Table of Contents
For the Firefox sync server to work we need the following software in place:
apt-get install python-dev mercurial python-virtualenv libmysqlclient-dev python-mysqldb sqlite3 python-pastedeploy libapache2-mod-wsgi
Note that I've planed to use a Apache web server and not the standalone application.
As the backend I want to use a MySQL database. Default the application uses sqlite but that doesn't fit my needs.
The application will create the needed tables at runtime, so you only need to prepare the database:
mysql -u root -p create database mozilla; GRANT ALL PRIVILEGES ON mozilla.* TO mozilla@localhost IDENTIFIED BY '<password>'; flush privileges; exit
With these commands run you will now have a database called “mozilla” and a privileged user also called “mozilla”. You can of course modify this to your needs.
Next up is getting hold of the source files. For unknown reasons directory paths are being written to some of the files, so you can't easily download the files in one place and move them into an other. So create the Apache document root and retrieve the files from there:
mkdir /var/www/mozilla cd /var/www/mozilla hg clone https://hg.mozilla.org/services/server-full cd server-full/ make build
Now change the permissions to let the Apache user read the application files and add a tmp directory for logging:
chown -R www-data.www-data mozilla/ find . -name ".hg*" -type d | xargs chown root.root cd mozilla/server-full/ mkdir tmp
The “.hg” files needs to be owned by root otherwize Mercurial wouldn't update the files, as it needs to be owned by the user who is running the update itself (which will be root).
I need the application to run under a different user than the default Apache user thus I create an application user “mozilla” and assign the proper rights to the directories:
useradd mozilla chown mozilla.mozilla mozilla/server-full/tmp chgrp mozilla deps/server-reg/syncreg/templates chmod 775 deps/server-reg/syncreg/templates chgrp mozilla syncserver/templates chmod 775 syncserver/templates
[captcha] use = true public_key = xxx private_key = xxx use_ssl = False [storage] backend = syncstorage.storage.sql.SQLStorage sqluri = mysql://mozilla:password@localhost:3306/mozilla standard_collections = False use_quota = true quota_size = 102400 pool_size = 100 pool_recycle = 3600 create_tables = true [auth] backend = services.user.sql.SQLUser sqluri = mysql://mozilla:password@localhost:3306/mozilla pool_size = 100 pool_recycle = 3600 create_tables = true [nodes] # You must set this to your client-visible server URL. fallback_node = https://example.com/mozilla/ [smtp] host = localhost port = 25 sender = firstname.lastname@example.org [cef] use = true file = syslog vendor = mozilla version = 0 device_version = 1.3 product = weave
There are a couple of configuration files inside etc. As I want to use MySQL I use the mysql.conf as a template and copy it into sync.conf. As this contains passwords for the MySQL user and captcha keys it needs to be protected by permissions.
cd mozilla/server-full/etc chmod 640 sync.conf
Inside this file I've change this section to put the logfile into my tmp folder:
. . . [handler_syncserver_errors] class = handlers.RotatingFileHandler args = ('/var/www/mozilla/server-full/tmp/sync-error.log',) level = ERROR formatter = generic . . .
Inside this file I've also change the default cache directory to match my tmp folder:
. . . # setting up the egg cache to a place where apache can write os.environ['PYTHON_EGG_CACHE'] = '/var/www/mozilla/tmp/python-eggs' . . .
As we use Apache as frontend that of course needs to be configured. I would like to use a SSL enabled vhost to protect username and password. Unfortunatly I only have one IP address so I must share that with other services. To get around that I use a subfolder “/mozilla”. This limitation has an other issue and that is the application has some enduser servicelinks for reset password and such, that doesn't work with subfolders.
WSGIProcessGroup mozilla WSGIDaemonProcess mozilla user=mozilla group=mozilla processes=2 threads=25 WSGIPassAuthorization On WSGIScriptAlias /mozilla /var/www/mozilla/server-full/sync.wsgi <Directory "/var/www/mozilla/server-full"> AllowOverride All Order allow,deny Allow from all </Directory>
Enduser service links
https://mozilla-sync.example.com/ This should give you the message 404 Not Found - The resource could not be found.
https://mozilla-sync.example.com/__heartbeat__ This will show an empty page, even if you look at the source code, it is empty. This is a special URL which could be used in monitoring to check if the sync server is properly working. It returns code 200 when running and error code 503 when something failed
https://mozilla-sync.example.com/weave-password-reset This is the URL which is used to reset the password and should display a nice web page where you can enter your username (e-mail address) and then request a reset key. I do not know if this web page already will be displayed at this point, as the database is still empty.
https://mozilla-sync.example.com/weave-delete-account This is the URL which is used to permanently delete an account and should display a nice web page where you can enter your username (e-mail address) and password to delete an existing account. I do not know if this web page already will be displayed at this point, as the database is still empty.
Backup and Update
As we're updating inside the productionfolder a backup is vital. Put the following inside a little script:
cd /var/www/mozilla cp -pr server-full server-full-`date +%Y.%m.%d-%H%M` # backup the folder cd /var/www/mozilla/server-full hg pull -uv
Not sure ....
bin/easy_install paste bin/easy_install SQLAlchemy bin/easy_install Pylons