How to Create your own a Firefox Sync Server On DigitalOcean

For privacy and security reasons, you may want to create your own sync service, so get a cup of coffee and sit tight, I will show you how to build a Firefox Sync Server in a VPS. For the VirtualBox file please contact us.

1.Install all dependencies

First let install all the dependencies:

sudo apt-get update

sudo apt-get install python-dev git-core python-virtualenv libapache2-mod-wsgi

2. install MySQL database

After installing all the dependencies we will install the mySql database :

sudo apt-get update

sudo apt-get install mysql-server -y

You’ll be prompted to create a root password during the installation.

Choose a secure one and make sure you remember it, because you’ll need it later. Next, we’ll finish configuring MySQL.

mysql_secure_installation

3. Securing the MySQL server deployment

Enter password for user root:

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: no

Using existing password for root.

Change the password for root ? ((Press y|Y for Yes, any other key for No) : no

… skipping.

By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : yes Success.

Normally, root should only be allowed to connect from ‘localhost’. This ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : yes Success.

By default, MySQL comes with a database named ‘test’ that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : yes

– Dropping test database…Success

– Removing privileges on test database… Success.

Reloading the privilege tables will ensure that all changes made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : yes Success.

 

All done!

Testing MySQL :

Regardless of how you installed it, MySQL should have started running automatically. To test this, check its status.

systemctl status mysql.service

You’ll see output similar to the following:

Output● mysql.service - MySQL Community ServerLoaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enActive: active (running) since Wed 2016-11-23 21:21:25 UTC; 30min ago Main PID: 3754 (mysqld)Tasks: 28 Memory: 142.3MCPU: 1.994sCGroup: /system.slice/mysql.service└─3754 /usr/sbin/mysqld

 

If MySQL isn’t running, you can start it with:

sudo systemctl start mysql

 

This will prompt you for the root password you created in Step 2. You can press Y and then ENTER to accept the defaults for all the subsequent questions, with the exception of the one that asks if you’d like to change the root password.

Now let create the Database:

Create Databasemysql -u root -pthis will prompt you for the root password you created in Step 2CREATE DATABASE syncserver;GRANT ALL PRIVILEGES ON syncserver.* TO noobs IDENTIFIED BY "tech"; exit

4. Install the server

cd /optgit clone https://github.com/mozilla-services/syncserver cd syncservermake build

If you get this error :

The program 'make' can be found in the following packages: * make* make-guileTry: apt install <selected package>

then you should install the make module with apt-get install make. now do this again

make build

 

If you get another error complaining about virtualenv …

then you need to install pip then install virtualenv with this command :

export LC_ALL="en_US.UTF-8" export LC_CTYPE="en_US.UTF-8" sudo dpkg-reconfigure locales

 

and choose your language…

sudo apt-get install python3-pip sudo pip3 install virtualenvmake build

Give the right permissions :

chown root:www-data -R /opt/syncserver chmod 750 -R /opt/syncserver

 

and then

sudo make test

5. Testing Time

Configure the Sync Server
Change the following settings in /opt/syncserver/syncserver.ini in the section “[syncserver]”:

# Replace the domain name and port

public_url = https://your.domain.net/
sqluri = pymysql://noobs:[email protected]:3306/syncserver

# Generate a secret with "head -c 20 /dev/urandom | sha1sum" # and place it heresecret = YOURSECRET

6. Install apache2

We will install apache2 so you can handle the server behind apache for more security and load balance.

apt-get install apache2 -y

 

Configure Apache2, enable the WSGI module:

a2enmod wsgi
service apache2 restart

 

Create a new config file

nano /etc/apache2/sites-available/firefoxsync.com.conf

 

and insert this

<VirtualHost *:80>ServerName firefoxsync.com Redirect / https://firefoxsync.com</VirtualHost> <VirtualHost *:443>ServerName firefoxsync.com DocumentRoot /opt/syncserverWSGIProcessGroup syncWSGIDaemonProcess sync user=www-data group=www-data processes=2 threads=25 python-path=/opt/syncserver/local/lib/python2.7/site-packages/WSGIPassAuthorization OnWSGIScriptAlias / /opt/syncserver/syncserver.wsgiSSLEngine OnSSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.keyCustomLog /var/log/apache2/access_sync.log combined ErrorLog /var/log/apache2/error_sync.logLogLevel warn</VirtualHost><Directory /opt/syncserver>Require all granted </Directory>

 

Enable the config file and restart Apache2:

ln -s /etc/apache2/sites-available/firefoxsync.com.conf /etc/apache2/sites- enabled/firefoxsync.com.conf

service apache2 restart

7. configure apache to use SSL

Let enable module a2enmod ssl

a2enmod ssl

Then we restart apache

/etc/init.d/apache2 restart

you will get an error :

SSLCertificateFile: file ‘/etc/apache2/ssl/server.crt’ does not exist or is empty

We have to create a self-signed SSL Certificate :

Step 1: Generate a Private Key

go to cd /etc/apache2/ mkdir sslcd ssl/openssl genrsa -des3 -out server.key 1024

Enter pass phrase for server.key:

Step 2: Generate a CSR (Certificate Signing Request)

openssl req -new -key server.key -out server.csr 

example of response you can take

Country Name (2 letter code) [AU]:DEState or Province Name (full name) [Some-State]:DELocality Name (eg, city) []:municOrganization Name (eg, company) [Internet Widgits Pty Ltd]:golos Organizational Unit Name (eg, section) []:okaCommon Name (e.g. server FQDN or YOUR name) []:ADAZAEmail Address []:[email protected] enter the following 'extra' attributes to be sent with your certificate requestA challenge password []:An optional company name []:  

Step 3: Remove Passphrase from Key

cp server.key server.key.orgopenssl rsa -in server.key.org -out server.key enter the pass again. 

Step 4: Generating a Self-Signed Certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt/etc/init.d/apache2 restart

8. Configure the Firefox browser to talk to the sync server

In your Mac or PC edit the host file and

sudo nano /etc/hosts

add this

104.236.107.139 firefoxsync.com

Where 104.236.107.139 is the VPS ip address.

Now go to this file nana /opt/syncserver/syncserver/__init__.py and change it like this:

from this :

# If the environ does not match public_url, requests are almost certainly # going to fail due to auth errors. We can either bail out early, or we# can forcibly clobber the WSGI environ with the values from public_url. # This is a security risk if you've e.g. mis-configured the server, so# it's not enabled by default.application_url = request.application_urlif public_url != application_url:if not request.registry.settings.get("syncserver.force_wsgi_environ"): msg = "n".join(("The public_url setting doesn't match the application url.", "This will almost certainly cause authentication failures!"," public_url setting is: %s" % (public_url,)," application url is: %s" % (application_url,),"You can disable this check by setting the force_wsgi_environ","option in your config file, but do so at your own risk.", ))logger.error(msg)raise _JSONError([msg], status_code=500) request.scheme = p_public_url.scheme request.host = p_public_url.netloc request.script_name = p_public_url.path.rstrip("/")

To this :

# If the environ does not match public_url, requests are almost certainly # going to fail due to auth errors. We can either bail out early, or we

# can forcibly clobber the WSGI environ with the values from public_url. # This is a security risk if you’ve e.g. mis-configured the server, so

# it’s not enabled by default.

if p_public_url.port not in (None, 80, 443):

port_str = str(p_public_url.port) if request.host_port != port_str:

if request.host_port in (None, “80”, “443”): request.host = p_public_url.netloc application_url = request.application_url

Save and close

go to cd /opt/syncserver and run this command :

make serve

If it fail check the error:

If it ok then go and restart apache:

/etc/init.d/apache2 restart

and

tail -f /var/log/apache2/error_sync.log

 

To check if there is errors.

Now go to Firefox and type firefoxsync.com you will get your connection is not secure click advanced:

The certificate is not trusted because it is self-signed!

Click add exception and then confirm.

You should get this message : “it works!”

 Now everything is working 🙂

Let change the url of sync server in Firefox so it will contact our own server in the VPS go to about:config

Search for identity.sync.tokenserver.uri. and replace value with https://firefoxsync.com/token/1.0/sync/1.5 http://sync.example.com/token/1.0/sync/1.5 https://firefoxsync.com/token/1.0/sync/1.5

Now let sign in and sync !

9.Test the SSL configurations

See the video :