Self-host Firefox Sync on Cloudron

ekevu123

Are you using Firefox? Did you know you can self-host the sync server on Cloudron? (you know ... because you can). I have just tested this, and it works between Firefox on Ubuntu and Android.

Here is a tutorial for anyone interested:

Replication Guide: Adapting Syncstorage-RS for Cloudron

This guide explains how to take the original mozilla-services/syncstorage-rs repository and adapt it for a single-container deployment on Cloudron with PostgreSQL.

1. Create the Manifest (CloudronManifest.json)

Cloudron requires a manifest file to understand the application requirements. Create this file in the root of the repository.

CloudronManifest.json:

{
  "manifestVersion": 2,
  "title": "Syncstorage-RS",
  "author": "Mozilla Services",
  "description": "Firefox Sync storage server built with Rust",
  "version": "0.21.1",
  "httpPort": 8000,
  "addons": {
    "postgresql": {
      "version": "14.9"
    }
  },
  "healthCheckPath": "/__heartbeat__"
}

---

2. Create the Start Script (cloudron-entrypoint.sh)

Cloudron provides database credentials through environment variables (CLOUDRON_POSTGRESQL_*). We need a script to bridge these variables into the format expected by Syncstorage-RS.

cloudron-entrypoint.sh:

#!/bin/bash
set -eu

# Default values
SYNC_HOST="${SYNC_HOST:-0.0.0.0}"
SYNC_PORT="${SYNC_PORT:-8000}"
SYNC_MASTER_SECRET="${SYNC_MASTER_SECRET:-}"

# 1. Detect Cloudron PostgreSQL addon
if [ -z "${CLOUDRON_POSTGRESQL_HOST:-}" ]; then
    echo "Error: PostgreSQL addon not found. Please ensure it is installed." >&2
    exit 1
fi

# 2. Convert Cloudron vars to Syncstorage connection strings
# We use the same DB for both storage and token management
POSTGRES_USER="${CLOUDRON_POSTGRESQL_USERNAME}"
POSTGRES_PASSWORD="${CLOUDRON_POSTGRESQL_PASSWORD}"
POSTGRES_HOST="${CLOUDRON_POSTGRESQL_HOST}"
POSTGRES_PORT="${CLOUDRON_POSTGRESQL_PORT}"
POSTGRES_DATABASE="${CLOUDRON_POSTGRESQL_DATABASE}"

export SYNC_SYNCSTORAGE__DATABASE_URL="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DATABASE}"
export SYNC_TOKENSERVER__DATABASE_URL="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DATABASE}"
export SYNC_TOKENSERVER__RUN_MIGRATIONS="true"

# 3. Validate required config
if [ -z "$SYNC_MASTER_SECRET" ]; then
    echo "Error: SYNC_MASTER_SECRET must be set in the Cloudron Environment tab." >&2
    exit 1
fi

# 4. Start the application
exec /app/bin/syncserver "$@"

---

3. Adapt the Dockerfile (Dockerfile.cloudron)

The original Dockerfile often uses modern features like Docker BuildKit (e.g., --mount=type=cache or --chmod in COPY) which might not be supported in all environments. We created a "clean" version that works with standard Docker.

Key Changes Made:

1. Set Defaults: Set SYNCSTORAGE_DATABASE_BACKEND and TOKENSERVER_DATABASE_BACKEND to postgres at the top of the file.
2. Remove BuildKit mounts: Removed all instances of --mount=type=cache... from RUN commands to allow building without BuildKit enabled.
3. Remove inline chmod: Changed COPY --chmod=0755 to standard COPY followed by a RUN chmod +x command.
4. Inject Start Script: Added the cloudron-entrypoint.sh and set it as the ENTRYPOINT.

Fragment of changes in the final stage:

# ... after all builds ...
COPY --from=builder /app/bin /app/bin
COPY cloudron-entrypoint.sh /app/cloudron-entrypoint.sh

# BuildKit-compatible chmod replacement
RUN chmod +x /app/cloudron-entrypoint.sh

USER app:app
ENTRYPOINT ["/app/cloudron-entrypoint.sh"]

---

4. Building and Pushing

To build the image using the new Dockerfile and push it to Cloudron:

# 1. Build locally
docker build -f Dockerfile.cloudron -t syncstorage-rs:cloudron .

# 2. Push to Cloudron Registry
docker tag syncstorage-rs:cloudron CLOUDRON_IP:5000/syncstorage-rs:cloudron
docker push CLOUDRON_IP:5000/syncstorage-rs:cloudron

---

5. Summary of logic

1. Single Container: We package the Rust binary and its Python dependencies into one image.
2. PostgreSQL Integration: Instead of separate containers for Sync and Token databases, we point both services to the single PostgreSQL database provided by Cloudron.
3. Auto-Migrations: We set SYNC_TOKENSERVER__RUN_MIGRATIONS="true" so the database schema is created automatically on the first start.
4. Security: The SYNC_MASTER_SECRET is the only manual configuration required, ensuring data is encrypted at rest.

robi

That’s great!

Can you get with @timconsidine to make it available on CCAI?

timconsidine

@ekevu123 is there a git repo somewhere ?

ekevu123

The original is linked above, the changes are explained (and quite minimal).