3nprob / fxa-selfhosting Goto Github PK

Notice:
if your about:config `useOAuthForSyncToken` is `true`. Please update syncserver docker image to latest.

## Requirements and Steps
0. at least 2G RAM
1. docker 
2. docker-compose or docker image `docker-compose`
3. create dns record for content-server(default:www)  profile-server(default:profile) syncserver(default:token)  auth-server(default:api) oauth-server(default:oauth)
4. make certs for content-server(default:www)  profile-server(default:profile) syncserver(default:token)  auth-server(default:api) oauth-server(default:oauth), or a wild cert for all subdomains
5. cp config.yml.sample to config.yml and edit it to your real config , remember change secrets!!!
6. run ./init.sh after everytime you edit config.yml or anything in _init to generate new docker-compose.yml and other configs.
6.1 if using reverse proxy , please see examples/reverse_proxy_*
7. docker compose up -d 
8. wait util all service working. 
9. config your firefox accroding to instructions from ./init.sh 's output 
10. keep update docker images via docker-compose pull

TODO:
0. [✓] nginx + http2
1. [✓] firefox notes with self kinto server
2. use docker-compose->secrets to protoect secrets?
3. limit docker-compose each container's resources
4. [✓] firefox-send
5. firefox fenix 
6. mozilla-services/channelserver
7. autotest with pyfxa or application-services/components/fxa-client

Related firefox about:config
webextensions.storage.sync.enabled:true
services.sync.extension-storage.skipPercentageChance 0  // to never skip sync for ext-storage ref:https://bugzilla.mozilla.org/show_bug.cgi?id=1621806

services.sync.scheduler.activeInterval :10
services.sync.scheduler.fxa.singleDeviceInterval :10  
services.sync.scheduler.idleInterval :10
services.sync.scheduler.idleTime :10
services.sync.scheduler.immediateInterval:10
services.sync.syncInterval: 60
services.sync.syncThreshold:10

More about:config
https://github.com/mozilla/fxa/blob/main/packages/fxa-dev-launcher/profile.js

For who want to use fenix
1. you need edit `/_init/auth/oauthserver-prod.json` edit fenix' redirecturi and add scope `"scope": "https://identity.mozilla.com/tokens/session"`
2. edit `_init/content/contentserver-prod.json`  `oldsync` redirecturi `oauth/success/a2270f727f45f648` 
3. Client.
1) git clone `fenix` and  `android-components`  under same folder
2) add local.properties in fenix , content : "autoPublish.android-components.dir=../android-components"
3) in `android-components` edit `components/feature/accounts/src/main/assets/extensions/fxawebchannel/manifest.json` add your content-server in `matches`  see issue mozilla-mobile/android-components#6225 and etc
4) compile. i use `bitriseio/android-ndk` to build , you need no less than 10g memory (under my case). `docker run --rm -v <folder contain fenix and android-components>:/bitriseio/src -w /bitriseio/src/fenix bitriseio/android-ndk ./gradlew clean app:assembleGeckoBetaDebug
5) get apk from fenix/apk/build/outputs/......
6) install and open apk . Goto settings  -> about firefox -> click firefox icon 5 times -> go back -> edit your fxa server url and sync server url


For notes (self build):
1. webextension modification
```
diff --git a/src/background.js b/src/background.js
index 85da9e2..0aa878e 100644
--- a/src/background.js
+++ b/src/background.js
@@ -1,8 +1,12 @@
-const KINTO_SERVER = 'https://testpilot.settings.services.mozilla.com/v1';
+var KINTO_SERVER = 'https://kinto.<your_server>/v1/';
+
+// const KINTO_SERVER = 'https://testpilot.settings.services.mozilla.com/v1';
 // XXX: Read this from Kinto fxa-params
-const FXA_CLIENT_ID = 'a3dbd8c5a6fd93e2';
-const FXA_OAUTH_SERVER = 'https://oauth.accounts.firefox.com/v1';
-const FXA_PROFILE_SERVER = 'https://profile.accounts.firefox.com/v1';
+var FXA_CLIENT_ID = 'a3dbd8c5a6fd93e2'; 
+var FXA_OAUTH_SERVER = 'https://oauth.<your_server>/v1';
+var FXA_CONTENT_SERVER = 'https://www.<your_server>';
+var FXA_PROFILE_SERVER = 'https://profile.<your_server>/v1';
+
 const FXA_SCOPES = ['profile', 'https://identity.mozilla.com/apps/notes'];
 let isEditorReady = false;
 let editorConnectedDeferred;
@@ -26,7 +30,10 @@ function fetchProfile(credentials) {
 }
 
 function authenticate() {
-  const fxaKeysUtil = new fxaCryptoRelier.OAuthUtils();
+  const fxaKeysUtil = new fxaCryptoRelier.OAuthUtils({
+    oauthServer:FXA_OAUTH_SERVER,
+    contentServer:FXA_CONTENT_SERVER
+  });
     chrome.runtime.sendMessage({
       action: 'sync-opening'
     });
```


2. android modification
	native/app/utils/constants.js
```
	export const KINTO_SERVER_URL = 'https://testpilot.settings.services.mozilla.com/v1';
	export const FXA_PROFILE_SERVER = 'https://profile.accounts.firefox.com/v1';
	export const FXA_CONTENT_SERVER = 'https://accounts.firefox.com';
	export const FXA_OAUTH_SERVER = 'https://oauth.accounts.firefox.com/v1';
	export const FXA_OAUTH_CLIENT_ID = '7f368c6886429f19';
```
	native/android/app/src/main/java/com/notes/fxaclient/FxaClientModule.java
```
	private static final String CLIENT_ID = "7f368c6886429f19";
```
	and
```
	private static final String CONFIG_URL = "https://accounts.firefox.com";
```

About Channelserver / pairing

pairingChannelServerUri: "wss://dev.channelserver.nonprod.cloudops.mozgcp.net"
pairingClients: [ "3c49430b43dfba77", "a2270f727f45f648", "1b1a3e44c54fbb58" ]

```
  pairing: {
    clients: {
      default: [
        '3c49430b43dfba77', // Reference browser
        'a2270f727f45f648', // Fenix
        '1b1a3e44c54fbb58', // Firefox for iOS
      ],
      doc:
        'OAuth Client IDs that are allowed to pair. Remove all clients from this list to disable pairing.',
      env: 'PAIRING_CLIENTS',
      format: Array,
    },
    server_base_uri: {
      default: 'wss://dev.channelserver.nonprod.cloudops.mozgcp.net',
      doc: 'The url of the Pairing channel server.',
      env: 'PAIRING_SERVER_BASE_URI',
    },
  },
```