I recently shut down a VPS I was running for a couple of years, which also had an instance of my own Firefox syncserver. The original Mozilla guidelines I followed to install were based on Python 2.7 and some other outdated software. Fortunately, there is also a docker container available for the syncserver, which makes it easy to deal with the outdated software and to run the syncserver also on a machine with current software. As I already have MariaDB running on one of my servers, I wanted to tap into that to have multi-user access (the default sqlite setup does not allow that). It is important though, to let the container connect to your local host, if MariaDB only listens to localhost. This can be achieved by adding the
First we need a password for the database user which can be created by using
I chose the secret "Phee1quo" for this guideline to continue.
Login to MariaDB:
mysql -u root -p
create a new database
CREATE DATABSE syncserver_db;
as well as a user with password and grant the user all rights to the database
GRANT ALL ON syncserver_db.* TO 'syncserver'@'localhost' IDENTIFIED BY 'Phee1quo';
Create Docker Container for Syncserver
Create a secret for the syncserver
head -c 20 /dev/urandom | sha1sum
Which gives, for example, cd2fec6e5ca41dc725ebe8f884d50f32d40ea846
Create a directory for storing your data
And start up the docker container:
sudo docker run -d \ -v /home/<USER>/ffsyncserver:/data \ --network="host" \ -e SYNCSERVER_PUBLIC_URL=https://syncserver.your-domain.com \ -e SYNCSERVER_SECRET=cd2fec6e5ca41dc725ebe8f884d50f32d40ea846 \ -e SYNCSERVER_SQLURI=pymysql://syncserver:Phee1quo@127.0.0.1:3306/syncserver \ -e SYNCSERVER_BATCH_UPLOAD_ENABLED=true \ -e SYNCSERVER_FORCE_WSGI_ENVIRON=true \ -e PORT=5000 \ --restart always \ mozilla/syncserver:latest
Now we just need to create a virtual host in Apache
sudo nano /etc/apache2/sites-available/syncserver.conf
to create a reverse proxy that points to port 5000
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerName syncserver.YOUR-DOMAIN.com SSLEngine On CustomLog /var/log/apache2/access_sync.log combined ErrorLog /var/log/apache2/error_sync.log RewriteEngine On ProxyPass / http://127.0.0.1:5000/ ProxyPassReverse / http://127.0.0.1:5000/ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key </VirtualHost> </IfModule>
If you open a browser now and point it to your address https://syncserver.YOUR-DOMAIN.com, you should see a "it works" showing up.
Connect Firefox to your Syncserver
To configure Firefox on your desktop to communicate with your new Syncserver, go to “about:config”, search for “identity.sync.tokenserver.uri” and change its value to be the public URL of your server with a path of “token/1.0/sync/1.5”:
- identity.sync.tokenserver.uri: http://localhost:5000/token/1.0/sync/1.5
Alternatively, if you’re running your own Firefox Accounts server, and running Firefox 52 or later, see the documentation on how to Run your own Firefox Accounts Server for how to configure your client for both Sync and Firefox Accounts with a single preference.
Firefox for Android (“Daylight”, versions 79 and later) does support using a non-Mozilla-hosted Sync server. Before logging in, go to App Menu > Settings > About Firefox and click the logo 5 times. You should see a “debug menu enabled” notification. Go back to the main menu and you will see two options for a custom account server and a custom Sync server. Set the Sync server to the URL given above and then log in.
To configure Android Firefox 44 up to 78 to talk to your new Sync server, just set the “identity.sync.tokenserver.uri” exactly as above before signing in to Firefox Accounts and Sync on your Android device.
Important: after creating the Android account, changes to “identity.sync.tokenserver.uri” will be ignored. (If you need to change the URI, delete the Android account using the Settings > Sync > Disconnect… menu item, update the pref, and sign in again). Non-default TokenServer URLs are displayed in the Settings > Sync panel in Firefox for Android, so you should be able to verify your URL there.