Weave is a synchronization engine from Mozilla Labs for all your browser information (settings, history, bookmarks, etc, etc). It is a free add-on for Firefox and you can freely use Mozilla's servers to store your information. This guide, however, is for anyone interested in setting up their own secure Weave server.
There are instructions on the Mozilla Labs places, but they are a bit scattered and it took some digging before I could get things working. Hopefully this guide will give a simple single locations for anyone interested.
For this guide I will assume PHP 5.1+, a working Apache 2 server with SSL, and MySQL (SQLite can easily be substituted here, it should be obvious where). As Mozilla notes, whatever web server you use, WebDAV can't be enabled on that server.
First things, grab the latest version of the Weave Server from Mozilla Labs at http://hg.mozilla.org/labs/weaveserver in whichever format you prefer. Extract the files into a folder accessible by your web server. The "server" folder will be the web root, so we can go ahead an setup a virtual server configuration similar to the following example (replace the paths accordingly):
<VirtualHost weave.my.domain:443> ServerName weave.my.domain DocumentRoot /var/www/weaveserver/server/ ErrorLog /var/log/apache2/weave-error.log CustomLog /var/log/apache2/weave-access.log combined SSLEngine on SSLCertificateFile /path/to/server.cert.crt SSLCertificateKeyFile /path/to/server.cert.key <Directory "/var/www/weaveserver/server/"> Options Indexes FollowSymLinks AllowOverride none Order allow,deny Allow from all AuthType Basic AuthName "Weave Server" AuthUserFile /path/to/auth/file require valid-user </Directory> Alias /0.5 /var/www/weaveserver/server/0.5/index.php Alias /user/1 /var/www/weaveserver/server/user/1/index.php </VirtualHost>
As you can see from this Apache config, there are some file that need to be generated. Specifically, an SSL Certificate and key, and a basic authentication file. I will run through these briefly below, if you are good with generating these, just skip down a bit.
Generating a Self-Signed SSL Certificate
First, generate a key:
openssl genrsa -des3 -out server.key 1024
Generate a certificate signing request (CSR):
openssl req -new -key server.key -out server.csr
Optional – At this point you can remove the password from the key if you wish… please be aware of the security risks before doing this:
cp server.key server.key.pass openssl rsa -in server.key.pass -out server.key
Finally, generate the certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Make sure the Apache Virtual Host configuration paths match the locations of the key and certificate files.
Creating a Password File
htpasswd file using the following command:
htpasswd -c weaveserver.pwd
You will be prompted to enter a password for the user you created. Make sure to update the
AuthUserFile path in the Apache Virtual Server config to point to this file.
Note: You need to have the same user name(s) and password(s) in the
htpasswd file as you plan on having setup in the Weave user database table (covered later).
Create a new database and create the two tables as follows:
CREATE DATABASE weave; USE weave; CREATE TABLE `wbo` ( `username` varbinary(32) NOT NULL default '', `collection` varbinary(64) NOT NULL default '', `id` varbinary(64) NOT NULL default '', `parentid` varbinary(64) default NULL, `predecessorid` varbinary(64) default NULL, `modified` decimal(12,2) default NULL, `sortindex` int(11) default NULL, `depth` tinyint(4) default NULL, `payload` longtext, `payload_size` int(11) default NULL, PRIMARY KEY (`username`,`collection`,`id`), KEY `parentindex` (`username`,`collection`,`parentid`), KEY `modified` (`username`,`collection`,`modified`), KEY `weightindex` (`username`,`collection`,`sortindex`), KEY `predecessorindex` (`username`,`collection`,`predecessorid`), KEY `size_index` (`username`,`payload_size`) ) ENGINE=InnoDB; CREATE TABLE `users` ( `username` varchar(32) PRIMARY KEY, `md5` varbinary(32), `email` varbinary(64), `status` tinyint, `location` text, `alert` text ) ENGINE=InnoDB;
That should be it for the database! Feel free to adjust the database name to your own liking, and be sure to grant select, select, insert, delete, and update permissions to whichever MySQL user you plan on accessing this with from weave. In case anyone forgot the grant syntax:
GRANT SELECT, INSERT, UPDATE, DELETE ON weave.* TO 'myuser'@'localhost';
If you are creating this user, be sure to set the password by adding " IDENTIFIED BY 'mypassword' " on the end of the above statement.
Weave Server Configuration
Navigate to the
weaverserver/server/user/1 folder. Copy
weave_user_constants.php and set the following items:
<?php ... define('WEAVE_STORAGE_ENGINE', 'mysql'); ... define('WEAVE_MYSQL_STORE_READ_HOST', ''); define('WEAVE_MYSQL_STORE_READ_DB', ''); define('WEAVE_MYSQL_STORE_READ_USER', ''); define('WEAVE_MYSQL_STORE_READ_PASS', ''); ... define('WEAVE_AUTH_ENGINE', 'mysql'); ... define('WEAVE_MYSQL_AUTH_HOST', ''); define('WEAVE_MYSQL_AUTH_DB', ''); define('WEAVE_MYSQL_AUTH_USER', ''); define('WEAVE_MYSQL_AUTH_PASS', ''); ... define('WEAVE_REGISTER_STORAGE_LOCATION', 'weave.my.domain');
These settings are pretty obvious once you read over the comments. The first group of settings is for the database that stores the synchronized data, and just sets the type and connection information. The second is basically the same thing, but points to the database that has the table of users to authenticate against. The final setting above only needs to be set if you are using the same database to house both the storage and authentication data.
Now do essentially the exact same steps for
weaveserver/server/0.5/default_constants.php.dist. That is, copy it over to
default_constants.php and then edit the similar sections to set the connection strings for the authentication and storage database(s). The only difference is that instead of specifying the
WEAVE_REGISTER_STORAGE_LOCATION, which will not exist, set the following line if both the authentication and store tables are in the same database:
<?php ... define('WEAVE_SHARE_DBH', '1');
If you are using different databases, just leave this one alone. Also, you can easily use Sqlite as well by setting the various
engine variables to
sqlite and configuring the path to the stores (this is pretty self explanatory once you read through the constants files).
If you want to use CAPTCHA when creating an account, you will need to grab a public and private key from http://recaptcha.net and make some changes to the Apache and Weaver Server configs. This is completely optional (just ignore the CAPTCHA field if you don't set this up when creating a new user).
weaveserver/server/user/1/weave_user_constants.php set the following to
<?php ... define('WEAVE_REGISTER_USE_CAPTCHA', 1);
weave_misc_constants.php and add in your public and private keys. Finally, add an alias to your Apache config as follows:
Alias /misc/1/captcha_html /server/misc/1/captcha.php
Now everything should be configured, so install the Weave add-on for Firefox if you haven't already (http://labs.mozilla.com/weave/). At the time of writing this, the latest was 0.7.
Open a new tab in Firefox and type
about:config and search for
extensions.weave.clusterURL. Set this to your Weave Server URL (i.e.
https://weave.my.domain/). Make sure to include the trailing slash.
Now open weave and go to the user creation screen. At the bottom of the form box there is an option that says "Create my account with:," select "A custom Weave server" and input your server into the textbox below (i.e. –
https://weave.my.domain/). Again here, make sure you include a trailing slash as the underlying code doesn't check and append if needed.
If all goes well, you should be able to put in a username and have it tell you that it is available (if it says it is not available, and its not already in the database, check the log in the top right of the page under tools -> debug log to see what the problem is). If you didn't setup CAPTCHA, just leave it blank and create your user once you filled in an email and password. Now enter your pass phrase and you should be set! Select what you would like to sync and how, then either wait or manually kick off a sync by going to "Signed in as" -> "Sync now" in the upper right. If everything went correctly, your data should be sent over SSL and encrypted into your server's database.