Mozilla runs several instances of Normandy; this document provides information about each one of them, including what preferences you need to set to point an instance of Firefox towards them
Each environment may have several hostnames associated with it. Generally, there is a public, read-only server, a legacy admin server, a new Bearer auth admin server, and an API CDN. Not all environments have all of these.
Production is the live, user-facing instance of Normandy that is hit by every active user of Firefox.
- Read-only server: https://normandy.services.mozilla.com/
- API CDN: https://normandy.cdn.mozilla.net/
- Legacy admin: https://normandy-admin.prod.mozaws.net/ (VPN Required)
- Bearer auth admin: https://normandy-admin-bearer.prod.mozaws.net/ (VPN Required)
For new usage, the API CDN server is preferred for read-only usages, and the Bearer auth server is preferred for read-write usages.
Set the following preferences to have Firefox execute recipes from the production server:
Staging is a test environment used to test the deployment process. It is useful for testing a version of Normandy before it is deployed to users, but is not guaranteed to be functional or available at all times.
- Read-only server: https://normandy.stage.mozaws.net/
- Legacy admin: https://normandy-admin.stage.mozaws.net/ (VPN Required)
- Bearer auth admin: https://normandy-admin-bearer.stage.mozaws.net/ (VPN Required)
Staging does not have a API CDN.
Set the following preferences to have Firefox execute recipes from the staging server:
Dev is an environment that deploys automatically from the master branch. It can be used for testing admin frontends to Normandy, and always has the latest code. Sometimes it is broken. Dev doesn’t have a separate read-only and admin server, there is only one server.
- Legacy admin: https://normandy.dev.mozaws.net/
- Bearer auth admin: https://normandy-admin-bearer.dev.mozaws.net/
Dev does not have a separate read-only server, nor an API CDN. None of its server require VPN to access.
Set the following preferences to have Firefox execute recipes from the dev server:
TODO: The value is currently unknown. It would be the root hash used for Autograph development servers.
This section is for an instance of normandy you are running yourself, such as by following the instructions in this set of docs, or by running a Docker container.
These environments don’t always have Autograph set up, but when they do, the hash to use is the one below. It is possible to configure Autograph to use different keys than the default ones provided for Normandy. That is a not a supported configuration for local development.
The server run this way works as both a bearer auth server, and can be used with local Django authentication. It is not generally configured to use the legacy authentication method, though that is possible as well.
Set the following preferences to have Firefox execute recipes from a typical local server:
Note that the Normandy API must be accessed via HTTPS, even for local development.