Setup Firefox Sync Server on CentOS 6

Firefox Sync is a browser synchronization feature that lets you share your data and preferences (such as your bookmarks, history, passwords, open tabs and installed add-ons) across all of your devices. Mozilla also offers a “synchronization server” application for use with Firefox Sync for users and businesses that prefer to host their own synchronization data. This article shows you how to set up Mozilla Sync Server.

Prerequisites

• A newly deployed Vultr CentOS 6
• A sudo user.

Install the necessary packages

Update the system:

sudo yum check-update

To build and run Sync Server, you will need to install these packages:

• Mecurial
• sqlite3
• git
• Python 2.6.6
• Python 2.6.6 virtualenv
• Python 2.6.6 SetupTools
• Python 2.6.6 Developer Tools

Install the latest version of Mercurial:

sudo yum install mercurial

Install the required development tools and libraries:

yum groupinstall 'Development Tools' 'Development Libraries'
yum install tk-devel libjpeg-devel mysql-devel python-devel httpd-devel zlib-devel bzip2-devel

Install SQLite3:

sudo yum install sqlite

Install and build Python 2.6.6:

cd $home
sudo wget http://python.org/ftp/python/2.6.6/Python-2.6.6.tgz
sudo tar xzvf Python-2.6.6.tgz
cd $home/Python-2.6.6
sudo ./configure --prefix=/opt/python2.6 --enable-thread --enable-shared --enable-unicode=ucs4
sudo make
sudo make install

Building the server

We will clone the Git repository of the synchronization server and then enter the folder:

git clone https://github.com/mozilla-services/syncserver
cd syncserver

Run the build command, which will download the dependencies and compile the code:

make build

Start the Sync Server and verify that it works properly:

bin/paster serve development.ini

You will see something like this:

Starting server in PID 5952.
serving on 0.0.0.0:5000 view at http://127.0.0.1:5000

Sync Server configuration

The configuration of the synchronization server is very simple, there are just a few parameters to change in the configuration file (./syncserver.ini).

Open the configuration file with your favorite text editor (for example nano ./syncserver.ini).

[server:main]
use = egg:gunicorn
host = 0.0.0.0
port = 5000
workers = 1
timeout = 30

[app:main]
use = egg:syncserver

[syncserver]
# This must be edited to point to the public URL of your server,
# i.e. the URL as seen by Firefox.
public_url = http://localhost:5000/

# This defines the database in which to store all server data.
#sqluri = sqlite:////tmp/syncserver.db

# This is a secret key used for signing authentication tokens.
# It should be long and randomly-generated.
# The following command will give a suitable value on *nix systems:
#
#    head -c 20 /dev/urandom | sha1sum
#
# If not specified then the server will generate a temporary one at startup.
#secret = INSERT_SECRET_KEY_HERE

# Set this to "false" to disable new-user signups on the server.
# Only request by existing accounts will be honoured.
# allow_new_users = false

# Set this to "true" to work around a mismatch between public_url and
# the application URL as seen by python, which can happen in certain reverse-
# proxy hosting setups.  It will overwrite the WSGI environ dict with the
# details from public_url.  This could have security implications if e.g.
# you tell the app that it's on HTTPS but it's really on HTTP, so it should
# only be used as a last resort and after careful checking of server config.
force_wsgi_environ = false

[browserid]
# Uncomment and edit the following to use a local BrowserID verifier
# rather than posting assertions to the mozilla-hosted verifier.
# Audiences should be set to your public_url without a trailing slash.
#backend = tokenserver.verifiers.LocalVerifier
#audiences = https://localhost:5000

# By default, syncserver will accept identity assertions issues by
# any server. You can restrict this by setting the below to a list
# of allowed issuer domains.
#allowed_issuers = www.mysite.com myfriendsdomain.org

The address of your server must be specified via the parameter public_url:

public_url = http://fsync.example.com

Note: the default value of public_url, http://localhost:5000/, will work for testing purposes on your local machine.

We will uncomment the sqluri option and put the location, or URI, that will allow the server to connect the database and store its information:

sqluri = sqlite:////path/to/database/file.db

If you want to use another type of DB:

sqluri = pymysql://username:password@db.example.com/sync

For the secret parameter, we will have to generate a secret key for authentication tokens:

head -c 20 /dev/urandom | sha1sum

Uncomment the line of the secret parameter and then copy/paste the returned string into the secret parameter:

secret = db8a203aed5fe3e4594d4b75990acb76242efd35

Note: If you do not put anything in this parameter, the server will generate one but it will be different each time the server is restarted.

Uncomment the allow/_new/_users parameter and set it as true to allow our account to connect to our server for the first time:

allow_new_users = true

We will then uncomment the audiences parameter and put the same thing as the public_uri parameter:

audiences = http://fsync.example.com

Finally, just add the following line to the end of your file:

forwarded_allow_ips = *

This line will help you avoid error messages and authorization issues.

Starting Sync Server

To start the synchronization server, you can use either of the following commands:

./path/to/syncserver/local/bin/gunicorn --threads 4 --paste /path/to/syncserver/syncserver.ini &

This allows you to choose the location of the configuration file; as well as put the argument --threads 4, which allows assigning more power to the synchronization server.

To start the server each time your instance boots, you can add the following line to your crontab by typing the crontab -e command:

@reboot ./path/to/syncserver/local/bin/gunicorn --paste /path/to/syncserver/syncserver.ini &

Web server configuration

You can use different web servers that are compatible with the WSGI protocol. For example:

• Nginx with uWSGI.
• Apache combined with mod_wsgi.

Nginx

For Nginx, you have to use Nginx’s built-in proxy as shown below:

server {
        listen  80;
        server_name fsync.example.com;

        location / {
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_redirect off;
                proxy_read_timeout 120;
                proxy_connect_timeout 10;
                proxy_pass http://127.0.0.1:5000/;
        }
}

Nginx + uWSGI

It is possible for Nginx users to use the WSGI socket only.

Install uWSGI via Pip:

pip install uwsgi

Install uWSGI via downloading a source tarball:

wget https://projects.unbit.it/downloads/uwsgi-latest.tar.gz
tar zxvf uwsgi-latest.tar.gz
cd <dir>
make

Note: After the build, you will have a uwsgi binary in the current directory.

Once installed, start it with the following options:

uwsgi --plugins python27 --manage-script-name /
--mount /<location>=/path/to/syncserver/syncserver.wsgi /
--socket /path/to/uwsgi.sock

Then use the following Nginx configuration:

location /<location>/ {
include uwsgi_params;
uwsgi_pass unix:/path/to/uwsgi.sock;
}

Apache

Install mod_wsgi:

apt-get install libapache2-mod-wsgi

Then use the following vhost:

<VirtualHost *:80>
  ServerName sync.example.com
  DocumentRoot /path/to/syncserver
  WSGIProcessGroup sync
  WSGIDaemonProcess sync user=sync group=sync processes=2 threads=25 python-path=/path/to/syncserver/local/lib/python2.7/site-packages/
  WSGIPassAuthorization On
  WSGIScriptAlias / /path/to/syncserver/syncserver.wsgi
  CustomLog /var/log/apache2/sync.example.com-access.log combined
  ErrorLog  /var/log/apache2/sync.example.com-error.log
</VirtualHost>

Configure the client (Firefox)

Once the server has been installed and configured, you can configure the desktop Firefox client to talk to your new Sync Server. Before you begin, if you are already connected to Firefox Sync Servers, you must log out. Otherwise, the connection to the new server may not work.

First, open a new tab and enter the following address:

about:config

In the search bar, enter identity.sync.tokenserver.uri and change its value to the URL of your server with a path of token/1.0/sync/1.5:

http://sync.example.com/token/1.0/sync/1.5