Mozilla Firefox Syncserver on Debian Bullseye

I recently shut down a VPS I was running for a couple of years, which also had an instance of my own Firefox syncserver. The original Mozilla guidelines I followed to install were based on Python 2.7 and some other outdated software. Fortunately, there is also a docker container available for the syncserver, which makes it easy to deal with the outdated software and to run the syncserver also on a machine with current software. As I already have MariaDB running on one of my servers, I wanted to tap into that to have multi-user access (the default sqlite setup does not allow that). It is important though, to let the container connect to your local host, if MariaDB only listens to localhost. This can be achieved by adding the --network="host" option.

 

Prepare Database

First we need a password for the database user which can be created by using

pwgen

I chose the secret "Phee1quo" for this guideline to continue.

Login to MariaDB:

mysql -u root -p

create a new database

CREATE DATABSE syncserver_db;

as well as a user with password and grant the user all rights to the database

GRANT ALL ON syncserver_db.* TO 'syncserver'@'localhost' IDENTIFIED BY 'Phee1quo';

quit;

 

Create Docker Container for Syncserver

Create a secret for the syncserver

head -c 20 /dev/urandom | sha1sum

Which gives, for example, cd2fec6e5ca41dc725ebe8f884d50f32d40ea846     
 

Create a directory for storing your data

mkdir ~/ffsyncserver

And start up the docker container:

sudo docker run -d \
   -v /home/<USER>/ffsyncserver:/data \
   --network="host" \
   -e SYNCSERVER_PUBLIC_URL=https://syncserver.your-domain.com \
   -e SYNCSERVER_SECRET=cd2fec6e5ca41dc725ebe8f884d50f32d40ea846 \
   -e SYNCSERVER_SQLURI=pymysql://syncserver:Phee1quo@127.0.0.1:3306/syncserver \
   -e SYNCSERVER_BATCH_UPLOAD_ENABLED=true \
   -e SYNCSERVER_FORCE_WSGI_ENVIRON=true \
   -e PORT=5000 \
   --restart always \
   mozilla/syncserver:latest

 

Now we just need to create a virtual host in Apache

sudo nano /etc/apache2/sites-available/syncserver.conf

 to create a reverse proxy that points to port 5000

<IfModule mod_ssl.c> 
<VirtualHost _default_:443> 
		ServerName syncserver.YOUR-DOMAIN.com
		
		SSLEngine On
		CustomLog      /var/log/apache2/access_sync.log combined
		ErrorLog /var/log/apache2/error_sync.log
		 
		RewriteEngine On 
		ProxyPass / http://127.0.0.1:5000/ 
		ProxyPassReverse / http://127.0.0.1:5000/ 
		SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
		SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost> 
</IfModule>

If you open a browser now and point it to your address https://syncserver.YOUR-DOMAIN.com, you should see a "it works" showing up.

 

Connect Firefox to your Syncserver

To configure Firefox on your desktop to communicate with your new Syncserver, go to “about:config”, search for “identity.sync.tokenserver.uri” and change its value to be the public URL of your server with a path of “token/1.0/sync/1.5”:

Alternatively, if you’re running your own Firefox Accounts server, and running Firefox 52 or later, see the documentation on how to Run your own Firefox Accounts Server for how to configure your client for both Sync and Firefox Accounts with a single preference.

Firefox for Android (“Daylight”, versions 79 and later) does support using a non-Mozilla-hosted Sync server. Before logging in, go to App Menu > Settings > About Firefox and click the logo 5 times. You should see a “debug menu enabled” notification. Go back to the main menu and you will see two options for a custom account server and a custom Sync server. Set the Sync server to the URL given above and then log in.

To configure Android Firefox 44 up to 78 to talk to your new Sync server, just set the “identity.sync.tokenserver.uri” exactly as above before signing in to Firefox Accounts and Sync on your Android device.

Important: after creating the Android account, changes to “identity.sync.tokenserver.uri” will be ignored. (If you need to change the URI, delete the Android account using the Settings > Sync > Disconnect… menu item, update the pref, and sign in again). Non-default TokenServer URLs are displayed in the Settings > Sync panel in Firefox for Android, so you should be able to verify your URL there.

 

Sources:

https://mozilla-services.readthedocs.io/en/latest/howtos/run-sync-1.5.h…

https://github.com/mozilla-services/syncserver

 


 

Add new comment

The content of this field is kept private and will not be shown publicly.