Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Synchronization not working on Android #281

Open
Aeinot opened this issue Jun 5, 2021 · 25 comments
Open

Synchronization not working on Android #281

Aeinot opened this issue Jun 5, 2021 · 25 comments

Comments

@Aeinot
Copy link

Aeinot commented Jun 5, 2021

I set up a self-hosted sync server with Docker. It is placed behind a Nginx reverse proxy, and TLS is configured. Synchronization works well between two computers, but synchronization with Firefox on Android does not work.

I have set the "Custom sync server" field to "https://my.domain.com/token/1.0/sync/1.5", and then I linked the phone to my account. No information is synchronized (bookmarks, open tabs, etc.), and I don't see any connection on my Nginx logs (while adding a bookmark from Firefox on Windows generates several connections to the server). The last synchronization time is always set to "Never".

I also tried the following URLs:

My version of Firefox Android is 89.1.1.
@khimaros
Copy link

khimaros commented Jun 6, 2021

@Aeinot -- i bumped into this as well (using Fennec 89.1.1 from F-Droid).

i updated the Custome sync server URL to match /token/1.0/sync/1.5 format and found that while old (bulk) history is not synced, any new activity will be synced. i'm curious if you have the same result with your device.

@Aeinot
Copy link
Author

Aeinot commented Jun 6, 2021

@khimaros thanks for the answer, but after testing again with a fresh Firefox install, nothing is synced. When I add bookmarks, credentials, or try to list open tabs on my other devices, nothing is synced and no requests reach Nginx.

@rfk
Copy link
Contributor

rfk commented Jun 6, 2021

If you browse to https://my.domain.com/token/ in the Android browser as though it were a normal webpage, what happens? If things are working correctly then I would expect it to show you some JSON configuration data.

@Joshndroid
Copy link

Fresh sync server based on official docker.
Android app does NOT sync.
Can connect when logging in. Shows initially sync date as 1 January 1970. Then turns to never and will not sync anything.
Attempted various configs (url being just /token or /token/1.0/sync/1.5)
Attempted both HTTPS and HTTP connection types.
Attempted using both domain and straight IP as hostname
Fresh firefox account created.
Pointless software at the moment plagued by issues with the android ff sync constantly a simple google would show it.

@guptayash
Copy link

If you browse to https://my.domain.com/token/ in the Android browser as though it were a normal webpage, what happens? If things are working correctly then I would expect it to show you some JSON configuration data.

Hi,
When I browse https://mydomain.com/token/ I get the following response back.
{"services": {"sync": ["1.5"]}, "oauth": {"default_issuer": "api.accounts.firefox.com", "server_url": "https://oauth.accounts.firefox.com/v1", "scope": "https://identity.mozilla.com/apps/oldsync"}, "browserid": {"allowed_issuers": null, "trusted_issuers": null}, "auth": "http://mydomain.com/token"}

I am not sure if this config is correct but I am unable to sync too.

@Aeinot
Copy link
Author

Aeinot commented Jun 16, 2021

If you browse to https://my.domain.com/token/ in the Android browser as though it were a normal webpage, what happens? If things are working correctly then I would expect it to show you some JSON configuration data.

Hi,
When I browse https://mydomain.com/token/ I get the following response back.
{"services": {"sync": ["1.5"]}, "oauth": {"default_issuer": "api.accounts.firefox.com", "server_url": "https://oauth.accounts.firefox.com/v1", "scope": "https://identity.mozilla.com/apps/oldsync"}, "browserid": {"allowed_issuers": null, "trusted_issuers": null}, "auth": "http://mydomain.com/token"}

I am not sure if this config is correct but I am unable to sync too.

I have exactly the same result.

@ggrzeczkowicz
Copy link

Like you, I was unable to synchronize Firefox on Android with my personal SyncServer (history, bookmarks...)
But when I send a tab from a computer sync with my personal SyncServer to my phone, I received the notification, but only after hitting "Sync Now" on my phone.
Does the "share tab" function use the sync server ? If yes, there is some kind of connection that work well between a personal SyncServer and Firefox on Android, but only for tab sharing.

@Aeinot
Copy link
Author

Aeinot commented Jun 26, 2021

The tab sharing feature doesn't seem to go through the sync server. I can send tabs to my phone, but no requests are sent to my server, neither from the computer nor from the phone.

@rfk
Copy link
Contributor

rfk commented Jul 11, 2021

Does the "share tab" function use the sync server ?

It does not, it uses the Account server directly.

@3ap
Copy link

3ap commented Jul 12, 2021

I had the same issue and the same environment.

Firstly, I've found in logcat (it's stupid that there is no indication about it in GUI) that Android version, unlike desktop version, requires HTTPS for sync server. However, after switching to HTTPS there were no errors in logcat when I pushed "Sync now".

I tried several Firefox versions from Google Play, from F-Droid: nothing, even no requests from phone to my Nginx server at all! So, I gave up and left my phone for several hours (custom field was filled with https://%mydomain%/token/1.0/sync/1.5), and suddenly it started working. I didn't do anything special but after some time I've found that "Last update" value is not "never".

It's very strange and I can't explain such a behavior.

@QBANIN
Copy link

QBANIN commented Aug 7, 2021

(...) and suddenly it started working. I didn't do anything special but after some time I've found that "Last update" value is not "never".

Unfortunately doesn't work for me.

@crazyscientist
Copy link

I had a similar problem. Probably due to an update my Firefox app lost the URL of my sync server.

After disconnecting and setting the URL again I was able to reconnect and it started to sync normally.

@Josue-T
Copy link

Josue-T commented Jan 4, 2022

Hello, I've the same issue.

@mariusft
Copy link

mariusft commented Apr 6, 2022
edited
Loading

you'll need a server with tls 1.2 or newer, older ones are obsoleted, you can use certificate issued by let's encrypt

@FakeEmperor
Copy link

FakeEmperor commented Apr 9, 2022
edited
Loading

This configuration change fixed it for me. Emphasis on https:

SYNCSERVER_PUBLIC_URL: 'https://<server_domain>'
SYNCSERVER_FORCE_WSGI_ENVIRON: 'true'

I guess the http part in their example config file is a bit misleading :)

@TheToto318
Copy link

This configuration change fixed it for me. Emphasis on https:

SYNCSERVER_PUBLIC_URL: 'https://<server_domain>'
SYNCSERVER_FORCE_WSGI_ENVIRON: 'true'

I guess the http part in their example config file is a bit misleading :)

Hey,
Tried your configuration and still not working for me on FF 99.1.1.
Everything is working between computers.
Mozilla need to fix this...

@mariusft
Copy link

For Android Firefox 99.1.1 will work with the following:

  1. Root signed certificate with below parameters for nginx fir you are using it as forwarding proxy to use https:
    # intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
  1. Custom sync server:
    https://mydomain.something/token/1.0/sync/1.5

For some reason it fails if you are using only TLS 1.3, also it fails if you are using self signed certificate, in the past it worked with self signed but you were supposed to add an exception, for some reason I couldn't make it to work with self-signed certificate.

@TheToto318
Copy link

For Android Firefox 99.1.1 will work with the following:

1. Root signed certificate with below parameters for nginx fir you are using it as forwarding proxy to use https:

    # intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

2. Custom sync server:
   `https://mydomain.something/token/1.0/sync/1.5`

For some reason it fails if you are using only TLS 1.3, also it fails if you are using self signed certificate, in the past it worked with self signed but you were supposed to add an exception, for some reason I couldn't make it to work with self-signed certificate.

Thanks, I had already this configuration on my reverse proxy.
The sync just started working one hour ago, I didn't touched anything.

@mariusft
Copy link

Some times it behaves very strange on android and debug is useless.

@FakeEmperor
Copy link

I think it does sync at arbitrary times in the background, but if you run sync and leave FF open in foreground for a while, it does sync with these settings.

@AterialDawn
Copy link

For Android Firefox 99.1.1 will work with the following:

1. Root signed certificate with below parameters for nginx fir you are using it as forwarding proxy to use https:

    # intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

2. Custom sync server:
   `https://mydomain.something/token/1.0/sync/1.5`

For some reason it fails if you are using only TLS 1.3, also it fails if you are using self signed certificate, in the past it worked with self signed but you were supposed to add an exception, for some reason I couldn't make it to work with self-signed certificate.

Thank you so much, I was ripping my hair off installing old firefox versions and doing literally everything possible. Swapping my sync server from http to https seems to have finally worked.

It did take a little bit after linking my account, restarting the app, and clicking the Sync Now button before it arbitrarily decided 'hey its time to sync now' but it finally worked!

@Lalufu
Copy link

Lalufu commented Sep 26, 2022
edited
Loading

This configuration change fixed it for me. Emphasis on https:

SYNCSERVER_PUBLIC_URL: 'https://<server_domain>'
SYNCSERVER_FORCE_WSGI_ENVIRON: 'true'

I guess the http part in their example config file is a bit misleading :)

Reading this, and following up on what SYNCSERVER_FORCE_WSGI_ENVIRON precisely does finally allowed me to make this work on Android, on FF105.

TL;DR: Make sure the auth key in the output of https://<mydomain>/token/ is showing the correct domain, with https.

My sync server has always been behind a load balancer/reverse proxy which did the SSL termination (using a LE cert), but the backend connection to the sync server container was HTTP. Opening https://<mydomain>/token/ showed

{"services": {"sync": ["1.5"]}, "oauth": {"default_issuer": "api.accounts.firefox.com", "server_url": "https://oauth.accounts.firefox.com/v1", "scope": "https://identity.mozilla.com/apps/oldsync"}, "browserid": {"allowed_issuers": null, "trusted_issuers": null}, "auth": "http://<mydomain>/token"}

Note that the auth key says http and not https.
Assuming this was somehow part of the problem, I passed SYNCSERVER_PUBLIC_URL=https://<mydomain> into the container (this was set to to http://<mydomain> before). This caused https://<mydomain>/token/ to show an error complaining about a mismatch between the public URL and the application URL, and suggesting to set SYNCSERVER_FORCE_WSGI_ENVIRON. At this point you have two possibilities:

  • Set SYNCSERVER_FORCE_WSGI_ENVIRON=true
  • Properly configure your reverse proxy

SYNCSERVER_FORCE_WSGI_ENVIRON is the "easy mode" switch. The "proper" way is to configure your reverse proxy to indicate that, indeed, the client connection was done using HTTPS, and to configure the sync container to trust that information.
To do that, make sure your reverse proxy sets the following headers:

  • X-Forwarded-For with the IP of the original client
  • X-Forwarded-Host with the hostname of the original request
  • X-Forwarded-Proto with the protocol of the original request (which should be https)

Then tell the sync container to trust the reverse proxy that set those headers by setting the SYNCSERVER_FORWARDED_ALLOW_IPS environment variable to the IP address (or multiple, comma separated) that the container sees for the proxy.
Unfortunately after all of this you still have to just wait, and eventually FF will decide to sync.

@LEv145
Copy link

LEv145 commented Oct 23, 2022
edited
Loading

Is it possible to do this on a server/local network without a domain?

@eku
Copy link

eku commented Jan 27, 2024
edited
Loading

Is it possible to do this on a server/local network without a domain?

Older versions do not insist on TLS. I cannot understand why this has been changed for closed networks. At least it should have been left to the user.

Self-signed certificates for internal network hosts only work if the CA is registered in Android. AFAIK you won't get an cert from Let's encrypt for my-host.local.

Firefox for desktop does not insist on TLS. Syncs here with HTTP url.

@mariusft
Copy link

For local certificates it worked if you've opened the link and accepted the certificate, lately this doesn't appear to work anymore on android with the past firefox iterations. I've tried both old version and new syncstorage-rs which is a pain to set it up. Though desktop version works with both.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests