Try FreedomBox in the public cloud
You can try out FreedomBox on a cloud instance before you make the decision to buy the hardware and set it up at home. After you are satisfied that FreedomBox meets your requirements, you can download a backup of your data and restore the data onto a FreedomBox installed at home.
FreedomBox currently has images for the AWS EC2 service, known as Amazon Machine Images (AMIs). You can also install FreedomBox on other cloud providers on using a base Debian image.
A FreedomBox server running in the public cloud does not provide the same legal and privacy protections that a FreedomBox running on your own hardware at home does. It is recommended to use a cloud instance for trial purposes only.
1. Risks of cloud-hosting
Amazon and other US-based cloud providers are obliged to hand over your data to law enforcement, without having to notify you (even if the cloud server is not physically in the USA) under the provisions of the CLOUD Act. This act also enables foreign governments to obtain data on their citizens stored by US cloud providers which makes it especially dangerous for activists living under totalitarian regimes.
- State-sponsored attacks against cloud providers can compromise your data.
2. On AWS EC2
Note: FreedomBox images for AWS EC2 use Amazon's proprietary version of the Linux kernel and thus cannot be considered completely free software.
If you don't already have an AWS account, you can sign up for a free 1-year trial account here (requires credit card details).
The t2.micro instances that AWS EC2 offers for the free tier are powerful enough to run FreedomBox instances for personal or a small family use.
AWS infrastructure is spread across several geographical regions. FreedomBox images are currently available in all AWS regions except eu-west-2 and eu-west-3.
2.1. Launching your FreedomBox instance
After logging into your AWS console, you will be presented with the following screen. Select EC2 from the list of options.
Click on the "Launch Instance" button.
Navigate to "Community AMIs" and search for "freedombox" in the search box. Select the latest image available.
Accept the default options for the first 5 steps of the wizard.
In 6. Configure Security Group, choose the settings as shown below and click Review and Launch.
Simply click Launch in step 7. Set the following options in the pop-up that appears.
Select View Instances on the next screen to reach the EC2 console again.
Wait till the instance state becomes running and copy or note down the IPv4 public address.
Type the following URL into your browser. https://<public-ip-address>/plinth
Your web browser will warn you that the connection is not secure. Some browsers might show more alarming error messages. Don't panic.
Select the option that's not highlighted and add an exception for this site. The following screenshot is for the Firefox web browser.
If you see the following welcome screen, you have successfully launched a FreedomBox instance in the cloud. Congratulations!!
At this point, your FreedomBox instance is only accessible from your IP as configured in Step 6 above. This is a security measure to ensure that somebody else doesn't create a administrator account on your new FreedomBox before you can. Once your account is created, you can change the inbound rules of the security group associated with your instance from "My IP" to "Anywhere" to allow access from anywhere on the Internet.
Get a domain name for your FreedomBox instance using the in-built Dynamic DNS service.
Configure the domain name in the Configuration page.
Get a Let's Encrypt certificate for your new domain name.
- Install apps
Celebrate your freedom!
3. On other cloud providers
Installing FreedomBox on other cloud providers is similar to installing FreedomBox on a Debian machine. Please follow the same setup process as described for Debian. You must have SSH access to the cloud instance on which you want to install FreedomBox.
Note: If the Debian image you choose for your VPS already has ufw (uncomplicated firewall) installed, it doesn't operate well with firewalld, which is used in FreedomBox. ufw should be removed.
3.1. First Setup Wizard Secret
A newly installed FreedomBox instance prompts for the creation of an admin account. This is usually not a problem with home installations since the first setup wizard is only accessible on the local network. But for a cloud instance, the first setup wizard is openly exposed to the internet, which means anyone who knows the public IP address of your newly spun up FreedomBox instance will be able to create an admin account before you do. To prevent this, the setup boot wizard screen is password protected.
The first boot wizard secret is randomly generated during the setup process. It it typically displayed in a dialog box in case of a manual installation as shown below.
In case you skipped over the dialog box during installation, you can also find the secret in a file called /var/lib/plinth/firstboot-wizard-secret after the installation is complete.
$ sudo cat /var/lib/plinth/firstboot-wizard-secret BH3Bnc6OXUVc74be
After installation you can access the web interface of your FreedomBox at https://<public-ip-address>/plinth and enter the secret to unlock the first boot wizard.
Next call: Saturday, July 09 at 14:00 UTC
This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.