From MozillaWiki
< Labs‎ | Weave
Jump to: navigation, search

It is strongly recommended that you use the [Weave Minimal Server] rather than a full install.

Setting up the User API

Pre-Setup Considerations

It is strongly recommended that the Weave Server be set up under https, or behind a firewall with an https proxy in front of it. It uses standard http auth, which will send the password in the clear unless done over https.

The Weave Server requires PHP with PDO and JSON support installed. This should be the case if you are running PHP 5.1+. PDO will need drivers for whatever storage and authentications engines are used.

WebDav must not be enabled for this server - it intercepts some of the http packets and syncing will fail.

Setting up the Server

1) You can get the latest server from (there you can download it in different formats). Once things are fully established, we'll declare certain builds as stable, but for now assume all releases are beta quality. Unzip it into your html tree.

2) Edit your apache conf files to add the following:

Alias /0.5 <full path to weave directory>/server/sync/1.0/index.php

Don't forget to set up the weave directory in a virtual-host-directive (or similar), or else php will not work. (See sample virtual host config below)

3) Copy /server/sync/1.0/default_constants.php.dist to /server/sync/1.0/default_constants.php and edit it as described below. If you have mutiple hostnames, you can put override constant files into {HOST_NAME}_constants.php

Setting up Weave Authentication

In weave_constants.php at the beginning (e.g. directly after the license-block)

define('WEAVE_AUTH_ENGINE', '[sqlite|mysql|ldap|none]');

so for example

define('WEAVE_AUTH_ENGINE', 'mysql');

For more information on the auth store, see the user setup


define('WEAVE_SQLITE_AUTH_DIRECTORY', '<path to stores directory>');


define('WEAVE_MYSQL_AUTH_HOST', '<db host>');
define('WEAVE_MYSQL_AUTH_DB', '<db name>');
define('WEAVE_MYSQL_AUTH_USER', '<db username>');
define('WEAVE_MYSQL_AUTH_PASS', '<db password>');

(Note that you don't need to define the second set of constants if you are using the same db for reads and writes)

Setting up Weave Storage

define('WEAVE_STORAGE_ENGINE', '[sqlite|mysql|none]');


Edit the following constant:

define('WEAVE_SQLITE_STORE_DIRECTORY', '<path to stores directory>');

Easiest way to create a user is to go through the admin server process below.


Create the mysql database. Add the following tables:

create table collections 
  userid int(11) NOT NULL,
  collectionid smallint NOT NULL,
  name varchar(32) NOT NULL,
  primary key (userid, collectionid),
  key nameindex (userid, name)
) engine=InnoDB;

create table wbo
 username int(11) NOT NULL,
 collection smallint NOT NULL,
 id varbinary(64) NOT NULL,
 parentid varbinary(64),
 predecessorid varbinary(64),
 sortindex int default null,
 depth int default null,
 modified decimal(12,2),
 payload text,
 payload_size int(11) default NULL,
 primary key(username, collection, id),
 key parentindex(username, collection, parentid),
 key predecessorindex(username, collection, predecessorid),
 key weightindex(username, collection, sortindex),
 key modified(username, collection, modified),
 key size_index (username, payload_size)
) engine=InnoDB;

Edit your constant file:

define('WEAVE_MYSQL_STORE_READ_HOST', '<db host>');
define('WEAVE_MYSQL_STORE_READ_DB', '<db name>');
define('WEAVE_MYSQL_STORE_READ_USER', '<db username>');
define('WEAVE_MYSQL_STORE_READ_PASS', '<db password>');


Other Constants

define('WEAVE_PAYLOAD_MAX_SIZE', '<bytes>');

Caps the size (in bytes - watch out for large unicode characters!) of a payload.

define('WEAVE_SHARE_DBH', '1');

If both the storage engine and authentication engine are using the same database, setting this makes both engines use the same database handler rather than opening different ones. Note that SQLite cannot use the same db for authentication and storage.

Sample virtual host config

Sample Virtual host config for a server having SSL enabled and requiring http authentication. For debian placed in /etc/apache2/sites-enabled/, weave server directory located at /var/www/weaveserver/server/.


DocumentRoot /var/www/weaveserver/server/

ErrorLog /var/log/apache2/weaveserver-error.log
CustomLog /var/log/apache2/weaveserver-access.log combined

SSLENgine on
SSLCertificateKeyFile /path/to/server.cert.key
SSLCertificateFile /path/to/server.cert.crt

<Directory "/var/www/weaveserver/server/">

Options Indexes FollowSymLinks
AllowOverride none
Order allow,deny
Allow from all
AuthType Basic
AuthName "Weave Server"
AuthUserFile /path/to/auth/file
require valid-user


Alias /1.0 /var/www/weaveserver/server/sync/1.0/index.php


In your weave-clients only enter as server location.

Some hints:

  • the username/password of the http-authentication must be the same as the one for the weave-user, or else it won't work
  • if you have a self-signed certificate for SSL (or it is not valid because of any other reason) you have to visit your server once manually and accept the certificate permanently

Editing the Client

In about:config, set extensions.weave.ServerUrl to https://servername/user