Overview
Firefox Sync is a feature built-in to the Firefox browser that allows syncing preferences and user data between all your devices. This includes bookmarks, passwords, history, and installed add-ons. By default, Firefox uses Mozilla's servers for the Sync feature. However, setting up a self-hosted Firefox Sync server allows you to configure Firefox to use your server instead, which gives you more control, and the sync feature no longer relies on Mozilla's servers. This is helpful to comply with strict security regulations that require on-premises services.
This article explains how to install a self-hosted Firefox Sync server. We tested this article on Ubuntu 20.04 and Debian 11.
Requirements
- Deploy a server running Ubuntu 20.04 or Debian 11.
- Update the Ubuntu or Debian server.
- Create a non-root sudo user.
- Create a Fully Qualified Domain Name (FQDN) and point that to your server's IP address. This article uses syncserver.example.com; you should replace that with your FQDN name in the instructions below. Follow the instructions at your DNS host or domain registrar, or use this guide if you use Rcs DNS.
1. Install Docker
Mozilla provides Sync Server as an official Docker image. Docker is a container management engine allowing applications for imaging and deploying applications in isolated environments across different platforms and infrastructures.
Docker on Ubuntu
Run the following commands to add the docker-ce repository and install Docker on Ubuntu.
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
$ echo \
$ "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
$ sudo apt update
$ sudo apt install -y docker-ce docker-ce-cli containerd.io
Docker on Debian
Run the following commands to add the docker-ce repository and install Docker on Debian.
$ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
$ echo \
$ "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
$ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
$ sudo apt update
$ sudo apt install -y docker-ce docker-ce-cli containerd.io
2. Install a Web Server for Reverse Proxy
You can install either Nginx or Apache as a reverse proxy. If you aren't sure which one you want to use, choose Nginx. Do not install both.
Option 1: Install Nginx
Run the following command to install Nginx.
$ sudo apt install -y nginx
Option 2: Install Apache
Run the following command to install Apache.
$ sudo apt install -y apache2
3. Install Snap
Certbot requests an HTTPS certificate from Let's Encrypt for your web server. Certbot requires Snap. If you already have Snap, skip to the next step. Otherwise, run the following command to install Snap.
$ sudo apt install -y snapd
4. Install Certbot
Install Certbot with Snap.
$ sudo snap install core
$ sudo snap refresh core
$ sudo snap install --classic certbot
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
If you received the error too early for operation
, wait 10 seconds and try the command again.
5. Install Sync Server
In the steps below, make sure to replace syncserver.example.com with your Fully Qualified Domain Name (FQDN).
Install Sync Server with Docker.
$ sudo docker run \
$ -d \
$ --name syncserver \
$ -v syncserver:/data \
$ -p 127.0.0.1:5000:5000 \
$ -e "SYNCSERVER_PUBLIC_URL=https://syncserver.example.com" \
$ -e "SYNCSERVER_SECRET=$(head -c 20 /dev/urandom | sha256sum)" \
$ -e "SYNCSERVER_SQLURI=sqlite:////data/syncserver.db" \
$ -e "SYNCSERVER_BATCH_UPLOAD_ENABLED=true" \
$ -e "SYNCSERVER_FORCE_WSGI_ENVIRON=true" \
$ --restart unless-stopped \
$ -u 0:0 \
$ mozilla/syncserver:latest
6. Configure Firewall
Run the following commands to open ports for SSH, HTTP and HTTPS.
$ sudo ufw reset
$ sudo ufw allow in to any port 22 proto tcp
$ sudo ufw allow in to any port 80 proto tcp
$ sudo ufw allow in to any port 443 proto tcp
$ sudo ufw enable
7. Configure Web Server
If You Installed Nginx
Edit the Nginx configuration file.
$ sudo nano /etc/nginx/sites-enabled/syncserver.conf
Insert the following contents.
server { listen 80; listen [::]:80; server_name syncserver.example.com; location / { proxy_pass http://127.0.0.1:5000; proxy_http_version 1.1; proxy_set_header Connection $http_connection; proxy_set_header Upgrade $http_upgrade; } }
Save and close the file.
If You Installed Apache
Enable the following modules.
$ sudo a2enmod ssl $ sudo a2enmod headers $ sudo a2enmod proxy $ sudo a2enmod proxy_http $ sudo a2enmod deflate
Edit the Apache configuration file.
$ sudo nano /etc/apache2/sites-enabled/syncserver.conf
Insert the following content:
<VirtualHost *:80> ServerName syncserver.example.com ProxyPass / http://127.0.0.1:5000/ ProxyPassReverse / http://127.0.0.1:5000/ </VirtualHost>
Save and exit the file.
8. Configure Certbot
For Nginx
$ sudo certbot --nginx --agree-tos --no-eff-email -d syncserver.example.com -m admin@example.com
For Apache
$ sudo certbot --apache --agree-tos --no-eff-email -d syncserver.example.com -m admin@example.com
9. Configure the Client
Replace syncserver.example.com with your domain name in the instructions below.
- In a new Firefox window, open
about:config
- Search for the following key:
identity.sync.tokenserver.uri
- Set the value to:
https://syncserver.example.com/token/1.0/sync/1.5
10. Test the Client
In a new Firefox window:
- Open the top-right menu.
- Sign in to your Firefox account.
- Click your Firefox account's email address.
- Click the Sync now button.
- Open the URL:
about:sync-log
- Verify that a file exists in the format:
success-sync-XXXX.txt
More Information
To find out more about Firefox Sync, visit the following links: