server on the client
    • Open <host_tailscale_IP>:<devonthink_server_port> (e.g. 100.100.100.100:12345)
    • login with username/password

Note: If you have more devices to set up (e.g. Windows, Linux, iPadOS, etc.), you only need to install Tailscale on that device and log in with your account (no other steps are required)

Note: Once everything is set up, you may want to disable Key Expiry for your device(s) (e.g. the host machine). Otherwise, you will need to reauthenticate on each of your devices every 180 days. (see https://tailscale.com/kb/1028/key-expiry/#disabling-key-expiry)

3 Likes

I second Tailscale.

It’s always on, doesn’t clobber battery or get in the way of using my devices (phone, Synology, or laptop) but I’m always in sync if I’ve got an internet connection.

Think of it as a second network directly between devices using TailScale. No port forwarding, no VPN configs or DNS muck to work through.

The IPs remain static and sync just works.

1 Like

Are you using DevonThink server, and logging in through the browser window, to your server (using Tailscale)?
-or-
Are you using DevonThink with a sync store on your Synology NAS, and directing both of the computers to store the database on the NAS using Tailscale?

I know understand the above to mean… open a browser, enter the above two parts: http://<part 1 is the tailscale IP>:<part 2 is the port from DevonThink server> into the address bar and hit enter

In the next window, login with the DevonThink username and password that the admin setup for the remote worker(s)

The later, but the difference is nil. With tailscale putting everything on a local network securely - it’s like the server is in the same room even if you’re three states away.

Users are regularly discouraged to put the databases on a NAS.

1 Like

Does Tailscale work with a sync store on a Synology NAS?

Yes, you can.

Preliminar questions

  • What’s the CPU architecture of your Synology NAS ?
    • If you don’t know, please refer to Synology Knowledge Center (Link) and tell me your CPU Model.
  • What is the version of your DSM (i.e. DSM is the Operating System of your Synology NAS) ?

Setup WebDAV on Synology

To enable WebDAV connections:

  1. Launch WebDAV Server.
  2. Go to Settings > HTTP/HTTPS.
  3. Tick both the Enable HTTP and Enable HTTPS checkboxes. By default, the HTTP port is 5005, and the HTTPS port is 5006. You can customize the port number according to your needs.
  4. Click Apply.

c.f. WebDAV Server - Synology Knowledge Center

Install Tailscale on Synology NAS and log in Account_A

Note: the Tailscale from the Synology Package Center is always out of date. If you want to install the latest version of Tailscale on Synology, you should

  • download the installation package that match your CPU architecture and DSM version from the Tailscale Package Center (https://pkgs.tailscale.com/stable/#spks)
  • install manually the latest Tailscale on Synology.

Share Synology NAS over Tailscale Network to Account_B

1 Share Synology NAS
* Go to the Admin console of Account_A (Tailscale)
* Find your Synology NAS and share this device by creating an invitation link.
* Note down of the IP address of the host machine (e.g. 100.111.222.111)
2. Accept the share invitation with Account_B

  • Send the invitation link to your research assistant.
  • They accept the invitation using Account_B

Set up DEVONthink sync using webDAV

  1. Sync from your device to NAS
    • On your device: Set up sync in DEVONthink preference c.f. In & Out : Sync
    • wait until the initial sync from your DEVONthink to Synology NAS is complete.
  2. Sync from NAS to your research assistant’s device.
    • On your research assistant’s device: Set up sync in DEVONthink preference
    • wait until the initial sync is complete.

Why enable HTTP at all?

There are two reasons.

  1. It is just a simple copy-paste from Synology Knowledge Center (WebDAV Server - Synology Knowledge Center). I didn’t pay attention to this in the first place.
  2. After little thought, with Tailscale taking care of the security part : http://Tailscale_IP:WebDAV_Port, I don’t see how HTTP could be harmful in this particular application (DEVONthink Sync).

But I can see your point. Enabling HTTP may not be harmful here but it is not beneficial either. So I agree with you. If I were CanadaSteven, I will not enable HTTP.

Right. Personally, I’d not go through a third-party service for a VPN if I can avoid it. Given that Tailscale uses Wireguard, why not setup Wireguard directly? There are routers out there that allow this (notably FritzBox), but Wireguard can be run directly on the Mac and on iOS. The apps are free (as in open-source and in beer), and the setup is very easy (compared to traditional IPSec VPNs etc).

ok. how?

Ok. please share how you did it.
I want to be able to have my 2nd laptop sync from my primary computer, from anywhere.
I want to be able to have remote workers sync to a database of my choosing, from anywhere.