Setup your own Firefox 1.5 Sync Server on Debian with Apache2 and MySQL

I’m assuming Apache 2 and MySQL are already installed on your server. If not, follow one of the many how-tos – there is actually not much more to do than installing the required Debian packages, enabling SSL and creating the SSL certificates.

Install the Requirements

apt-get install python-dev git-core python-virtualenv libapache2-mod-wsgi

Setup Sync-1.5 Server

cd /opt
git clone https://github.com/mozilla-services/syncserver
cd syncserver
make build
chown root:www-data -R /opt/syncserver
chmod 750 -R /opt/syncserver

To check if everything works fine you can run (as root):

make test

This should return “OK”.

Create Database

mysql -u root -p
CREATE DATABASE syncserver;
GRANT ALL PRIVILEGES ON syncserver.* TO sync IDENTIFIED BY "password";
exit

Configure the Sync Server

Change the following settings in /opt/syncserver/syncserver.ini in the section “[syncserver]”:

# Replace the domain name and port
public_url = https://your.domain.net/
sqluri = pymysql://sync:password@localhost:3306/syncserver
# Generate a secret with "head -c 20 /dev/urandom | sha1sum"
# and place it here
secret = YOURSECRET

Important: When your Apache server is running on port 443, don’t specify the port number in “public_url”, otherwise it won’t work (see comments).

Configure Apache2

Enable the WSGI module:

a2enmod wsgi

Create a new config file

nano /etc/apache2/sites-available/syncserver

and insert this for Apache 2.2:

<VirtualHost *:80>
        ServerName your-domain.com
        Redirect / https://your-domain.com
</VirtualHost>
<VirtualHost *:443>
        ServerName your-domain.com
        DocumentRoot /opt/syncserver

        WSGIProcessGroup sync
        WSGIDaemonProcess sync user=www-data group=www-data processes=2 threads=25 python-path=/opt/syncserver/local/lib/python2.7/site-packages/
        WSGIPassAuthorization On
        WSGIScriptAlias / /opt/syncserver/syncserver.wsgi

        SSLEngine On
        SSLCertificateFile    /etc/apache2/ssl/ssl.crt
        SSLCertificateKeyFile /etc/apache2/ssl/ssl.key

        CustomLog /var/log/apache2/access_sync.log combined
        ErrorLog /var/log/apache2/error_sync.log
        LogLevel warn
</VirtualHost>
<Directory /opt/syncserver>
        Order deny,allow
        Allow from all
</Directory

Or this for Apache 2.4 (the <Directory> part ist different):

<VirtualHost *:80>
        ServerName your-domain.com
        Redirect / https://your-domain.com
</VirtualHost>
<VirtualHost *:443>
        ServerName your-domain.com
        DocumentRoot /opt/syncserver

        WSGIProcessGroup sync
        WSGIDaemonProcess sync user=www-data group=www-data processes=2 threads=25 python-path=/opt/syncserver/local/lib/python2.7/site-packages/
        WSGIPassAuthorization On
        WSGIScriptAlias / /opt/syncserver/syncserver.wsgi

        SSLEngine On
        SSLCertificateFile    /etc/apache2/ssl/ssl.crt
        SSLCertificateKeyFile /etc/apache2/ssl/ssl.key

        CustomLog /var/log/apache2/access_sync.log combined
        ErrorLog /var/log/apache2/error_sync.log
        LogLevel warn
</VirtualHost>
<Directory /opt/syncserver>
        Require all granted
</Directory

I’m actually not sure if self signed certificates would work here (I haven’t tried it). At least use certificates signed by your own CA and import the CA certificate into every Firefox client using your sync server or use a certificate signed by a known Certificate Authority (e. g. StartSSL.com).

Enable the config file and restart Apache2:

ln -s /etc/apache2/sites-available/syncserver /etc/apache2/sites-enabled/syncserver
/etc/init.d/apache2 restart

Check the log file for errors:

tail -f /var/log/apache2/error_sync.log

Configure Firefox

You need to change the sync server address on each client. After disconnecting an old sync server, this setting is reset! So before connecting to a new one, check, this settings is correct.

  • Open “about:config”
  • Search for “tokenServerURI”
  • Set “services.sync.tokenServerURI” to “https://your.domain.net/token/1.0/sync/1.5″. Don’t forget to append “/token/1.0/sync/1.5″ to your server address!

Update Sync Server

cd /opt/syncserver
git stash
git pull
git stash pop
make build

Links

17 thoughts on “Setup your own Firefox 1.5 Sync Server on Debian with Apache2 and MySQL

  1. Hi there,

    I was looking for some easy & quick setup guide for Sync-1.5 Server and your How-To fulfill my needs. My OS is Debian Wheezy.

    Anyway I never pass “make test” with OK, I end up (now) with the error:

    serving on 0.0.0.0:5000 view at http://127.0.0.1:5000
    Traceback (most recent call last):
    File “/usr/lib/python2.7/runpy.py”, line 162, in _run_module_as_main
    “__main__”, fname, loader, pkg_name)
    File “/usr/lib/python2.7/runpy.py”, line 72, in _run_code
    exec code in run_globals
    File “/opt/syncserver/local/lib/python2.7/site-packages/syncstorage/tests/functional/test_storage.py”, line 1275, in
    res = run_live_functional_tests(TestStorage, sys.argv)
    File “/opt/syncserver/local/local/lib/python2.7/site-packages/syncstorage/tests/functional/support.py”, line 178, in run_live_functional_tests
    creds = authenticate_to_token_server(url, opts.email, opts.audience)
    File “/opt/syncserver/local/local/lib/python2.7/site-packages/syncstorage/tests/functional/support.py”, line 110, in authenticate_to_token_server
    r.raise_for_status()
    File “/opt/syncserver/local/local/lib/python2.7/site-packages/requests/models.py”, line 773, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
    requests.exceptions.HTTPError: 401 Client Error: Unauthorized

    I have just followed your guide, Apache2 has been configured from scratch and default sites are just working.

    Any hint what should I check or where the permission problem should come from would be appreciated.

    Best regards,

    Jakub Rybar

    • Hey Jakub,

      try running “make test” on a fresh “git clone”. Do you get the error message, too?

      Cheers,

      Sathya

      • It does the same on the fresh Git clone. I will continue hacking it tomorrow, I need to go deeper, into Python code… I just wanted to deploy it nice & easy, but I have to resolve this issue – hopefully it will not take so much additional time. :)

        • I just played around a little and installed the sync server into a fresh Debian Wheezy virtual machine. There were no problems – it should be easy ;-). Without changing the source, I can only produce error 500 when I run “make test” as normal user and not as root. When I manually set the email address passed to “authenticate_to_token_server” in “support.py” I get error 401, too. The parameters should be: url => http://localhost:5000/token/1.0/sync/1.5, opts.email => None, opts.audience => None. A random email address then is created in “authenticate_to_token_server”. Maybe check, if that works, first? Sorry, I can’t help you more. Digging deeper into the Python code probably is the only way ;-).
          Please post the solution, when you’ve found the problem.

  2. Just had some trouble getting it work.
    The problem is the url “https://your.domain.net:443/token/1.0/sync/1.5″
    The Port definition :443 must be left out, in the ini-file and in services.sync.tokenServerURI. Now it works on the ssl-enabled apache

    • Hey TJ, thanks! I’m running the sync server on a different port than 443 and therefore had to specify it – without any problems. I changed the howto, so other readers don’t have the same problem.

  3. Hum, after reading this a-little https://docs.services.mozilla.com/index.html
    it looks to me like you need to setup more than jest the sync server, there is an accounts server, a token server on and on that is also needed to be fully self hosted.
    Seems kinda silly to me to have to do all this, it’s jest Bookmarks, I don’t think it syncs website login passwords and stuff.
    Actually I’m playing around with owncloud seeing if that will sync my firefox profile,
    I’m not sure is that would work with an android phone thinking the per-app directory premissions will be a deal braker…
    https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data

    • Yes, it got a little complicated with the current sync server… I still didn’t have time to install the the other servers and the documentation still is horrible (at least on the Mozilla website, I haven’t googled it for a while). But with the sync server at least the sensitive data is on your own server ;-). I don’t know, if it syncs website login passwords, as I don’t save them, but pretty much everything else is synced, including settings and addons.
      Is there a new ownCloud Firefox sync? The old one does not work with the current versions of Firefox. Of course that would make the installation much easier.

    • What made you think that “it’s jest Bookmarks”? According to my experience with the “old” sync, the corresponding Wikipedia article and Mozilla’s own documentation¹ it can be much more. You can “synchronize bookmarks, browsing history, preferences, passwords, filled forms, add-ons, and the last 25 opened tabs across multiple computers.”²

      ¹ https://en.wikipedia.org/wiki/Firefox_Sync
      ² https://www.mozilla.org/en-US/firefox/sync/

  4. I followed this guide and before setting up all the apache part I tested the server with the builtin webserver. But I feel something is missing : How do you create the account on your self hosted sync server? I modified the “services.sync.tokenServerURI” preference but somehow the account must already exist if I want to sign in. And if I click “Create an account”, I am redirected to Mozilla’s website.
    How did you do it?
    PS: I am using Iceweasel 31.4.0

    • Hey, you still need a Firefox account. Only the sync stuff is handled by the sync server, not the account management. Setting up an own account server is possible, too, but very badly documented.

  5. Change the following settings in /opt/syncserver.ini in the section “[syncserver]”:
    Es muss lauten /opt/syncserver/syncserver.ini.

  6. ServerName your-domain.com
    Redirect / https://your-domain.com

    ServerName your-domain.com
    DocumentRoot /opt/syncserver

    WSGIProcessGroup sync
    WSGIDaemonProcess sync user=www-data group=www-data processes=2 threads=25 python-path=/opt/syncserver/local/lib/python2.7/site-packages/
    WSGIPassAuthorization On
    WSGIScriptAlias / /opt/syncserver/syncserver.wsgi

    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/ssl.crt
    SSLCertificateKeyFile /etc/apache2/ssl/ssl.key

    CustomLog /var/log/apache2/access_sync.log combined
    ErrorLog /var/log/apache2/error_sync.log
    LogLevel warn

    Order deny,allow
    Allow from all

  7. Hi there,

    I just tried to set up a sync server with debian and there seem to be problems with opening the syncserver.wsgi
    Apache error log shows:

    [Tue Sep 08 17:06:51.467219 2015] [wsgi:info] [pid 31355] [remote 192.168.1.2:512] mod_wsgi (pid=31355, process=’sync’, application=’mozsync.server.com|’): Loading WSGI script ‘/opt/syncserver/syncserver.wsgi’.
    [Tue Sep 08 17:06:51.999963 2015] [wsgi:error] [pid 31355] [remote 192.168.1.2:512] mod_wsgi (pid=31355): Target WSGI script ‘/opt/syncserver/syncserver.wsgi’ cannot be loaded as Python module.
    [Tue Sep 08 17:06:52.000319 2015] [wsgi:error] [pid 31355] [remote 192.168.1.2:512] mod_wsgi (pid=31355): Exception occurred processing WSGI script ‘/opt/syncserver/syncserver.wsgi’.

    Does anybody has an idea what is wrong?

    • Hey,

      try to increase the apache log level to info. Maybe that gives some
      more information. With the given information I can’t tell what’s wrong.

      Cheers,

      Sathya

  8. For those interested. If you want to use a self signed certificate on Android, you have to import it globally(settings->security->install from SD card) because Firefox uses two separate certificate stores one for normal browsing and one for sync.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>