On 9/02/2016 02:42, Juan Garcia wrote: > Dear sync-developers, > > Please forgive me if you have already received the emails I have sent. I > wasn't a member of the list and have the impression they have just > landed nowhere. If you haven't seen them, here is the newest and latest > version of my problem :)
FWIW, I don't recall seeing them, so thanks for adding full context on the below. > First of all I'd like to thank you for this great product and for the > opportunity you are giving the community of being able to self-host the > sync server. > > I am having some trouble setting up the whole thing and I hope you will > be able to shed some light on this. > > The problem is I need to run the server(s) using SSL. > > (Side-story: I tried to test it using the standard fxa-local-dev setup > but I was not able to, as FF would not allow me to sync to a non-https > server. I read in a couple of places that I should set enableHttp to > true. Unfortunately I could not find this option in any of the ff > versions I looked. I stopped looking for that as I need it to work with > ssl anyway). If I recall correctly, the option doesn't actually exist in about:config by default, you have to create it via: right-click -> new -> boolean The full name of the pref (along with some other interesting config options) is here: https://github.com/mozilla/fxa-local-dev/blob/master/_scripts/profile.js#L94 > In order to do this, I have configured the following servers so that > they'd use a self-signed certificate: > - fxa-content-server (https://127.0.0.1:3030) > - fxa-auth-server (9000) > - fxa-oauth-server (9010) > > AFAIK these are the only ones with which ff directly speaks and the only > ones that really 'need' SSL. > > Since I am using a self-signed certificate, I have also had to tell some > of the servers to accept non-validated certificates. Skipping cert validation is an OK way to get started, but I wouldn't recommend running in that configuration long term. Rather, once you've got everything running, we can figure out how to install your self-signed certs into the proper cert store so that they're trusted and properly validated. Or, if you eventually plan to move off 127.0.0.1 onto a publicly-visible domain, you might like to try letsencrypt to get SSL certs without having to pay for them: https://letsencrypt.org/ > Running right now are the following servers: > - browserid-verifier (INSECURE_SSL=true nodejs server.js) > - fxa-profile-server (npm start) > - fxa-auth-server (npm start): this one actually starts other servers on > 8000 9001 and 9999 > - fxa-content-server (npm start) > - fxa-oauth-server (npm start) > - syncserver (make serve) > > I have stumbled upon a problem I am just not able to solve. > I can create a new account and can 'verify' it using the verification > link that I found in the fxa-auth-server's log. > > Right after doing this, ff tries to sync with the server to no avail. I > see the following errors in the logs: > > fxa-auth-server.ERROR: request.summary > {"op":"request.summary","code":503,"errno":999,"rid":"1454945501756:debian-vm:22174:ike4rwk0:10014","path":"/v1/account/profile","remoteAddressChain":["127.0.0.1"],"t":268,"uid":"00","stack":"Error: > no nodes\n at Object.exports.create This is fxa-auth-server trying to talk to fxa-oauth-server. Make sure that you've configured the link between them properly. I think by default it expects the oauth-server to be running on port 9010, but you can change this by setting the following environment variable when running the fxa-auth-server: OAUTH_URL=http://127.0.0.1:<WHATEVER-PORT> (You shouldn't need to use an https:// URL for this internal communication, but you can) When fxa-auth-server starts up, it should log a big blob of JSON giving its config values, in which there'll be an "oauth" key. Please check that the "oauth" key there reflects the correct location for your oauth-server. If the value in fxa-auth-server config seems to match the running url of fxa-oauth-server, let us know, I'll try to think of something else to check. > I believe I am following the right path, but please correct me if I'm wrong. It sounds like what you've done so far is pretty much right, there's just a lot of moving parts here unfortunately, so a lot of things to work your way through. Cheers, Ryan _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
