Firefox Sync Server

From The Brainwrecked Wiki
Jump to navigation Jump to search

Prerequisites

Git
Optional -- To clone a repo that reproduces the server page that used to be included with a Firefox Sync Server
MariaDB
Sync data
Nginx
Reverse proxy and to (optionally) serve a server info page.

Required Packages

yay -Syu mozilla-firefox-sync-server python2-mysql

Create Database

CREATE DATABASE <DATABASE>;
CREATE USER '<user>'@'localhost' IDENTIFIED BY '<password>';
GRANT ALL ON <DATABASE>.* TO '<user>'@'localhost';

Configure the Sync Server

/etc/webapps/mozilla-firefox-sync-server/syncserver.ini
[syncserver]
public_url = https://<your.tld>/
sqluri = mysql://<user>:<password>@localhost/<DATABASE>

Configure uWSGI

/etc/uwsgi/mozilla-firefox-sync-server.ini
[uwsgi]
socket = /run/uwsgi/%n.sock
uid = ffsync
gid = http
chmod-socket = 664
chdir = /usr/share/webapps/mozilla-firefox-sync-server
master = true
plugins = python2
file = syncserver.wsgi

Configure Nginx

This configuration includes the restoration of the self-hosted server page. If you don't wish to restore these pages, remove the add_header, *_log, and limit_req directives, as well as the /welcome location stanza. 

server {
	listen				80;
	listen				[::]:80;
	server_name			ffs.bwt.com.de;
	return				301 https://$host$request_uri;
}

server {
	listen				443 ssl http2;
	listen				[::]:443 ssl http2;
	server_name			ffs.bwt.com.de;
	root				/srv/http/$host;
	index				index.html;

	ssl_certificate			/etc/letsencrypt/live/ffs.bwt.com.de/fullchain.pem;
	ssl_certificate_key		/etc/letsencrypt/live/ffs.bwt.com.de/privkey.pem;
	ssl_trusted_certificate		/etc/letsencrypt/live/ffs.bwt.com.de/chain.pem;

	add_header			Strict-Transport-Security max-age=15768000;
	add_header			Cache-Control "public";
	add_header			X-Frame-Options "DENY";

	access_log			/var/log/nginx/access.log main buffer=32k;
	error_log			/var/log/nginx/error.log error;
	limit_req			zone=gulag burst=200 nodelay;

	# ACME challenge
	location ^~ /.well-known {
		allow			all;
		alias			/var/lib/letsencrypt/$host/.well-known;
		default_type		"text/plain";
		try_files		$uri =404;
	}

	client_max_body_size		15M;

	if ($uri = '/') {
		rewrite			/ /welcome;
	}

	location ^~ /welcome {
		allow			all;
	}

	location ^~ / {
		include			uwsgi_params;
		uwsgi_pass		unix:/run/uwsgi/mozilla_firefox_sync_server.sock;
		proxy_buffers		8 16k;
		proxy_buffer_size	32k;
	}

}

Restore the Server Page

Firefox Sync Server used to come with a page telling you about the self-hosted instance. This page has been removed and is replaced by a simple "it works!" plaintext message. YunoHost's packaging includes a patch to bring the page back. This page has been cloned and modified by BrainwreckedTech to run directly from a web server. 

git clone https://git.bwt.com.de/bwt/ffsync_page.git /srv/http/<your.tld>/welcome
sed -i 's/www\.example\.com/<your.tld>/g' /srv/http/<your.tld>/weclome/index.html
Retrieved from "https://wiki.bwt.com.de/index.php?title=Firefox_Sync_Server&oldid=371"