Cheapskate's Guide

Home Contact

A Review of the FreedomBox Software

1-9-20



handcuffs in the snow I recently came across some information about a device called the FreedomBox that is apparently supposed to enable a novice user (someone with no webserver or Linux experience) to run a web server from his home. I wanted to find out more, so I downloaded the FreedomBox software, installed it on a Raspberry Pi Model 3B computer, and tried to set up the webserver. Continue reading to see what happened.

The FreedomBox manual says,


"The primary design goal of FreedomBox is to be used as a personal server at home for use by a single family and their friends. However, at the core, it is a server software that can aid a non-technical user to setup services and maintain them with ease. Security is automatically managed and many of the technical choices in system administration are taken care by the software automatically thereby reducing complexity for a non-technical user."


The FreedomBox wiki page says,


"FreedomBox is intended to protect your private life against advertising companies and protect your anonymity while browsing the Internet or local network. It allows you to provide services to family and friends (such as hosting files and bookmarks, remote storage, chat, wiki/blog). FreedomBox sets and upgrades automatically the security of these services. You can connect to FreedomBox when you are outside your home in a secure manner to access services and reach other personal computers or electronic devices. You can choose to route your mobile phone traffic via your FreedomBox using your internet connection at home. You can also do group audio chats and BitTorrent, even on very simple hardware. "


The Freedom Box is open-sourced software that runs on top of Debian Linux. A non-profit 501(c)(3) organization called the The FreedomBox Foundation created in 2011 by Columbia Law School Professor Eben Moglen is behind the FreedomBox. Its purpose is to "make freedom on the internet reproducible by anyone in the world".

Olimex also sells a small computer called the "The Pioneer edition FreedomBox Home Server" as a kit for €82. I don't know why it's called a kit, because the software comes pre-installed. So, I don't know what there is for a user to assemble. The feature I like the most is the battery backup. The owner of a home website should have some peace of mind in knowing that if the power fails his webserver still has a chance of being powered off correctly. Although if he is away from home during a long-duration power outage, most likely the router and server would reboot and no longer communicate with each other correctly, and the server software could be corrupted.





The FreedomBox Manual

I read quickly through much of the manual and found it to be mostly clear and well-written. However, I would characterize it as a bare-bones manual. It only gives just enough information to set up the FreedomBox and configure the applications, if you are lucky. If you have questions about details, you won't get answers from the manual.

The manual also does not give much information about how to use the applications once they have been installed. My guess is that users are expected to get that information from the webpages of the applications' developers. I should have mentioned that the applications on the FreedomBox were not created by the FreedomBox Foundation. They are all Linux open-sourced code that anyone can install independently of the FreedomBox. The FreedomBox is sort of like a wrapper that ties them all together.

One example of the manual not giving enough explanation about what to do with the applications after they've been installed is the section on the Privoxy server. Is it a proxy server to which a user connects from a remote location in order to bypass Internet filtering at his school or work? Or, is it a proxy client that he uses from home to connect to a proxy server in order to prevent his IP address from being know or his data transmissions from being visible to third parties? After reading through this section of the manual a few times, I think it may be the later. At this point, I'm not sure if my confusion is because I know too little or two much about proxy servers.

I noticed under Section 2.3 "Webserver Home Page", that the manual says, "This is an advanced option that allows you to set something other than FreedomBox Service (Plinth) as the home page to be served on the domain name of the FreedomBox." Does the word "advanced" mean that a novice user is not expected to be able to create a website on the FreedomBox?

The FreedomBox community forum might give a user some additional help. I say "might", because it is not all that active, taking days to respond to simple questions. For example, someone asked why his Let's Encrypt certificate was no longer auto-renewing. His question was posted 16 days ago, and has had no responses so far. FreedomBox users may also ask questions at an IRC chat (irc.debian.org, channel #freedombox) and a Matrix room (#freedombox:matrix.org). I didn't try either, so I don't know how likely a FreedomBox user is to get help from either.





Installing the FreedomBox Software onto the Raspberry Pi 3B

On the FreedomBox software download page, you'll see 20 binary files for installing the FreedomBox software on 20 different types of computers--including binary files for 32 and 64-bit Intel CPU's, the BeagleBone Black, the Cubieboard2, the pcDuino3, the Pine A64(+), the Raspberry Pi 2, the Raspberry Pi 3 Model B, and the Raspberry Pi 3 Model B+. Installation instructions are at the bottom of the page. The Linux installation instructions are all Linux command line commands. The Windows installation instructions say to use Etcher. I won't repeat the instructions here, because they're reasonably clear and complete. Even with good instructions, however, I still had some trouble.

I chose to download the FreedomBox software image file for the Raspberry Pi Model 3B, which is 437 MB, compressed. After uncompressing, it is 4.0 GB. A list of supported hardware can be found here. For Raspberry Pi's, it says: "This hardware works but is not recommended because the hardware can't run entirely on free software". This appears to be referring to the non-free wifi firmware on Raspberry Pi's. (They also use a non-free MP4 codec.) I assume the significance of this is that once the FreedomBox software is installed, you won't have wifi unless you use an external USB wifi adapter. I was not concerned about that, because I always use an Ethernet connection to the Internet.

By following the instructions, I verified the downloaded image with its signature file. The verification procedure produced this message:


gpg: Signature made Wed Jul 10 13:16:26 2019 CDT using RSA key ID FE188FC8
gpg: Good signature from "FreedomBox CI (Continuous Integration server) "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 013D 86D8 BA32 EAB4 A669 1BF8 5D41 53D6 FE18 8FC8


That is what is supposed to happen according to the instructions. So, I guess my download was an official release that had not been tampered with.

After writing the FreedomBox disk image onto an SD card using the "dd" command given in the instructions, Linux Mint 17 thought the SD card partition was empty. At first, I didn't know why. Was it because Linux Mint 17 doesn't recognize the Btrfs filesystem format? The FreedomBox software on the SD card also didn't boot (the Raspberry Pi's green light never flashed). I tried re-copying the disk image using "sudo dd if=freedombox-stable-nonfree_buster_raspberry3-armhf.img of=/dev/sdd1 bs=4096 conv=notrunc,noerror". That produced the same results. Then, I removed the 8 GB ext4 partition from the SD card and recopied the FreedomBox image onto it using "sudo dd if=freedombox-stable-nonfree_buster_raspberry3-armhf.img of=/dev/sdd bs=4096 conv=notrunc,noerror". That worked. The Raspberry Pi booted successfully. So, you must copy the FreedomBox image onto an unpartitioned SD card.

The "nmap -sn 192.168.1.0/24" command on my Linux laptop showed the local IP address of the FreedomBox to be 192.168.1.132.

The FreedomBox's diagnostics test said ports 389 and 8000 were open, but grc.com/shieldsup said the status of ports 389 and 8000 is "Stealth", meaning robots scanning the FreedomBox from the Internet can't tell that either port is open.





Setting Up the FreedomBox and Installing the Applications

Going to https://192.168.1.132 in my Internet browser on my laptop took me to the FreedomBox's Plinth web interface. This took me through a very short setup. Afterwards, clicking on the "Apps" section of the blue bar at the top of the screen took me to a list of uninstalled applications. It looked something like this:



FreedomBox GUI



Some of the 24 applications that can be installed from the FreedomBox Apps page of the Plinth web interface are:




I didn't see the webserver application on the FreedomBox "Apps" page, so I went to the FreedomBox manual. Sure enough, the manual said the webserver application cannot be accessed from the plinth web interface. It turns out that the webserver is active by default. The manual say "all you have to do" is add your html pages to the /home/fbx/public_html directory. The Apache default root directory is usually /var/www/html, and that directory is there too, but only root has access to it. So, I copied my cheapskatesguide.org index.html file (the cheapskatesguide.org home page) into the /home/fbx/public_html directory. Then I checked to see if Apache was running with the "sudo systemctl status apache2" command. It was. However, I couldn't just go to 192.168.1.132 in my Internet browser to see my index.html file, because that leads to the plinth interface. The FreedomBox manual gave no information that could help me.

I thought perhaps installing the Cockpit Server administration package would help. So, I tried that. It began to install and then this error message popped up: "Error installing application: Error during installation E: Could not get lock /var/lib/dpkg/lock-frontend - open (11: Resource temporarily unavailable) E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it?"

I was not concurrently installing another package. Was the FreedomBox automatically updating itself? Why, when I had the latest version? I tried SSHing into the FreedomBox and rebooting. Apparently some kind of upgrade had been occurring, because after a reboot, the FreedomBox had two new applications, and the Cockpit application icon was now appearing under the "Home" page, instead of the "Apps" page, meaning it had been installed.

I brought up the Cockpit app and logged in, and I was shown ... a blank page. I thought maybe I had interrupted the Cockpit installation process, so I looked for some way to re-install it, but there did not seem to be a way from the FreedomBox Plinth GUI. So, I tried "sudo apt-get remove cockpit", but along with the cockpit package, apt-get also wanted to remove the freedombox and freedombox-setup packages. I didn't want that. Apparently, users only have one shot at installing each application, and if that doesn't go well ... too bad. The manual mentions nothing about uninstalling or re-installing applications.

Finally, I decided it was easier to start over by re-installing the FreedomBox image onto the SD card and trying to install Cockpit again. Fortunately, I still had the uncompressed FreedomBox image, so it took less than 20 minutes to get back to a freshly-installed FreedomBox.

Once again, when I tried to install Cockpit, it said another installation or upgrade was already running. So, I waited ... And, I waited ... While I waited, I compared the current set of apps to what I remembered before rewriting the FreedomBox image and realized that an I2P app was installed with the update of the FreedomBox that had apparently occurred before I wiped the USB card and started over. Then, I went away and did something else for an hour. When I came back, the Cockpit application was installed and running. This time, when I went to the cockpit page (https://192.168.1.132/_cockpit/), I saw a login page, which I used to log in. This brought me to ... the same blank page I saw before. I checked to make sure Apache was running and saw that it was.

I thought perhaps if I registered a domain name and configured the FreedomBox for it, I would be able to see my FreedomBox's index.html page on the Internet. So, I went to freenom.com, registered the domain name csg-freedombox.tk, and pointed it to my IP address. I also verified that the new domain was online.

On the FreedomBox Plinth GUI, I went to the "System" page and clicked on the "Configure" icon. I entered "csg-freedombox.tk" (without the quotes) onto the "Domain Name" line. On the "Webserver Home Page" line, I selected "Apache Default". I also clicked on the "Show advanced apps and features" button. Then I clicked on the "Update setup" button. I set protections to make my index.html file visible to users in the www-data group. My public_html directory was also visible to the www-data group. When I went to https://csg-freedombox.tk on the Internet with my browser, a message came up saying, "Server could not be found".

I restarted the FreedomBox and tried again. This time, when I went to 192.168.1.132 with my Internet browser, I saw the Apache 2 Debian Default page. Progress! I replaced /var/www/html/index.html with my own index.html file, and made sure it was visible to the www-data group. Then, I refreshed the https://192.168.1.132 page in my browser and saw my index.html page! Going to https://192.168.1.132/plinth showed me the Plinth GUI. I noticed that I was still logged on. But, I should not be logged on, because I had rebooted. Is this a security flaw? When I went to https://csg-freedombox.tk, my browser said it still wasn't there. So, I went to my router and forwarded port 443 to 192.168.1.132. Then I went back to https://csg-freedombox.tk with my browser. My FreedomBox page (/var/www/html/index.html) was on the Internet!

Even though my primary interest was in the web server, I went on to try to install some of the other FreedomBox applications. First, I installed the Invisible Internet Poject (I2P) application that had arrived on the FreedomBox after the FreedomBox had updated itself. The installation process took about 8 minutes, which seems to be rather slow to me. After I2P was up and running, it said that I had to open three ports on my router to allow it to connect to the I2P network. I was assuming that would be the case, but I wanted to see if the FreedomBox could handle it automatically. I guess not. I did not pursue this further, because I didn't want to do any more router reconfiguration. Also, the I2P server software that can be downloaded from the geti2p.net website is easy to install. The difficulty comes in knowing how to use it.

I next installed the Matrix Synapse chat server application, which took about 7 minutes. I then saw this message:


"Matrix service needs to be configured for a domain. Users on other Matrix servers will be able to reach users on this server using this domain name. Matrix user IDs will look like @username:domainname. Warning! Changing the domain name after the initial setup is currently not supported.
No domain(s) are available. Configure at least one domain to be able to use Matrix Synapse."


By the way, I had actually tried to install Matrix before I configured the FreedomBox for my csg-freedombox.tk domain name. Apparently, since I can't remove and re-install Matrix, I'm stuck, unless I want to start over again with the FreedomBox installation. I tried updating Matrix anyway for the csg-freedombox.tk domain name by clicking on the "Update setup" on the Matrix page of Plinth. I was then told to open port 8448 on my router. I didn't want to forward any more ports on my router, so I stopped here for the time being.

At this point, I checked to see how much RAM was still free on the Raspberry Pi 3. The Linux "free -m" command showed 277 MB of RAM used and 614 MB still available. Not bad.

Next, I installed the MiniDLNA media server, which took about 4 minutes. DLNA is a standard used by about 4 billion DLNA-certified consumer devices--including TV's, DVD players, game consoles, tablets, and PC's. Any DLNA-certified device should be able to play files from the MiniDLNA server. The FreedomBox told me my media file directory is /var/lib/minidlna. It also said, "Currently the following network interfaces are configured as internal: enxb827eb6d1065", whatever that means. Unfortunately, the FreedomBox manual gives no information about how to actually use MiniDLNA, so I had to go to the Internet to look that up. Going to 192.168.1.132:8200 with my web browser on my laptop showed my MiniDLNA server status page. After I uploaded an MP3 file to the /var/lib/minidlna directory using the Linux "scp" command and made the file readable by everyone, the MiniDLNA server status page still showed no files there. So, I rebooted the FreedopmBox, hoping that the MiniDLNA server would see the file after reboot. It did. There must be some way to upload files to the MiniDLNA server that I'm not aware of that does not require rebooting to make the uploaded files visible.

I remembered that the VLC Media Player can play media files from a wide variety of hardware. So I went looking for a way to use the VLC player with the MiniDLNA server to play media files on my PC. I found this solution:

  1. Open up VLC Media Player.
  2. Go in the menu to "View" > "Playlist".
  3. On the left, under "Local Network", click on "Universal Plug-n-Play".
  4. In the window on the right, you'll see "freedombox: minidlna". Click on it.
  5. Click on the "Browse Folders" icon.
  6. Click on the file.


After following the above procedure, my MP3 file played through my laptop's speakers!

Next, I installed the Searx search engine that allows users to search the Internet without being tracked and profiled by online search engines. This took about 3 minutes. Then, I went to 192.168.1.132/searx in my browser, and performed a few searches to verify that Searx worked. I noticed that search results are broken up into 10 discrete pages with headings like "General", "Files", "Images", "News", "Science", "News", etc. The "General" page didn't seem to have many of the search results. I really wouldn't like having to look through 10 different pages of results to find what I'm looking for. A Searx "preferences" page is provided, but it doesn't allow the user to move all the search results onto the same page.

At this point, I felt like I had enough of a feel for the FreedomBox to make a judgment about what I think someone might want to use it for.





Conclusions

This review of the FreedomBox was prompted by my question about whether a novice who doesn't know Linux or how to configure a web server can use the FreedomBox to put his own website on the Internet. The answer is probably "no".

If you read back through what I wrote above about the process of getting my index.html file to be visible on the Internet, you will see that I displayed a basic knowledge of: 1) Linux, 2) setting up a domain name with a domain name registrar, and 3) router port forwarding (which is different for every router). I also showed a very, very basic understanding of website configuration. I haven't even begun to set up a Let's Encrypt certificate (which the FreedomBox has an application for on the "System" page of the Plinth GUI). Nor, have I begun any modifications of the Apache2 server configuration files, which many knowledgeable website administrators agree is not easy. Still, I have to admit that what would have taken me something like 40 to 60 hours to accomplish on a Raspberry Pi 3 from scratch by following my webserver setup process, can be done in a day with some luck using with the FreedomBox. I admit this is a huge improvement, but the procedure isn't quite simple enough for a novice user to get his website on the Internet.

Also, anyone reading this should be aware that the Apache server is known to take up more resources than the Lighttpd webserver that I showed how to set up with my process. The Apache2 server would likely only be useful on a Raspberry Pi 3 for small websites with low traffic. Anyone planning on putting a significant effort into creating a website that attracts a couple of thousand visitors a day or more would probably need to either install a less resource-intensive web server than the Apache2 on a Raspberry Pi 3 or use a more powerful computer.

I have not said anything yet about dynamic websites. PHP 7.3.11 was installed by default on my FreedomBox. That means, a user might be able to throw some PHP code onto the FreedomBox and get it to run, if the Apache2 server is configured for running PHP code. My guess is that it is not, because the Freedombox manual says, "User websites is a module of the Apache webserver enabled to allow users defined in the FreedomBox system to expose a set of static (emphasis mine) files on the FreedomBox filesystem as a website to the local network and/or the Internet according to the network and firewall setup." The manual does not mention PHP or Javascript at all. So, anyone planning on trying to use the FreedomBox as their webserver should plan on having no dynamic content, unless they are prepared for the possibility of having to do some Apache2 re-configuration from the command line.

The bottom line is that I found the FreedomBox to be neither a resounding success, nor a complete failure. After reading this review, if you feel you have a use for one or more of the applications on the FreedomBox, I would say that you should give the FreedomBox a try. However, I do have one warning. As I said here, allowing yourself to be locked into someone else's platform is generally a mistake. It is far better to become more knowledgeable, so that you can be free to create a website that is not dependent on any one platform or set of software.





Related Articles:

How to have Your Own Website for $2 a Year

Running a Small Website without Commercial Software or Hosting Services: Lessons Learned

Why I am Dropping Namecheap and am Seriously Considering Dropping Gmail

How to Create a Family Website

What I Learned about the Internet by Creating My Own Website

Comments


Required Fields *

*Name:

*Comment:
Comments Powered by Babbleweb

*Day of the month in North America + 8 =

Copyright © 2020 The Cheapskate's Guide to Computers and the Internet. All rights reserved.