Mozilla Custom Sync Server Installation on FreeBSD


This installation guide describes the steps I have done to install my own Mozilla Sync Server (the "new" one based on Python) on FreeBSD 7.4-RELEASE. It is running with Apache (2.2.22) with mod_wsgi (3.3) and Python (2.7.2), which have been installed from FreeBSD Ports (the versions used are from early February 2012). It is running with an own SSL enabled virtual webhosting and with a local MySQL database server as backend.

The instructions below should be adaptable to any other unix-like operating system, like Linux. They are based on the instructions available in Run your own Sync Server from Mozilla Services Documentation. I have also added some more configuration, like what is needed to have a working passwort reset and user deletion available, which I have learned from the Mozilla developers, mostly from Toby Elliott.

Important note: It is recommended to follow this guide with every step. Do not leave out any of it and also do not do something else found in other guides (e.g. running it with paster for testing, as it is described in Run your own Sync Server, as this will create the log file, and probably other files, with the wrong permissions and then it will not run through Apache / mod_wsgi).

For alternative installation solutions see the Other Documentation and Alternate Installation paragraphs.

If you see any error or typo in this guide, or have some other addition, please send an e-mail.


Table of Contents



Prerequisites

As I had Apache and MySQL server already installed and configured, I will not go into details here, there are enough other information available on the net on how to do this.

All the steps in this guide have been done as user root and with a default umask of 0022 (check with the whoami and umask command).

To install the needed Ports, run the following commands, which may pull in Apache and Python as dependency:
portinstall devel/py-virtualenv
portinstall devel/mercurial
portinstall devel/gmake           # GNU make, may already be installed
portinstall www/mod_wsgi3


Building the Sync Server

As everything (source code and the runnig programms) will be in a self contained directory, I have installed it in /opt/mozilla/server-full. Paths and directory names can be adjusted to your own taste. To create the needed directory, download and build the server, run the following commands:
mkdir -p /opt/mozilla
cd /opt/mozilla
hg clone https://hg.mozilla.org/services/server-full server-full
# the above command does the checkout from the Mozilla repository,
# the last option (server-full) is only needed if you would like
# to have it in a different sub directory
cd server-full
gmake build			# on Linux system use 'make' instead of 'gmake'
bin/easy_install Mysql-Python	# to be able to use the MySQL backend

If you already had done the above hg clone https://hg.mozilla.org/services/server-full and gmake build command before 07. February 2012, then the configuration example below will not work for your installation, as this had built an older prod channel. If your installation is not running yet, I recommend to move the existing server-full directory away and to do a fresh start.


Create Unix User and MySQL Database


A system user account and group is needed for Apache to run the wsgi stuff with. I have created the user account like this (adapt it for other operating systems). Adjust the Home directory according to the install path you have used above:
adduser -D			# -D = Do not attempt to create the home directory.
Username: mozsync
Full name: Mozilla SyncServer
Uid [1001]: 10xx		# adjust to your environment or use the recommendation
Login group [mozsync]: 
Login group is mozsync. Invite mozsync into other groups? []: 
Login class [default]: 
Shell (sh csh tcsh bash ftponly bash rbash nologin) [bash]: nologin
Home directory [/home/mozsync]: /opt/mozilla/server-full
Home directory permissions (Leave empty for default): 
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]: yes
Username   : mozsync
Password   : <disabled>
Full Name  : Mozilla SyncServer
Uid        : 10xx
Class      : 
Groups     : mozsync 
Home       : /opt/mozilla/server-full
Home Mode  : 
Shell      : /usr/sbin/nologin
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (mozsync) to the user database.
adduser: INFO: Account (mozsync) is locked.
Add another user? (yes/no): no
Goodbye!

For the backend a MySQL database is used for the Sync Server. I have used a locally installed MySQL server, but this can also be a dedicated MySQL server on a other host, just adjust accordingly. To create the database and user, the following steps are needed. Replace <password> with a new password (for example create one with makepasswd --minchar=10 --maxchar=20):
mysql -u root -p
mysql> create database mozilla_sync;
mysql> GRANT ALL PRIVILEGES ON mozilla_sync.* TO mozsync@localhost IDENTIFIED BY '<password>';
mysql> flush privileges;
mysql> exit


Sync Server Configuration

For all the configuration files with local modifications, I have created my own local copy, to protect from beeing overwritten with future updates. For a start, I have copied the existing file and then modfied:
cp -p etc/sync.conf etc/mozilla-sync.conf
cp -p development.ini production.ini
cp -p sync.wsgi mozilla-sync.wsgi
$EDITOR etc/mozilla-sync.conf

Below the modification done in etc/mozilla-sync.conf in a kind of diff -u style with some context, but also some lines missing from the config file. The line which start with - have been modified to the one which start with +, lines which start with a blank have not been modified. Or download the complete etc/mozilla-sync.conf. Replace <password> with the password which has been used for the mozsync user in MySQL and also replace example.com with your own domain name:
-use_ssl = false
+use_ssl = true

 [storage]
 backend = syncstorage.storage.sql.SQLStorage
-sqluri = sqlite:////tmp/test.db
+sqluri = mysql://mozsync:<password>@localhost:3306/mozilla_sync
 standard_collections = false
 use_quota = true
-quota_size = 5120
+quota_size = 10240
-pool_size = 100
+pool_size = 20    # reduced, because MySQL max_connections is set to 100 (default)

 [auth]
 backend = services.user.sql.SQLUser
-sqluri = sqlite:////tmp/test.db
+sqluri = mysql://mozsync:<password>@localhost:3306/mozilla_sync
-pool_size = 100
+pool_size = 20    # reduced, because MySQL max_connections is set to 100 (default)
 pool_recycle = 3600
 create_tables = true
+
+[reset_codes]
+backend = services.resetcodes.rc_sql.ResetCodeSQL
+sqluri = mysql://mozsync:<password>@localhost:3306/mozilla_sync
+create_tables = true
  
 [nodes]
-fallback_node = http://localhost:5000/
+fallback_node = https://mozilla-sync.example.com/

 [smtp]
 host = localhost
 port = 25
-sender = weave@mozilla.com
+sender = mozilla-sync@example.com

Modify permission on etc/mozilla-sync.conf, as it contains login credential to the MySQL database and should not be world readable. And edit the next config file:
chmod 640 etc/mozilla-sync.conf
chgrp mozsync etc/mozilla-sync.conf
$EDITOR production.ini

Below the modification done in production.ini, again in a kind of diff -u style with some context. Or download the complete production.ini. Adjust the path to your environment:
 [DEFAULT]
-debug = True
+debug = False

 [app:main]
 use = egg:SyncServer
-configuration = file:%(here)s/etc/sync.conf
+configuration = file:%(here)s/etc/mozilla-sync.conf

 [handler_syncserver_errors]
 class = handlers.RotatingFileHandler
-args = ('/tmp/sync-error.log',)
+args = ('/opt/mozilla/server-full/tmp/sync-error.log',)

Below the modification done in mozilla-sync.wsgi, again in a kind of diff -u style with some context. Or download the complete mozilla-sync.wsgi. I have moved the /tmp/python-eggs directory to the Mozilla Sync Server directory, because my /tmp is mounted with the noexec option. Adjust the path to your environment:
 # setting up the egg cache to a place where apache can write
-os.environ['PYTHON_EGG_CACHE'] = '/tmp/python-eggs'
+os.environ['PYTHON_EGG_CACHE'] = '/opt/mozilla/server-full/tmp/python-eggs'
 
 # setting up logging
-ini_file = os.path.join(_CURDIR, 'development.ini')
+ini_file = os.path.join(_CURDIR, 'production.ini')

And again some file system manipulation, creating the tmp directory and modify permissions on it, on deps/server-reg/syncreg/templates and also on syncserver/templates. This is needed for the password reset to work, as the web server running with the unix user mozsync needs to be able to write the *.mako.pyc and *.mako.py files from the existing *.mako files:
mkdir tmp
chown mozsync:mozsync tmp
chmod 750 tmp
chgrp mozsync deps/server-reg/syncreg/templates
chmod 775 deps/server-reg/syncreg/templates
chgrp mozsync syncserver/templates
chmod 775 syncserver/templates


Apache Configuration

I have added the following two parts to my Apache configuration. The first contains a permanent redirection from http to https, and the second for the real Mozilla Sync Server which will be running on https (SSL). I even use with https the VirtualHost configuration. But this works only if you have a wildcard certificate (*.examlple.com), and all virtual https hostings are with <somehostname>.example.com. Details about the WSGI* options can be found in the wiki page Configuration Directives from the mod_wsgi web site.
Adjust the paths according to your Apache and Mozilla Sync Server setup:
# http://mozilla-sync.example.com/
<VirtualHost *:80>
ServerName mozilla-sync.example.com
ServerAdmin webmaster@example.com
Redirect permanent / https://mozilla-sync.example.com/
ErrorLog /usr/local/www/mozilla-sync.example.com/logs/error.log
CustomLog /usr/local/www/mozilla-sync.example.com/logs/access.log combined
</VirtualHost>
# https://mozilla-sync.example.com/
<VirtualHost *:443>
Servername mozilla-sync.example.com
ServerAdmin webmaster@example.com
DocumentRoot /opt/mozilla/server-full
WSGIProcessGroup mozilla-sync.example.com
WSGIDaemonProcess mozilla-sync.example.com user=mozsync group=mozsync processes=2 threads=25
WSGIPassAuthorization On
WSGIScriptAlias / /opt/mozilla/server-full/mozilla-sync.wsgi
ErrorLog /usr/local/www/mozilla-sync.example.com/logs/error-https.log
CustomLog /usr/local/www/mozilla-sync.example.com/logs/access-https.log combined
CustomLog /usr/local/www/mozilla-sync.example.com/logs/ssl_request.log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
#SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2	# with OpenSSL 1.0.1 or later
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH
SSLCertificateFile /usr/local/etc/apache22/ssl.crt/wildcard.example.com.crt
SSLCertificateKeyFile /usr/local/etc/apache22/ssl.key/wildcard.example.com.key
SSLCertificateChainFile /usr/local/etc/apache22/ssl.crt/intermediate_and_root_CA.crt
<Directory /opt/mozilla/server-full>
  Order deny,allow
  Allow from all
</Directory>
</VirtualHost>

Remark: If you are using Firefox for Android, you need also to enable the RC4 cipher, just remove the ! in front of RC4 in the SSLCipherSuite line in the above configuration.
Now check the Apache config, and if everything is fine, restart Apache. The restart (and not only apachectl graceful) is needed because we made changes to the SSL configuration. To do so, run this commands:
apachectl configtest    # (Linux: 'apache2ctl configtest') should return "Syntax OK"
/usr/local/etc/rc.d/apache22 restart    # (Linux: '/etc/init.d/apache2 restart')


DNS Configuration

To be able to use the just created Mozilla Custom Sync Server, add one of the following entries to your example.com DNS zone depending on how you have setup the other webhostings:
mozilla-sync	IN CNAME	<servername>.example.com.
mozilla-sync	IN A	<IP-address>
mozilla-sync	IN AAAA	<IPv6-address>	# if you also have IPv6

To activate the new entry, you need to tell bind (see your manual, if you use an other DNS server) to reload the zone with:
rndc reload


Mail Configuration

Here are two steps needed, one you need to enable the e-mail address mozilla-sync@example.com on your mail server. And second you need to allow the local user mozsync on the web server to send e-mail with the sending adress mozilla-sync@example.com. As this depends a lot on your local setup and used MTA (for example Sendmail, Postfix or any other), you should know best how to do this on your system.

The only hint I leave here is for Sendmail users, you need to add the following line to the file /etc/mail/trusted-users, which will allow the user mozsync (in the end the Mozilla Custom Sync Server) to set a different sender address in outbound e-mails:
mozsync

And then restart Sendmail with:
/etc/rc.d/sendmail restart


Testing the Mozilla Custom Sync Server

There are a few things which can be done to see if the server is running, before we use Firefox to sync the bookmarks & Co. First check if the Apache processes are running with the mozsync user with:
ps auxwww | grep mozsync		# this should display something like the following two lines:
mozsync 72438  0.0  0.9 152712 39580  ??  I    12:39AM   0:31.57 /usr/local/sbin/httpd -DNOHTTPACCEPT
mozsync 72439  0.0  0.8 147592 35264  ??  I    12:39AM   0:34.18 /usr/local/sbin/httpd -DNOHTTPACCEPT

If this is ok, try to access the following URLs with a browser:
  • https://mozilla-sync.example.com/
    This should give you the message 404 Not Found - The resource could not be found.
  • https://mozilla-sync.example.com/__heartbeat__
    This will show an empty page, even if you look at the source code, it is empty. This is a special URL which could be used in monitoring to check if the sync server is properly working. It returns code 200 when running and error code 503 when something failed
  • https://mozilla-sync.example.com/weave-password-reset
    This is the URL which is used to reset the password and should display a nice web page where you can enter your username (e-mail address) and then request a reset key. I do not know if this web page already will be displayed at this point, as the database is still empty.
  • https://mozilla-sync.example.com/weave-delete-account
    This is the URL which is used to permanently delete an account and should display a nice web page where you can enter your username (e-mail address) and password to delete an existing account. I do not know if this web page already will be displayed at this point, as the database is still empty.
If something did not work, see the Troubleshooting paragraph below. If you are not able to solve your issue, see the the Support paragraph on how to get some more help.


Firefox Configuration

Ok, now it is the time to use Firefox to sync your bookmarks & Co. But, first one little additional step is needed, if there is a self-signed SSL certificate (and not one signed from a known Certificate Authority) on the web server. To test, and when needed, to import it, first visit for example https://mozilla-sync.example.com/weave-password-reset. If you do not see a certificate error, everthing is fine an you can contiune with the setup below. If you see the message "This Connection is Untrusted", then go through the steps to add an exception for this server. If you do not do this now, the setup of sync will fail with "invalid URL".
Note: Self-signed certificates to not work on non-rooted Android devices.

To start the sync setup, go into the Firefox Preferences and click on the Sync tab:

Click on Set Up Firefox Sync, a new window will open:

Click on Create a New Account, and you will see this:

For the Server: select Use a custom server... and enter the URL https://mozilla-sync.example.com/ for your server and press the Tab key. The picture below shows the error, because the Mozilla Sync Server on the entered URL is not working:

If your server is working correctly, after a short moment the reCAPTCHA will disapear and it should look like this:

Your server is now a valid Mozilla Custom Sync Server. Now you can enter your e-mail address, and the password above and click on Continue. It will start to sync your bookmarks to the server.

If you see this yellow bar at the bottom of your Firefox window:
Sync encountered an error while syncing: Incorrect account name or password. Sync will automatically retry this action.

Then you need to run apachectl graceful (Linux: apache2ctl graceful) on the server, or wait up to 1 hour, and then select Tools / Sync Now from the menu in Firefox. The developers at Mozilla are aware of this problem and try to find the real cause of it. Hopefully they are able to resolve this.


Updating the Sync Server

To install the current productive version of the Sync Server itself and also update / rebuild the self contained Python installation, you need to do a few steps.

First create a backup of the currently running installation and update the local repository:
cd /opt/mozilla
cp -pr server-full server-full-`date +%Y.%m.%d-%H%M`	# backup the folder
cd /opt/mozilla/server-full
hg pull -uv			# this will update the local repository
If you would like to just update the dependant repositories, without rebuilding any of the third-party dependencies from PyPI, then you should run this commands (virtualenv command is only needed, when your system wide Python installation is newer then the one in /opt/mozilla/server-full/):
virtualenv --no-site-packages --distribute .
gmake update                    # on Linux system use 'make' instead of 'gmake'
To also rebuild the locally Python installation and dependencies run the following command:
gmake build                     # on Linux system use 'make' instead of 'gmake'
The above command does the same building, as it was done during the installation in the Building the Sync Server paragraph.
To activate the newly built and updated installation, the Apache server needs to be reload, run:
apachectl graceful              # (Linux: 'apache2ctl graceful')
If everything worked fine, you should be able to sync with all your clients, if something failed, use the hints in Troubleshooting. If you need to go back to the previous installation, do the following steps:
cd /opt/mozilla
mv server-full server-full-`date +%Y.%m.%d-%H%M`-broken     # rename the broken folder
cp -pr server-full-2012.05.25-1608 server-full	     # use the right folder as source!
apachectl graceful    				     # (Linux: 'apache2ctl graceful')
The steps described above do update to the latest version in the prod channel. If you like the adventure, you can use the latest development version. To do this, add CHANNEL=dev to the gmake build command (on your own risk!):
gmake build CHANNEL=dev         # on Linux system use 'make' instead of 'gmake'
And also reload the Apache server:
apachectl graceful              # (Linux: 'apache2ctl graceful')


Troubleshooting

Sync Server

If with the above steps something fails, and you do not see anything usefull in /usr/local/www/mozilla-sync.example.com/logs/error-https.log or in /opt/mozilla/server-full/tmp/sync-error.log, then you should enable debug in production.ini. To do so change the following line (again in diff -u style):
 [DEFAULT]
-debug = False
+debug = True

And run the following command to activate the new configuration:
apachectl graceful    # (Linux: 'apache2ctl graceful')

Now you should be able to see more in the above mentioned log files. This will hopefully point you in the right direction to be able to fix it.

MySQL Server

If you already created (or tried to create) the account from Firefox, there are a few queries which can be done on the MySQL Server to check if the database access is working and tables have been created:
mysql -u root -p
mysql> use mozilla_sync
mysql> show tables;
+------------------------+
| Tables_in_mozilla_sync |
+------------------------+
| collections            |
| reset_codes            |
| user                   |
| users                  |
| wbo                    |
+------------------------+
5 rows in set (0.00 sec)

mysql> select * from user \G
*************************** 1. row ***************************
       userid: 1
     username: <random-characters-and-numbers>
     password: {SSHA-256}<random-characters-and-numbers-but-a-little-bit-longer>==
accountStatus: 1
         mail: user@example.com
 mailVerified: 0
     syncNode: NULL
1 row in set (0.00 sec)

mysql> select * from collections;
+--------+--------------+-----------+
| userid | collectionid | name      |
+--------+--------------+-----------+
|      1 |            0 | meta      | 
|      1 |            1 | crypto    | 
|      1 |            2 | clients   | 
|      1 |            3 | bookmarks | 
|      1 |            4 | forms     | 
|      1 |            5 | history   | 
|      1 |            6 | passwords | 
|      1 |            7 | prefs     | 
|      1 |            8 | tabs      | 
+--------+--------------+-----------+
9 rows in set (0.00 sec)

mysql> select count(*) from wbo;
+----------+
| count(*) |
+----------+
|     6345 | 
+----------+
1 row in set (0.02 sec)

mysql> exit
If the show tables; query shows the above output, then the tables have been created.
If the select * from user \G query shows the user entry, then the user account has been created.
If the select * from collections; query shows all 9 rows, then even more is working.
If the select count(*) from wbo; query shows anything above just a few, then your bookmarks have been synced.


Support

If you still have some difficulties with your setup or some other open questions regarding the Mozilla Sync Server, then the services-dev mailing list at Mozilla is usually very helpful. Just subscribe to it and send your question to the mentioned e-mail address. Be patient, as this mailing list is moderated for new subscribers. Your e-mail will be held back until one of the moderator does approve it to be sent to the list. I also follow this mailing list and try to be as helpful as possible.


Other Documentation



Alternate Installation

In this paragraph are information about alternate installation solutions:

Installation with mod_fcgid

The modifications and steps below have been pointed out to me from AndCycle. I have not tested this installation myself. To use mod_fcgid instead of mod_wsgi, a few modifications to the steps above are needed.

One global change are the permissions used with mod_fcgid. You do not need to create the user / group mozsync, as it is not used. But instead you need to adjust all the commands where permissions are set to the user and group which the running Apache is using (usually something like www or www-data, according to your system).

Also the following modifications are needed:

In the Prerequisites paragraph instead of installing mod_wsgi, do the following:
portinstall www/mod_fcgid

In the Building the Sync Server paragraph the following additional step is needed:
bin/easy_install flup

In the Sync Server Configuration paragraph instead of copying the sync.wsgi to mozilla-sync.wsgi, do the following:
cp -p sync.wsgi mozilla-sync.fcgi

Below the modification done in mozilla-sync.fcgi, again in a kind of diff -u style with some context. Or download the complete mozilla-sync.fcgi. I have moved the /tmp/python-eggs directory to the Mozilla Sync Server directory, because my /tmp is mounted with the noexec option. Adjust the path to your environment:
+#!/opt/mozilla/server-full/bin/python
 # -*- coding: utf8 -*-
 # ***** BEGIN LICENSE BLOCK *****

 # setting up the egg cache to a place where apache can write
-os.environ['PYTHON_EGG_CACHE'] = '/tmp/python-eggs'
+os.environ['PYTHON_EGG_CACHE'] = '/opt/mozilla/server-full/tmp/python-eggs'
 
 # setting up logging
-ini_file = os.path.join(_CURDIR, 'development.ini')
+ini_file = os.path.join(_CURDIR, 'production.ini')

 # running the app using Paste
 from paste.deploy import loadapp
 application = loadapp('config:%s'% ini_file)
+
+if __name__ == '__main__':
+    from flup.server.fcgi import WSGIServer
+    WSGIServer(application).run()

The following permissions of the mozilla-sync.fcgi needs to be changed, so Apache is able to execute this .fcgi script:
chmod a+x mozilla-sync.fcgi

In the Apache Configuration paragraph instead of the provided configuration, use this one:
# http://mozilla-sync.example.com/
<VirtualHost *:80>
ServerName mozilla-sync.example.com
ServerAdmin webmaster@example.com
Redirect permanent / https://mozilla-sync.example.com/
ErrorLog /usr/local/www/mozilla-sync.example.com/logs/error.log
CustomLog /usr/local/www/mozilla-sync.example.com/logs/access.log combined
</VirtualHost>
# https://mozilla-sync.example.com/
<VirtualHost *:443>
Servername mozilla-sync.example.com
ServerAdmin webmaster@example.com
DocumentRoot /opt/mozilla/server-full

AddHandler fcgid-script .fcgi
#caution! if you don't pass header it won't be able to auth:
FcgidPassHeader Authorization
RewriteEngine On
RewriteRule ^(.*)$ /opt/mozilla/server-full/server-full/mozilla-sync.fcgi/$1

ErrorLog /usr/local/www/mozilla-sync.example.com/logs/error-https.log
CustomLog /usr/local/www/mozilla-sync.example.com/logs/access-https.log combined
CustomLog /usr/local/www/mozilla-sync.example.com/logs/ssl_request.log \
	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH
SSLCertificateFile /usr/local/etc/apache22/ssl.crt/wildcard.example.com.crt
SSLCertificateKeyFile /usr/local/etc/apache22/ssl.key/wildcard.example.com.key
SSLCertificateChainFile /usr/local/etc/apache22/ssl.crt/intermediate_and_root_CA.crt

<Directory /opt/mozilla/server-full>
 Options +ExecCGI
 AllowOverride all
 Order allow,deny
 Allow from all
</Directory>

This are all modification steps needed to use mod_fcgid instead of mod_wsgi.


References

Here are the outputs of MySQL show create table <tablename>\G and describe <tablename>; commands for reference. This could proably also be helpful in debugging. The tables are created automatically from the Mozilla Sync Server. On my installation the table users is not used and empty. As far as I know, this is the "old" user table which is used with backend = services.auth.sql.SQLAuth in the [auth] section of etc/mozilla-sync.conf. This could be helpful when upgrading from an existing weave installation.

To check on your system, first run the following commands, and then the one for each table (the ENGINE=InnoDB part could be different, depending on the default database engine used in your MySQL installation):
mysql -u root -p
mysql> use mozilla_sync
mysql> show tables;
+------------------------+
| Tables_in_mozilla_sync |
+------------------------+
| collections            |
| reset_codes            |
| user                   |
| users                  |
| wbo                    |
+------------------------+
5 rows in set (0.00 sec)

mysql> 

Table collections:
mysql> show create table collections\G
*************************** 1. row ***************************
       Table: collections
Create Table: CREATE TABLE `collections` (
  `userid` int(11) NOT NULL auto_increment,
  `collectionid` int(11) NOT NULL,
  `name` varchar(32) NOT NULL,
  PRIMARY KEY  (`userid`,`collectionid`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1
1 row in set (0.01 sec)

mysql> describe collections;
+--------------+-------------+------+-----+---------+----------------+
| Field        | Type        | Null | Key | Default | Extra          |
+--------------+-------------+------+-----+---------+----------------+
| userid       | int(11)     | NO   | PRI | NULL    | auto_increment | 
| collectionid | int(11)     | NO   | PRI | NULL    |                | 
| name         | varchar(32) | NO   |     | NULL    |                | 
+--------------+-------------+------+-----+---------+----------------+
3 rows in set (0.01 sec)

mysql> 

Table reset_codes:
mysql> show create table reset_codes\G
*************************** 1. row ***************************
       Table: reset_codes
Create Table: CREATE TABLE `reset_codes` (
  `username` varchar(32) NOT NULL,
  `product` varchar(32) NOT NULL,
  `reset` varchar(32) default NULL,
  `expiration` datetime default NULL,
  PRIMARY KEY  (`username`,`product`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1
1 row in set (0.00 sec)

mysql> describe reset_codes;
+------------+-------------+------+-----+---------+-------+
| Field      | Type        | Null | Key | Default | Extra |
+------------+-------------+------+-----+---------+-------+
| username   | varchar(32) | NO   | PRI | NULL    |       | 
| product    | varchar(32) | NO   | PRI | NULL    |       | 
| reset      | varchar(32) | YES  |     | NULL    |       | 
| expiration | datetime    | YES  |     | NULL    |       | 
+------------+-------------+------+-----+---------+-------+
4 rows in set (0.00 sec)

mysql> 

Table user:
mysql> show create table user\G
*************************** 1. row ***************************
       Table: user
Create Table: CREATE TABLE `user` (
  `userid` int(11) NOT NULL auto_increment,
  `username` varchar(32) NOT NULL,
  `password` varchar(128) default NULL,
  `accountStatus` int(11) default NULL,
  `mail` varchar(64) default NULL,
  `mailVerified` int(11) default NULL,
  `syncNode` varchar(64) default NULL,
  PRIMARY KEY  (`userid`),
  UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1
1 row in set (0.00 sec)

mysql> describe user;
+---------------+--------------+------+-----+---------+----------------+
| Field         | Type         | Null | Key | Default | Extra          |
+---------------+--------------+------+-----+---------+----------------+
| userid        | int(11)      | NO   | PRI | NULL    | auto_increment | 
| username      | varchar(32)  | NO   | UNI | NULL    |                | 
| password      | varchar(128) | YES  |     | NULL    |                | 
| accountStatus | int(11)      | YES  |     | NULL    |                | 
| mail          | varchar(64)  | YES  |     | NULL    |                | 
| mailVerified  | int(11)      | YES  |     | NULL    |                | 
| syncNode      | varchar(64)  | YES  |     | NULL    |                | 
+---------------+--------------+------+-----+---------+----------------+
7 rows in set (0.01 sec)

mysql> 

Table users:
This is the table which is not used in my installation.
mysql> show create table users\G
*************************** 1. row ***************************
       Table: users
Create Table: CREATE TABLE `users` (
  `id` int(11) NOT NULL auto_increment,
  `username` varchar(32) default NULL,
  `password_hash` varchar(128) default NULL,
  `email` varchar(64) default NULL,
  `status` int(11) default NULL,
  `alert` text,
  `reset` varchar(32) default NULL,
  `reset_expiration` datetime default NULL,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `username` (`username`,`password_hash`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1
1 row in set (0.00 sec)

mysql> describe users;
+------------------+--------------+------+-----+---------+----------------+
| Field            | Type         | Null | Key | Default | Extra          |
+------------------+--------------+------+-----+---------+----------------+
| id               | int(11)      | NO   | PRI | NULL    | auto_increment | 
| username         | varchar(32)  | YES  | MUL | NULL    |                | 
| password_hash    | varchar(128) | YES  |     | NULL    |                | 
| email            | varchar(64)  | YES  |     | NULL    |                | 
| status           | int(11)      | YES  |     | NULL    |                | 
| alert            | text         | YES  |     | NULL    |                | 
| reset            | varchar(32)  | YES  |     | NULL    |                | 
| reset_expiration | datetime     | YES  |     | NULL    |                | 
+------------------+--------------+------+-----+---------+----------------+
8 rows in set (0.00 sec)

mysql> 

Table wbo:
mysql> show create table wbo\G
*************************** 1. row ***************************
       Table: wbo
Create Table: CREATE TABLE `wbo` (
  `id` varchar(64) NOT NULL,
  `username` int(11) NOT NULL auto_increment,
  `collection` int(11) NOT NULL,
  `parentid` varchar(64) default NULL,
  `predecessorid` varchar(64) default NULL,
  `sortindex` int(11) default NULL,
  `modified` bigint(20) default NULL,
  `payload` text,
  `payload_size` int(11) NOT NULL,
  `ttl` int(11) default NULL,
  PRIMARY KEY  (`id`,`username`,`collection`),
  KEY `idx_autoinc_username` (`username`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1
1 row in set (0.01 sec)

mysql> describe wbo;
+---------------+-------------+------+-----+---------+----------------+
| Field         | Type        | Null | Key | Default | Extra          |
+---------------+-------------+------+-----+---------+----------------+
| id            | varchar(64) | NO   | PRI | NULL    |                | 
| username      | int(11)     | NO   | PRI | NULL    | auto_increment | 
| collection    | int(11)     | NO   | PRI | NULL    |                | 
| parentid      | varchar(64) | YES  |     | NULL    |                | 
| predecessorid | varchar(64) | YES  |     | NULL    |                | 
| sortindex     | int(11)     | YES  |     | NULL    |                | 
| modified      | bigint(20)  | YES  |     | NULL    |                | 
| payload       | text        | YES  |     | NULL    |                | 
| payload_size  | int(11)     | NO   |     | NULL    |                | 
| ttl           | int(11)     | YES  |     | NULL    |                | 
+---------------+-------------+------+-----+---------+----------------+
10 rows in set (0.01 sec)

mysql> 



Document History

09-Feb-2012Initial publication
15-Feb-2012References paragraph with MySQL table details added
06-Mar-2012Other Documentation paragraph added and minor typos fixed
19-Mar-2012False line break removed in Apache Configuration example
14-Apr-2012Typo fixed in mozilla-sync.conf and other small corrections
07-May-2012SSLHonorCipherOrder added and SSLCipherSuite modified in Apache Configuration example, this should prevent from the BEAST attack
13-May-2012Support paragraph added and other small corrections
18-May-2012Additional permissions changed in the Sync Server Configuration paragraph
25-May-2012Updating the Sync Server paragraph added and two URLs added in Other Documentation paragraph
28-May-2012Corrections in Updating the Sync Server paragraph for gmake update
01-Jun-2012https://mozilla-sync.example.com/weave-delete-account added in Testing the Mozilla Custom Sync Server
21-Jun-2012URL to mod_wsgi documentation added in Apache Configuration paragraph
23-Jul-2012Alternate Installation paragraph (mod_fcgid) added and needed steps with self-signed certificates added in Firefox Configuration paragraph
24-Jul-2012Corrections in Installation with mod_fcgid paragraph, flup added and path to python fixed in mozilla-sync.fcgi
22-Aug-2012Note about Android regarding self-signed certificates added in Firefox Configuration paragraph
23-Aug-2012Important note added in the preamble
06-Apr-2013SSLCipherSuite modified in Apache Configuration example, to disable RC4
30-Jun-2013Alternative SSLProtocol line added in Apache Configuration example, when OpenSSL 1.0.1 or later is in use
05-Oct-2013Added remark regarding RC4 cipher needed Firefox for Android in the in Apache Configuration example

Fabian Wenk last update 05-Oct-2013