October 29, 2014 at 16:39

Setting Up Your Firefox Sync Sync Server

image

Firefox Sync is a service that allows users to completely transfer their history, passwords, bookmarks, open tabs and even add-ons between various devices on which Firefox is installed, both for desktop version and for Android.

Firefox Sync is implemented by two entities - an authorization service (Firefox account API) and a synchronization server (Firefox Sync).

The idea of ​​setting up your server for synchronizing passwords, bookmarks and other pleasures of life arose a long time ago. By occupation, I do not really trust public services, such as LastPass or Google Account. In my opinion, private data should be stored on its server.

Well, enough of the lyrics, let's get down to setting up.


UPDATE:
This method works for firefox older than version 29 and describes the configuration of the synchronization server version 1.5.

Customization is offered for a server running Debian.
It is possible to implement several synchronization schemes:
1. Firefox account API + Firefox Sync Server
2. Firefox account API + its Sync Server
3. Its account API + its Sync Server

I settled on the second option.

It is assumed that the server already has the apache2 web server and the mysql database server. The latter, however, is not necessary, since I did not find a way to make a sensible friendship with the mysql database synchronization server, and used sqlite. When using mysql, the connector periodically fell off the database.

Let our synchronization server be available at sync.domain.com .

Install the necessary packages:

$ sudo apt-get install python-dev git-core python-virtualenv libapache2-mod-wsgi

We will install the synchronization server in the directory / var / www /

$ cd /var/www/
$ git clone https://github.com/mozilla-services/syncserver
$ cd syncserver
$ make build

Let's make basic server configuration:

$ cat syncserver.ini



[server:main]
use = egg:Paste#http
host = 0.0.0.0
port = 5000
[app:main]
use = egg:syncserver
[syncserver]
public_url = https://sync.domain.com/
sqluri = sqlite:////var/www/db.sql
secret = your_server_key


your_server_key can be any phrase, I generated it like this:

head /dev/urandom |md5sum

Create a file for the database:

$ touch /var/www/db.sql

Let's correct the rights to the directory:

$ chown -R www-data:www-data /var/www/
$ chmod 600 /var/www/db.sql


NOTE!
In my configuration, I located the db.sql file in the / var / www / directory, because the server is used only for synchronization, and apache does not look at this file.

If other virthosts are looking at / var / www, put the database file somewhere else.

We will contact the sync server via HTTPS.
To do this, configure apache.

$ cat /etc/apache2/sites-available/sync.domain.com.conf




ServerName sync.domain.com
Redirect permanent / https://sync.domain.com/
ErrorLog /var/log/apache2/sync/error.log
CustomLog /var/log/apache2/sync/access.log combined

Servername sync.domain.com 
ServerAdmin webmaster@domain.com 
DocumentRoot /var/www/syncserver
WSGIProcessGroup sync.domain.com
WSGIDaemonProcess sync.domain.com user=www-data group=www-data processes=2 threads=25 python-path=/var/www/syncserver/local/lib/python2.7/site-packages
WSGIPassAuthorization On
WSGIScriptAlias / /var/www/syncserver/syncserver.wsgi
ErrorLog /var/log/apache2/sync/error-ssl.log
CustomLog /var/log/apache2/sync/access-ssl.log combined
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
SSLCertificateFile /etc/apache2/ssl/sync.domain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/sync.domain.com.key

  Order deny,allow
  Allow from all

Generate self-signed keys:

$ cd /etc/apache2/ssl/
$ openssl genrsa -des3 -out server.key 1024
$ openssl req -new -key server.key -out server.csr
$ cp server.key sync.domain.com.key
$ openssl rsa -in sync.domain.com.key -out server.key
$ openssl x509 -req -days 365 -in server.csr  -signkey server.key -out server.crt
$ cp server.crt sync.domain.com.crt
$ cp server.key sync.domain.com.key

Create a directory for the logs:
$ mkdir /var/log/apache2/sync/
$ touch /var/log/apache2/sync/error-ssl.log
$ touch /var/log/apache2/sync/access-ssl.log
$ touch /var/log/apache2/sync/error.log
$ touch /var/log/apache2/sync/access.log
$ chown -R www-data:www-data /var/log/apache2/sync/

We activate a new virtualhost:

$ a2ensite sync.domain.com


And restart apache:

service apache2 restart

If we did everything right, then when referring to 
https://sync.domain.com/token/1.0/sync/1.5
the web server will give us something like:

{"status": "error", "errors": [{"location": "body", "name": "", "description": "Unauthorized"}]}

Be sure to add your certificate to browser exceptions, otherwise synchronization will not work!

It remains to configure the browser itself.

Go to about: config , and change the value of the services.sync.tokenServerURI key to
https://sync.domain.com/token/1.0/sync/1.5

After that, log in to Menu -> Settings -> Synchronization using your Mozilla account, and use it.
By the way, if we disconnect from the synchronization account, the services.sync.tokenServerURI key will take the default value.

PS
Unfortunately, it was not possible to configure synchronization with a mobile phone on Android using fxa-custom-server-addon, if someone succeeds, please unsubscribe in a comment.

Thank you all for your attention.

UPDATE

At the request of workers comrade Godless, I post a virtual machine with a pre-configured mozilla-sync-server
Download can be here (457.7 MB).
The image of the virtual machine in the Proxmox backup format, all that is needed is to deploy it on your host.
You also need to make a small number of edits in the configs:
$ cat /home/syncserv/syncserver.ini


...
[syncserver]
public_url = https://ЗАМЕНИТЬ_НА_ВАШ_IP/  (или доменное имя)
...
secret = ПЕРЕГЕНЕРИРОВАТЬ_КЛЮЧ    (head /dev/urandom |md5sum)
...

Also updated Apache config, new option (with SSLv3 and SSLv2 disabled - thanks Anisotropic ):


ServerName sync.domain.com
Redirect permanent / https://sync.domain.com/
ErrorLog /var/log/apache2/sync/error.log
CustomLog /var/log/apache2/sync/access.log combined

Servername sync.domain.com
ServerAdmin webmaster@domain.com
DocumentRoot /home/syncserv  
WSGIProcessGroup sync.domain.com
WSGIDaemonProcess sync.domain.com user=syncserv group=syncserv processes=2 threads=25 python-path=/home/syncserv/local/lib/python2.7/site-packages
WSGIPassAuthorization On
WSGIScriptAlias / /home/syncserv/syncserver.wsgi
ErrorLog /var/log/apache2/sync/error-ssl.log
CustomLog /var/log/apache2/sync/access-ssl.log combined
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
SSLCertificateFile /etc/apache2/ssl/sync.domain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/sync.domain.com.key

  Order deny,allow
  Allow from all


The SQLite database now lies in /var/lib/sql/db.sql
Passphrase to SSL certificates, as well as to the habr2014 root password .

Who cares - test, report bugs, correct if necessary.
Tags:

Also popular now: