Contents
- 1. Install some needed dependencies..
- 2. Create User and Group for syncserver – Firefox Sync – Weave.
- 3. Install own Firefox Sync Server – Weave.
- 4. Configure Firefox Sync Server – Weave.
- 5. Create database MySQL.
- 6. Configure DNS Server – Bind9
- 7. Configure Apache2 Server.
- 8. Configure Firefox.
- 9. Updating Firefox Sync Server – Weave.
[important]
Tested:
Debian 7.6.x, (64bit).
Debian 7.8.x, (64bit).
Debian 8.x.x, (64bit).
Apache 2.4.10
Apache 2 (2.2.1x) – tutorial,
Serwer MySQL (5.1.6x) – tutorial,
Serwer DNS -Bind 9 (9.7.x) – tutorial,
Mail server: Sendmail, Postfix, Qmail…
Python 2.6.
Python 2.7.
Windows 7 (64bit).
[/important]
1. Install some needed dependencies..
sudo apt-get install python-dev git-core python-virtualenv python-mysqldb mercurial libapache2-mod-wsgi libmysqlclient-dev php5-sqlite python make sqlite3
2. Create User and Group for syncserver – Firefox Sync – Weave.
Create user fx-sync:
- home – /opt/syncserver,
- no password,
- no login.
sudo useradd -d /opt/syncserver -m fx-sync sudo adduser www-data fx-sync
3. Install own Firefox Sync Server – Weave.
Download and install newer version of Firefox Sync server to /opt folder.
cd /opt sudo git clone https://github.com/mozilla-services/syncserver cd syncserver sudo make build sudo make test sudo chown fx-sync:fx-sync /opt/syncserver -R
4. Configure Firefox Sync Server – Weave.
Backup configfiles.
sudo cp -p /opt/syncserver/syncserver.ini /opt/syncserver/syncserver.ini-orig
4.1. Edit configfile syncserver.ini.
sudo nano /opt/syncserver/syncserver.ini
- hash: host and port,
- set up url address : public_url = https://fx-sync.domain.com,
- set up database – sqluri – sqluri = mysql://fx-sync:PASSWORD@localhost:3306/syncserver,
... # host = 0.0.0.0 # port = 5000 use = egg:Paste public_url = https://fx-sync.domena.pl sqluri = mysql://fx-sync:HASŁO@localhost:3306/syncserver ...
5. Create database MySQL.
Create database and user: syncserver.
sudo mysql -u root -p
create database syncserver;
GRANT ALL PRIVILEGES ON syncserver.* TO fx-sync@localhost IDENTIFIED BY 'PASSWORD';
flush privileges;
quit
6. Configure DNS Server – Bind9
Tutorial – http://pl.terminal28.com/1-ip-bind-dns-buddysns-hosting-delegacja-debian-ubuntu Dodajemy do strefy np: domena.pl wpis:
fx-sync CNAME fx-sync.domain.com
fx-sync IN A <adres IP>
sudo /etc/init.d/bind9 restart
7. Configure Apache2 Server.
Create certificate SSL Tutorial – http://man.sethuper.com/instalacja-i-konfiguracja-apache-php5-ruby-python-webdav. Edit configfile: /etc/apache2/sites-available/syncserver, configure server and add permanent redirection to port 443 (SSL).
sudo mkdir /etc/apache2/{sites-available,sites-enabled} sudo nano /etc/apache2/sites-available/syncserver
# fx-sync.domain.com #================================================================================= ServerName fx-sync.domain.com ServerAdmin webmaster@domain.com DocumentRoot /opt/syncserver/ ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined RewriteCond %{SERVER_PORT} !^443$ RedirectMatch ^/$ https://fx-sync.domain.com #================================================================================= # fx-sync.domain.com #================================================================================= ServerName fx-sync.domain.com ServerAdmin webmaster@domain.com DocumentRoot /opt/syncserver WSGIProcessGroup fx-sync WSGIDaemonProcess fx-sync user=fx-sync group=fx-sync processes=2 threads=25 python-path=/opt/syncserver/local/lib/python2.7/site-packages WSGIPassAuthorization On WSGIScriptAlias / /opt/syncserver/syncserver.wsgi ErrorLog /var/log/apache2/error-ssl.log CustomLog /var/log/apache2/access-ssl.log combined SSLEngine on SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" SSLProtocol +SSLv3 +TLSv1 SSLCertificateFile /etc/apache2/ssl/fx-sync/fx-sync.crt SSLCertificateFile /etc/apache2/ssl/domain.com.crt SSLCertificateKeyFile /etc/apache2/ssl/domain.com.key # SSLCertificateChainFile /etc/apache2/ssl/root_CA.crt [important] For Apache 2.2. <Directory "/opt/syncserver"> Order deny,allow Allow from all </Directory> # FOR Apache2.4 <Directory "/opt/syncserver"> Require all granted </Directory> [/important] #=================================================================================
7.1. Secure Firefox Sync Server against bots.
Create file .htaccess.
sudo nano /opt/syncserver/.htaccess
# Secure .htaccess <Files ~ "^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </Files> RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR] RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus RewriteRule ^.* - [F,L]
sudo chmod 644 /opt/syncserver/.htaccess
Apache2 Configtest:
sudo a2ensite syncserver
sudo apache2ctl configtest
Syntax OK
sudo /etc/init.d/apache2 restart
Test listening Firefox Sync – Weave.
sudo ps auxwww | grep fx-sync
fx-sync 2988 0.0 0.5 663168 45964 ? Sl 20:59 0:00 /usr/sbin/apache2 -k start fx-sync 2989 0.0 0.5 663396 46032 ? Sl 20:59 0:00 /usr/sbin/apache2 -k start root 4485 0.0 0.0 7832 880 pts/0 S+ 22:23 0:00 grep fx-sync
Acces to WWW:
- http://fx-sync.domain.com/
- https://fx-sync.domain.com/
- https://fx-sync.domain.com/token/1.0/sync/1.5
8. Configure Firefox.
Type url address:
about:config
Search:
services.sync.tokenServerURI
or
identity.sync.tokenserver.uri
Change value:
https://fx-sync.domain.com/token/1.0/sync/1.5
9. Updating Firefox Sync Server – Weave.
Add user fsync to /etc/mercurial/hgrc as trusted user.
sudo nano /etc/mercurial/hgrc
# system-wide mercurial configuration file
# See hgrc(5) for more information
[trusted] users = fx-sync groups = fx-sync
Backup an update syncserver.
cd /opt cp -pr syncserver syncserver-`date +%d.%m.%Y-%H:%M` cd /opt/syncserver sudo git pull -uv sudo make build
sudo /etc/init.d/apache2 restart
From https://github.com/mozilla-services/syncserver = [up to date] master -> origin/master = [up to date] cleanup -> origin/cleanup = [up to date] docker -> origin/docker = [up to date] rfk/reduce-requirements -> origin/rfk/reduce-requirements = [up to date] rfk/strict-audience -> origin/rfk/strict-audience = [up to date] use-persistent-db -> origin/use-persistent-db Already up-to-date.
If for any reason the update fails, you should back up the defective update and restore previous backup.
cd /opt sudo cp -pr syncserver syncserver-`date +%d.%m.%Y-%H:%M`-uszkodzony sudo cp -pr syncserver-`date +%d.%m.%Y-%H:%M`syncserver sudo /etc/init.d/apache2 restart
Example:
sudo cp -pr syncserver syncserver-08.12.2012-18:43-uszkodzony sudo cp -pr fsync-22.10.2012-16:18 syncserver sudo /etc/init.d/apache2 restart
[notice]
Support my work by donation. Thank You.
[/notice]