Support #718
Updated by Daniel Curtis over 8 years ago
This is a guide on how I installed the Firefox Auth and Content components to form the Firefox Accounts Server on FreeBSD.
h2. Prepare the Environment
* Make sure the system is up to date:
<pre>
pkg update && pkg upgrade -y
</pre>
* Install a few dependencies:
<pre>
pkg install portmaster bash git gmp graphicsmagick redis gmake python2 py27-virtualenv sqlite py27-sqlite3 gcc48 scrypt
</pre>
* Install node4 and npm2 from ports:
<pre>
portmaster www/node4 www/npm2
</pre>
* Install pm2 globally:
<pre>
npm install -g pm2
</pre>
h2. MySQL Database
* Install MariaDB:
<pre>
pkg install mariadb101-{client,server}
</pre>
* Start and enable MariaDB at boot:
<pre>
echo 'mysql_enable="YES"' >> /etc/rc.conf
service mysql-server start
</pre>
* Secure the mysql installation:
<pre>
mysql_secure_installation
</pre>
* Log into the MySQL console:
<pre>
mysql -u root -p
</pre>
#* Create the fxauser user with the SuperSecretPassword password and the fxadb database:
<pre>
CREATE USER 'fxauser'@'localhost' IDENTIFIED BY 'SuperSecretPassword';
CREATE DATABASE IF NOT EXISTS `fxadb` CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON `fxadb`.* TO 'fxauser'@'localhost';
</pre>
#* Create the fxasyncuser user with the SuperDuperPassword password and the fxasyncdb database:
<pre>
CREATE USER 'fxasyncuser'@'localhost' IDENTIFIED BY 'SuperDuperPassword';
CREATE DATABASE IF NOT EXISTS `fxasyncdb` CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON `fxasyncdb`.* TO 'fxasyncuser'@'localhost';
</pre>
#* Exit the mysql console:
<pre>
flush privileges;
exit
</pre>
h2. Install Accounts Server
* Add the Firefox Accounts user:
<pre>
pw add user -n ff-accounts -m -s /bin/sh -c "Firefox Accounts"
</pre>
* Switch to the Firfox accounts user:
<pre>
su - ff-accounts
</pre>
* Download the firefox auth server from GitHub:
<pre>
git clone https://github.com/mozilla/fxa-auth-server.git
cd fxa-auth-server
</pre>
* Install the auth server:
<pre>
npm install
</pre>
#* And test the auth server:
<pre>
npm start
</pre>
*NOTE*: Press Ctrl+C to stop the test server.
* Create a dev config file:
<pre>
vi node_modules/fxa-auth-db-mysql/config/dev.json
</pre>
#* And add the following:
<pre>
{
"master": {
"user": "fxauser",
"password": "SuperSecretPassword",
"database": "fxadb",
"host": "db.example.com",
"port": "3306"
},
"slave": {
"user": "fxauser",
"password": "SuperSecretPassword",
"database": "fxadb",
"host": "db.example.com",
"port": "3306"
}
}
</pre>
* Start the server in dev MySQL store mode:
<pre>
npm run start-mysql
</pre>
*NOTE*: Press Ctrl+C to stop the test server.
#* A persistent deployment will require pm2:
<pre>
pm2 start npm --name ff-accounts -- run start-mysql
</pre>
h3. Firefox Auth Server Init Script
* Create a firefox auth server init script:
<pre>
vi /usr/local/etc/rc.d/ff-auth
</pre>
#* and add the following
<pre>
#!/bin/sh
# PROVIDE: ff-auth
# KEYWORD: shutdown
. /etc/rc.subr
name="ff_auth"
start_cmd="${name}_start"
stop_cmd="${name}_stop"
ff_auth_start() {
echo "Firefox auth server starting"
su - ff-accounts -c "cd /home/ff-accounts/fxa-auth-server; /usr/local/bin/pm2 start npm --name ${name} -- run start-mysql; exit"
}
ff_auth_stop() {
echo "Firefox auth server stopping"
su - ff-accounts -c "/usr/local/bin/pm2 stop ${name}; exit"
}
run_rc_command "$1"
</pre>
* And make it executable:
<pre>
chmod +x /usr/local/etc/rc.d/ff-auth
</pre>
* Start and enable firefox auth server at boot
<pre>
echo 'ff_auth_enable="YES"' >> /etc/rc.conf
service ff-auth start
</pre>
h2. Firefox Content Server
* Download the firefox content server from GitHub:
<pre>
cd ~
git clone https://github.com/mozilla/fxa-content-server.git
cd fxa-content-server
</pre>
* Install the content server:
<pre>
npm install
</pre>
#* And test the content server:
<pre>
npm run start-remote
</pre>
*NOTE*: Press Ctrl+C to stop the test server.
#* A persistent deployment will require pm2:
<pre>
pm2 start npm --name ff-content -- run start-remote
</pre>
h3. Firefox Content Server Init Script
* Create a firefox content server init script:
<pre>
vi /usr/local/etc/rc.d/ff-content
</pre>
#* and add the following
<pre>
#!/bin/sh
# PROVIDE: ff-content
# KEYWORD: shutdown
. /etc/rc.subr
name="ff_content"
start_cmd="${name}_start"
stop_cmd="${name}_stop"
ff_content_start() {
echo "Firefox content server starting"
su - ff-accounts -c "cd /home/ff-accounts/fxa-content-server; /usr/local/bin/pm2 start npm --name ${name} -- run start-remote; exit"
}
ff_content_stop() {
echo "Firefox content server stopping"
su - ff-accounts -c "/usr/local/bin/pm2 stop ${name}; exit"
}
run_rc_command "$1"
</pre>
* And make it executable:
<pre>
chmod +x /usr/local/etc/rc.d/ff-content
</pre>
* Start and enable firefox auth server at boot
<pre>
echo 'ff_content_enable="YES"' >> /etc/rc.conf
service ff-content start
</pre>
h2. Firefox Sync Server
* Get the latest version of the syncserver:
<pre>
cd ~
git clone https://github.com/mozilla-services/syncserver.git
cd syncserver
</pre>
* Build the Sync Server:
<pre>
gmake build
</pre>
* Generate a strong secret and copy the contents over to the secret parameter in the syncserver config:
<pre>
head -c 20 /dev/urandom | shasum db8a203aed5fe3e4594d4b75990acb76242efd35 -
</pre>
*NOTE*: Make sure to copy the output
* Edit the syncserver config file:
<pre>
vi syncserver.ini
</pre>
#* And modify the following values:
<pre>
[syncserver]
public_url = http://ff-sync.example.com:5000/
sqluri = pymysql://fxasyncuser:SuperDuperPassword@localhost/fxasyncdb
secret = e48ee2c1a880c31100b5e3217a438f6c2d115b04
</pre>
* Test run the syncserver:
<pre>
gmake serve
</pre>
*NOTE*: Press Ctrl+C to stop the test server.
h2. Nginx Init Scripts
* Install nginx:
<pre>
pkg install nginx
</pre>
* Start and enable nginx at boot:
<pre>
echo 'nginx_enable="YES"' >> /etc/rc.conf
service nginx start
</pre>
* Create a configuration directory to make managing individual server blocks easier
<pre>
mkdir /usr/local/etc/nginx/conf.d
</pre>
* Edit the main nginx config file:
<pre>
vi /usr/local/etc/nginx/nginx.conf
</pre>
#* And strip down the config file and add the include statement at the end to make it easier to handle various server blocks:
<pre>
load_module /usr/local/libexec/nginx/ngx_mail_module.so;
load_module /usr/local/libexec/nginx/ngx_stream_module.so;
worker_processes 1;
error_log /var/log/nginx-error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /usr/local/etc/nginx/conf.d/*.conf;
}
</pre>
* Add a *ff-sync.example.com server block*:
<pre>
vi /usr/local/etc/nginx/conf.d/ff-sync.example.com.conf
</pre>
#* Add the following:
<pre>
server {
listen 80;
server_name ff-sync.example.com;
access_log /var/log/ff-sync.example.com-access.log;
error_log /var/log/ff-sync.example.com-error.log;
location / {
include uwsgi_params;
uwsgi_pass unix:/tmp/uwsgi.sock;
}
}
</pre>
* Restart nginx:
<pre>
service nginx restart
</pre>
h3. uWSGI
* Install uwsgi:
<pre>
pkg install uwsgi
</pre>
* Start and enable uwsgi at boot with additional arguments:
<pre>
echo 'uwsgi_enable="YES"' >> /etc/rc.conf
echo 'uwsgi_flags="-M -L --manage-script-name --mount /=/home/ff-accounts/syncserver/syncserver.wsgi"' >> /etc/rc.conf
service uwsgi start
</pre>
*NOTE*: Pay attention to the */=* preceding the actual path of the syncserver.wsgi file.
h2. Connect Firefox
h2. Resources
* https://docs.services.mozilla.com/howtos/run-fxa.html
* https://docs.services.mozilla.com/howtos/run-sync-1.5.html
* https://github.com/mozilla/fxa-auth-server/
* https://github.com/mozilla/fxa-content-server/