A Raspberry Pi-based Firefox Sync Server

This picture shows a credit-card sized Raspberry Pi server, encased in a transparent plastic enclosure.
The Raspberry Pi is an inexpensive and fully functional computer. I use them for server projects, and here describe how to setup a Firefox Sync Server on one.

Data ownership is a serious issue on the internet, especially given the revelations that spy agencies like the NSA have been sneaking into back doors in companies like Google and collecting massive amounts of our personal metadata. While the courts and other US public institutions wrestle with the difficult constitutional issues behind this unprecedented warrantless surveillance, each of us can do things to own and protect our data on the internet. By running our own internet services, we can take data out of the hands of companies like Google and Facebook and, instead, hold that data in our own homes, encrypted, while deciding with whom we share it.

And since I’m sick with the flu . . . this was a good 1-day sick-day activity. 🙂

My sister and brother-in-law gifted me a Raspberry Pi (RPi) server for Christmas. This is the second such server in my possession; the first was a gift from Jodi. I have been using the first one to run a private pump.io social server. When I got the second RPi, I asked friends on the pump.io, GNU Social, and Diaspora social networks what they thought I should do with it. One good suggestion was to use it to make a Firefox Sync Server. Firefox Sync is a means by which data – bookmarks, browser history, passwords, and other data – can be synced across laptops, desktops, and mobile phones. The data are encrypted, the user holds the only key. If you run your own server then that data can live centrally on hardware under your own control.

Setting up the RPi

I setup the RPi using Raspian. I like Debian, and I find the installation of a Raspian image a very simple process. I used Raspian already for the pump.io server, so this was my go-to choice for the second RPi. Since I run a home server (host to this blog, among many other things), and an internal network in my house, I setup the RPi with a fixed IP address on the internal network. For the purposes of this tutorial, let’s set that internal IP address to 192.168.1.10.

I created an account on the RPi, ffsync, from which the sync server will be run.

Installing Firefox Sync on the RPi

Once the RPi was setup, it was time to install the firefox sync server code itself. To do this, I used the installation instructions from Firefox, but also some instructions put together for installing on an Ubuntu server. I opted to run the sync server on port 5000 (e.g. 192.168.1.10:5000). I am using an sqlite database, since I don’t expect too many users to take advantage of my server. I could instead move this to full-fledged mysql if there are performance issues, but for now this is a fine solution.

The init.d script provided on the Ubuntu setup page is not wholly adequate for starting the server as a daemon (it doesn’t seem to comply with current standards for such init scripts). Here is mine, sanitized, as an example:

#!/bin/bash
### BEGIN INIT INFO
# Provides:          paster
# Required-Start:    $all
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the paster server
# Description:       Debian init script for the firefox sync server
### END INIT INFO
#
# Author:       Stephen Sekula <sekula@cooleysekula.net> using lightdm script from 
#               Yves-Alexis Perez <corsac@debian.org> 
#               and an original script from https://www.vegard.net/archives/9248/
#
set -e

PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/home/ffsync/server-full/bin/paster

test -x $DAEMON || exit 0

if [ -r /etc/default/locale ]; then
  . /etc/default/locale
  export LANG LANGUAGE
fi

. /lib/lsb/init-functions

PROJECT=/home/ffsync/server-full
VIRTUALENV=/home/ffsync/server-full
PID_DIR=/home/ffsync/server-full
PID_FILE=/home/ffsync/server-full/syncserver.pid
LOG_FILE=/home/ffsync/server-full/logs/syncserver.log
USER=ffsync
GROUP=ffsync
PROD_FILE=/home/ffsync/server-full/development.ini

source $VIRTUALENV/bin/activate

cd $PROJECT

case "$1" in
start)
paster serve --daemon --pid-file=$PID_FILE --log-file=$LOG_FILE \
--user=$USER --group=$GROUP $PROD_FILE start

;;
stop)
paster serve --daemon --pid-file=$PID_FILE --log-file=$LOG_FILE \
--user=$USER --group=$GROUP $PROD_FILE stop

;;
restart)
paster serve --daemon --pid-file=$PID_FILE --log-file=$LOG_FILE \
--user=$USER --group=$GROUP $PROD_FILE restart

;;
status)
paster serve --daemon --pid-file=$PID_FILE --log-file=$LOG_FILE \
--user=$USER --group=$GROUP status

;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
exit 1
esac

exit $RET_VAL

Setting up Apache to Proxy Requests to the RPi

My main web server is apache, so it is important to me to maintain it while allowing requests to the sync server to be proxied to the RPi. Here is how I setup my apache server to handle this. For the purposes of this example, if my domain is example.org, the subdomain of the firefox sync server is mysync.example.org.

   ServerName mysync.example.org
   Redirect permanent / https://mysync.example.org/

    ServerName mysync.example.org
    ServerAdmin admin@example.org
    UseCanonicalName On

    SSLEngine on
    SSLProtocol -ALL +SSLv3 +TLSv1
    SSLHonorCipherOrder On
    SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
    SSLProxyEngine on

    SSLCertificateFile /path/to/my.crt
    SSLCertificateKeyFile /path/to/my.key
    SSLCertificateChainFile /etc/ssl/private/sub.class2.server.ca.pem

        Order deny,allow
        Allow from all

   ProxyRequests Off
   ProxyPass / http://192.168.1.10:5000/
   ProxyPassReverse / http://192.168.1.10:5000/
   ProxyPreserveHost On

   CustomLog /var/log/apache2/firefox-sync_access.log combined
   ErrorLog /var/log/apache2/firefox-sync_error.log

Conclusions

After setting up the server and setting up my apache server to handle requests to it, I was able to sync my laptop Firefox web browser to my new, personal sync server. After that, I was able to setup my Android mobile Firefox installation to sync as well. Now I have access to anything I do on my laptop with my mobile phone, and vice versa. The data are encrypted and only I have the password. SSL is used for the connection to the server, so the transaction is also encrypted. The data lives on my own hardware, and I’ve taken one more thing out of the hands of external entities. I trust Firefox more than Google; but I trust my own server more than any of them.

2 Replies to “A Raspberry Pi-based Firefox Sync Server”

  1. hello steve,

    does this thing still work?

    btw. how do i configure a local sync server in my firefox version 46

    all i get is the mozilla sync signon, i remember that some years ago there was an option to choose a local server, that option is now gone…

  2. Sadly, no. Firefox long ago changed the entire protocol for syncing and their whole original project, which felt mature, was replaced with immature pieces that were a nightmare to use (as the time). I’ve not tried since, it was so frustrating.

Would you like to comment? Please answer some quiz questions from the story.

We care about our comments. That's why we want to make sure that everyone who comments have actually read the story. Answer a couple of questions from the story to unlock the comment form.

Leave a Reply

Your email address will not be published. Required fields are marked *

Comment Spam Blocking by WP-SpamShield