home / blog / podcasts / videos / notes / photos / about / more

Self hosted Firefox sync

How I got it working

Posted by Jeena

Update 2024: The python 2.7 version has been depricated. There is a rewrite of the server in Rust, I have a docker-compose for it on GitHub.

Since Firefox 33 we can't use the older self hosted sync server called 1.1 anymore, now we have to use one called 1.5. I just set it up for my desktop computers and my Android phone to be used, and it was amazingly complicated. Mostly because the documentation on Mozillas website was incomplete.

To get that thing working you normally need two parts, the Firefox-Account-server and the Sync-server. For now I will still be using Mozillas Firefox-Account-server but I really wanted to use my own Sync-server because I wanted to finally sync all my passwords which I don't trust Mozilla with.

My goal was to run the sync server as a daemon behind my nginx in a sub directory so I can reuse my https certificate. I wanted to use it for my three desktop computers and my Android phone. I will just "shortly" explain where I found the information and what I needed to change.

Setting up the server

First I went to Mozillas documentation website where I learned what to install as a prerequisite, where to get the source code and how to build and to configure it.

Then I found an article in the ArchLinux Wiki, which is always full of really great documentation about really different topics you encounter when using a Linux computer. In it they describe how to set up the server to run with a unix socket instead over a port which I really prefer because we share that server and that way I don't need to communicate to the others on the server which ports I'm using and why etc.

Then I hit the wall. I configured my Firefox on Linux via about:config and the identity.sync.tokenserver.uri-key to use my own server. But somehow the Mozilla documentations design made it so that I didn't see that you're supposed to not only to use the root path to the sync server, but you also need to add /token/1.0/sync/1.5 after it so it becomes https://jeena.net/fx-sync/token/1.0/sync/1.5 for example. This took me hours to find out. Finally someone on Mozillas IRC pointed out that I forgot to add that part.

After that change I was finally able to see POST requests being made to the sync server. Btw. debugging wasn't that obvious either, perhaps it is for people who have been working with gunicorn before, but I got confused when they used a ini-file for configuration but still gunicorn to serve. But in the end I did find out that you can dump the logs into a file with the --log-file=path/to/syncserver.log argument for gunicorn.

Running as a daemon

The next step was that I wanted to run it as a daemon. Sadly neither the Mozilla documentation nor the Arch Wiki mention how to do it, and it is really easy, just add the argument --daemon when you start gunicorn and it is run as a daemon. Later on you most probably want to start it automatically when the server starts but I won't get into how to do that because it is different for every distribution you're using and honestly I only know how to do that with systemd.

Firefox on Android

This was great, I was almost done! I just had to do the same change to my Android Firefox. But wait, there about:config doesn't have a identity.sync.tokenserver.uri entry, wtf?

AddOn

So back to my search engine of choice, which is DDG, after some time I found a blog post by @ncalexander I skimmed it and found out that I needed to install the fxa-custom-server-addon Firefox for Android add-on.

I installed it on my phone and a additional menu called Custom Firefox Account showed up. I clicked it and it presented itself with two input fields, one for the account server and one for the sync server. Both were pre-populated and I changed the Sync-server URL to my server, like I did on my desktop Firefox.

Then I pressed the Save button which made the input fields disappear, so I again chose the Custom Firefox Account button to get it back. Sadly all my changes were gone so I had to redo it. But instad to save it I pressed "Launch setup" and got to the screen where I was able to create a new account or to sign in.

"Something went wrong"

I tried to sign in but it only showed a red bar with the text: Something went wrong, I reentered the password, still the same problem, then I went back and redid the change of the URL but it still didn't help. That is when I tried to set up a new account with the same email address which worked like a charm.

But when I looked into the server log it only showed a 401-error that it wasn't able to sign in. I changed the one option in the ini-file so new accounts could be created. Suddenly I saw that all my configuration and bookmarks, etc. were pushed to my server, great success!

But after a while I noticed that none of my changes on the phone were synced to the desktop and vice versa. That is when I realised that the short bad feeling that I had when allowing a new account to be created was justified. I just had two different accounts on the same server, that was not what I wanted.

I checked my desktops services.sync.serverURL part of the about:config and it stated that it used this URL: https://services.mozilla.com/status/ so I went back to my phone and redid everything because sadly you can't just edit the URL, you have to remove the account and start the procedure from scratch. But no luck, this also only showed a red bar with Something went wrong, and it was not my password which was wrong. (Now I understand that I looked at the wrong key, I should have checked identity.fxaccounts.auth.uri, but that was not obvious to me at that time.)

Magic URLs

Back to the article by about the Android phone and self hosted Sync-server. And to my surprise, it stated it right there in the beginning:

Determine your custom server URLs

These URLs are a bit magic, and it’s not currently possible to change them on your Android device without deleting the Android Account and starting again.

Mozilla production: https://api.accounts.firefox.com/v1
Mozilla testing: https://api-accounts.stage.mozaws.net/v1

This should match the identity.fxaccounts.auth.uri preference in your Desktop Firefox configuration.

Why is this not stated in Mozillas documentation anywhere? And why was this not the default URL in the add-on, but instead it had the testing URL as the default? We may never know.

But finally, finally! Finally, after about four hours of research and debugging and asking on IRC, finally Everything works now like I wanted it to. For now I'm really happy with this solution, but one of the next steps should be to also replace the Firefox-Account-server and later even the BrowserID verifier, so I can be independent of Mozilla.

Thanks for free software

Although I sounded very negative in this post, I am extremely happy that at least one browser vendor is trying to make it possible for me to own all my data, especially my passwords, bookmarks, and my browser history and still be able to use it on different devices. So a super-big thank you Mozilla and all the volunteers who wrote all the free software which I now was able to integrate and use.

Update for iOS

Right now I have a iPhone which I have to use, I tried to connect to my server and it would only give me a blank page for login. Here are the things to do:

  1. Open Firefox on iOS
  2. Open Hamburger menu bottom right
  3. Go to Settings
  4. Scroll all the way down
  5. Tap 5 times on the Firefox version to get to the developer mode
  6. Scroll up to Firefox Account
  7. Go to Advanced Sync Settings
  8. Turn on Use Custom FxA Content Server (even if you use the default)
  9. Put in https://accounts.firefox.com (or your FxA server)
  10. Turn on Use Custom Sync Token Server
  11. Add https://jeena.net/fx-sync/token/ (without 1.0/sync/1.5)
  12. Now it is possible to Sign in

3 Mentions

Hacker News - Self hosted Firefox sync is very complicated to set up correctly ift.tt/1TqihjN

Tobias Olausson

Have you written a response? Let me know the URL:

There's also indie comments (webmentions) support.