Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

[How-To] Install Firefox Sync in a FreeNAS 9.10 Jail

kaipee

Newbie
Joined
Dec 20, 2014
Messages
26
Basic instructions here, will tidy up/format later

Install Firefox Sync v1.5
Code:
pkg update
pkg upgrade
pkg install nano
pkg install gmake
pkg install python
pkg install py27-pip
pkg install py27-virtualenv
pkg install py27-sqlite3
pkg install git
mkdir -p /usr/local/www/ffsync
mkdir -p /usr/local/www/ffsync/logs
cd /usr/local/www/ffsync
git clone https://github.com/mozilla-services/syncserver
cd ./syncserver
gmake serve


Configure FFsync
Generate secure hash head -c 20 /dev/urandom | shasum . Save this hash to be added to your ffsync config.
Edit syncserver.ini /usr/local/www/ffsync/syncserver/syncserver.ini
Code:
[server:main]
use = egg:gunicorn
host = 127.0.0.1
port = FFSYNC_PORT
workers = 2
timeout =60
forwarded_allow_ips = *

[app:main]
use = egg:syncserver

[syncserver]
# This must be edited to point to the public URL of your server,
# i.e. the URL as seen by Firefox.
public_url = https://YOUR_DOMAIN:YOUR_SSL_PORT

# This defines the database in which to store all server data.
sqluri = sqlite:////tmp/syncserver.db (or wherever you want to save your DB)

# This is a secret key used for signing authentication tokens.
# It should be long and randomly-generated.
# The following command will give a suitable value on *nix systems:
#
#	head -c 20 /dev/urandom | sha1sum
#
# If not specified then the server will generate a temporary one at startup.
secret = YOUR_SECRET_HASH

# Set this to "false" to disable new-user signups on the server.
# Only request by existing accounts will be honoured.
allow_new_users = false

# Set this to "true" to work around a mismatch between public_url and
# the application URL as seen by python, which can happen in certain reverse-
# proxy hosting setups.  It will overwrite the WSGI environ dict with the
# details from public_url.  This could have security implications if e.g.
# you tell the app that it's on HTTPS but it's really on HTTP, so it should
# only be used as a last resort and after careful checking of server config.
force_wsgi_environ = true

# Uncomment and edit the following to use a local BrowserID verifier
# rather than posting assertions to the mozilla-hosted verifier.
# Audiences should be set to your public_url without a trailing slash.
#[browserid]
#backend = tokenserver.verifiers.LocalVerifier
#audiences = https://localhost:5000

Start FFsync /usr/local/www/ffsync/syncserver/local/bin/gunicorn --daemon --log-file=/usr/local/www/ffsync/logs/ffsync.log --paste /usr/local/www/ffsync/syncserver/syncserver.ini

Install NGINX
Code:
pkg install nginx
mkdir -p /usr/local/etc/nginx/logs (put your logs here)
mkdir -p /usr/local/etc/nginx/certs (put your SSL certs here)
nano /etc/rc.conf
nginx_enable="YES"


Configure NGINX
Edit /usr/local/etc/nginx/nginx.conf
Code:
worker_processes  4;

events {
	worker_connections  1024;
	multi_accept on;
}

http {
	include	   mime.types;
	default_type  application/octet-stream;

	sendfile	   on;
	tcp_nopush	 on;
	tcp_nodelay	on;

	keepalive_timeout  65;
	client_body_timeout  30;
	client_header_timeout  30;
	send_timeout  30;
	client_max_body_size  64m;

	error_log /usr/local/etc/nginx/logs/error.log warn;
	access_log /usr/local/etc/nginx/logs/access.log;

	gzip  on;

	server_tokens off;
	add_header X-Frame-Options "SAMEORIGIN" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header X-Xss-Protection "1; mode=block" always;

	server {
		listen YOUR_SSL_PORT ssl;
		server_name YOUR_SUB.DOMAIN.TLD localhost YOUR_SERVER_IP;

		ssl_certificate /usr/local/www/certs/YOUR_CERT.crt;
		ssl_certificate_key /usr/local/www/certs/YOUR_KEY.key;
		ssl_trusted_certificate /usr/local/www/certs/YOUR_BUNDLE.crt;
		ssl_session_cache shared:SSL:50m;
		ssl_session_timeout 5m;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
		ssl_prefer_server_ciphers on;
		ssl_stapling on;
		resolver 8.8.8.8;
		add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

		location / {
			proxy_set_header Host $http_host;
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_redirect off;
			proxy_read_timeout 120;
			proxy_connect_timeout 10;
			proxy_pass http://127.0.0.1:FFSYNC_PORT/;
		}

	}

}

Start NGINX service nginx start

Browse to https://YOUR_DOMAIN:YOUR_SSL_PORT/token/1.0/sync/1.5 and check it returns an output
 
Last edited:

kaipee

Newbie
Joined
Dec 20, 2014
Messages
26
I would be interested in someone helping me make this into a plugin, and advise the correct procedure for turning firefox_sync into a service (able to auto-start)
 

ezra

FreeNAS Experienced
Joined
Jan 15, 2015
Messages
124
My man, you are amazing, thanks! Flawlessly used this guide...

Only problem indeed is the 'service' part. I'm using crontab @Reboot at this time but we sure need to fix this. I'd like to help with this if you're still up for the task.
 

silverback

FreeNAS Experienced
Joined
Jun 26, 2016
Messages
105
Top