docs: add how-to on deploying with docker compose

chenba · chenba · commit c9e46b316ced · 2026-01-25T21:23:57.000-06:00
diff --git a/docs/src/SUMMARY.md b/docs/src/SUMMARY.md
@@ -29,11 +29,11 @@
 [Mozilla Accounts Server - FxA](mozilla-accounts.md)
 
 - [How To Guides](how-to/index.md)
-    - [Run Your Own FxA Server](how-to/how-to-run-fxa.md)
+    - [Run Your Own Sync-1.5 Server with Docker](how-to/how-to-run-with-docker.md)
     - [Run Your Own Sync-1.5 Server (legacy)](how-to/how-to-run-sync-server.md)
     - [Configure Sync Server for TLS (legacy)](how-to/how-to-config-tls.md)
 
 [Documentation and MdBook Notes](doc-notes.md)
 [Glossary of Terms](glossary.md)
 [Response Codes](response-codes.md)
-[Terms of Service](terms-of-service.md)
+[Terms of Service](terms-of-service.md)
diff --git a/docs/src/how-to-run-with-docker.md b/docs/src/how-to-run-with-docker.md
@@ -0,0 +1 @@
+# Run Your Own Sync-1.5 Server with Docker
diff --git a/docs/src/how-to/how-to-run-fxa.md b/docs/src/how-to/how-to-run-fxa.md
@@ -1,126 +1 @@
-<a id="howto_run_fxa"></a>
-
-# Run Your Own Mozilla Accounts Server (Outdated)
-
-The Mozilla accounts server is deployed on our systems using RPM packaging,
-and we don't provide any other packaging or publish official builds yet.
-
-> **Note:** This guide is preliminary and vastly incomplete. If you have any
-> questions or find any bugs, please don't hesitate to file an issue: 
-[Syncstorage-rs GitHub Issues](https://github.com/mozilla-services/syncstorage-rs/issues).
-
-> **Note:** You might also be interested in  
-> [this Docker-based self-hosting guide](https://github.com/michielbdejong/fxa-self-hosting)  
-> (use at your own risk - quite out of date).
-
-The Mozilla accounts server is hosted in **git** and requires **nodejs**.
-Make sure your system has these, or install them:
-
-- **git**: <http://git-scm.com/downloads>
-- **nodejs**: <http://nodejs.org/download>
-
-A self-hosted Mozilla accounts server requires two components:
-
-- an **auth-server** that manages the accounts database
-- a **content-server** that hosts a web-based user interface
-
-Clone the fxa repository [linked here](https://github.com/mozilla/fxa/) and follow the README to deploy your own auth-server and content-server instances. <https://github.com/mozilla/fxa/>
-
-
-Now direct Firefox to use your servers rather than the default, Mozilla-hosted
-ones. The procedure varies a little between desktop and mobile Firefox, and
-may not work on older versions of the browser.
-
----
-
-## Desktop Firefox (version 52 or later)
-
-1. Enter `about:config` in the URL bar.
-2. Right-click anywhere on the page and choose **New > String**.
-3. Enter `identity.fxaccounts.autoconfig.uri` for the name, and your
-   content-server URL for the value.
-4. Restart Firefox for the change to take effect.
-
-> **Note:** This must be set prior to loading the sign-up or sign-in page
-> in order to take effect, and its effects are reset on sign-out.
-
----
-
-## Firefox for iOS (version 9.0 or later)
-
-1. Go to **Settings**.
-2. Tap on the **Version number** 5 times.
-3. Tap **Advance Account Settings**.
-4. Enter your content-server URL.
-5. Toggle **Use Custom Account Service** to on.
-
----
-
-## Firefox Preview for Android (“Fenix”)
-
-- There is not yet support for using a non-Mozilla-hosted account server.
-- Work is being tracked in this GitHub issue:  
-  <https://github.com/mozilla-mobile/fenix/issues/3762>
-
----
-
-## Firefox for Android (“Fennec”, version 44 or later)
-
-1. Enter `about:config` in the URL bar.
-2. Search for items containing `fxaccounts`, and edit them to use your
-   self-hosted URLs.
-
-### Auth server
-
-Use your auth-server URL to replace `api.accounts.firefox.com` in:
-
-- `identity.fxaccounts.auth.uri`
-
-### Content server
-
-Use your content-server URL to replace `accounts.firefox.com` in:
-
-- `identity.fxaccounts.remote.webchannel.uri`
-- `webchannel.allowObject.urlWhitelist`
-
-### Optional: OAuth and profile servers
-
-Use your OAuth and profile server URLs to replace
-`{oauth,profile}.accounts.firefox.com` in:
-
-- `identity.fxaccounts.remote.profile.uri`
-- `identity.fxaccounts.remote.oauth.uri`
-
-> **Important:** *After* creating the Android account, changes to
-> `identity.fxaccounts` prefs will be *ignored*.  
-> If you need to change the prefs, delete the Android account using
-> **Settings > Sync > Disconnect…**, update the pref(s), and sign in again.
->
-> Non-default Mozilla account URLs are displayed in the
-> **Settings > Sync** panel in Firefox for Android, so you should be able
-> to verify your URL there.
-
----
-
-Since the Mozilla-hosted sync servers will not trust assertions issued by
-third-party accounts servers, you will also need to run your own
-sync-1.5 server. See [How To Run Your Own Sync-1.5 Server](./how-to-run-sync-server.md).
-
-Please note that the `fxa-content-server` repository includes graphics and
-other assets that make use of Mozilla trademarks. If you are doing anything
-other than running unmodified copies of the software for personal use, please
-review:
-
-- Mozilla Trademark Policy:  
-  <https://www.mozilla.org/en-US/foundation/trademarks/policy/>
-- Mozilla Branding Guidelines:  
-  <http://www.mozilla.org/en-US/styleguide/identity/mozilla/branding/>
-
-You can ask for help on Matrix (chat.mozilla.org) in the **#fxa** room:  
-<https://chat.mozilla.org/#/room/#fxa:mozilla.org>
-
----
-
-### Additional reading
-
-- [How to connect Firefox for Android to self-hosted Mozilla account and Firefox Sync servers](http://www.ncalexander.net/blog/2014/07/05/how-to-connect-firefox-for-android-to-self-hosted-services/)
+# Run Your Own FxA Server
diff --git a/docs/src/how-to/how-to-run-with-docker.md b/docs/src/how-to/how-to-run-with-docker.md
@@ -0,0 +1,117 @@
+# Use Docker to Deploy Your Own Sync Server
+
+Mozilla publishes Docker images of its
+[`syncstorage-rs`](https://github.com/mozilla-services/syncstorage-rs) builds
+on ghcr.io. This guide provides a simple `docker compose` setup that can act as
+a starting point to self-host Sync.
+
+Images are available for both
+[MySQL](https://github.com/mozilla-services/syncstorage-rs/pkgs/container/syncstorage-rs%2Fsyncstorage-rs-mysql)
+and
+[PostgreSQL](https://github.com/mozilla-services/syncstorage-rs/pkgs/container/syncstorage-rs%2Fsyncstorage-rs-postgres)
+as the database.  The sample code will focus on MySQL.  Differences in
+configuration or deployment steps will be noted. 
+
+> **Note:** At the time of writing, there are no tagged release builds
+> available on ghcr.io.  This guide will use a build from the main development
+> branch.
+
+## Prerequisites and Presumptions
+- The reader has a MySQL or PostgreSQL database up and running.
+- The reader is familiar with the command line interface and `docker`.
+- The reader is going to use [Mozilla accounts](https://accounts.firefox.com/)
+  for authentication and authorization.
+- The service will be deployed at http://localhost:8000/.
+
+## Docker Compose
+
+Save the yaml below into a file, e.g. `docker-compose.yaml`.
+
+```yaml
+services:
+  syncserver:
+    image: ghcr.io/mozilla-services/syncstorage-rs/syncstorage-rs-mysql:b16ef5064b
+    platform: linux/amd64
+    container_name: syncserver
+    ports:
+      - "8000:8000"
+    environment:
+      SYNC_HOST: "0.0.0.0"
+      SYNC_PORT: "8000"
+      SYNC_MASTER_SECRET: "${SYNC_MASTER_SECRET}"
+      SYNC_SYNCSTORAGE__DATABASE_URL: "${SYNC_SYNCSTORAGE__DATABASE_URL}"
+      SYNC_TOKENSERVER__DATABASE_URL: "${SYNC_TOKENSERVER__DATABASE_URL}"
+      SYNC_TOKENSERVER__ENABLED: "true"
+      SYNC_TOKENSERVER__RUN_MIGRATIONS: "true"
+      SYNC_TOKENSERVER__FXA_EMAIL_DOMAIN: "api.accounts.firefox.com"
+      SYNC_TOKENSERVER__FXA_OAUTH_SERVER_URL: "https://oauth.accounts.firefox.com"
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/__heartbeat__"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 60s
+```
+
+Note that multiple values will be read from the environment:
+- `SYNC_MASTER_SECRET`: a secret used in cryptographic operations
+- `SYNC_SYNCSTORAGE__DATABASE_URL`: database URL for syncstorage, e.g. `mysql://sync:test@example.io/syncstorage` or `postgres://testo:@localhost/syncdb`
+- `SYNC_TOKENSERVER__DATABASE_URL`: database URL for tokenserver, e.g. `mysql://sync:test@example.io/tokenserver` or `postgres://testo:@localhost/syncdb`
+
+The values can be directly written into the yaml as well.
+
+Next, start the service with `docker compose`:
+
+```sh
+SYNC_MASTER_SECRET=use_your_own_secret_4d3d3d3d \
+SYNC_SYNCSTORAGE__DATABASE_URL="mysql://sync:test@example.io/syncstorage" \
+SYNC_TOKENSERVER__DATABASE_URL="mysql://sync:test@example.io/tokenserver" \
+docker compose -f docker-compose.yaml up -d
+```
+
+### Database Bootstrapping
+
+After starting the service on a clean, uninitialized database, some bootstrapping records need to be inserted.
+
+For MySQL, run
+```sql
+INSERT INTO tokenserver.services (service, pattern) VALUES ('sync-1.5', '{node}/1.5/{uid}');
+
+INSERT INTO tokenserver.nodes (service, node, available, current_load, capacity, downed, backoff)
+VALUES (
+  (SELECT id FROM services WHERE service = 'sync-1.5'),
+  'http://localhost:8000',
+  1, 0, 1000, 0, 0
+);
+```
+
+For PostgreSQL, run
+```sql
+INSERT INTO nodes (service, node, available, current_load, capacity, downed, backoff)
+VALUES (
+  (SELECT id FROM services WHERE service = 'sync-1.5'),
+  'http://localhost:8000',
+  1, 0, 1000, 0, 0
+);
+```
+
+Note that `http://localhost:8000` above needs to be replaced with the actual
+service URL.
+
+Restart the service with 
+```sh
+docker compose -f docker-compose.yaml restart
+```
+
+## Configuring Firefox
+
+Firefox itself needs to be configured to use the self-hosted Sync server.
+
+1. Go to `about:config` in Firefox.
+1. Find the `identity.sync.tokenserver.uri` configuration.
+1. Change the value to `http://localhost:8000/1.0/sync/1.5`.
+1. Restart Firefox.
+
+Firefox should be using the self-hosted Sync server at this point.  That can be
+verified by checking the logs in `about:sync-log`.
diff --git a/docs/src/how-to/index.md b/docs/src/how-to/index.md
@@ -2,6 +2,6 @@
 
 Collection of How To guides for various Sync-related operations.
 
-- [Run Your Own FxA Server](how-to-run-fxa.md)
+- [Run Your Own Sync-1.5 Server with Docker](how-to-run-with-docker.md)
 - [Run Your Own Sync-1.5 Server (legacy)](how-to-run-sync-server.md)
-- [Configure Sync Server for TLS (legacy)](how-to-config-tls.md)
+- [Configure Sync Server for TLS (legacy)](how-to-config-tls.md)

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+# Run Your Own Sync-1.5 Server with Docker`