Synchronization not working on Android

[Aeinot]

I set up a self-hosted sync server with Docker. It is placed behind a Nginx reverse proxy, and TLS is configured. Synchronization works well between two computers, but synchronization with Firefox on Android does not work.

I have set the "Custom sync server" field to "https://my.domain.com/token/1.0/sync/1.5", and then I linked the phone to my account. No information is synchronized (bookmarks, open tabs, etc.), and I don't see any connection on my Nginx logs (while adding a bookmark from Firefox on Windows generates several connections to the server). The last synchronization time is always set to "Never".

I also tried the following URLs:

• "https://my.domain.com/token/1.0/sync/1.5/"
• "https://my.domain.com/token/"

My version of Firefox Android is 89.1.1.

[khimaros]

@Aeinot -- i bumped into this as well (using Fennec 89.1.1 from F-Droid).

i updated the Custome sync server URL to match /token/1.0/sync/1.5 format and found that while old (bulk) history is not synced, any new activity will be synced. i'm curious if you have the same result with your device.

[Aeinot]

@khimaros thanks for the answer, but after testing again with a fresh Firefox install, nothing is synced. When I add bookmarks, credentials, or try to list open tabs on my other devices, nothing is synced and no requests reach Nginx.

[rfk]

If you browse to https://my.domain.com/token/ in the Android browser as though it were a normal webpage, what happens? If things are working correctly then I would expect it to show you some JSON configuration data.

[Joshndroid]

Fresh sync server based on official docker. Android app does NOT sync. Can connect when logging in. Shows initially sync date as 1 January 1970. Then turns to never and will not sync anything. Attempted various configs (url being just /token or /token/1.0/sync/1.5) Attempted both HTTPS and HTTP connection types. Attempted using both domain and straight IP as hostname Fresh firefox account created. Pointless software at the moment plagued by issues with the android ff sync constantly a simple google would show it.

[guptayash]

If you browse to https://my.domain.com/token/ in the Android browser as though it were a normal webpage, what happens? If things are working correctly then I would expect it to show you some JSON configuration data.

Hi, When I browse https://mydomain.com/token/ I get the following response back. {"services": {"sync": ["1.5"]}, "oauth": {"default_issuer": "api.accounts.firefox.com", "server_url": "https://oauth.accounts.firefox.com/v1", "scope": "https://identity.mozilla.com/apps/oldsync"}, "browserid": {"allowed_issuers": null, "trusted_issuers": null}, "auth": "http://mydomain.com/token"}

I am not sure if this config is correct but I am unable to sync too.

[Aeinot]

If you browse to https://my.domain.com/token/ in the Android browser as though it were a normal webpage, what happens? If things are working correctly then I would expect it to show you some JSON configuration data.

Hi, When I browse https://mydomain.com/token/ I get the following response back. {"services": {"sync": ["1.5"]}, "oauth": {"default_issuer": "api.accounts.firefox.com", "server_url": "https://oauth.accounts.firefox.com/v1", "scope": "https://identity.mozilla.com/apps/oldsync"}, "browserid": {"allowed_issuers": null, "trusted_issuers": null}, "auth": "http://mydomain.com/token"}

I am not sure if this config is correct but I am unable to sync too.

I have exactly the same result.

[ggrzeczkowicz]

Like you, I was unable to synchronize Firefox on Android with my personal SyncServer (history, bookmarks...) But when I send a tab from a computer sync with my personal SyncServer to my phone, I received the notification, but only after hitting "Sync Now" on my phone. Does the "share tab" function use the sync server ? If yes, there is some kind of connection that work well between a personal SyncServer and Firefox on Android, but only for tab sharing.

[Aeinot]

The tab sharing feature doesn't seem to go through the sync server. I can send tabs to my phone, but no requests are sent to my server, neither from the computer nor from the phone.

[rfk]

Does the "share tab" function use the sync server ?

It does not, it uses the Account server directly.

[3ap]

I had the same issue and the same environment.

Firstly, I've found in logcat (it's stupid that there is no indication about it in GUI) that Android version, unlike desktop version, requires HTTPS for sync server. However, after switching to HTTPS there were no errors in logcat when I pushed "Sync now".

I tried several Firefox versions from Google Play, from F-Droid: nothing, even no requests from phone to my Nginx server at all! So, I gave up and left my phone for several hours (custom field was filled with https://%mydomain%/token/1.0/sync/1.5), and suddenly it started working. I didn't do anything special but after some time I've found that "Last update" value is not "never".

It's very strange and I can't explain such a behavior.

[QBANIN]

(...) and suddenly it started working. I didn't do anything special but after some time I've found that "Last update" value is not "never".

Unfortunately doesn't work for me.

[crazyscientist]

I had a similar problem. Probably due to an update my Firefox app lost the URL of my sync server.

After disconnecting and setting the URL again I was able to reconnect and it started to sync normally.

[Josue-T]

Hello, I've the same issue.

[mariusft]

you'll need a server with tls 1.2 or newer, older ones are obsoleted, you can use certificate issued by let's encrypt

[FakeEmperor]

This configuration change fixed it for me. Emphasis on https:

SYNCSERVER_PUBLIC_URL: 'https://<server_domain>'
SYNCSERVER_FORCE_WSGI_ENVIRON: 'true'

I guess the http part in their example config file is a bit misleading :)

[TheToto318]

This configuration change fixed it for me. Emphasis on https:

SYNCSERVER_PUBLIC_URL: 'https://<server_domain>'
SYNCSERVER_FORCE_WSGI_ENVIRON: 'true'

I guess the http part in their example config file is a bit misleading :)

Hey, Tried your configuration and still not working for me on FF 99.1.1. Everything is working between computers. Mozilla need to fix this...

[mariusft]

For Android Firefox 99.1.1 will work with the following:

1. Root signed certificate with below parameters for nginx fir you are using it as forwarding proxy to use https:

   # intermediate configuration
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
   ssl_prefer_server_ciphers off;

2. Custom sync server: https://mydomain.something/token/1.0/sync/1.5

For some reason it fails if you are using only TLS 1.3, also it fails if you are using self signed certificate, in the past it worked with self signed but you were supposed to add an exception, for some reason I couldn't make it to work with self-signed certificate.

[TheToto318]

For Android Firefox 99.1.1 will work with the following:

1. Root signed certificate with below parameters for nginx fir you are using it as forwarding proxy to use https:

    # intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

2. Custom sync server:
   `https://mydomain.something/token/1.0/sync/1.5`

For some reason it fails if you are using only TLS 1.3, also it fails if you are using self signed certificate, in the past it worked with self signed but you were supposed to add an exception, for some reason I couldn't make it to work with self-signed certificate.

Thanks, I had already this configuration on my reverse proxy. The sync just started working one hour ago, I didn't touched anything.

[mariusft]

Some times it behaves very strange on android and debug is useless.

[FakeEmperor]

I think it does sync at arbitrary times in the background, but if you run sync and leave FF open in foreground for a while, it does sync with these settings.

[AterialDawn]

For Android Firefox 99.1.1 will work with the following:

1. Root signed certificate with below parameters for nginx fir you are using it as forwarding proxy to use https:

    # intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

2. Custom sync server:
   `https://mydomain.something/token/1.0/sync/1.5`

For some reason it fails if you are using only TLS 1.3, also it fails if you are using self signed certificate, in the past it worked with self signed but you were supposed to add an exception, for some reason I couldn't make it to work with self-signed certificate.

Thank you so much, I was ripping my hair off installing old firefox versions and doing literally everything possible. Swapping my sync server from http to https seems to have finally worked.

It did take a little bit after linking my account, restarting the app, and clicking the Sync Now button before it arbitrarily decided 'hey its time to sync now' but it finally worked!

[Lalufu]

This configuration change fixed it for me. Emphasis on https:

SYNCSERVER_PUBLIC_URL: 'https://<server_domain>'
SYNCSERVER_FORCE_WSGI_ENVIRON: 'true'

I guess the http part in their example config file is a bit misleading :)

Reading this, and following up on what SYNCSERVER_FORCE_WSGI_ENVIRON precisely does finally allowed me to make this work on Android, on FF105.

TL;DR: Make sure the auth key in the output of https://<mydomain>/token/ is showing the correct domain, with https.

My sync server has always been behind a load balancer/reverse proxy which did the SSL termination (using a LE cert), but the backend connection to the sync server container was HTTP. Opening https://<mydomain>/token/ showed

{"services": {"sync": ["1.5"]}, "oauth": {"default_issuer": "api.accounts.firefox.com", "server_url": "https://oauth.accounts.firefox.com/v1", "scope": "https://identity.mozilla.com/apps/oldsync"}, "browserid": {"allowed_issuers": null, "trusted_issuers": null}, "auth": "http://<mydomain>/token"}

Note that the auth key says http and not https. Assuming this was somehow part of the problem, I passed SYNCSERVER_PUBLIC_URL=https://<mydomain> into the container (this was set to to http://<mydomain> before). This caused https://<mydomain>/token/ to show an error complaining about a mismatch between the public URL and the application URL, and suggesting to set SYNCSERVER_FORCE_WSGI_ENVIRON. At this point you have two possibilities:

• Set SYNCSERVER_FORCE_WSGI_ENVIRON=true
• Properly configure your reverse proxy

SYNCSERVER_FORCE_WSGI_ENVIRON is the "easy mode" switch. The "proper" way is to configure your reverse proxy to indicate that, indeed, the client connection was done using HTTPS, and to configure the sync container to trust that information. To do that, make sure your reverse proxy sets the following headers:

• X-Forwarded-For with the IP of the original client
• X-Forwarded-Host with the hostname of the original request
• X-Forwarded-Proto with the protocol of the original request (which should be https)

Then tell the sync container to trust the reverse proxy that set those headers by setting the SYNCSERVER_FORWARDED_ALLOW_IPS environment variable to the IP address (or multiple, comma separated) that the container sees for the proxy. Unfortunately after all of this you still have to just wait, and eventually FF will decide to sync.

[LEv145]

Is it possible to do this on a server/local network without a domain?

[eku]

Is it possible to do this on a server/local network without a domain?

Older versions do not insist on TLS. I cannot understand why this has been changed for closed networks. At least it should have been left to the user.

Self-signed certificates for internal network hosts only work if the CA is registered in Android. AFAIK you won't get an cert from Let's encrypt for my-host.local.

Firefox for desktop does not insist on TLS. Syncs here with HTTP url.

[mariusft]

For local certificates it worked if you've opened the link and accepted the certificate, lately this doesn't appear to work anymore on android with the past firefox iterations. I've tried both old version and new syncstorage-rs which is a pain to set it up. Though desktop version works with both.