EteSync Server
EteSync is a secure, end-to-end encrypted, and privacy respecting sync for your contacts, calendars and tasks. You can set up your own EteSync Server to sync all your devices. It is written in Python and based on the popular Django-Framework.
Warning
EteSync Server v2 has been released in October 2020. This guide is about installing EteSync Server v1 and seems to be not applicable to v2.
Note
For this guide you should be familiar with the basic concepts of
Python and its package manager pip
License
All relevant legal information can be found here:
Prerequisites
Your URL needs to be set up:
[isabell@stardust ~]$ uberspace web domain list
isabell.uber.space
[isabell@stardust ~]$
Install uWSGI
Install the required uwsgi package with pip.
[isabell@stardust ~]$ pip3.6 install uwsgi --user
[isabell@stardust ~]$
After that, continue with setting it up as a service.
Create ~/etc/services.d/uwsgi.ini
with the following content:
[program:uwsgi]
command=uwsgi --master --emperor %(ENV_HOME)s/uwsgi/apps-enabled
autostart=true
autorestart=true
stderr_logfile = ~/uwsgi/err.log
stdout_logfile = ~/uwsgi/out.log
stopsignal=INT
Create needed folders and files for uwsgi:
[isabell@stardust ~]$ mkdir -p ~/uwsgi/apps-enabled
[isabell@stardust ~]$ touch ~/uwsgi/err.log
[isabell@stardust ~]$ touch ~/uwsgi/out.log
[isabell@stardust ~]$
After creating the configuration, tell supervisord to refresh its configuration and start the service:
[isabell@stardust ~]$ supervisorctl reread
SERVICE: available
[isabell@stardust ~]$ supervisorctl update
SERVICE: added process group
[isabell@stardust ~]$ supervisorctl status
SERVICE RUNNING pid 26020, uptime 0:03:14
[isabell@stardust ~]$
If it’s not in state RUNNING
, check the logs.
Installation
Download
Clone the source code from Github to ~/etesync_server
.
[isabell@stardust ~]$ git clone https://github.com/etesync/server.git --branch v0.3.0 ~/etesync_server
[isabell@stardust ~]$
Install dependencies
Install the requirements for EteSync Server:
[isabell@stardust ~]$ cd ~/etesync_server
[isabell@stardust etesync_server]$ pip3.6 install -r requirements.txt --user
[isabell@stardust etesync_server]$ pip3.6 install mysqlclient --user
[isabell@stardust etesync_server]$
Static files
Install the static files:
[isabell@stardust etesync_server]$ mkdir /var/www/virtual/$USER/html/static/
[isabell@stardust etesync_server]$ ln -s /var/www/virtual/$USER/html/static/
[isabell@stardust etesync_server]$ python3.6 manage.py collectstatic
152 static files copied to '/home/isabell/etesync_server/static'.
[isabell@stardust etesync_server]$
Basic configuration
Create the file ~/etesync_server/etesync_site_settings.py
and add the following line
(replace isabell
with your own username and MySuperSecretPassword
with your actual MySQL password):
ALLOWED_HOSTS = ['isabell.uber.space']
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'isabell_etesync_server',
'USER': 'isabell',
'PASSWORD': 'MySuperSecretPassword',
'HOST': '127.0.0.1',
'PORT': '3306',
}
}
Database setup
Create a database:
[isabell@stardust etesync_server]$ mysql -e "CREATE DATABASE ${USER}_etesync_server DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;"
[isabell@stardust etesync_server]$
Apply database migrations:
[isabell@stardust etesync_server]$ python3.6 manage.py migrate
[isabell@stardust etesync_server]$
Security configuration
Perform a Django deployment check, which will give some configuration recommendations:
[isabell@stardust etesync_server]$ python3.6 manage.py check --deploy
System check identified some issues:
WARNINGS:
...
[isabell@stardust etesync_server]$
Open ~/etesync_server/etesync_site_settings.py
again and add the recommended configuration at the end:
# Django deployment check recommendations
SECURE_HSTS_SECONDS = 518400
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
X_FRAME_OPTIONS = 'DENY'
SECURE_HSTS_PRELOAD = True
Perform the check again to make sure all warnings have been resolved:
[isabell@stardust etesync_server]$ python3.6 manage.py check --deploy
System check identified no issues (0 silenced).
[isabell@stardust etesync_server]$
Web backend configuration
Note
EteSync server is running on port 8000 in the default configuration.
To make the application accessible from the outside, configure a web backend:
[isabell@stardust ~]$ uberspace web backend set / --http --port <port>
Set backend for / to port <port>; please make sure something is listening!
You can always check the status of your backend using "uberspace web backend list".
[isabell@stardust ~]$
And for the static files:
[isabell@stardust ~]$ uberspace web backend set --apache /static
Set backend for /static to apache.
[isabell@stardust ~]$
Daemon setup
To deploy your application with uwsgi
, create a file at ~/uwsgi/apps-enabled/etesync_server.ini
with the following content:
[uwsgi]
chdir = $(HOME)/etesync_server
base = %(chdir)/etesync_server
http = :8000
master = true
wsgi-file = %(base)/wsgi.py
touch-reload = %(wsgi-file)
static-map = /static=%(base)/static
app = wsgi
plugin = python
Restart uwsgi
:
[isabell@stardust ~]$ supervisorctl restart uwsgi
uwsgi: stopped
uwsgi: started
[isabell@stardust ~]$
Test your installation
Perform a CURL request to your URL (e.g. https://isabell.uber.space
) to see if your installation succeeded:
[isabell@stardust ~]$ curl -I https://isabell.uber.space
HTTP/2 200
...
[isabell@stardust ~]$
If you don’t see HTTP/2 200
check your installation.
Usage
First, you have to create an admin user:
Warning
Set your own username, email and password (twice). Select a secure password which differs from the password used for your Uberspace account.
[isabell@stardust ~]$ cd ~/etesync_server
[isabell@stardust etesync_server]$ python3.6 manage.py createsuperuser
Username (leave blank to use 'isabell'):
Email address: isabell@uber.space
Password:
Password (again):
Superuser created successfully.
[isabell@stardust etesync_server]$
Warning
It is not recommended to use the admin user in daily life (i.e. for syncing data between your devices).
So, go to https://isabell.uber.space/admin
, log in with your admin user credentials
and create a separate non-privileged user.
Now you can install the EteSync app on your device(s) and connect to your EteSync server
using your URL (e.g. https://isabell.uber.space
) and the non-privileged user’s credentials.
Backup
Relevant data to be backed up is the SQL database and the file ~/etesync_server/secret.txt
.
They both are included in the backups of your whole Uberspace.
But since your contacts and calendar data may be too important to loose, consider setting up a separate backup strategy.
To create backups automatically, create a file ~/bin/backup-etesync-server
with the following content (replace isabell_etesync_server
with your own database name):
#!/usr/bin/env bash
# specify the database name
DATABASE_NAME=isabell_etesync_server
# create the backup target
BACKUP_DIR="${HOME}/backup/etesync_server/$(date '+%Y-%m-%d')"
mkdir -p "$BACKUP_DIR"
# backup relevant data
mysqldump $DATABASE_NAME > "${BACKUP_DIR}/${DATABASE_NAME}.sql"
cp ${HOME}/etesync_server/secret.txt "$BACKUP_DIR"
Make the file executable:
[isabell@stardust ~]$ chmod +x ~/bin/backup-etesync-server
Set up a cron job by using the crontab -e
command and adding the line:
@daily $HOME/bin/backup-etesync-server
Warning
Your backups should be stored at another location outside your Uberspace!
Warning
Keep in mind that the data stored by EteSync server is end-to-end encrypted. Therefore, the data from your server backups can not be restored without the encryption password which is not included in the backups, because it only exists on your synchronized devices. Make sure you keep your encryption password in a safe place, too!
Tested with EteSync server 0.3.0 and Uberspace 7.7.1.2
Written by: nepoh <hello@nepoh.eu>