Building your own mozilla-sync-1.1 server

August 16, 2014 by Roberto Puzzanghera 0 comments

NB: DOES NOT WORK WITH FIREFOX 29 AND LATER

More info: 

File synchronization (or syncing) in computing is the process of ensuring that computer files in two or more locations are updated via certain rules.

In one-way file synchronization, also called mirroring, updated files are copied from a 'source' location to one or more 'target' locations, but no files are copied back to the source location. In two-way file synchronization, updated files are copied in both directions, usually with the purpose of keeping the two locations identical to each other. (from wikipedia)

This note serves to remaind the steps to build a sync server of your own so that you can safely save your passwords and bookmarks, share them between all your mozilla devices, and sleep peacefully.

Virtualenv

This is a prerequisite of the python server itself. Install as follows:

tar xzf virtualenv-1.7.2.tar.gz
cd virtualenv-1.7.2
chown -R root.root .
python setup.py install

Install the server

Download and install the server:

mkdir -p /usr/local/server-full
cd /usr/local/server-full
hg clone https://hg.mozilla.org/services/server-full/ .
make build

Add the user and the group who will run the server:

groupadd sync
useradd -g sync weave

Configuring the server

Modify the file /usr/local/server-full/sync.wsgi. You should change PYTHON_EGG_CACHE to a secure location, for example:

mkdir -p /usr/local/var/tmp
os.environ['PYTHON_EGG_CACHE'] = '/usr/local/var/tmp/python-eggs'

You have to assign the write priviledges to apache here (later we'll run the server under apache):

mkdir -p /usr/local/var/sync/
chown -R weave.sync /usr/local/var/sync/
chmod -R 777 /usr/local/var/sync/

Modify the log location inside the development.ini file:

[handler_syncserver_errors]
class = handlers.RotatingFileHandler
args = ('/usr/local/var/sync/sync-error.log',)
level = ERROR
formatter = generic

As you can see from sync.wsgi the rest of the configuration is loaded by the file development.ini, which in turn calls the actual config file "sync.conf", which is stored in the etc/ folder and uses SQLite as the default backend. By the way you can choose a different config file among the samples files located in the etc/ folder, expecially if you are going to use an alternative backend such as MySQL or LDAP.

Configuring SQLite as backend

Edit the file /usr/local/server-full/etc/sync.conf and adjust to your needs. This is my sync.conf file. be carefull to set up the fallback_node to the address of your apache's virtualhost and the location of the sqluri, where the SQLite db will be stored.

[global]
clean_shutdown = false

[captcha]
use = false
public_key = xxxxxxxxxxxxxxxxxcopy here your google public key
private_key = xxxxxxxxxxxxxxxxand your google private key here only if you enable captcha
use_ssl =true

[storage]
backend = syncstorage.storage.sql.SQLStorage
sqluri = sqlite:////usr/local/var/sync/sync.db
standard_collections = false
use_quota = true
quota_size = 5120
pool_size = 100
pool_recycle = 3600
reset_on_return = true
display_config = true
create_tables = true

[auth]
backend = services.user.sql.SQLUser
sqluri = sqlite:////usr/local/var/sync/sync.db
#sqluri = sqlite:////tmp/test.db
pool_size = 100
pool_recycle = 3600
create_tables = true
# comment out to disable the creation of new accounts
# allow_new_users = false

[nodes]
# You must set this to your client-visible server URL.
fallback_node = https://sync.mydomain.net

[smtp]
host = 
port = 25
sender = postmaster@mydomain.net

[cef]
use = true
file = syslog
vendor = mozilla
version = 0
device_version = 1.3
product = weave

Testing the server

Now run the server using paster and the provided “development.ini” file.

# cd /usr/local/server-full
# bin/paster serve development.ini
Starting server in PID 3034.
serving on http://10.0.0.2:5000

Running the server behind apache

Installing the module

The built-in server should not be used in production, as it does not really support a lot of load. So you may want to put it behind apache.

cd /usr/local/src
wget and untar sources
./configure \
    --with-apxs=/usr/local/apache/bin/apxs \
    --with-python=/usr/bin/python
make
make install

Now you should have mod_wsgi installed under the apache's modules sub-directory.

Configuring the virtual host

Create a file /etc/httpd/extra/httpd-wsgi.conf and define the apache virtualhost:

<VirtualHost *:80>
ServerName sync.myserver.net
Redirect permanent / https://sync.myserver.net
</VirtualHost>

<VirtualHost *:443>
Include /path/to/ssl-stuff.conf
ServerName sync.myserver.net
DocumentRoot /usr/local/server-full
WSGIProcessGroup sync
WSGIDaemonProcess sync user=weave group=sync processes=2 threads=25
WSGIPassAuthorization On
WSGIScriptAlias / /usr/local/server-full/sync.wsgi
CustomLog /var/log/httpd/sync.myserver.net-access.log combined
ErrorLog /var/log/httpd/sync.myserver.net-error.log
<Directory /usr/local/server-full>
Require all granted
</Directory>
</VirtualHost>

Remember to include the file which defines the wsgi virtual host:

# Act as a reverse proxy to the Mozilla Sync server:
Include /etc/httpd/extra/httpd-wsgi.conf

Connecting firefox to your own server

Your server should be able to receive connection from all your firefox installed in your PCs and android tablets and phones :)

Select Tools->Set up Sync...

The first time you have to create a new account, in that case click on "Create a new Account". Fill the form. Select "Use a custom server" and use the address of your virtualhost.

In case you have to pair a device, the most common way to do this is to use, on the new device, the unique Recovery Key which was generated when you created the account. To get that key go to Edit->Preference->Sync and select "Manage Accont"->My Recovery Key from the menu. Save the key in a place where you can always retrieve it in case you have to subscribe a new device to your newly created account.

In the new device (the one that you are going to pair) select Tools->Set up Sync. Click on "I have an account"

Select the "Advanced" procedure and fill the form with your account and the Recovery Key.

Troubleshooting

If your server does not work properly, the first thing to do is to visit about:sync-log in Firefox to see if there’s any error.

***

Last night my server stopped syncing, because the log file was rotated and assigned to root.apache instead of  weave.sync:

[Sun Jul 29 09:55:59.126820 2012] [:error] [pid 29605:tid 4084992880] [client 123.456.789.123:31987] IOError: [Errno 13] Permission denied: '/usr/local/var/sync/sync-error.log'

So don't forget to adjust your logrotate file, so that the priviledges are restored. This is my logrotate file; note the chown command below the postrotate line:

/usr/local/var/sync/*.log {
    weekly
    missingok
    rotate 5
    compress
    delaycompress
    notifempty
    create 644 root apache
    sharedscripts
    postrotate
        /var/log/httpd/sync.myserver.net*.log
        chmod 644 /var/log/httpd/sync.myserver.net*.log
        /usr/local/apache/bin/apachectl restart
    endscript
}

Disabling new users

The default configuration of the server allows new users to create an account through Firefox’s builtin setup screen. This is useful during initial setup, but it means that anybody could sync against your server if they know its URL.

You can disable creation of new accounts by adjusting the config file:

[auth]
allow_new_users = false

Add a comment