喜欢 0
派生 0

最后活跃于 1686796595

cyberes's Avatar cyberes 修订了这个 Gist 1686796595. 跳至此修订

1 file changed, 150 insertions

install-ff-syncserver.sh(file created)

@@ -0,0 +1,150 @@
1 + #!/bin/bash
2 +
3 +
4 +
5 + IMPORTANT: make sure to edit the mysql connection info. The lines you need to edit look like this:
6 +
7 + mysql://firefox_sync:ecaith8ezieMe7oowies0shee0oj9zii@172.0.2.106/firefox_tokenserver
8 +
9 + exit 1
10 +
11 +
12 + if [ "$EUID" -ne 0 ]; then
13 + echo "Please run as root"
14 + exit
15 + fi
16 +
17 + sudo apt install cmake gcc golang libcurl4-openssl-dev libssl-dev make pkg-config libmariadb-dev-compat mariadb-client python3.10-venv python3-dev
18 +
19 + git clone https://github.com/mozilla-services/syncstorage-rs.git /srv/syncstorage
20 +
21 + cd /srv/syncstorage
22 +
23 + adduser ffsync --system
24 + chown -R ffsync:nogroup /srv/syncstorage
25 +
26 + sudo -H -u ffsync bash -c "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh"
27 +
28 + apt install -y nginx
29 +
30 + echo '''server {
31 + listen 443 ssl http2 default_server;
32 + server_name _;
33 + ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
34 + ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
35 + location / {
36 + proxy_pass http://127.0.0.1:8000$request_uri;
37 + }
38 + include /etc/nginx/snippets/ssl-params.conf;
39 + }''' >/etc/nginx/sites-enabled/default
40 +
41 + openssl req -x509 -nodes -days 99999 -newkey rsa:4096 \
42 + -subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com" \
43 + -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
44 + openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
45 +
46 + echo """ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
47 + ssl_prefer_server_ciphers on;
48 + ssl_ciphers \"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\";
49 + ssl_ecdh_curve secp384r1;
50 + ssl_session_cache shared:SSL:10m;
51 + ssl_session_tickets off;
52 + ssl_stapling on;
53 + ssl_stapling_verify on;
54 + resolver 8.8.8.8 8.8.4.4 valid=300s;
55 + resolver_timeout 5s;
56 + add_header Strict-Transport-Security \"max-age=63072000; includeSubdomains\";
57 + add_header X-Frame-Options DENY;
58 + add_header X-Content-Type-Options nosniff;
59 + ssl_dhparam /etc/ssl/certs/dhparam.pem;""" >/etc/nginx/snippets/ssl-params.conf
60 +
61 + systemctl enable --now nginx
62 + systemctl restart nginx
63 + systemctl status --no-pager nginx
64 +
65 +
66 + sudo -u ffsync bash -c "/home/ffsync/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql"
67 + sudo -H -u ffsync bash -c "/home/ffsync/.cargo/bin/diesel --database-url 'mysql://firefox_sync:ecaith8ezieMe7oowies0shee0oj9zii@172.0.2.106/firefox_syncstorage' migration --migration-dir syncstorage-mysql/migrations run"
68 + sudo -H -u ffsync bash -c "/home/ffsync/.cargo/bin/diesel --database-url 'mysql://firefox_sync:ecaith8ezieMe7oowies0shee0oj9zii@172.0.2.106/firefox_tokenserver' migration --migration-dir tokenserver-db/migrations run"
69 +
70 + mysql -u firefox_sync -p"ecaith8ezieMe7oowies0shee0oj9zii" -h 172.0.2.106 -P 3306 <<EOF
71 + USE firefox_tokenserver
72 + INSERT INTO services (id, service, pattern) VALUES
73 + (1, "sync-1.5", "{node}/1.5/{uid}");
74 + EOF
75 +
76 + sudo -H -u ffsync bash -c "venv/bin/pip install -r tools/tokenserver/requirements.txt"
77 + sudo -H -u ffsync bash -c "SYNC_TOKENSERVER__DATABASE_URL='mysql://firefox_sync:ecaith8ezieMe7oowies0shee0oj9zii@172.0.2.106/firefox_tokenserver' venv/bin/python3 tools/tokenserver/add_node.py https://ffsync.example.com 1000"
78 +
79 + sudo -H -u ffsync bash -c "/home/ffsync/.cargo/bin/cargo clean; /home/ffsync/.cargo/bin/cargo build"
80 +
81 + echo '''#!/bin/bash
82 + source venv/bin/activate; PATH="/srv/syncstorage/venv/bin:$PATH" PYTHONPATH=$PYTHON_SITE_PACKGES RUST_LOG=debug RUST_BACKTRACE=full /srv/syncstorage/target/debug/syncserver --config /srv/syncstorage/config/local.toml''' >/srv/syncstorage/start.sh
83 + chmod +x /srv/syncstorage/start.sh
84 +
85 + echo """[Unit]
86 + Description=Firefox Sync Server
87 + After=network.target
88 +
89 + [Service]
90 + Type=simple
91 + User=ffsync
92 + WorkingDirectory=/srv/syncstorage/
93 + ExecStart=/bin/bash /srv/syncstorage/start.sh
94 + Restart=on-failure
95 +
96 + [Install]
97 + WantedBy=multi-user.target
98 + """ >/etc/systemd/system/ffsync.service
99 +
100 + systemctl daemon-reload
101 + systemctl enable --now ffsync
102 + systemctl status --no-pager ffsync
103 + journalctl -b -f -u ffsync
104 +
105 + echo "\n\n\nNow, read the instructions at the end of this installer to set everything else up"
106 + exit 0
107 +
108 + # Nginx edge proxy
109 + """
110 + server
111 + {
112 + listen 80;
113 + listen [::]:80;
114 + server_name ffsync.example.com;
115 + add_header Strict-Transport-Security "max-age=0;";
116 + return 301 https://$server_name$request_uri;
117 + }
118 +
119 +
120 + server
121 + {
122 + listen 443 ssl http2;
123 + listen [::]:443 ssl http2;
124 + server_name ffsync.example.com;
125 +
126 + client_max_body_size 100M;
127 +
128 + location /
129 + {
130 + proxy_pass https://172.0.2.121$request_uri;
131 + proxy_set_header X-Forwarded-Proto $scheme;
132 + proxy_set_header X-Real-IP $remote_addr;
133 + proxy_set_header X-Forwarded-Host $host:$server_port;
134 + proxy_set_header X-Forwarded-Server $host;
135 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
136 + }
137 +
138 + ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
139 + ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
140 + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
141 + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
142 + include /etc/nginx/includes/vhost-log.conf;
143 + }
144 + """
145 +
146 + # Firefox Settings:
147 + # identity.sync.tokenserver.uri: https://ffsync.example.com/1.0/sync/1.5
148 +
149 + # for android, make sure you arent logged in when changing the sync server url. change the url when you are not signed in
150 + # the server is just https://ffsync.example.com
更新 更早

Opengist 强力驱动 Load: 27ms

中文