Setting up your Firefox Sync sync server
Firefox Sync is a service that allows users to transfer all their history, passwords, bookmarks, open tabs, and even add-ons between different devices that have Firefox installed for both the desktop version and Android.
Firefox Sync is implemented by two entities - the authorization service (Firefox account API) and the synchronization server (Firefox Sync).
')
It has long been the idea to set up your server to synchronize passwords, bookmarks and other pleasures of life. By occupation, I do not really trust public services, such as LastPass or Google Account. In my opinion, private data should be stored on your server.
Well, enough of the lyrics, let's proceed to the setting.
UPDATE:
This method works for firefox older than version 29 and describes the configuration of the synchronization server version 1.5.
Customization is offered for the server running the Debian OS.
It is possible to implement several synchronization schemes:
1. Firefox account API + Firefox Sync Server
2. Firefox account API + your Sync Server
3. Your account API + your Sync Server
I stopped at the second option.
It is assumed that the server already has an apache2 web server and a mysql database server. The latter, however, is not necessary, since I did not find a way to make friends with the mysql database synchronization server, and I used sqlite. When using mysql, the connector periodically fell off the database.
Let our sync server be available at sync.domain.com .
Install the necessary packages:
$ sudo apt-get install python-dev git-core python-virtualenv libapache2-mod-wsgi The synchronization server installation will be maintained in the / var / www / directory
$ cd /var/www/ $ git clone https://github.com/mozilla-services/syncserver $ cd syncserver $ make build Perform basic server configuration:
$ cat syncserver.ini [server:main] use = egg:Paste#http host = 0.0.0.0 port = 5000 [app:main] use = egg:syncserver [syncserver] public_url = https://sync.domain.com/ sqluri = sqlite:////var/www/db.sql secret = your_server_key Your_server_key can be any phrase, I generated it like this:
head /dev/urandom |md5sum Create a file for the database:
$ touch /var/www/db.sql Let's correct the rights to the directory:
$ chown -R www-data:www-data /var/www/ $ chmod 600 /var/www/db.sql NOTE!
In my configuration, I placed the db.sql file in the / var / www / directory, since the server is used only for synchronization, and apache does not look at this file.
In case you see other virtual hosts in / var / www, put the database file somewhere else.
We will contact the sync-server via HTTPS.
To do this, configure apache.
$ cat /etc/apache2/sites-available/sync.domain.com.conf <VirtualHost *:80> ServerName sync.domain.com Redirect permanent / https://sync.domain.com/ ErrorLog /var/log/apache2/sync/error.log CustomLog /var/log/apache2/sync/access.log combined </VirtualHost> <VirtualHost *:443> Servername sync.domain.com ServerAdmin webmaster@domain.com DocumentRoot /var/www/syncserver WSGIProcessGroup sync.domain.com WSGIDaemonProcess sync.domain.com user=www-data group=www-data processes=2 threads=25 python-path=/var/www/syncserver/local/lib/python2.7/site-packages WSGIPassAuthorization On WSGIScriptAlias / /var/www/syncserver/syncserver.wsgi ErrorLog /var/log/apache2/sync/error-ssl.log CustomLog /var/log/apache2/sync/access-ssl.log combined SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH SSLCertificateFile /etc/apache2/ssl/sync.domain.com.crt SSLCertificateKeyFile /etc/apache2/ssl/sync.domain.com.key <Directory /var/www/syncserver> Order deny,allow Allow from all </Directory> </VirtualHost> Generate self-signed keys:
$ cd /etc/apache2/ssl/ $ openssl genrsa -des3 -out server.key 1024 $ openssl req -new -key server.key -out server.csr $ cp server.key sync.domain.com.key $ openssl rsa -in sync.domain.com.key -out server.key $ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt $ cp server.crt sync.domain.com.crt $ cp server.key sync.domain.com.key Create a directory for the logs:
$ mkdir /var/log/apache2/sync/ $ touch /var/log/apache2/sync/error-ssl.log $ touch /var/log/apache2/sync/access-ssl.log $ touch /var/log/apache2/sync/error.log $ touch /var/log/apache2/sync/access.log $ chown -R www-data:www-data /var/log/apache2/sync/ Activate the new virtualhost:
$ a2ensite sync.domain.com And restart apache:
service apache2 restart If we did everything right, then when addressing
https://sync.domain.com/token/1.0/sync/1.5 the web server will give us something like: {"status": "error", "errors": [{"location": "body", "name": "", "description": "Unauthorized"}]} Be sure to add your certificate to browser exceptions, otherwise synchronization will not work!
It remains to configure the browser itself.
Go to about: config , and change the value of the services.sync.tokenServerURI key to
https://sync.domain.com/token/1.0/sync/1.5 After that, log in to Menu -> Settings -> Sync using your Mozilla account, and use it.
By the way, if we disconnect from the synchronization account, then the key services.sync.tokenServerURI will accept the default value.
PS
Unfortunately, it was not possible to set up synchronization with a mobile phone on Android, using fxa-custom-server-addon, if someone succeeds - please, write to the comment.
Thank you all for your attention.
UPDATE
At the request of the
You can download it here (457.7 MB).
A virtual image in Proxmox backup format, all you need to do is deploy it on your host.
You also need to make a small series of edits in the configs:
$ cat /home/syncserv/syncserver.ini ... [syncserver] public_url = https://___IP/ ( ) ... secret = _ (head /dev/urandom |md5sum) ... Also updated apache config, new version (with disabled SSLv3 and SSLv2 - thanks to Anisotropic ):
<VirtualHost *:80> ServerName sync.domain.com Redirect permanent / https://sync.domain.com/ ErrorLog /var/log/apache2/sync/error.log CustomLog /var/log/apache2/sync/access.log combined </VirtualHost> <VirtualHost *:443> Servername sync.domain.com ServerAdmin webmaster@domain.com DocumentRoot /home/syncserv WSGIProcessGroup sync.domain.com WSGIDaemonProcess sync.domain.com user=syncserv group=syncserv processes=2 threads=25 python-path=/home/syncserv/local/lib/python2.7/site-packages WSGIPassAuthorization On WSGIScriptAlias / /home/syncserv/syncserver.wsgi ErrorLog /var/log/apache2/sync/error-ssl.log CustomLog /var/log/apache2/sync/access-ssl.log combined SSLEngine on SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH SSLCertificateFile /etc/apache2/ssl/sync.domain.com.crt SSLCertificateKeyFile /etc/apache2/ssl/sync.domain.com.key <Directory /home/syncserv> Order deny,allow Allow from all </Directory> </VirtualHost> SQLite database now lies in /var/lib/sql/db.sql
Passphrase to SSL certificates, as well as to the root password habr2014
To whom it is interesting - test, report bugs, I will correct if necessary.
Source: https://habr.com/ru/post/241889/
All Articles