Firefox Sync Server on its own host
Firefox Sync makes bookmarks available synchronously on any device, including the timeline, tabs, add-ons, settings, and credentials, which can be matched on request.
The Mozilla-hosted Firefox account server can be easily used in combination with a self-hosted synchronization server and storage.Authentication and encryption protocols are designed so that the account server does not know the user’s plaintext password and therefore cannot access the stored synchronization data.
CONTENT
Firefox Sync Server Installatio
nFirefox Sync Basic Configurat
ionFirefox Sync Apache Configurat
ionFirefox Sync HTTPS Let’s Enc
ryptFirefox Browser Setting
Troubleshoting & Settings
This tutorial shows how to install Firefox Sync 1.5 servers on Ubuntu 16.04.4 LTS. The Ubuntu server, here sync.server.net as an example, is accessible via the Apache 2.4 web server on the Internet.
Firefox Sync Server Installation
Prerequisite for Sync 1.5 servers is Python 2.7 and Python Virtualenv, python-dev, make, git, as well as the C and C++ compiler. To ensure this, the following pacts will be made available:
|
1 2 |
$ sudo apt-get install apach2 libapache2-mod-wsgi python-dev python-virtualenv git-core g++ make |
We install the sync server under /opt, who prefers /usr/local, can choose this path, we will root and execute the following lines:
|
1 2 3 4 5 6 |
$ sudo su - $ cd /opt $ git clone https://github.com/mozilla-services/syncserver $ cd syncserver $ make build |
To verify that the installation was successful, the following can provide the following:
|
1 2 |
$ make test |
Firefox Sync Basic Configuration
Create users and assign permission:
|
1 2 3 |
$ useradd -d /opt/syncserver/ -s /bin/false -l -r -U ffsync $ chown -R ffsync:www-data /opt/syncserver/ |
The sync server is configured using the ini file to pass different runtime settings.The syncserver .ini file serves as a starting point.
Most settings can be applied before the sync server runs, the URL that can be reached for clients must be adapted to the sync server. For productive use, we open the syncserver .ini file and edit the public_url:
|
1 2 3 4 5 |
$ vi /opt/syncserver/syncserver.ini [syncserver] public_url = https://sync.server.net/ |
Change the public_url from localhost:5000 to our sync.server.net. In another section, the configuration is set up on the HTTPS protocol.
Then adjust the sqluri for our data beacon:
|
1 2 |
sqluri = sqlite:////opt/syncserver/syncserver.db |
A secret key with the random generator is generated from a terminal, running the following line:
|
1 2 3 |
$ head -c 20 /dev/urandom | sha1sum 60bev0b7bd2f56dxea3794fb97f03c824e70e21d |
Enter this key generated in the syncserver configuration file .ini:
|
1 2 |
secret = 60bev0b7bd2f56dxea3794fb97f03c824e70e21d |
Assign enough rights to the database:
|
1 2 |
chmod 660 /opt/syncserver/syncserver.db |
Create automatic start in systemd for Firefox Sync:
|
1 2 |
$ vi /etc/systemd/system/firefox-sync.service |
and insert the following content:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
$ [Unit] Description=Firefox Sync Server After=syslog.target network.target remote-fs.target nss-lookup.target [Service] Type=simple User=ffsync Group=ffsync Umask=007 Restart=on-abort ExecStart=/opt/syncserver/local/bin/gunicorn --paste /opt/syncserver/syncserver.ini [Install] WantedBy=multi-user.target |
Start the Firefox Sync Service:
|
1 2 |
$ systemctl start firefox-sync.service |
Firefox Sync Apache Configuration
Create an Apache Virtualhost as follows in this example:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
$ vi /etc/apache2/sites-available/sync.server.net.conf <virtualhost *:80=""> ServerName sync.server.net DocumentRoot /opt/syncserver CustomLog /var/log/apache2/access_sync.server.net.log combined ErrorLog /var/log/apache2/error_sync.server.net.log LogLevel warn <directory opt="" syncserver=""> Require all granted Options -Indexes </directory> </virtualhost> |
Activate and restart the Apache Virtualhost:
|
1 2 3 |
$ a2ensite sync.server.net.conf $ sudo systemctl restart apache2.service |
Firefox Sync HTTPS Let’s Encrypt
Provide Let’s Encrypt for our sync server, adding the repository and installing the ACME packages:
|
1 2 3 4 |
$ add-apt-repository ppa:certbot/certbot $ apt-get update $ apt-get install python-certbot-apache |
Now the Let’s Encrypt certificate can be created, certbot makes it easy for us, the SSL configuration required for our virtual host is created automatically.
|
1 2 |
$ certbot --apache -d sync.server.net |
Under /etc/apache2/sites-enabled is now the symlink of this to file sync.server.net-le-ssl.conf shows, this i
s stored under/etc/apache2/sites-available.
|
1 2 3 |
$ ls /etc/apache2/sites-enabled/sync.server.net-le-ssl.conf /etc/apache2/sites-enabled/sync.server.net-le-ssl.conf |
In the file sync.server.net-le-ssl.conf, the WSGI configuration still needs to be added, we edit wiedersync
.server.net-le-ssl.conf, which then shows the following content:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
<ifmodule mod_ssl.c=""> <virtualhost *:443=""> ServerName sync.server.net DocumentRoot /opt/syncserver WSGIProcessGroup ffsync WSGIDaemonProcess ffsync user=ffsync group=ffsync processes=2 threads=25 python-path=/opt/syncserver/local/lib/python2.7/site-packages/ WSGIPassAuthorization On WSGIScriptAlias / /opt/syncserver/syncserver.wsgi CustomLog /var/log/apache2/access_sync.server.net.log combined ErrorLog /var/log/apache2/error_sync.server.net.log LogLevel warn <directory opt="" syncserver=""> Require all granted Options -Indexes </directory> SSLCertificateFile /etc/letsencrypt/live/sync.server.net/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/sync.server.net/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </virtualhost> </ifmodule> |
Now the Apache web server needs to be restarted:
|
1 2 |
sudo systemctl restart apache2.service |
Firefox browser setting
In order for Firefox to be able to synchronize via its own sync server, the URL must be changed, for this purpose you enter about:config in the address bar and confirm with the enter key.
After confirming the warning, enter identity.sync.tokenserver.uri into the search box.
Double-clicking changes the value to your own sync server
https://sync.server.net/token/1.0/sync/1.5
Finally, the Mozilla account is created via the following URL:
|
1 2 |
https://accounts.firefox.com |
The account itself is located on the Mozilla server, the data is stored on the own sync server.
It is important that the synchronization was made only after the entry to the own sync server in Firefox. If bookmarks and data are on the sync server with Mozilla, the data can be deleted, with the following command lines:
|
1 2 3 4 |
$ apt install python-pip $ sudo pip install PyFxA $ python ./bin/delete_user_data.py email.account@server.net |
email.account@server.net with actual account email.
Troubleshoting & Settings
To check that The Firefox Sync sync is running correctly, open the log file /var/log/apache2/access_sync.server.net.log:
|
1 2 |
$ sudo tail -f /var/log/apache2/access_sync.server.net.log |
Note that the Let’s Encrypt certbot for validation, the host must be reachable via port 80, for the firewall included in Ubuntu in the default, the command is as follows:
|
1 2 |
$ sudo ufw allow http |
When you call the Sync Server URL, or https://sync.server.net in the browser, the following output should appear:
|
1 2 3 |
$ curl -k https://sync.server.ent it works! |
If the Apache web server does not start, the syntax of the configuration can be validated:
|
1 2 3 |
$ apache2ctl configtest Syntax OK |
After all accounts have been created, access to other users can be blocked in the syncserver .ini file:
|
1 2 |
$ allow_new_users = false |
The Firefox Sync protocol contains the debug information in case of errors and can be queried with the following command in the browser line.
|
1 2 |
about:sync-log |
Sources Link:
Run your own Sync-1.5 Server
Github mozilla-services/syncserver
