Install a Firefox Sync Server on CentOS, Rocky Linux, or AlmaLinux

Updated on November 21, 2023
Install a Firefox Sync Server on CentOS, Rocky Linux, or AlmaLinux header image

Overview

Firefox Sync is a feature built-in to the Firefox browser that allows syncing preferences and user data between all your devices. This includes bookmarks, passwords, history, and installed add-ons. By default, Firefox uses Mozilla's servers for the Sync feature. However, setting up a self-hosted Firefox Sync server allows you to configure Firefox to use your server instead, which gives you more control, and the sync feature no longer relies on Mozilla's servers. This is helpful to comply with strict security regulations that require on-premises services.

This article explains how to install a self-hosted Firefox Sync server on a RHEL variant. We tested this article on CentOS 7, CentOS Stream 8, Rocky Linux 8, and AlmaLinux 8.

Requirements

  • Deploy a server running a RHEL variant such as CentOS, Rocky Linux, or AlmaLinux.
  • Update the server.
  • Create a non-root sudo user.
  • Create a Fully Qualified Domain Name (FQDN) and point that to your server's IP address. This article uses syncserver.example.com; you should replace that with your FQDN name in the instructions below. Follow the instructions at your DNS host or domain registrar, or use this guide if you use Vultr DNS.

1. Install Docker

Mozilla provides Sync Server as an official Docker image. Docker is a container management engine allowing applications for imaging and deploying applications in isolated environments across different platforms and infrastructures.

Some RHEL variants have Podman installed in place of Docker. Check if Podman is installed by running the following command:

$ podman -v

If Podman is installed, proceed to the next step. If Podman is not installed, run the following commands to add the docker-ce repository and install Docker.

$ sudo yum install -y yum-utils
$ sudo yum-config-manager \
$   --add-repo \
$   https://download.docker.com/linux/centos/docker-ce.repo
$ sudo yum install -y docker-ce docker-ce-cli containerd.io
$ sudo systemctl enable --now docker

2. Install a Web Server for Reverse Proxy

You can install either Nginx or Apache as a reverse proxy. If you aren't sure which one you want to use, choose Nginx. Do not install both.

Option 1: Install Nginx

Run the following commands to install Nginx.

$ sudo yum install -y nginx
$ sudo systemctl enable --now nginx

Option 2: Install Apache

Run the following commands to install Apache with SSL and enable the service.

$ sudo yum install -y httpd mod_ssl
$ sudo systemctl enable --now httpd

3. Install Snap

Certbot requests an HTTPS certificate from Let's Encrypt for your web server. Certbot requires Snap. If you already have Snap, skip to the next step. Otherwise, run the following commands to install Snap.

$ sudo yum install -y epel-release
$ sudo yum upgrade -y
$ sudo yum install -y snapd
$ sudo systemctl enable --now snapd.socket
$ sudo ln -s /var/lib/snapd/snap /snap

4. Install Certbot

Install Certbot with Snap.

$ sudo snap install core
$ sudo snap refresh core
$ sudo snap install --classic certbot
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

If you receive the error too early for operation, wait 10 seconds and try the command again.

5. Install Sync Server

In the steps below, make sure to replace syncserver.example.com with your Fully Qualified Domain Name (FQDN).

If your system uses Podman, use this command to install Sync Server.

$ sudo podman run \
$   -d \
$   --name syncserver \
$   -v syncserver:/data \
$   -p 127.0.0.1:5000:5000 \
$   -e "SYNCSERVER_PUBLIC_URL=https://syncserver.example.com" \
$   -e "SYNCSERVER_SECRET=$(head -c 20 /dev/urandom | sha256sum)" \
$   -e "SYNCSERVER_SQLURI=sqlite:////data/syncserver.db" \
$   -e "SYNCSERVER_BATCH_UPLOAD_ENABLED=true" \
$   -e "SYNCSERVER_FORCE_WSGI_ENVIRON=true" \
$   --restart unless-stopped \
$   -u 0:0 \
$   docker.io/mozilla/syncserver:latest

If your system uses Docker, use this command to install Sync Server.

$ sudo docker run \
$   -d \
$   --name syncserver \
$   -v syncserver:/data \
$   -p 127.0.0.1:5000:5000 \
$   -e "SYNCSERVER_PUBLIC_URL=https://syncserver.example.com" \
$   -e "SYNCSERVER_SECRET=$(head -c 20 /dev/urandom | sha256sum)" \
$   -e "SYNCSERVER_SQLURI=sqlite:////data/syncserver.db" \
$   -e "SYNCSERVER_BATCH_UPLOAD_ENABLED=true" \
$   -e "SYNCSERVER_FORCE_WSGI_ENVIRON=true" \
$   --restart unless-stopped \
$   -u 0:0 \
$   mozilla/syncserver:latest

6. Configure Firewall

Run the following commands to open ports for SSH, HTTP and HTTPS.

$ sudo firewall-cmd --zone=public --add-port=22/tcp
$ sudo firewall-cmd --zone=public --add-port=22/tcp --permanent
$ sudo firewall-cmd --zone=public --add-port=80/tcp
$ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
$ sudo firewall-cmd --zone=public --add-port=443/tcp
$ sudo firewall-cmd --zone=public --add-port=443/tcp --permanent
$ sudo systemctl enable --now firewalld

7. Configure Web Server

If You Installed Nginx

  1. Edit the Nginx configuration file.

     $ sudo nano /etc/nginx/conf.d/syncserver.conf
  2. Insert the following contents.

     server {
       listen 80;
       listen [::]:80;
       server_name syncserver.example.com;
    
       location / {
         proxy_pass http://127.0.0.1:5000;
         proxy_http_version 1.1;
         proxy_set_header Connection $http_connection;
         proxy_set_header Upgrade $http_upgrade;
       }
     }
  3. Save and close the file.

If You Installed Apache

  1. Enable the following modules.

     $ sudo a2enmod ssl
     $ sudo a2enmod headers
     $ sudo a2enmod proxy
     $ sudo a2enmod proxy_http
     $ sudo a2enmod deflate
  2. Edit the Apache configuration file.

     $ sudo nano /etc/httpd/conf.d/syncserver.conf
  3. Insert the following contents.

     <VirtualHost *:80>
       ServerName syncserver.example.com
       ProxyPass / http://127.0.0.1:5000/
       ProxyPassReverse / http://127.0.0.1:5000/
     </VirtualHost>
  4. Save and exit the file.

8. Configure Certbot

Request an SSL certificate from Let's Encrypt. Replace syncserver.example.com with your FQDN and use your email address.

For Nginx

$ sudo certbot --nginx --agree-tos --no-eff-email -d syncserver.example.com -m admin@example.com

For Apache

Run this:

$ sudo certbot --apache --agree-tos --no-eff-email -d syncserver.example.com -m admin@example.com

9. Configure SELinux

On RHEL variants with SELinux set to Enforcing mode, the web server may fail to connect to the Docker container. You can fix this by configuring the SELinux policies.

$ sudo setsebool -P httpd_can_network_relay 1
$ sudo setsebool -P httpd_can_network_connect 1

10. Configure the Client

Replace syncserver.example.com with your domain name in the instructions below.

  1. In a new Firefox window, open about:config
  2. Search for the following key: identity.sync.tokenserver.uri
  3. Set the value to: https://syncserver.example.com/token/1.0/sync/1.5

11. Test the Client

  1. Open a new Firefox window.
  2. Open the top-right menu.
  3. Sign in to your Firefox account.
  4. Click your Firefox account's email address.
  5. Click the Sync now button.
  6. Open the URL: about:sync-log
  7. Verify that a file exists in the format: success-sync-XXXX.txt

More Information

To find out more about Firefox Sync, visit the following links: