The Adventures of My Pet Hamster
The Personal Blog of Stephen Sekula
The Adventures of My Pet Hamster
This picture shows a credit-card sized Raspberry Pi server, encased in a transparent plastic enclosure.
Computing

A Raspberry Pi-based Firefox Sync Server

by |Published |2 comments
This picture shows a credit-card sized Raspberry Pi server, encased in a transparent plastic enclosure.
The Raspberry Pi is an inexpensive and fully functional computer. I use them for server projects, and here describe how to setup a Firefox Sync Server on one.

Data ownership is a serious issue on the internet, especially given the revelations that spy agencies like the NSA have been sneaking into back doors in companies like Google and collecting massive amounts of our personal metadata. While the courts and other US public institutions wrestle with the difficult constitutional issues behind this unprecedented warrantless surveillance, each of us can do things to own and protect our data on the internet. By running our own internet services, we can take data out of the hands of companies like Google and Facebook and, instead, hold that data in our own homes, encrypted, while deciding with whom we share it.

And since I’m sick with the flu . . . this was a good 1-day sick-day activity. 🙂

My sister and brother-in-law gifted me a Raspberry Pi (RPi) server for Christmas. This is the second such server in my possession; the first was a gift from Jodi. I have been using the first one to run a private pump.io social server. When I got the second RPi, I asked friends on the pump.io, GNU Social, and Diaspora social networks what they thought I should do with it. One good suggestion was to use it to make a Firefox Sync Server. Firefox Sync is a means by which data – bookmarks, browser history, passwords, and other data – can be synced across laptops, desktops, and mobile phones. The data are encrypted, the user holds the only key. If you run your own server then that data can live centrally on hardware under your own control.

Setting up the RPi

I setup the RPi using Raspian. I like Debian, and I find the installation of a Raspian image a very simple process. I used Raspian already for the pump.io server, so this was my go-to choice for the second RPi. Since I run a home server (host to this blog, among many other things), and an internal network in my house, I setup the RPi with a fixed IP address on the internal network. For the purposes of this tutorial, let’s set that internal IP address to 192.168.1.10.

I created an account on the RPi, ffsync, from which the sync server will be run.

Installing Firefox Sync on the RPi

Once the RPi was setup, it was time to install the firefox sync server code itself. To do this, I used the installation instructions from Firefox, but also some instructions put together for installing on an Ubuntu server. I opted to run the sync server on port 5000 (e.g. 192.168.1.10:5000). I am using an sqlite database, since I don’t expect too many users to take advantage of my server. I could instead move this to full-fledged mysql if there are performance issues, but for now this is a fine solution.

The init.d script provided on the Ubuntu setup page is not wholly adequate for starting the server as a daemon (it doesn’t seem to comply with current standards for such init scripts). Here is mine, sanitized, as an example:

#!/bin/bash
### BEGIN INIT INFO
# Provides:          paster
# Required-Start:    $all
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the paster server
# Description:       Debian init script for the firefox sync server
### END INIT INFO
#
# Author:       Stephen Sekula <sekula@cooleysekula.net> using lightdm script from 
#               Yves-Alexis Perez <corsac@debian.org> 
#               and an original script from https://www.vegard.net/archives/9248/
#
set -e

PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/home/ffsync/server-full/bin/paster

test -x $DAEMON || exit 0

if [ -r /etc/default/locale ]; then
  . /etc/default/locale
  export LANG LANGUAGE
fi

. /lib/lsb/init-functions

PROJECT=/home/ffsync/server-full
VIRTUALENV=/home/ffsync/server-full
PID_DIR=/home/ffsync/server-full
PID_FILE=/home/ffsync/server-full/syncserver.pid
LOG_FILE=/home/ffsync/server-full/logs/syncserver.log
USER=ffsync
GROUP=ffsync
PROD_FILE=/home/ffsync/server-full/development.ini

source $VIRTUALENV/bin/activate

cd $PROJECT

case "$1" in
start)
paster serve --daemon --pid-file=$PID_FILE --log-file=$LOG_FILE \
--user=$USER --group=$GROUP $PROD_FILE start

;;
stop)
paster serve --daemon --pid-file=$PID_FILE --log-file=$LOG_FILE \
--user=$USER --group=$GROUP $PROD_FILE stop

;;
restart)
paster serve --daemon --pid-file=$PID_FILE --log-file=$LOG_FILE \
--user=$USER --group=$GROUP $PROD_FILE restart

;;
status)
paster serve --daemon --pid-file=$PID_FILE --log-file=$LOG_FILE \
--user=$USER --group=$GROUP status

;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
exit 1
esac

exit $RET_VAL

Setting up Apache to Proxy Requests to the RPi

My main web server is apache, so it is important to me to maintain it while allowing requests to the sync server to be proxied to the RPi. Here is how I setup my apache server to handle this. For the purposes of this example, if my domain is example.org, the subdomain of the firefox sync server is mysync.example.org.

   ServerName mysync.example.org
   Redirect permanent / https://mysync.example.org/

    ServerName mysync.example.org
    ServerAdmin admin@example.org
    UseCanonicalName On

    SSLEngine on
    SSLProtocol -ALL +SSLv3 +TLSv1
    SSLHonorCipherOrder On
    SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
    SSLProxyEngine on

    SSLCertificateFile /path/to/my.crt
    SSLCertificateKeyFile /path/to/my.key
    SSLCertificateChainFile /etc/ssl/private/sub.class2.server.ca.pem

        Order deny,allow
        Allow from all

   ProxyRequests Off
   ProxyPass / http://192.168.1.10:5000/
   ProxyPassReverse / http://192.168.1.10:5000/
   ProxyPreserveHost On

   CustomLog /var/log/apache2/firefox-sync_access.log combined
   ErrorLog /var/log/apache2/firefox-sync_error.log

Conclusions

After setting up the server and setting up my apache server to handle requests to it, I was able to sync my laptop Firefox web browser to my new, personal sync server. After that, I was able to setup my Android mobile Firefox installation to sync as well. Now I have access to anything I do on my laptop with my mobile phone, and vice versa. The data are encrypted and only I have the password. SSL is used for the connection to the server, so the transaction is also encrypted. The data lives on my own hardware, and I’ve taken one more thing out of the hands of external entities. I trust Firefox more than Google; but I trust my own server more than any of them.

Related posts:

  1. Go Human with Dell
  2. Podcastingwith Skype for the Linux types
  3. Friends in frustration
  4. A microblogging experiment

AUTHOR

steve
I am a husband, son, and physicist. I am Research Group Manager in the Research Division at SNOLAB and a Professor of Physics at Queen's University. I like to do a little bit of everything: writing, running, biking, hiking, drumming, gardening, carpentry, computer programming, painting, drawing, eating and sleeping. I earned a Ph.D. in Physics in 2004 from the University of Wisconsin-Madison, I love to spend time with my family. All things written in here are my own, unless otherwise attributed.

You may also like

Netless
Published

Netless

Last year, the sixth seal was broken and at&t rose from the ashes of the baby Bells, which in turn resulted from […]

2 thoughts on “A Raspberry Pi-based Firefox Sync Server”

Comments are closed.