Run your Private Firefox Sync Server
As I’m working on multiple machines (two desks at work, one desk at home, laptop, …) I’ve always been looking for a way to sync my browsers… Of course, I knew about Firefox’ sync, but I obviously don’t want to store my private browsing data in Mozilla’s cloud! Every once in a while I stumbled upon articles and posts suggesting to run a private syncserver. However, every time when looking into that project it left an uncomfortable impression: (i) you need to manually compile some 3rd party software, (ii) the whole thing seems very complex/unclean, as it requires an account server and a sync server and may work with Mozilla’s account server (but how?), and (iii) the sync project was once already abandoned (Firefox Weave was discontinued because too complex and unreliable)… Therefore, I never dared to give it a try.
Today, when I’ve again been frustrated with that fragmented situation, I saw that Mozilla’s syncserver sources contain a Dockerfile! It probably has been there for ages, but I never recognised it.. Even if that project may be a mess, in a container environment it’s pretty easy to give it a try (and clean it, if unsatisfied)! That changes everything! :P
So I changed everything, and tooted about it. Various people then convinced me to write this article. And I also learnt that Epiphany can do Firefox’ sync out of the box!
Get the Syncserver Running
Running your own syncserver using Docker is pretty straight forward. This how-to is based on the project’s readme at GitHub:mozilla-services/syncserver, but I’m using docker-compose and I deployed the service behind an Nginx proxy. You can of course skip the proxy settings and have it run locally or something.
Get the Code
Just clone the sources from GitHub:
You should now see a new directory
syncserver containing all the sources, including a
Build a Docker Image
Change into the project’s directory, that contains the
Dockerfile and build a new Docker image using:
That will take a while, but when it’s finished you’ll find a new image (double check with
The provided Dockerfile is basically sufficient, but in my scenario I also need to properly declare an exposed port. So I edited that file and added
See also the diff of my commit.
I decided to take port
5000, as the user running the syncserver is unpriviledged (so
:443 are not an option) and
:5000 is the example in the project’s readme ;-)
Create a Docker-Compose Configuration
Docker-Compose makes it easier to assemble and handle multiple containers in a medium complex environment.
My compose config looks like this:
This snippet encodes for a container named
firefox-sync, which is based on the image
It mounts the host’s directory
/path/to/mozilla-sync/share into the container as
/syncshare (I’d like to store my stuff outside of the container).
In addition it declares some environment:
SYNCSERVER_PUBLIC_URLtells the service the actual URL to your instance.
SYNCSERVER_SECRETshould be complicated as it is used to generate internal certificates and stuff.
SYNCSERVER_SQLURItell the service which database to use. I point it to the directory (
/syncshare) that was mounted into the container, so it will actually store the database on the host.
SYNCSERVER_BATCH_UPLOAD_ENABLEDis, if I understand correctly, an option to allow for uploading everything immediately…?
SYNCSERVER_FORCE_WSGI_ENVIRONmust be set to true, if
SYNCSERVER_PUBLIC_URLdoesn’t match the actual URL seen by the python tool. In my case, I would connect to
SYNCSERVER_PUBLIC_URL, which is however the Nginx proxy, which forwards the traffic to the syncserver. However, the syncserver will see a different request (e.g. it’s internally not
httpsanymore) and complain.
The last two variables (
VIRTUAL_PORT) just configure the reverse proxy that I’m using.
Feel free to drop these lines if you want to expose the service directly to the network, but then you need to add a port forwarding for that container, such as
which forwards traffic at your machine’s HTTP port (
:80, use a different port if you’re already running a web server) to the service’s port in the container (
If you have a porper Docker-Compose configuration, just run
to start the service.
Et voilà, you should be able to access the service at the configured
Configure Firefox to use your Private Sync Server
First make sure you’re signed out in the browser!
about:preferences#sync should not show your identity and instead provide a button to sign in.
about:config and search for
By default, it will be set to Mozilla’s sync server
Edit that field and point it to your
Thus, in our example above I’d set it to
Now go back to
about:preferences#sync and sign in with your Mozilla account.
Yes, correct. You still need an account at Mozilla!
But that is just for authentication…
There is an option to also run a private account server (see Run your own Firefox Accounts Server), but that’s even more complicated.
And as I need a Mozilla account anyway to develop my AddOns, I skipped that additional hassling..
Open Issues and Troubleshooting
There are still a few issues with different clients. For example, I don’t know how to tell Epiphany to use my private syncserver instead of Mozilla’s public instance.. In addition, there is apparently no Firefox in the F-Droid repository, that properly supports sync…
For general debugging and troubleshooting, search engines are a good start..
In addition, I learnt that there is
about:sync-log, which contains very detailed error messages in case of problems.
… I got my sync! #hooray
It’s still crisply and I didn’t test it too much, but so far it’s looking pretty good.
- sync (4) ,
- firefox (13) ,
- docker (16) ,
- config (21) ,
- privacy (5) ,
- mastodon (2) ,
- network (78) ,
- private (30) ,
- proxy (7) ,
- web (5)
Leave a comment
There are multiple options to leave a comment:
- send me an email
- submit a comment through the feedback page (anonymously via TOR)
- Fork this repo at GitHub, add your comment to the _data/comments directory and send me a pull request
- Fill the following form and Staticman will automagically create a pull request for you:
I followed your tutorial and got the FF syncserver working. I am however struggling to get SSL up. How did you get this working, since your config files hint to SSL use?
As I said, I have an nginx reverse proxy in front of the sync server (https://github.com/nginx-proxy/nginx-proxy), which does the TLS stuff. That should be pretty straight forward..?
Hi, are there any other benefits than privacy to using own sync server? Can you give more storage space to history sync, or increase number of bookmarks/tabs stored?
What I don’t understand is how Mozilla can take such a simple concept and create these abominations of server-side complexity. It shouldn’t be this hard. On the server you should be able to start a single process that accesses a single database and be done with it.