Hi folks! A blog entry how to run a own Firefox-Sync-Server for privacy reason. That is a full installation on Arch Linux with latest Apache, mod_wsgi and sqlite as database.
The hole Firefox-Sync-Server is running as systemd service and is working on any device with a new Firefox version on iOS,Android,Linux,BSD, OSx or Windows.
It’s a more or less easy installation but not full documented on Arch Linux Wiki so i had the idea to do this.
First install apache,certbot and the database sqlite with pacman
sudo pacman -S apache sqlite certbotAs next Mozilla Firefox own sync server and the needed mod_wsgi for Apache with yay ( A AUR package manager)
yay -S mozilla-firefox-sync-server mod_wsgiAdd mod_wsgi to apache as module in httpd.conf and wsgi reverse proxy
sudo vim /etc/httpd/conf/httpd.conf
#Add following lines
# Act as a reverse proxy to the Mozilla Sync server:
Include conf/extra/httpd-wsgi.conf
#Add module wsgi
LoadModule wsgi_module modules/mod_wsgi.so
Make a group and a user for the wsgi process
sudo groupadd sync
sudo useradd -g sync weaveAdd following lines to httpd-wsgi.conf
sudo vim /etc/httpd/conf/extra/httpd-wsgi.conf
#Add following lines
<Directory /opt/mozilla-firefox-sync-server>
Order deny,allow
Allow from all
</Directory>
<VirtualHost *:80>
ServerName sync.joelmueller.ch
DocumentRoot /opt/mozilla-firefox-sync-server
RewriteEngine on
RewriteCond %{SERVER_NAME} =sync.joelmueller.ch
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName sync.joelmueller.ch
DocumentRoot /opt/mozilla-firefox-sync-server
WSGIProcessGroup sync
WSGIDaemonProcess sync user=weave group=sync processes=2 threads=25
WSGIPassAuthorization On
WSGIScriptAlias / /opt/mozilla-firefox-sync-server/syncserver.wsgi
CustomLog /var/log/httpd/sync.joelmueller.ch-access.log combined
ErrorLog /var/log/httpd/sync.joelmueller.ch-error.log
Include /etc/letsencrypt/options-ssl-apache.conf
#SSLCertificateFile /etc/letsencrypt/live/sync.joelmueller.ch/fullchain.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/sync.joelmueller.ch/privkey.pem
</VirtualHost>
Make a dir and give the ownership and permission
sudo mkdir /home/weave
sudo chown weave:sync /home/weave
sudo chmod 711 /home/weaveEdit syncserver.ini
sudo vim /opt/mozilla-firefox-sync-server/syncserver.ini
sudo touch /opt/mozilla-firefox-sync-server/syncserver.db
# The config should look like this
[server:main]
use = egg:gunicorn
host = 0.0.0.0
port = 5000
workers = 1
timeout = 30
[app:main]
use = egg:syncserver
[syncserver]
# This must be edited to point to the public URL of your server,
# i.e. the URL as seen by Firefox.
public_url = https://sync.joelmueller.ch
# By default, syncserver will accept identity assertions issued by
# any BrowserID issuer. The line below restricts it to accept assertions
# from just the production Firefox Account servers. If you are hosting
# your own account server, put its public URL here instead.
identity_provider = https://accounts.firefox.com/
# This defines the database in which to store all server data.
sqluri = sqlite:///opt/mozilla-firefox-sync-server/syncserver.db
#sqluri = pymysql://sample_user:sample_password@127.0.0.1/syncstorage
# This is a secret key used for signing authentication tokens.
# It should be long and randomly-generated.
# The following command will give a suitable value on *nix systems:
#
# head -c 20 /dev/urandom | sha1sum
#
# If not specified then the server will generate a temporary one at startup.
#secret = INSERT_SECRET_KEY_HERE
# Set this to "false" to disable new-user signups on the server.
# Only requests by existing accounts will be honoured.
# allow_new_users = false
# Set this to "true" to work around a mismatch between public_url and
# the application URL as seen by python, which can happen in certain reverse-
# proxy hosting setups. It will overwrite the WSGI environ dict with the
# details from public_url. This could have security implications if e.g.
# you tell the app that it's on HTTPS but it's really on HTTP, so it should
# only be used as a last resort and after careful checking of server config.
force_wsgi_environ = true
[tokenserver]
# Use a custom MySQL based syncstorage node hosted at http://localhost:8000
# node_url = http://localhost:8000
# sqluri = pymysql://sample_user:sample_password@127.0.0.1/syncstorage_rs
[endpoints]
# Replace syncserver endpoints with alternate server implementation, ie:
# MySQL based syncstorage-rs 1.5 server hosted at http://localhost:8000/1.5
# "{node}/1.5/{uid}"
# sync-1.5 = "http://localhost:8000/1.5/{uid}"
Start Apache webserver and generate with certbot the ssl certs
sudo systemctl start httpd
sudo certbot --apache
sudo systemctl restart httpdSystemd service for Mollzila sync server
sudo vim /etc/systemd/system/firefox-sync.service
#Add these lines to the file
[Unit]
Description=Firefox Sync Server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=simple
User=firefox-sync
Group=firefox-sync
Umask=007
Restart=on-abort
ExecStart=/opt/mozilla-firefox-sync-server/local/bin/gunicorn --paste /opt/mozilla-firefox-sync-server/syncserver.ini
[Install]
WantedBy=multi-user.target
Enable systemd service firefox-sync and start it
sudo systemctl enable --now firefox-sync.serviceClient side configuration for Mozilla Firefox Browser on Arch Linux
Open Firefox Browser
Sign out on sync
Hit in the URL Bar about:config
Search identity.sync.tokenserver.uri
Insert as value at identity.sync.tokenserver.uri: https://sync.joelmueller.ch/token/1.0/sync/1.5
Now sign in on accounts.mozilla.orgYou can delete your user data on the mozilla servers
sudo apt install python-pip
cd /tmp
pip install PyFxA
python ./bin/delete_user_data.py mailadresse@domain.tldIf you want more information you can read the links under this text
- https://wiki.archlinux.org/title/Firefox_Sync_Server
- https://gnulinux.ch/sync-server-wechseln-im-firefox-desktop-android-und-ios
- https://alien.slackbook.org/blog/setting-up-your-own-mozilla-sync-server/
- https://canox.net/2020/01/eigenen-firefox-sync-server-betreiben/