Support #718
Updated by Daniel Curtis over 7 years ago
{{>toc}} This is a guide on how I installed the Firefox Auth, Content, Auth and Sync Content components to form the Firefox Accounts Server on FreeBSD 10. FreeBSD. h2. Prepare the Environment * Make sure the system is up to date: <pre> pkg update && pkg upgrade -y </pre> * Install a few dependencies: <pre> pkg install portmaster bash git gmp graphicsmagick redis gmake python2 py27-virtualenv sqlite py27-sqlite3 gcc48 scrypt </pre> * Install node4 and npm2 from ports: <pre> portmaster www/node4 www/npm2 </pre> * Install pm2 globally: <pre> npm install -g pm2 </pre> h2. MySQL Database * Install MariaDB: <pre> pkg install mariadb101-{client,server} </pre> * Start and enable MariaDB at boot: <pre> echo 'mysql_enable="YES"' >> /etc/rc.conf service mysql-server start </pre> * Secure the mysql installation: <pre> mysql_secure_installation </pre> * Log into the MySQL console: <pre> mysql -u root -p </pre> #* Create the fxauser user with the SuperSecretPassword password and the fxadb database: <pre> CREATE USER 'fxauser'@'localhost' IDENTIFIED BY 'SuperSecretPassword'; CREATE DATABASE IF NOT EXISTS `fxadb` CHARACTER SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON `fxadb`.* TO 'fxauser'@'localhost'; </pre> #* Create the fxasyncuser user with the SuperDuperPassword password and the fxasyncdb database: <pre> CREATE USER 'fxasyncuser'@'localhost' IDENTIFIED BY 'SuperDuperPassword'; CREATE DATABASE IF NOT EXISTS `fxasyncdb` CHARACTER SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON `fxasyncdb`.* TO 'fxasyncuser'@'localhost'; </pre> #* Exit the mysql console: <pre> flush privileges; exit </pre> h2. Install Accounts Server * Add the Firefox Accounts user: <pre> pw add user -n ff-accounts -m -s /bin/sh -c "Firefox Accounts" </pre> * Switch to the Firfox accounts user: <pre> su - ff-accounts </pre> * Download the firefox auth server from GitHub: <pre> git clone https://github.com/mozilla/fxa-auth-server.git cd fxa-auth-server </pre> * Install the auth server: <pre> npm install </pre> #* And test the auth server: <pre> npm start </pre> *NOTE*: Press Ctrl+C to stop the test server. * Create a dev config file: <pre> vi node_modules/fxa-auth-db-mysql/config/dev.json </pre> #* And add the following: <pre> { "master": { "user": "fxauser", "password": "SuperSecretPassword", "database": "fxadb", "host": "db.example.com", "port": "3306" }, "slave": { "user": "fxauser", "password": "SuperSecretPassword", "database": "fxadb", "host": "db.example.com", "port": "3306" } } </pre> * Start the server in dev MySQL store mode: <pre> npm run start-mysql </pre> *NOTE*: Press Ctrl+C to stop the test server. #* A persistent deployment will require pm2: <pre> pm2 start npm --name ff-accounts -- run start-mysql </pre> h3. Firefox Auth Server Init Script * Create a firefox auth server init script: <pre> vi /usr/local/etc/rc.d/ff-auth </pre> #* and add the following <pre> #!/bin/sh # PROVIDE: ff-auth # KEYWORD: shutdown . /etc/rc.subr name="ff_auth" start_cmd="${name}_start" stop_cmd="${name}_stop" ff_auth_start() { echo "Firefox auth server starting" su - ff-accounts -c "cd /home/ff-accounts/fxa-auth-server; /usr/local/bin/pm2 start npm --name ${name} -- run start-mysql; exit" } ff_auth_stop() { echo "Firefox auth server stopping" su - ff-accounts -c "/usr/local/bin/pm2 stop ${name}; exit" } run_rc_command "$1" </pre> * And make it executable: <pre> chmod +x /usr/local/etc/rc.d/ff-auth </pre> * Start and enable firefox auth server at boot <pre> echo 'ff_auth_enable="YES"' >> /etc/rc.conf service ff-auth start </pre> h2. Firefox Content Server * Download the firefox content server from GitHub: <pre> cd ~ git clone https://github.com/mozilla/fxa-content-server.git cd fxa-content-server </pre> * Install the content server: <pre> npm install </pre> #* And test the content server: <pre> npm run start-remote </pre> *NOTE*: Press Ctrl+C to stop the test server. #* A persistent deployment will require pm2: <pre> pm2 start npm --name ff-content -- run start-remote </pre> h3. Firefox Content Server Init Script * Create a firefox content server init script: <pre> vi /usr/local/etc/rc.d/ff-content </pre> #* and add the following <pre> #!/bin/sh # PROVIDE: ff-content # KEYWORD: shutdown . /etc/rc.subr name="ff_content" start_cmd="${name}_start" stop_cmd="${name}_stop" ff_content_start() { echo "Firefox content server starting" su - ff-accounts -c "cd /home/ff-accounts/fxa-content-server; /usr/local/bin/pm2 start npm --name ${name} -- run start-remote; exit" } ff_content_stop() { echo "Firefox content server stopping" su - ff-accounts -c "/usr/local/bin/pm2 stop ${name}; exit" } run_rc_command "$1" </pre> * And make it executable: <pre> chmod +x /usr/local/etc/rc.d/ff-content </pre> * Start and enable firefox auth server at boot <pre> echo 'ff_content_enable="YES"' >> /etc/rc.conf service ff-content start </pre> h2. Firefox Sync Server * Get the latest version of the syncserver: <pre> cd ~ git clone https://github.com/mozilla-services/syncserver.git cd syncserver </pre> * Build the Sync Server: <pre> gmake build </pre> * Generate a strong secret and copy the contents over to the secret parameter in the syncserver config: <pre> head -c 20 /dev/urandom | shasum db8a203aed5fe3e4594d4b75990acb76242efd35 - </pre> *NOTE*: Make sure to copy the output * Edit the syncserver config file: <pre> vi syncserver.ini </pre> #* And modify the following values: <pre> [syncserver] public_url = http://ff-sync.example.com:5000/ sqluri = pymysql://fxasyncuser:SuperDuperPassword@localhost/fxasyncdb secret = e48ee2c1a880c31100b5e3217a438f6c2d115b04 </pre> * Test run the syncserver: <pre> gmake serve </pre> *NOTE*: Press Ctrl+C to stop the test server. h2. Nginx * Install nginx: <pre> pkg install nginx </pre> * Start and enable nginx at boot: <pre> echo 'nginx_enable="YES"' >> /etc/rc.conf service nginx start </pre> * Create a configuration directory to make managing individual server blocks easier <pre> mkdir /usr/local/etc/nginx/conf.d </pre> * Edit the main nginx config file: <pre> vi /usr/local/etc/nginx/nginx.conf </pre> #* And strip down the config file and add the include statement at the end to make it easier to handle various server blocks: <pre> load_module /usr/local/libexec/nginx/ngx_mail_module.so; load_module /usr/local/libexec/nginx/ngx_stream_module.so; worker_processes 1; error_log /var/log/nginx-error.log; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; include /usr/local/etc/nginx/conf.d/*.conf; } </pre> * Add a *ff-sync.example.com server block*: <pre> vi /usr/local/etc/nginx/conf.d/ff-sync.example.com.conf </pre> #* Add the following: <pre> server { listen 80; server_name ff-sync.example.com; access_log /var/log/ff-sync.example.com-access.log; error_log /var/log/ff-sync.example.com-error.log; location / { include uwsgi_params; uwsgi_pass unix:/tmp/uwsgi.sock; } } </pre> * Add a *accounts.example.com server block*: <pre> vi /usr/local/etc/nginx/conf.d/accounts.example.com.conf </pre> #* Add the following: <pre> server { listen 80; server_name accounts.example.com; access_log /var/log/accounts.example.com-access.log; error_log /var/log/accounts.example.com-error.log; location / { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_redirect off; proxy_read_timeout 120; proxy_connect_timeout 10; proxy_pass http://127.0.0.1:3030/; } } </pre> * Add a *accounts.example.com server block*: <pre> vi /usr/local/etc/nginx/conf.d/accounts.example.com.conf </pre> #* Add the following: <pre> server { listen 80; server_name api.accounts.example.com; access_log /var/log/api.accounts.example.com-access.log; error_log /var/log/api.accounts.example.com-error.log; location / { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_redirect off; proxy_read_timeout 120; proxy_connect_timeout 10; proxy_pass http://127.0.0.1:9000/; } } </pre> * Restart nginx: <pre> service nginx restart </pre> h3. uWSGI * Install uwsgi: <pre> pkg install uwsgi </pre> * Start and enable uwsgi at boot with additional arguments: <pre> echo 'uwsgi_enable="YES"' >> /etc/rc.conf echo 'uwsgi_flags="-M -L --manage-script-name --mount /=/home/ff-accounts/syncserver/syncserver.wsgi"' >> /etc/rc.conf service uwsgi start </pre> *NOTE*: Pay attention to the */=* preceding the actual path of the syncserver.wsgi file. h2. Connect Firefox h2. Resources * https://docs.services.mozilla.com/howtos/run-fxa.html * https://docs.services.mozilla.com/howtos/run-sync-1.5.html * https://github.com/mozilla/fxa-auth-server/ * https://github.com/mozilla/fxa-content-server/