The Personal Blog of Stephen Sekula
This picture shows a credit-card sized Raspberry Pi server, encased in a transparent plastic enclosure.

A Raspberry Pi-based Firefox Sync Server

This picture shows a credit-card sized Raspberry Pi server, encased in a transparent plastic enclosure.
The Raspberry Pi is an inexpensive and fully functional computer. I use them for server projects, and here describe how to setup a Firefox Sync Server on one.

Data ownership is a serious issue on the internet, especially given the revelations that spy agencies like the NSA have been sneaking into back doors in companies like Google and collecting massive amounts of our personal metadata. While the courts and other US public institutions wrestle with the difficult constitutional issues behind this unprecedented warrantless surveillance, each of us can do things to own and protect our data on the internet. By running our own internet services, we can take data out of the hands of companies like Google and Facebook and, instead, hold that data in our own homes, encrypted, while deciding with whom we share it.

And since I’m sick with the flu . . . this was a good 1-day sick-day activity. 🙂

My sister and brother-in-law gifted me a Raspberry Pi (RPi) server for Christmas. This is the second such server in my possession; the first was a gift from Jodi. I have been using the first one to run a private social server. When I got the second RPi, I asked friends on the, GNU Social, and Diaspora social networks what they thought I should do with it. One good suggestion was to use it to make a Firefox Sync Server. Firefox Sync is a means by which data – bookmarks, browser history, passwords, and other data – can be synced across laptops, desktops, and mobile phones. The data are encrypted, the user holds the only key. If you run your own server then that data can live centrally on hardware under your own control.

Setting up the RPi

I setup the RPi using Raspian. I like Debian, and I find the installation of a Raspian image a very simple process. I used Raspian already for the server, so this was my go-to choice for the second RPi. Since I run a home server (host to this blog, among many other things), and an internal network in my house, I setup the RPi with a fixed IP address on the internal network. For the purposes of this tutorial, let’s set that internal IP address to

I created an account on the RPi, ffsync, from which the sync server will be run.

Installing Firefox Sync on the RPi

Once the RPi was setup, it was time to install the firefox sync server code itself. To do this, I used the installation instructions from Firefox, but also some instructions put together for installing on an Ubuntu server. I opted to run the sync server on port 5000 (e.g. I am using an sqlite database, since I don’t expect too many users to take advantage of my server. I could instead move this to full-fledged mysql if there are performance issues, but for now this is a fine solution.

The init.d script provided on the Ubuntu setup page is not wholly adequate for starting the server as a daemon (it doesn’t seem to comply with current standards for such init scripts). Here is mine, sanitized, as an example:

# Provides:          paster
# Required-Start:    $all
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the paster server
# Description:       Debian init script for the firefox sync server
# Author:       Stephen Sekula <> using lightdm script from 
#               Yves-Alexis Perez <> 
#               and an original script from
set -e


test -x $DAEMON || exit 0

if [ -r /etc/default/locale ]; then
  . /etc/default/locale

. /lib/lsb/init-functions


source $VIRTUALENV/bin/activate


case "$1" in
paster serve --daemon --pid-file=$PID_FILE --log-file=$LOG_FILE \
--user=$USER --group=$GROUP $PROD_FILE start

paster serve --daemon --pid-file=$PID_FILE --log-file=$LOG_FILE \
--user=$USER --group=$GROUP $PROD_FILE stop

paster serve --daemon --pid-file=$PID_FILE --log-file=$LOG_FILE \
--user=$USER --group=$GROUP $PROD_FILE restart

paster serve --daemon --pid-file=$PID_FILE --log-file=$LOG_FILE \
--user=$USER --group=$GROUP status

echo $"Usage: $0 {start|stop|restart|status}"
exit 1

exit $RET_VAL

Setting up Apache to Proxy Requests to the RPi

My main web server is apache, so it is important to me to maintain it while allowing requests to the sync server to be proxied to the RPi. Here is how I setup my apache server to handle this. For the purposes of this example, if my domain is, the subdomain of the firefox sync server is

   Redirect permanent /

    UseCanonicalName On

    SSLEngine on
    SSLProtocol -ALL +SSLv3 +TLSv1
    SSLHonorCipherOrder On
    SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
    SSLProxyEngine on

    SSLCertificateFile /path/to/my.crt
    SSLCertificateKeyFile /path/to/my.key
    SSLCertificateChainFile /etc/ssl/private/

        Order deny,allow
        Allow from all

   ProxyRequests Off
   ProxyPass /
   ProxyPassReverse /
   ProxyPreserveHost On

   CustomLog /var/log/apache2/firefox-sync_access.log combined
   ErrorLog /var/log/apache2/firefox-sync_error.log


After setting up the server and setting up my apache server to handle requests to it, I was able to sync my laptop Firefox web browser to my new, personal sync server. After that, I was able to setup my Android mobile Firefox installation to sync as well. Now I have access to anything I do on my laptop with my mobile phone, and vice versa. The data are encrypted and only I have the password. SSL is used for the connection to the server, so the transaction is also encrypted. The data lives on my own hardware, and I’ve taken one more thing out of the hands of external entities. I trust Firefox more than Google; but I trust my own server more than any of them.

2 thoughts on “A Raspberry Pi-based Firefox Sync Server”

Comments are closed.