For the Firefox sync server to work we need the following software in place:

apt-get install python-dev mercurial  python-virtualenv libmysqlclient-dev python-mysqldb sqlite3 python-pastedeploy libapache2-mod-wsgi 

Note that I've planed to use a Apache web server and not the standalone application.

As the backend I want to use a MySQL database. Default the application uses sqlite but that doesn't fit my needs.

The application will create the needed tables at runtime, so you only need to prepare the database:

mysql -u root -p
create database mozilla;
GRANT ALL PRIVILEGES ON mozilla.* TO mozilla@localhost IDENTIFIED BY '<password>';
flush privileges;
exit

With these commands run you will now have a database called “mozilla” and a privileged user also called “mozilla”. You can of course modify this to your needs.

Next up is getting hold of the source files. For unknown reasons directory paths are being written to some of the files, so you can't easily download the files in one place and move them into an other. So create the Apache document root and retrieve the files from there:

mkdir /var/www/mozilla
cd /var/www/mozilla
hg clone https://hg.mozilla.org/services/server-full
cd server-full/
make build

Now change the permissions to let the Apache user read the application files and add a tmp directory for logging:

chown -R www-data.www-data mozilla/
find . -name ".hg*" -type d | xargs chown root.root
cd mozilla/server-full/
mkdir tmp

The “.hg” files needs to be owned by root otherwize Mercurial wouldn't update the files, as it needs to be owned by the user who is running the update itself (which will be root).

I need the application to run under a different user than the default Apache user thus I create an application user “mozilla” and assign the proper rights to the directories:

useradd mozilla
chown mozilla.mozilla mozilla/server-full/tmp
chgrp mozilla deps/server-reg/syncreg/templates
chmod 775 deps/server-reg/syncreg/templates
chgrp mozilla syncserver/templates
chmod 775 syncserver/templates

[captcha]
use = true
public_key = xxx
private_key = xxx
use_ssl = False

[storage]
backend = syncstorage.storage.sql.SQLStorage
sqluri = mysql://mozilla:password@localhost:3306/mozilla
standard_collections = False
use_quota = true
quota_size = 102400
pool_size = 100
pool_recycle = 3600
create_tables = true

[auth]
backend = services.user.sql.SQLUser
sqluri = mysql://mozilla:password@localhost:3306/mozilla
pool_size = 100
pool_recycle = 3600
create_tables = true

[nodes]
# You must set this to your client-visible server URL.
fallback_node = https://example.com/mozilla/

[smtp]
host = localhost
port = 25
sender = weave@example.com

[cef]
use = true
file = syslog
vendor = mozilla
version = 0
device_version = 1.3
product = weave

There are a couple of configuration files inside etc. As I want to use MySQL I use the mysql.conf as a template and copy it into sync.conf. As this contains passwords for the MySQL user and captcha keys it needs to be protected by permissions.

cd mozilla/server-full/etc
chmod 640 sync.conf 

Inside this file I've change this section to put the logfile into my tmp folder:

.
.
.

[handler_syncserver_errors]
class = handlers.RotatingFileHandler
args = ('/var/www/mozilla/server-full/tmp/sync-error.log',)
level = ERROR
formatter = generic
.
.
.

Inside this file I've also change the default cache directory to match my tmp folder:

.
.
.

# setting up the egg cache to a place where apache can write
os.environ['PYTHON_EGG_CACHE'] = '/var/www/mozilla/tmp/python-eggs'
.
.
.

As we use Apache as frontend that of course needs to be configured. I would like to use a SSL enabled vhost to protect username and password. Unfortunatly I only have one IP address so I must share that with other services. To get around that I use a subfolder “/mozilla”. This limitation has an other issue and that is the application has some enduser servicelinks for reset password and such, that doesn't work with subfolders.

    WSGIProcessGroup mozilla
    WSGIDaemonProcess mozilla user=mozilla group=mozilla processes=2 threads=25
    WSGIPassAuthorization On
    WSGIScriptAlias /mozilla /var/www/mozilla/server-full/sync.wsgi
<Directory "/var/www/mozilla/server-full">
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>

https://mozilla-sync.example.com/ This should give you the message 404 Not Found - The resource could not be found.

https://mozilla-sync.example.com/__heartbeat__ This will show an empty page, even if you look at the source code, it is empty. This is a special URL which could be used in monitoring to check if the sync server is properly working. It returns code 200 when running and error code 503 when something failed

https://mozilla-sync.example.com/weave-password-reset This is the URL which is used to reset the password and should display a nice web page where you can enter your username (e-mail address) and then request a reset key. I do not know if this web page already will be displayed at this point, as the database is still empty.

https://mozilla-sync.example.com/weave-delete-account This is the URL which is used to permanently delete an account and should display a nice web page where you can enter your username (e-mail address) and password to delete an existing account. I do not know if this web page already will be displayed at this point, as the database is still empty.

As we're updating inside the productionfolder a backup is vital. Put the following inside a little script:

cd /var/www/mozilla
cp -pr server-full server-full-`date +%Y.%m.%d-%H%M`	# backup the folder
cd /var/www/mozilla/server-full
hg pull -uv

about:sync-log

bin/easy_install paste bin/easy_install SQLAlchemy bin/easy_install Pylons