I have no idea what i'm dooing

[poofyteddy]

Hi, Sorry for the silly title but i'm lost and because of the docker nature of this, i have no log to rely on.

Docker is a first for me, and while i managed to setup and have everything running, i am sure they are stuff i didn't do correctly, especially in when editing the config file. What i should and shouldn't change is very unclear to me, ( should i change client_id ? what is flowidkey ? ...)

Right now i seam to have all docker container up, but when i try to create my account by putting the email in, all i get is a sniping wheel with a working ... text. nothing more to help me understand what went wrong.

would it be possible to get more info on what to config ?

[jackyzy823]

can you post your config.yml (note: remove private info)

Right now i seam to have all docker container up, but when i try to create my account by putting the email in, all i get is a sniping wheel with a working ... text. nothing more to help me understand what went wrong.

can you post the screenshot of Network requests. (In firefox F12 -> Network )

What i should and shouldn't change is very unclear to me, ( should i change client_id ? what is flowidkey ? ...) you could change these.

[poofyteddy]

Hi ! i have edited the docker-compose file to reduce version to 3.3 (default debian 10 repo) look for <---- to see my comment config.yml This use self signed ssl, and have haproxy with a valid ssl in front of it.

#! THIS FILE USING YTT(https://github.com/k14s/ytt/) FORMAT                                                         
#! this is a general config for all related stuffs                                                                  
#@data/values                                                                                                       
---                                                                                                                 
#! Once config.yml changed you should rerun ./init.sh to regenerate docker-compose.yml                              

#! make sure you create $PERSISTENCEPATH/public and $PERSISTENCEPATH/mysql_data                                     
#!  and chmod a+w $PERSISTENCEPATH/public                                                                           
#! if PERSISTENCEPATH is relative, it relate with docker-compose.yml                                                
persistencepath: .                                                                                                  

#! latest tested version is : v1.172.11                                                                             
#! it's not recommend to downgrade without clean up db. since schema changes                                        
#! [ISSUE] v1.172.0 500 error after new-signup connect-another-device page maybe caused by https://github.com/mozilla/fxa/commit/2f9729154
#! [ISSUE][RESOLVED] v1.173+ change base docker image . missing key_*.json in fxa-auth-server so we change to branch br-v1.174.0 to apply breaking changes
fxa_version: "v1.178.0" #! by default we use tested version , using latest at your own risk.                        

option:                                                                                                             
  #! do we need firefox send?                                                                                       
  send:                                                                                                             
    enable: true                                                                                                    
    settings:                                                                                                       
      #! settings are upperize to send ENV                                                                          
      #! [TODO] send android , client_id 20f7931c9054d833                                                           
      fxa_client_id: "fced6b5e3f4c66b9"     <---- Do i change this for a random number ?                                                                        
      #![TODO] file_dir need volumes or not or ....                                                                 
      max_file_size:     <---- Do i need to fill this or is there some rational default ?  
      anon_max_file_size:     <---- Do i need to fill this or is there some rational default ?  
      #! expire_times_seconds array format "a,b,c" <---- i don't understand what each value in the array is suposed to be 
      expire_times_seconds: <---- Do i need to fill this or is there some rational default ?  
      default_expire_seconds: <---- Do i need to fill this or is there some rational default ?  
      max_expire_seconds: <---- Do i need to fill this or is there some rational default ?  
      anon_max_expire_seconds: <---- Do i need to fill this or is there some rational default ?  
      max_downloads: <---- Do i need to fill this or is there some rational default ?  
      anon_max_downloads: <---- Do i need to fill this or is there some rational default ?  
      max_files_per_archive: <---- Do i need to fill this or is there some rational default ?  
      max_archives_per_user: <---- Do i need to fill this or is there some rational default ?  
      #! download_counts array format "a,b,c"
      download_counts: <---- Do i need to fill this or is there some rational default ?  
  notes:
    enable: true
    settings:
      #! client_id is a must , depends on what you set in https://github.com/mozilla/notes/src/background.js
      #! client_id should equal to _init/auth/oauthserver-prod
      client_id:
        webext: "a3dbd8c5a6fd93e2"  #! sample: "a3dbd8c5a6fd93e2"     <---- Do i change this for a random number ?
        android: "7f368c6886429f19" #! sample: "7f368c6886429f19"     <---- Do i change this for a random number ?

      #! [deprecated] will auto convert "-"=>"_" and "." -> "." and uppercase
      #! [deprecated] fxa-oauth.clients.notes.client_id:

#! [TODO] since use self fxa . it will not possible to use mozilla's webextensions storage sync server.                                                                                                                                     
  #!        so it's recommend to enable it by default if your webextension use browser.storage.sync API                                                                                                                                       
  webext_storagesync:                                                                                                                                                                                                                         
    enable: true                                                                                                                                                                                                                              
    settings:
      #! you shall not change this , "5882386c6d801776" means firefox
      client_id : "5882386c6d801776"      <---- At least i know for this one ;)
      #! [deprecated] fxa-oauth.clients.storagesync.client_id: "5882386c6d801776"
  #! last tested 13.6.3
  kinto_version: "latest"
  #! [TODO] intergate with kinto
  #! both with_notes and with_webext_storagesync need kinto server and it's postgres
  #! see kinto usage https://wiki.mozilla.org/Firefox/Kinto
  #! https://testpilot.settings.services.mozilla.com/v1/
  #! client_id 5882386c6d801776 == firefox
  #! https://webextensions.settings.services.mozilla.com/v1/

#! [TODO] make docker-compose.tmp.yml data.values.domain.name and etc reusable via define
#! domain name related stuff
domain:
  #! base name
  name: "fxa.MYDOMAIN.com"
  #! for content-server
  content: "www"
  auth: "api"
  oauth: "oauth"
  #! for profile server
  profile: "profile"
  #! for syncserver
  sync: "token"
  #! for firefox send
  #! must if option.with_send == true
  send: "send"
  #! for notes and webextension storage.sync
  kinto: "kinto"

nginx:
  #! port or ip/port
  #! for those who want to reverse proxy ( and then we do not a host resolver ,because we just proxy_pass ip/port )
  listener: "443"
  #! if false certs are not required and another fxa_nossl.conf is used
  ssl: true
  #! used if previous ssl is true
  certs:
  #! wild will only be used if detailed cert is not specified.
  #! certs location is absoulte or related to docker-compose.ymls
  #! cert can be self-signed if there's a reversed proxy with valid certs before this nginx.
    wild:
      cert: "./cert/wild.cer"
      key: "./cert/wild.key"
    content:                                                                                                                                                                                                                                  
      cert:                                                                                                                                                                                                                                   
      key:                                                                                                                                                                                                                                    
    auth:                                                                                                                                                                                                                                     
      cert:
      key:
    oauth:
      cert:
      key:
    profile:
      cert:
      key:
    sync:
      cert:
      key:
    send:
      cert:
      key:
    kinto:
      cert:
      key:

mail:
  #! types are  "localhelper" ,  "localrelay" ,"3rd"
  #! "localhelper" uses fxa-auth-local-mail-helper which self sending and receiving and smtp_host/smtp_port/smtp_user/smtp_pass/smtp_secure do not affect.
  #! "localrelay" use exim-sender  and smtp_host/smtp_port/smtp_user/smtp_pass/smtp_secure do not affect.
  #! "3rd"  send mail to 3rd (like gmail etc)
  type: "localrelay"     <---- This don't seam to work (but surely because postfix is configured on this server and not exim)
  #! for   "3rd": refer to your mail service provider
  smtp_host:
  smtp_port:
  smtp_user:
  smtp_pass:
  smtp_secure:

  #! if smtp_sender empty use "Firefox Accounts <no-reply@domain.name>" default
  smtp_sender: "Firefox Accounts <contact@MYDOMAIN.com>"

  #! only for "localhelper"
  #! web api
  localhelper:
    web: "127.0.0.1:9001"

#! due to a issue  `https://github.com/mikefarah/yq/issues/351` of yq/ it's not possible to change value.
#! you must change it manually
#! [TODO] can i use ytt overlay  ?  secrets in seperate file edited by yq and then merge with ytt ??
secrets:
  authsecret: "RANDOME"
  pushboxkey: "LONG-RANDOME1"
  flowidkey: "MY_FLOW_ID_KEY"     <---- What is this ?
  profileserver_authsecret_bearertoken: "LONG-RANDOME2"
  supportpanel_authsecret_bearertoken: "LONG-RANDOME3"

#! if you encounter some problem with syncserver like
#! SSLError: HTTPSConnectionPool(host='www.fxa.example.local', port=443): Max retries exceeded with url: /.well-known/fxa-client-configuration (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)'),))
#! or like
#! HTTPError: 502 Server Error: Bad Gateway for url: https://www.fxa.example.local/.well-known/fxa-client-configuration
#! set use_internal_idp to true
debug:
  use_internal_idp: false
  #! for register preverifed account , we need to set fxa-auth-server 's NODE_ENV  not to be `prod`
  #! see  fxa-auth-server/lib/routes/account.js `delete routes[0].options.validate.payload.preVerified;`
  auth_server_preverifed : false
  deps_logs : false

after only letting it run all night, i am now capable to reache the second screen where it ask for password and age... so good new's i guess ??

Could you still shine some light on the config file ? maybe i can then create a simple markdown to help other :)

[jackyzy823]

For client_id: There's no need to change these default values. If you change this , make sure your client use the same client id as you config for example . if you change notes.settings.client_id , make sure your Firefox notes webextension/app use the value of notes.settings.client_id as client_id.

For flowidkey see: https://github.com/mozilla/fxa/blob/860f00d7ceecc369cca9d2bbef148b484933f1da/packages/fxa-content-server/server/lib/configuration.js#L242

For send settings: see: https://github.com/mozilla/send/blob/master/server/config.js

type: "localrelay" <---- This don't seam to work (but surely because postfix is configured on this server and not exim)

I don't have a env which can send mail. so i can not test this. However i don't understand why it don't work. would you like to explain more about this? thanks.

[poofyteddy]

thank for a better understanding of the client_id. About the flowidkey, i'm guessing anything looking like 63 72 79 70 74 64 69 would do, but because i know very little about crypto i'm not sure. I'll try

About the mail part. I have no idea how you managed to test without a mail sending capable system since it was a requirement for me to create an account. Basically i was expected localrelay to send the mail the same way the mail command do it, and then follow my postfix conf who have a smtp relay setup. But because it's postfix and i didn't have exim in place, i was guessing it was the reason it didn't work for me. Using the 3rd party option and manually entering my smtp server worked well (aside from the issue you've already fixed).

nextstep is to get mobile to work (maybe it doesn't because of the missing flowidkey) I'll keep in touch. and thank you for the time you've spent on this :heart:

[jackyzy823]

flow id key may not necessary. just for metric or statistic stuff.

I'm using localmailhelper which is a fxa dev tool. I'm not quite familar with sending mails. localrelay is a docker image exim-sender . fxa send mail to exim-sender and then exim-sender relay mail to destination.

for fennec (firefox android) . it always works. for fenix (firefox preview). a private build is needed . see my readme.