[CentOS] Firefox Sync Server 1.5 on CentOS 7

Mon Oct 23 05:09:26 UTC 2017
Nicolas Kovacs <info at microlinux.fr>

Le 22/10/2017 à 21:37, Gordon Messmer a écrit :
> Yes, I use the following httpd configuration file:
> WSGIProcessGroup sync
> WSGIPassAuthorization On
> WSGIDaemonProcess sync user=apache group=apache processes=2 threads=25
> python-path=/usr/local/lib/sync-1.5/syncserver/local/lib/python2.7/site-packages/
> WSGIScriptAlias /sync1.5 /usr/local/lib/sync-1.5/syncserver/syncserver.wsgi
> <Directory "/usr/local/lib/sync-1.5">
>   Require all granted
> </Directory>

And this is more or less what I have, but no luck.

Allow me to retrace my steps from the beginning. Not the whole thing,
but first things first, one step at a time.

I switched SELinux to permissive mode. I figured I would deal with
eventual alerts once everything is up and running.

I installed dependencies: make, gcc, gcc-c++, python-devel and

Even if this is a sandbox server where I can happily break stuff, I
didn't want to build third-party stuff as root on my machine, so I
created a special user.

Here's what I did, step by step. The user is called 'syncserver', its
home directory is /opt/syncserver, which also happens to be the
downloaded source from Github. As to the stuff from /etc/skel, that's my
custom .bashrc and other things I usually add to a new user profile,
with a custom PS1 and my custom command aliases.

  # useradd -c "Firefox Sync" -d /opt/syncserver syncserver
  # passwd syncserver
  # cd opt
  # rm -rf syncserver
  # git clone https://github.com/mozilla-services/syncserver
  # cp -v /etc/skel/.bash* syncserver/
  « /etc/skel/.bash_logout » -> « syncserver/.bash_logout »
  « /etc/skel/.bash_profile » -> « syncserver/.bash_profile »
  « /etc/skel/.bashrc » -> « syncserver/.bashrc »
  # chown -R syncserver:syncserver syncserver/
  # find syncserver/ -type d -exec chmod 0775 {} \;
  # find syncserver/ -type f -exec chmod 0664 {} \;
  # chmod 0750 syncserver/

Note: I figured if a process like 'apache' has to access this stuff
later, I can always add the corresponding system user to the
'syncserver' group with a 'usermod -a -G syncserver apache'. Not 100 %
sure about that though.

Then I opened a new session as user 'syncserver' and built everything.

  $ make build (2 minutes)

I ran the tests:

  $ make test (10 minutes, everything OK)

For a first test, I edited /opt/syncserver/syncserver.ini. I wanted to
keep the default configuration as much as possible, so I provided my
server's IP address for 'host' and 'public_url'.

  use = egg:gunicorn
  host =
  port = 5000
  workers = 1
  timeout = 30

  use = egg:syncserver

  # This must be edited to point to the public URL of your server,
  # i.e. the URL as seen by Firefox.
  public_url =

I tested this on two sandbox client desktops I have in my office. I
opened about:config, edited identity.sync.tokenserver.uri and provided
my custom sync server:

I connected Firefox Sync on both clients, and bookmarks synchronized
nicely, with a little lag, but everything seemed to run fine.

Any comments so far? As far as I can see, you created a
/usr/local/lib/sync-1.5/ directory and built this stuff there. As root
or as a different user? Any custom permissions there? Unfortunately the
documentation doesn't say anything about permissions.

Cheers & more later,


Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Web  : http://www.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32