How to install and configure own Firefox Sync Server – Weave – (ver. 1.5) – Debian.

1. Install some needed dependencies..

sudo apt-get install python-dev git-core python-virtualenv python-mysqldb mercurial libapache2-mod-wsgi libmysqlclient-dev php5-sqlite python make sqlite3

2. Create User and Group for syncserver – Firefox Sync – Weave.

Create user fx-sync:

• home – /opt/syncserver,
• no password,
• no login.

sudo useradd -d /opt/syncserver -m fx-sync
sudo adduser www-data fx-sync

3. Install own Firefox Sync Server – Weave.

Download and install newer version of Firefox Sync server to /opt folder.

cd /opt
sudo git clone https://github.com/mozilla-services/syncserver
cd syncserver
sudo make build
sudo make test

sudo chown fx-sync:fx-sync /opt/syncserver -R

4. Configure Firefox Sync Server – Weave.

Backup configfiles.

sudo cp -p /opt/syncserver/syncserver.ini /opt/syncserver/syncserver.ini-orig

4.1. Edit configfile syncserver.ini.

sudo nano /opt/syncserver/syncserver.ini

• hash: host and port,
• set up url address : public_url = https://fx-sync.domain.com,
• set up database – sqluri – sqluri = mysql://fx-sync:PASSWORD@localhost:3306/syncserver,

...
# host = 0.0.0.0
# port = 5000
use = egg:Paste
public_url = https://fx-sync.domena.pl
sqluri = mysql://fx-sync:HASŁO@localhost:3306/syncserver
...

5. Create database MySQL.

Create database and user: syncserver.

sudo mysql -u root -p

create database syncserver;
GRANT ALL PRIVILEGES ON syncserver.* TO fx-sync@localhost IDENTIFIED BY 'PASSWORD';
flush privileges;
quit

6. Configure DNS Server – Bind9

Tutorial – http://pl.terminal28.com/1-ip-bind-dns-buddysns-hosting-delegacja-debian-ubuntu Dodajemy do strefy np: domena.pl wpis:

fx-sync              CNAME        fx-sync.domain.com
fx-sync   	IN       A      <adres IP>

sudo /etc/init.d/bind9 restart

7. Configure Apache2 Server.

Create certificate SSL Tutorial – http://man.sethuper.com/instalacja-i-konfiguracja-apache-php5-ruby-python-webdav. Edit configfile: /etc/apache2/sites-available/syncserver, configure server and add permanent redirection to port 443 (SSL).

sudo mkdir /etc/apache2/{sites-available,sites-enabled}
sudo nano /etc/apache2/sites-available/syncserver

# fx-sync.domain.com
#=================================================================================
  ServerName fx-sync.domain.com
 ServerAdmin webmaster@domain.com

 DocumentRoot /opt/syncserver/

 ErrorLog /var/log/apache2/error.log
 CustomLog /var/log/apache2/access.log combined

 RewriteCond %{SERVER_PORT} !^443$
 RedirectMatch ^/$ https://fx-sync.domain.com

#=================================================================================


# fx-sync.domain.com
#=================================================================================
 ServerName fx-sync.domain.com
 ServerAdmin webmaster@domain.com
 DocumentRoot /opt/syncserver
 WSGIProcessGroup fx-sync
 WSGIDaemonProcess fx-sync user=fx-sync group=fx-sync processes=2 threads=25 python-path=/opt/syncserver/local/lib/python2.7/site-packages
 WSGIPassAuthorization On
 WSGIScriptAlias / /opt/syncserver/syncserver.wsgi

 ErrorLog /var/log/apache2/error-ssl.log
 CustomLog /var/log/apache2/access-ssl.log combined

 SSLEngine on
 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
 CustomLog ssl_request_log \
 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 SSLProtocol +SSLv3 +TLSv1

 SSLCertificateFile /etc/apache2/ssl/fx-sync/fx-sync.crt
 SSLCertificateFile /etc/apache2/ssl/domain.com.crt
 SSLCertificateKeyFile /etc/apache2/ssl/domain.com.key
 # SSLCertificateChainFile /etc/apache2/ssl/root_CA.crt

Important!
 
For Apache 2.2.
 <Directory "/opt/syncserver"> 
Order deny,allow 
Allow from all
 </Directory>  


# FOR Apache2.4 
<Directory "/opt/syncserver"> 
Require all granted 
</Directory>

#=================================================================================

7.1. Secure Firefox Sync Server against bots.

Create file .htaccess.

sudo nano /opt/syncserver/.htaccess

# Secure .htaccess
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

RewriteEngine On 
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] 
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] 
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] 
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] 
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] 
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] 
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] 
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] 
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] 
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] 
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] 
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] 
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] 
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] 
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] 
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] 
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] 
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] 
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] 
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] 
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Zeus 
RewriteRule ^.* - [F,L]

sudo chmod 644 /opt/syncserver/.htaccess

  Apache2 Configtest: 

sudo a2ensite syncserver

sudo apache2ctl configtest

Syntax OK

sudo /etc/init.d/apache2 restart

Test listening Firefox Sync – Weave.

 sudo ps auxwww | grep fx-sync

fx-sync   2988  0.0  0.5 663168 45964 ?        Sl   20:59   0:00 /usr/sbin/apache2 -k start
fx-sync   2989  0.0  0.5 663396 46032 ?        Sl   20:59   0:00 /usr/sbin/apache2 -k start
root      4485  0.0  0.0   7832   880 pts/0    S+   22:23   0:00 grep fx-sync

Acces to WWW:

• http://fx-sync.domain.com/
• https://fx-sync.domain.com/
• https://fx-sync.domain.com/token/1.0/sync/1.5

8. Configure Firefox.

Type url address:

about:config

Search:

services.sync.tokenServerURI

or

identity.sync.tokenserver.uri

Change value:

https://fx-sync.domain.com/token/1.0/sync/1.5

9. Updating Firefox Sync Server – Weave.

Add user fsync to /etc/mercurial/hgrc as trusted  user.

sudo nano /etc/mercurial/hgrc

# system-wide mercurial configuration file
# See hgrc(5) for more information

[trusted]
 users = fx-sync
 groups = fx-sync

Backup an update syncserver.

cd /opt
cp -pr syncserver syncserver-`date +%d.%m.%Y-%H:%M`
cd /opt/syncserver
sudo git pull -uv
sudo make build

sudo /etc/init.d/apache2 restart

From https://github.com/mozilla-services/syncserver
 = [up to date]      master     -> origin/master
 = [up to date]      cleanup    -> origin/cleanup
 = [up to date]      docker     -> origin/docker
 = [up to date]      rfk/reduce-requirements -> origin/rfk/reduce-requirements
 = [up to date]      rfk/strict-audience -> origin/rfk/strict-audience
 = [up to date]      use-persistent-db -> origin/use-persistent-db
Already up-to-date.

If for any reason the update fails, you should back up the defective update and restore previous backup.

cd /opt
sudo cp -pr syncserver syncserver-`date +%d.%m.%Y-%H:%M`-uszkodzony
sudo cp -pr syncserver-`date +%d.%m.%Y-%H:%M`syncserver
sudo /etc/init.d/apache2 restart

Example:

sudo cp -pr syncserver syncserver-08.12.2012-18:43-uszkodzony
sudo cp -pr fsync-22.10.2012-16:18 syncserver
sudo /etc/init.d/apache2 restart

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International