I failed to install Firefox Accounts Server

In order to continue to be more and more independent and because I trust less and less Mozilla Foundation, I decided to manage by myself the Firefox authentication system (without Docker). For those who do not know, Firefox divided the whole authentication system and the storage management system. You can manage your data (bookmarks, history, tabs, profile) with Firefox Sync. I deployed it previously and a tutorial is available here. After hosting the most important part of my data that Firefox manages, I wanted to host the all thing. I worked on it during 21 hours and was still not able to run it properly. I decided to share my experience.

Criticism

Firefox Authentication Server is built in following a micro services architecture. For those who do not know it, it divides an application into little smaller applications. Each of them should have a specific role and perimeter. For example, a micro service dedicated to send email or another dedicated to manage the user interface. However, this architecture, if not well built and documented could have some disadvantages. You can find below a list from Wikipedia:

  • Services form information barriers
  • Inter-service calls over a network have a higher cost in terms of network latency and message processing time than in-process calls within a monolithic service process
  • Testing and deployment are more complicated
  • Moving responsibilities between services is more difficult. It may involve communication between different teams, rewriting the functionality in another language or fitting it into a different infrastructure
  • Viewing the size of services as the primary structuring mechanism can lead to too many services when the alternative of internal modularization may lead to a simpler design.

Unfortunately, I think the Firefox Accounts Server fall in most of them. They are improving it but there is so much work to do. Especially because it seems like Mozilla Foundation wants to maintain the compatibility with the past. You can find below the list of issues I found which made it really hard to deploy it and which demonstrates why it is obsolete.

  • Each microservice has his own structure. In some of them, you have configuration in config/index.js, another one has it in /server/config/local.json, in another one you have two files to configure
  • Each microservice has his own running process. For example, the running command could be different, in another case, you need to build the code to make it runnable.
  • The documentation is clearly missing (no system-d unit, no reverse proxy configuration). Anybody who tries to run it in following the process in the documentation will most of the time failed because some part of it is not documented or is obsolete

Regarding the Firefox Authentication Server in general. I am sorry to say it but it is clearly out of date and has vulnerabilities inside. About obsolescence, I could talk about the need to use MySQL 5.6 and about vulnerabilities, the node modules vulnerabilities. It is not ready to be deployed by anybody else than someone who works in this project or in the Mozilla Firefox platform. I do not imagine one second a system administrator without development skill being able to deploy it in less than 3 days.

Just another example about the mess, I made an issue here about the difficulties I got. Two people from Mozilla answered, the first answer was pertinent and helped me in the process. The second one was clearly out of subjects, I am not even sure he read it, he just repeats one thing I said, thing which does not work and he closed the issue without giving a fuck. Yes, it closed it, without waiting for my answer. I just took three days trying to make it works before asking for help and my issue was closed like “OK, thank you”.

My responsibility

My lack of knowledge was, of course, a reason of my impossibility to succeed in this task. Even if I deployed dozens of applications, I am not used to deploy micro services applications. The only comfort I have is I am not the only who did not succeed.

Installation process

I took three days deploying and configuring Firefox Accounts Server. For those who are interested, you can find below the process I follow to be able to run them. I was able to run 5 services, maybe it required more to make it runnable, but some of them still have issues and it. The list of micro services I deployed:

  • fxa-auth-db-mysql
  • fxa-auth-server
  • fxa-content-server
  • fxa-oauth-server
  • fxa-profile-server

Global installation

In order to prepare the system, you need to to the following stuff:

As Npm needs to have a home directory, we will not add the –no-create-home option.

In Debian 9, you will need to install only MySQL-server without MariaDB

Lsb-release is required to install MySQL

You have to choose MySQL version 5.6, I tested with version 8 and MariaDB and it doesn’t work

Tips

In order to find the configuration file easily, I recommend you to use grep as much as possible and to read the packages.json file which could help you to find running command. You can find interesting stuff with:

Part of the installation process of Firefox Accounts database service

I still have issues with it. db.example.com

Firefox Accounts Server

I still have issues with it. auth.example.com

To change the listen address of the server, you have to modify the file config/index.js and replace it.

Firefox Accounts Content Server

account.example.com

All the configuration is in the file server/config/local.json-dist
Firefox Content Server loads his configuration from file we should create. It should be a copy of local.json-dist.

I recommend you to disable CSP because they are completely obsolete. They still using x-content-security-policy even if it is obsolete since Firefox 23 !
vim server/config/production.json
# csp:false

Firefox Accounts OAuth Server

Firefox Accounts Profile Service

Sources

Conclusion

I hope it will motivate you NOT to try to install it and save your time. I hope they will improve it and make it easier to configure and deploy. Maybe one day, we will be able to use only the Mozilla Firefox Browser and be able to manage everything behind, maybe.

Social media

If you find this article useful, feel free to follow my RSS flux and to follow me on Mastodon. Don’t hesitate to share it if you think it could interested someone.

Leave a Comment