Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-30 04:01:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Big refactor, many minor fixes (#441)

Browse Source 
* Big refactor, many minor fixes

* Link fixes, icon edits

* Index and ToC fixes

* update icons in theme lib and add to device guides index

* WIP - refactor Initial setup, LAN, FF, others

* First draft ready, many fixes and edits

* Ooops - minor edits and changes on initial setup

* Add change password guide (try 2).

* Remove change password menu item from guides

* Fix display bug, think different

---------

Co-authored-by: Lucy Cifferello <12953208+elvece@users.noreply.github.com>
Co-authored-by: gStart9 <george@start9labs.com>
This commit is contained in:
kn0wmad
2023-07-28 18:02:43 +00:00
committed by GitHub
parent eceae35a2b
commit 09b61c7e33
149 changed files with 1362 additions and 785 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
site/source/guides/device-guides/dg-android/ff-android.rst Normal file
View File

@@ -0,0 +1,74 @@
.. _ff-android:
===============================
Configuring Firefox for Android
===============================
Mozilla provides some of the most flexible, secure, and freedom-principled applications for using the web. We highly recommend completing all configuration below.
.. caution:: Setups may strongly vary across different Android forks
LAN Config
----------
Configure Tor
-------------
Once you have :ref:`setup your Root CA<lan-android>` and :ref:`Tor is running on your device<tor-android>`, you can proceed to configure Firefox:
#. Download `Firefox Beta <https://play.google.com/store/apps/details?id=org.mozilla.firefox_beta>`_ from the Play Store, or `Fennec <https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/>`_ from F-Droid.
.. caution:: Regular Firefox offered in the Play Store will not allow this configuration - be sure to use Firefox Beta.
#. Next, download the `Proxy Auto Config` file that will use Orbot to resolve `.onion` URLs. We have one hosted `here <https://start9.com/assets/proxy.pac>`_.
#. Navigate to ``about:config`` in the Firefox URL bar.
.. figure:: /_static/images/tor/about_config.png
:width: 30%
:alt: Firefox about config
#. You are going to have to change a few options in here. First, type ``network.proxy.type`` into the search bar, and set the value to ``2``.
.. figure:: /_static/images/tor/network_proxy_type.png
:width: 30%
:alt: Firefox network proxy type setting screenshot
#. (This step is for GrapheneOS users **only**): Head to *Settings -> Apps -> Firefox Beta -> Permissions -> Photos and videos -> Configure Storage Scopes -> ADD FILE* then navigate to where you placed the proxy.pac file.
.. figure:: /_static/images/tor/storage-scopes-proxy.jpg
:width: 15%
#. (All users): Search for ``network.proxy.autoconfig_url``, and set the value to ``file:///storage/emulated/0/Download/proxy.pac``. This is the default location of a the proxy.pac file downloaded in step 2, although your path may vary.
.. figure:: /_static/images/tor/autoconfig_url.png
:width: 30%
:alt: Firefox autoconfig url setting screenshot
#. Search for ``network.proxy.socks_remote_dns``, and set the value to ``true``.
.. figure:: /_static/images/tor/socks_remote_dns.png
:width: 30%
:alt: Firefox socks remote dns setting screenshot
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``.
.. figure:: /_static/images/tor/firefox_allowlist_mobile.png
:width: 30%
:alt: Firefox whitelist onions screenshot
#. Finally, search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets_droid.png
:width: 30%
:alt: Firefox allow insecure websockets over https
#. Optional but recommended: search for ``network.http.referer.hideOnionsSource`` and set the value to ``true``.
#. Restart Firefox, and you're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can bookmark your Start9 services' ``.onion`` addresses, as well as use integrations, such as the :ref:`Bitwarden<vaultwarden-service>` browser extension.
Install StartOS as a PWA
------------------------
Depending on your version of Firefox, you may be prompted to "Add to Home screen", when visiting your main UI. If you do this, you can access your UI as a Progressive Web App (PWA), meaining that all browser context is removed, and StartOS will behave as a native Android app!
If you are not prompted, or skipped that screen, simply go to the **Kebab (Settings) Menu > Install** while visiting your server's UI to complete the action.

49
site/source/guides/device-guides/dg-android/index.rst Normal file
View File

@@ -0,0 +1,49 @@
.. _dg-android:
=======
Android
=======
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides. At minimum, you will want to set up your Root CA in the first guide.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-android
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Setup Orbot
:icon: scylla-icon scylla-icon--networking
:link: tor-android
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your Android device. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. topic-box::
:title: Configure Firefox
:link: ff-android
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: Config
Configure Firefox for an optimal experience with your server.
.. toctree::
:maxdepth: 4
:hidden:
lan-android
tor-android
ff-android

54
site/source/guides/device-guides/dg-android/lan-android.rst Normal file
View File

@@ -0,0 +1,54 @@
.. _lan-android:
=============================
Trust Your Root CA on Android
=============================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Android). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The self-signed certificate was created by your server when you perfomed the initial setup, and applies to your server's main UI connection, as well as all service connections.
.. note:: This guide applies to most Android phones running Android v13+, as well as phones running CalyxOS, GrapheneOS, or LineageOS (v19+).
Download Root CA
----------------
First, download your Start9 server's Root CA, if you have not already.
- Navigate to *System > LAN*, then click "Download Certificate".
.. figure:: /_static/images/ssl/lan_setup.png
:width: 40%
:alt: LAN setup menu item
Alternatively, you can download to another machine, then transfer the file to your device.
Trust Root CA
-------------
.. tabs::
.. group-tab:: Android v13+
Tap **Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA Certificate > Install Anyway** and select your custom-named ``adjective-noun.local.crt`` certificate.
.. figure:: /_static/images/ssl/android/droidLAN2.png
:width: 15%
:alt: Install certificate
.. group-tab:: Android v12
.. caution:: Some phones running Android v12 will work, others won't. It depends on the vendor. Most Androids running v12 that we have tested do work with the exception of the Samsung Galaxy S10 which does not.
Tap **Settings > Security > Advanced > Encryption and Credentials > Install from Storage** and select your unique ``adjective-noun.local.crt`` certificate.
.. figure:: /_static/images/ssl/android/droidLAN0.png
:width: 15%
:alt: Install certificate
.. _lan-ff-android:
Configure Firefox
-----------------
On some devices, it may be necessary to also activate this setting in Firefox / Fennec:
#. Tap **Kebab Menu > Settings > About Firefox** and tap the Firefox icon 5 times to enable "developer mode."
#. Go back to **Kebab Menu > Settings > Secret Settings** (at the bottom), and tap "Use third party CA certificates" to enable the use of your system-wide Root CA.
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <ff-android>` guide, which we highly recommend.

78
site/source/guides/device-guides/dg-android/tor-android.rst Normal file
View File

@@ -0,0 +1,78 @@
.. _tor-android:
======================
Running Tor on Android
======================
Some apps, such as :ref:`Tor Browser<tor-browser>`, have Tor built in. They do not require additional software or configurations to utilize Tor. Most apps, however, do not have Tor built in. They require an app called Orbot to be installed in order to utilize the Tor Network.
Running Orbot
-------------
Orbot is a system-wide proxy for your Android device that enables communications over Tor.
#. Download and install Orbot from the `Play Store <https://play.google.com/store/apps/details?id=org.torproject.android>`_, or from `F-Droid <https://f-droid.org/packages/org.torproject.android>`_ (must open with F-Droid app). Then launch the app.
.. note:: When using F-Droid, you will need to activate the Guardian Project repository by visiting the ``Settings`` menu (bottom right) -> ``Repositories`` -> ``Guardian Project Official Releases``
.. figure:: /_static/images/tor/orbot0.png
:width: 20 %
:alt: Orbot
#. Tap "Start VPN".
.. figure:: /_static/images/tor/orbot1.png
:width: 20 %
:alt: Orbot starting
#. Orbot will start up the Tor service. Once complete, you will see:
.. figure:: /_static/images/tor/orbot2.png
:width: 20 %
:alt: Orbot running
#. Open the kebab menu in the bottom right hand corner and select `Settings`:
.. figure:: /_static/images/tor/orbot_menu.png
:width: 20 %
:alt: Orbot settings
#. Make sure the options for `Start Orbot on Boot` and `Allow Background Starts` are checked:
.. figure:: /_static/images/tor/orbot_settings.png
:width: 20 %
:alt: Orbot menu
#. That's it, you're now running a Tor client on your Android device! Certain apps, such as Firefox, Fennec, and DuckDuckGo will now work after you configure them to use Tor's local proxy. Other apps do not have sophisticated proxy configurations and require that Orbot be running in VPN mode.
Orbot VPN mode
--------------
To utilize Tor, some apps require that Orbot be running in VPN mode. This means that you are sending your application's traffic across the Tor network via Orbot.
#. Disable Private DNS on your device. Navigate to: ``Settings > Network & Internet > Advanced > Private DNS > Off`` and toggle Private DNS to "off".
.. figure:: /_static/images/tor/private_dns_off.png
:width: 20%
:alt: Private DNS off
#. Tap `Select Apps`, and add the apps you want to utilize Tor.
.. figure:: /_static/images/tor/orbot_apps.png
:width: 20%
:alt: Orbot apps
Examples of applications that need this feature for remote access are:
- Bitwarden
- Element (Matrix client)
- Nextcloud
.. figure:: /_static/images/tor/orbot2.png
:width: 20%
:alt: Orbot running
You can also add the following browsers to the Tor-Enabled Apps list to easily access Tor addresses (`.onion` URLs):
- Chrome
- Vanadium
.. caution:: Pushing apps through Orbot's VPN mode will allow you to access .onion URLs, however, all other traffic will also go through Tor. This means connections to some sites may be blocked by site operators' fraud prevention measures, especially e-commerce sites where credit cards are used. Proceed with caution especially for Web Browsers.

39
site/source/guides/device-guides/dg-ios/index.rst Normal file
View File

@@ -0,0 +1,39 @@
.. _dg-ios:
===
iOS
===
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-ios
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Setup Orbot
:icon: scylla-icon scylla-icon--networking
:link: tor-ios
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your iOS device. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. toctree::
:maxdepth: 4
:hidden:
lan-ios
tor-ios

88
site/source/guides/device-guides/dg-ios/lan-ios.rst Normal file
View File

@@ -0,0 +1,88 @@
.. _lan-ios:
=========================
Trust Your Root CA on iOS
=========================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (iOS). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The self-signed certificate was created by your server when you perfomed the initial setup, and applies to your server's main UI connection, as well as all service connections.
This applies to iOS v15 and v16. For older versions, see the `v14 guide </0.3.1.x/user-manual/connecting/connecting-lan/lan-os/lan-ios>`_.
#. Download the certificate to your Downloads folder
.. note::
In order to do this, open Safari and visit your Start9 server's .local URL while connected to WiFi, but make sure it is prefixed with ``http://`` and not ``https://``.
Log in using your password, then click the hamburger (3 lines) menu at the top right, select System > LAN > Download Certificate. It may say `This website is trying to download a configuration profile. Do you want to allow this?` Click `Allow`.
Once this is done, you can skip to step 3, below.
If you downloaded the certificate from a browser such as Firefox, you will need to copy the file from that Downloads folder to your iCloud Downloads folder. Navigate there via `Files > iCloud Drive > Downloads`. Otherwise, the "Profile Download" dialog will not appear when you click on the file in the next step.
#. Open your iCloud Downloads folder and click on the certificate. It will display a dialog box that says "Profile Downloaded." Click `Close`.
.. figure:: /_static/images/ssl/ios/import_cert.png
:width: 20%
:alt: Profiles
#. Head to *Settings > General > VPN & Device Management*
.. figure:: /_static/images/ssl/ios/settings_general_vpn.png
:width: 20%
:alt: Profiles
#. Locate the profile under "DOWNLOADED PROFILE" and tap on it
.. figure:: /_static/images/ssl/ios/install_1.png
:width: 20%
:alt: Profiles
#. Tap *Install*
.. figure:: /_static/images/ssl/ios/install_2.png
:width: 20%
:alt: Profiles
#. Tap *Install* again
.. figure:: /_static/images/ssl/ios/install_3.png
:width: 20%
:alt: Profiles
#. Tap *Install* yet again
.. figure:: /_static/images/ssl/ios/install_4.png
:width: 20%
:alt: Profiles
#. You should see green text with a check-mark saying "Verified" under the Profile Installed dialog.
.. figure:: /_static/images/ssl/ios/install_5.png
:width: 20%
:alt: Profiles
#. Tap *Done* near the top right.
#. Next, navigate to *General > About > Certificate Trust Settings*.
.. figure:: /_static/images/ssl/ios/trust_1.png
:width: 20%
:alt: Certificate trust settings
#. Under "Enable full trust for root certificates", enable your "<custom-address> Local Root CA".
.. figure:: /_static/images/ssl/ios/trust_2.png
:width: 20%
:alt: Enable full trust
#. Tap *Continue*
.. figure:: /_static/images/ssl/ios/trust_3.png
:width: 20%
:alt: Profiles
#. Your certificate should now be installed and trusted:
.. figure:: /_static/images/ssl/ios/trust_4.png
:width: 20%
:alt: Profiles

29
site/source/guides/device-guides/dg-ios/tor-ios.rst Normal file
View File

@@ -0,0 +1,29 @@
.. _tor-ios:
==================
Running Tor on iOS
==================
Running Orbot
-------------
Orbot is a system-wide proxy for your Android device that enables communications over Tor.
#. Download and install `Orbot from the Apple appstore <https://apps.apple.com/us/app/orbot/id1609461599>`_.
#. Open Orbot and tap on "Settings".
#. Activate the "Disable Orbot for non-onion traffic" setting:
.. figure:: /_static/images/tor/ios-orbot-settings-oniononlymode.png
:width: 25%
:alt: iOS Orbot -> Settings -> Onion-Only Mode
#. Go back to the main screen and click "Start" and you will see Tor connect:
.. figure:: /_static/images/tor/ios-orbot-connecting-full.png
:width: 35%
:alt: iOS Orbot Connecting to Tor
#. Apps will now work transparently when requesting onion urls!
Access Onionsites
-----------------
Once Orbot is setup on your system as you've just done, you don't need any browser configuration. All browsers in iOS are Safari under the hood, and this Orbot configuration enables access to ``.onion`` URLs. Regular clearnet requests will not use tor.

187
site/source/guides/device-guides/dg-linux/backup-linux.rst Normal file
View File

@@ -0,0 +1,187 @@
.. _backup-linux:
====================
Linux Network Folder
====================
.. contents::
:depth: 2
:local:
Setup Network Folder
--------------------
.. note:: This guide is for Ubuntu only. For Linux Mint, select "Mint", or for different distros such as Arch, Debian, Pop-OS, PureOS, etc, select "Other Linux" below.
.. tabs::
.. group-tab:: Ubuntu
Check out the video below, and follow along with the steps in this guide to setup a Network Folder on your Linux machine, such that you may create encrypted, private backups of all your StartOS data.
.. youtube:: LLIMC5P3NdY
:width: 100%
.. raw:: html
<br/><br/>
#. Install Samba if you have not already:
.. code-block::
sudo apt install samba && sudo systemctl enable smbd
#. Add your user to samba, replacing ``$USER`` with your Linux username.
.. code-block:: bash
sudo smbpasswd -a $USER
First you will be prompted for your linux password, then you will be asked to create a new SMB password for the user with permission to write to your new backup share. Keep it somewhere safe, such as Vaultwarden.
#. Right-click the folder that you want to backup to (or create a new one) and click "Properties"
.. figure:: /_static/images/cifs/cifs-lin0.png
:width: 60%
#. Select the "Local Network Share" tab
.. figure:: /_static/images/cifs/cifs-lin1.png
:width: 60%
#. Click "Share this folder"
.. figure:: /_static/images/cifs/cifs-lin2.png
:width: 60%
- You may rename the "Share", if you prefer - **remember this name**, you will need it later in the StartOS dashboard
- (Optional) Create a description in the "Comment" section
#. In case your installation of Ubuntu is running a firewall by default or due to your own custom configuration, enter this command to allow connections to Samba. If it generates an error, you can safely ignore it:
.. code-block:: bash
sudo ufw allow Samba
.. group-tab:: Mint
#. Install Samba if you have not already:
.. code-block::
sudo apt install samba && sudo systemctl enable smbd
#. Add your user to samba, replacing ``$USER`` with your Linux username.
.. code-block:: bash
sudo usermod -a -G sambashare $USER
sudo smbpasswd -a $USER
First you will be prompted for your linux password, then you will be asked to create a new SMB password for the user with permission to write to your new backup share. Keep it somewhere safe, such as Vaultwarden.
#. Right-click the folder that you want to backup to (or create a new one, eg. ``start9-backup``) and click "Sharing Options"
.. figure:: /_static/images/cifs/cifs-mint0.png
:width: 60%
#. Enter a Share name consisting of 12 or fewer characters and click "Create Share"
.. figure:: /_static/images/cifs/cifs-mint1.png
:width: 60%
- You may rename the "Share", if you prefer - **remember this name**, you will need it later in the StartOS dashboard. In this example, we call it ``backup-share``
- (Optional) Create a description in the "Comment" section
#. In case your installation of Mint is running a firewall by default or due to your own custom configuration, enter this command to allow connections to Samba. If it generates an error, you can safely ignore it:
.. code-block:: bash
sudo ufw allow Samba
.. group-tab:: Other Linux
1. Install Samba if it is not already installed.
* ``sudo pacman -S samba`` For Arch
* ``sudo apt install samba`` For Debian-based distros (Pop-OS, PureOS, etc)
* ``sudo yum install samba`` For CentOS/Redhat
* ``sudo dnf install samba`` For Fedora
2. Create a directory to share or choose an existing one and make note of its location (path). For this example, we will call the share ``backup-share`` and its corresponding shared directory will be located at ``/home/$USER/start9-backup``. Replace ``$USER`` with your Linux username below.
.. code-block:: bash
mkdir -p /home/$USER/start9-backup
.. note:: If you are on Fedora 38+, you need to do an extra step to allow the Samba share in SELinux:
.. code-block:: bash
sudo semanage fcontext --add --type "samba_share_t" "/home/$USER/start9-backup(/.*)?"
sudo restorecon -R /home/$USER/start9-backup
3. Configure Samba by adding the following to the end of the ``/etc/samba/smb.conf`` file:
.. code-block::
[backup-share]
path = "/home/$USER/start9-backup"
create mask = 0600
directory mask = 0700
read only = no
guest ok = no
Where:
- ``[backup-share]`` is the *Share Name* inside brakets, and can be called anything you'd like. We used ``backup-share`` in this example.
- ``path`` should be the path to the directory you created earlier
Copy the remainder of the entry exactly as it is
4. Open a terminal and enter the following command, replacing ``$USER`` with your Linux username:
.. code-block:: bash
sudo smbpasswd -a $USER
This creates a password for the Local Network Share. Keep it somewhere safe, such as Vaultwarden.
5. In case your installation of Linux (Pop-OS users take special note!) is running a firewall by default or due to your own custom configuration, enter this command to allow connections to Samba. If it generates an error, you can safely ignore it:
.. code-block:: bash
sudo ufw allow Samba
Connect StartOS
---------------
#. Go to *System > Create Backup*.
.. figure:: /_static/images/config/backup.png
:width: 60%
#. Click "Open".
.. figure:: /_static/images/config/backup0.png
:width: 60%
#. Fill in the following fields:
* Hostname - This is the hostname of the machine that your shared folder is located on
* Path - This is the "Share Name" (name of the share in your samba config) and **not** the full directory path. In this guide we use ``backup-share``.
* Username - This is your Linux username on the remote machine that you used to create the shared directory
* Password - This is the password you set above using ``smbpasswd``
.. figure:: /_static/images/config/backup1.png
:width: 60%
#. Click "Save".
That's it! You can now :ref:`Create<backup-create>` encrypted, private backups of all your StartOS data to your Linux machine or external drive!!

129
site/source/guides/device-guides/dg-linux/ff-linux.rst Normal file
View File

@@ -0,0 +1,129 @@
.. _ff-linux:
============================
Configuring Firefox on Linux
============================
Mozilla provides some of the most flexible, secure, and freedom-principled applications for using the web. We highly recommend completing all configuration below.
LAN Config
----------
This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their `blog post <https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/>`_ on the topic (TLDR: for security purposes).
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about changing advanced configuration preferences.
#. Search for *security.enterprise_roots.enabled* and double click on *false* so that it turns to *true*:
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
.. tabs::
.. group-tab:: Debian/Ubuntu
For each Mozilla-based application (Firefox, Firefox ESR, LibreWolf, Thunderbird, etc) you plan on using, you will need to complete the following guide. This is in order for them to trust your Start9 server's CA certificate directly from your Linux distribution's certificate trust store.
#. Select the hamgurger menu, then *Settings*, then search for "*security devices*", then select "*Security Devices...*"
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-1.png
:width: 60%
:alt: Mozilla application p11kit trust #1
#. When the Device Manager dialog window opens, select "*Load*"
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-2.png
:width: 60%
:alt: Mozilla application p11kit trust #2
#. Give the Module Name a title such as "*System CA Trust Module*" and for the Module filename, paste in ``/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so`` and hit *OK*:
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-3.png
:width: 60%
:alt: Mozilla application p11kit trust #3
#. Verify that the new module shows up on the left hand side and select *OK* at the bottom right:
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-4.png
:width: 60%
:alt: Mozilla application p11kit trust #4
.. group-tab:: Arch/Garuda
.. group-tab:: CentOS/Fedora
Now restart Firefox (or other Mozilla application), and log in to your server using ``https``. You should now see this symbol indicating a secure connection:
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
:width: 80%
:alt: Firefox security settings
.. tip:: If you see an exclamation point inside a triangle by the lock, you have made a security exception in the browser. You will need to remove it by clicking the lock and then "Connection not secure":
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
:width: 80%
:alt: Firefox - Remove security exception (Part 1)
Then click "Remove Exception":
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
:width: 80%
:alt: Firefox - Remove security exception (Part 2)
You should now see that the website is trusted as in the final step show above.
Tor Config
----------
.. caution::
This guide assumes you have completed :ref:`setting up Tor<tor-linux>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Next, search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file from a terminal, by using:
.. code-block::
sudo wget -P /etc/tor https://start9.com/assets/proxy.pac
#. Now, back in your Firefox web browser, select ``Settings`` from the right-hand hamburger menu:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. This should open a menu that will allow you to configure your proxy settings. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file:///etc/tor/proxy.pac
#. Then, check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and then restart Firefox for the changes to take effect.
#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can access tor service :ref:`WebUIs <web-ui>`, and use client integrations such as :ref:`Vaultwarden<vaultwarden-service>` apps and extensions. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`_.
If you still encounter issues, `contact support <https://start9.com/contact>`_.

59
site/source/guides/device-guides/dg-linux/index.rst Normal file
View File

@@ -0,0 +1,59 @@
.. _dg-linux:
=====
Linux
=====
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides. At minimum, you will want to set up your Root CA in the first guide.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-linux
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Backup Configuration
:link: backup-linux
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: Setup
Configure a Network Folder on your Linux machine (or attached external drive) to receive StartOS backups.
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-linux
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your Linux device. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. topic-box::
:title: Configure Firefox
:link: ff-linux
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: Config
Configure Firefox for an optimal experience with your server.
.. toctree::
:maxdepth: 4
:hidden:
lan-linux
backup-linux
tor-linux
ff-linux

83
site/source/guides/device-guides/dg-linux/lan-linux.rst Normal file
View File

@@ -0,0 +1,83 @@
.. _lan-linux:
================================
Trusting Your Start9 CA on Linux
================================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Windows). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The self-signed certificate was created by your server when you perfomed the initial setup, and applies to your server's main UI connection, as well as all service connections.
.. caution:: If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so.
Download Root CA
----------------
First, download your Start9 server's Root CA, if you have not already.
- Navigate to *System > LAN*, then click "Download Certificate".
.. figure:: /_static/images/ssl/lan_setup.png
:width: 40%
:alt: LAN setup menu item
Alternatively, you can download to another machine, then transfer the file to your device.
Trust Root CA
-------------
.. tabs::
.. group-tab:: Debian/Ubuntu
These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc.
#. Perform the following commands in the Terminal:
.. code-block:: bash
sudo apt update
sudo apt install -y ca-certificates p11-kit
#. Move into the folder where you downloaded your Start9 server's Root CA (usually ``~/Downloads``), and run the following commands to add your Start9 server's CA certificate to the OS trust store:
.. caution:: BE CERTAIN to replace ``adjective-noun`` with your server's unique hostname in the 3rd and 4th commands below!
.. code-block:: bash
cd ~/Downloads
sudo mkdir -p /usr/share/ca-certificates/start9
sudo cp "adjective-noun.local.crt" /usr/share/ca-certificates/start9/
sudo bash -c "echo 'start9/adjective-noun.local.crt' >> /etc/ca-certificates.conf"
sudo update-ca-certificates
In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``. We highly recommend continuing on to our :ref:`Configuring Firefox <ff-linux>` guide.
.. group-tab:: Arch/Garuda
From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here):
.. code-block:: bash
sudo pacman -S ca-certificates
sudo cp "<custom-address>.crt" /etc/ca-certificates/trust-source/anchors/
sudo update-ca-trust
Despite no output from the last command, you can test your app right away.
.. group-tab:: CentOS/Fedora
First, ensure mDNS resolution is turned on so you can reach your server:
Ensure ``MulticastDNS=Yes`` is set in /etc/systemd/resolved.conf and then restart systemd-resolved:
.. code-block:: bash
sudo systemctl restart systemd-resolved
Trust your server's CA certificate:
From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here):
.. code-block:: bash
sudo yum install ca-certificates
sudo cp "<custom-address>.crt" /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <lan-ff>` guide, which we highly recommend.

95
site/source/guides/device-guides/dg-linux/tor-linux.rst Normal file
View File

@@ -0,0 +1,95 @@
.. _tor-linux:
====================
Running Tor on Linux
====================
.. tabs::
.. group-tab:: Debian / Ubuntu
For Debian and Debian-based systems, such as Mint, PopOS etc.
.. note:: The following install is for the LTS (Long Term Support) version of Tor from Debian. If you would like the latest stable release, The Tor Project maintain their own Debian repository. The instructions to connect to this can be found `here <https://support.torproject.org/apt/tor-deb-repo/>`_.
Install the Tor proxy service to your system. To do so, open your terminal and run the following command:
.. code-block:: bash
sudo apt update && sudo apt install tor
.. tip:: You can check that Tor is running with:
.. code-block:: bash
systemctl status tor
In the rare event that Tor is having connectivity issues, you can reset your connection with:
.. code-block:: bash
sudo systemctl restart tor
.. group-tab:: Arch / Garuda / Manjaro
Simply install Tor with:
.. code-block:: bash
sudo pacman -S tor
.. tip:: You can check that Tor is running with:
.. code-block:: bash
systemctl status tor
In the rare event that Tor is having connectivity issues, you can reset your connection with:
.. code-block:: bash
sudo systemctl restart tor
.. group-tab:: CentOS / Fedora / RHEL
#. Configure the Tor Package repository. Add the following to ``/etc/yum.repos.d/tor.repo``:
- CentOS / RHEL:
.. code-block:: bash
[Tor]
name=Tor for Enterprise Linux $releasever - $basearch
baseurl=https://rpm.torproject.org/centos/$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=https://rpm.torproject.org/centos/public_gpg.key
cost=100
- Fedora:
.. tip:: Latest Fedora versions have Tor package available for installation:
.. code-block:: bash
[Tor]
name=Tor for Fedora $releasever - $basearch
baseurl=https://rpm.torproject.org/fedora/$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=https://rpm.torproject.org/fedora/public_gpg.key
cost=100
#. Install the Tor package:
.. code-block:: bash
sudo dnf install tor
#. Then enable tor service:
.. code-block:: bash
sudo systemctl enable --now tor

163
site/source/guides/device-guides/dg-mac/backup-mac.rst Normal file
View File

@@ -0,0 +1,163 @@
.. _backup-mac:
==================
Mac Network Folder
==================
.. contents::
:depth: 2
:local:
Setup a Network Folder
----------------------
Please select what version of MacOS you are using from the two tabs below:
.. tabs::
.. group-tab:: Ventura
#. Identify or create a folder you would like to use to store your Start9 server's backups.
.. tip:: You can select an external drive or folder within an external drive connected to your Mac if you'd like.
#. Go to **System Settings**:
.. figure:: /_static/images/tor/systemSettings.png
:width: 40%
:alt: System settings
#. Click on **General** then **Sharing**:
.. figure:: /_static/images/cifs/ventura-general-sharing.png
:width: 40%
:alt: general-sharing
#. Click the toggle to enable file sharing and then click info icon:
.. figure:: /_static/images/cifs/ventura-enable-file-sharing.png
:width: 40%
:alt: enable-cifs
#. Click on the **"+"** icon and select the folder you would like to make backups to:
.. figure:: /_static/images/cifs/ventura-click-plus.png
:width: 40%
:alt: click-plus
#. Once added, click **Options**:
.. figure:: /_static/images/cifs/ventura-folder-added.png
:width: 40%
:alt: ventura-folder-added
#. Enable SMB sharing for the user you want to use and then click **Done**:
.. figure:: /_static/images/cifs/ventura-smb.png
:width: 40%
:alt: ventura-smb
#. Click **Done** to close this window. You can now move on to connecting your server.
.. tip:: You can find hostname at the bottom of sharing window. You will need this in the next step.
.. tip:: You can find hostname at the bottom of sharing window.
.. group-tab:: Pre-Ventura
#. Identify or create a folder you would like to use to store your Start9 server's backups.
.. tip:: You can select an external drive or folder within an external drive connected to your Mac if you'd like.
#. Go to **System Preferences** and click **Sharing**:
.. figure:: /_static/images/cifs/cifs-mac0.png
:width: 40%
:alt: sharing
#. Click **File Sharing**:
.. figure:: /_static/images/cifs/cifs-mac1.png
:width: 40%
:alt: file-sharing
#. Click the **"+"** icon under **Shared Folders** and add the folder you would like to back up to:
.. figure:: /_static/images/cifs/cifs-mac2.png
:width: 40%
:alt: click-plus
#. After selecting your folder, click **Options**:
.. figure:: /_static/images/cifs/cifs-mac3.png
:width: 40%
:alt: options
#. Enable **Share files and folders using SMB** and turn it on for the user you would like to use to authenticate and then click **Done**:
.. figure:: /_static/images/cifs/cifs-mac4.png
:width: 40%
:alt: SMB
#. Make a note of your computer's **Hostname** which can be found here:
.. figure:: /_static/images/cifs/cifs-mac-hostname.png
:width: 40%
:alt: hostname
#. You will also need the name of the "Shared Folder" you chose or created, as well as your Mac's username and password.
Connect Your Server
-------------------
#. Go to the **System** tab and click **Create Backup**:
.. figure:: /_static/images/config/backup.png
:width: 60%
:alt: system-create-backup
#. Click **Open New**:
.. figure:: /_static/images/config/backup0.png
:width: 60%
:alt: open-new
#. You will now see the following:
.. figure:: /_static/images/cifs/cifs-blank.png
:width: 50%
:alt: cifs-blank
Enter the credentials as follows:
* **Hostname** - This is the name of your computer.
.. tip:: Sometimes it can be unclear what your Mac's hostname is. Check the tip in Step 8 of the section above to find it. On some versions of Mac, you may need to open up Terminal and type `hostname` as below:
.. figure:: /_static/images/cifs/hostname-terminal-mac.png
:width: 35%
:alt: hostname-terminal-mac
* **Path** - This is the *name of the shared folder* you are using and **not** the full directory path.
.. tip:: If you copied the share name from the Mac computer and it contained a space, macOS will have replaced the space with the string "%20". Please re-replace `%20` with a space in this `Path` field.
* **Username** - This is the user on the remote machine that you used to create the shared directory.
* **Password** - This is the password to the above user.
.. figure:: /_static/images/cifs/cifs-mac5.png
:width: 60%
.. note:: If you are on MacOS Catalina (version 10.15.7), and the backup fails, please `see this Apple support thread <https://discussions.apple.com/thread/253970425>`_. If the provided solution still doesn't work, SMB file sharing probably will not work for this old Mac. Consider backing up to a USB thumb drive instead.
.. note:: If you recently updated to MacOS Ventura (version 13.2), and you cannot get the share to connect:
#. Turn off file sharing switch in **General > Sharing**
#. Restart macOS
#. Turn on file sharing switch in **General > Sharing**
#. Click **Connect**.
That's it! You can now :ref:`create encrypted, private backups<backup-create>` of all your Start9 server's data to your Mac.

81
site/source/guides/device-guides/dg-mac/ff-mac.rst Normal file
View File

@@ -0,0 +1,81 @@
.. _ff-mac:
==========================
Configuring Firefox on Mac
==========================
Here we will add your Start9 server's Root CA (Certificate Authority) to your system's certificate trust store to ensure that applications can verify connections to your services.
LAN Config
----------
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about changing advanced configuration preferences.
#. Search for *security.enterprise_roots.enabled* and double click on *false* so that it turns to *true*:
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
Now restart Firefox (or other Mozilla application), and log in to your server using ``https``. You should now see this symbol indicating a secure connection:
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
:width: 80%
:alt: Firefox security settings
.. tip:: If you see an exclamation point inside a triangle by the lock, you have made a security exception in the browser. You will need to remove it by clicking the lock and then "Connection not secure":
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
:width: 80%
:alt: Firefox - Remove security exception (Part 1)
Then click "Remove Exception":
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
:width: 80%
:alt: Firefox - Remove security exception (Part 2)
You should now see that the website is trusted as in the final step show above.
Tor Config
----------
.. caution::
This guide assumes you have completed :ref:`setting up Tor<tor-mac>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Next, search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Now go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Check the option labeled ``Use System Proxy Settings``
#. Check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and then restart Firefox for the changes to take effect.
#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`_.
If you still encounter issues, `contact support <https://start9.com/contact>`_.

69
site/source/guides/device-guides/dg-mac/index.rst Normal file
View File

@@ -0,0 +1,69 @@
.. _dg-mac:
===
Mac
===
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides. At minimum, you will want to set up your Root CA in the first guide.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-mac
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Backup Configuration
:link: backup-mac
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: Setup
Configure a Network Folder on your Mac (or attached external drive) to receive StartOS backups.
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-mac
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your Mac. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. topic-box::
:title: Configure Firefox
:link: ff-mac
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: Config
Configure Firefox for an optimal experience with your server.
.. topic-box::
:title: Screensharing
:link: screenshare-mac
:icon: scylla-icon scylla-icon--workshop
:class: large-4
:anchor: Share Screen
Guide to allow screensharing with a Start9 Support Tech.
.. toctree::
:maxdepth: 4
:hidden:
lan-mac
backup-mac
tor-mac
ff-mac
screenshare-mac

59
site/source/guides/device-guides/dg-mac/lan-mac.rst Normal file
View File

@@ -0,0 +1,59 @@
.. _lan-mac:
================================
Trusting Your Start9 CA on macOS
================================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Mac). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The self-signed certificate was created by your server when you perfomed the initial setup, and applies to your server's main UI connection, as well as all service connections.
#. In your Start9 server's UI, navigate to **System** -> **LAN**
.. figure:: /_static/images/ssl/macos/trust-cert-macos-1-system-lan.png
:width: 60%
:alt: Navigate to System > LAN
#. Click **Download Certificate** and your browser will either automatically save the certificate to your Downloads folder or ask you where to save it:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-2-download_cert.png
:width: 60%
:alt: Download Certificate
#. Among the browser's downloads, right click your certificate file and select *Show in Folder*:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-3-show_in_folder.png
:width: 60%
:alt: Show certificate file in Downloads folder
#. Finder will open. Locate your unique `adjective-noun Local CA.crt` file in your *Downloads* folder and double click it to open it in the Keychain Access program. You will be prompted for your macOS username and password, or thumbprint. Then select *Modify Keychain*:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-4-modify_keychain.png
:width: 60%
#. Your server's CA certificate will be displayed among the imported certificates in Keychain Access. Right-click on the imported CA cert and select *Get Info*:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-5-cert-get_info.png
:width: 60%
:alt: Keychain Access - Get Info of CA Certificate
#. The details of your CA certificate will be displayed in a new dialog window. Expand the **Trust** heading, then select "**Always Trust**" on **Secure Sockets Layer (SSL)** and **X.509 Basic Policy**.
.. figure:: /_static/images/ssl/macos/trust-cert-macos-6-ssl_tls-always_trust.png
:width: 60%
:alt: Trust CA Certificate
Click the red (x) button at the top left of the Local Root CA dialog window.
#. You will then be prompted again for your username and password, or thumbprint. Enter those and click **Update Settings**:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-7-password-update_settings.png
:width: 60%
:alt: Authenticate to change the settings
#. You will see your server's CA certificate as trusted now, signified by a blue (+) sign and the CA cert information will now say "This certificate is marked as trusted for all users" in Keychain Access:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-8-cert_trusted.png
:width: 60%
:alt: Keychain submenu
.. tip:: If the keychain console did not show the certificate as trusted, press "Command + spacebar" and type “Keychain Access”, and hit enter to re-open it.
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <lan-ff>` guide, which we highly recommend.

65
site/source/guides/device-guides/dg-mac/screenshare-mac.rst Normal file
View File

@@ -0,0 +1,65 @@
.. _screenshare-mac:
=============
Screensharing
=============
.. warning:: BE CERTAIN you are communicating with an official Start9 team member. Do not be fooled by impostors. If you are unsure, please `contact us <https://start9.com/contact>`_.
You may run into an issue and want to have a support call where we ask you to share your screen with us. While we understand if you'd rather not do this, it can make troubleshooting issues a lot easier. We will direct you on how you can share your screen. If it doesn't work, please see the following instructions:
.. tabs::
.. group-tab:: Pre-Ventura:
#. Head to System Preferences:
.. figure:: /_static/images/mac-stuff/system-prefs.png
:width: 20%
#. Click Security & Privacy:
.. figure:: /_static/images/mac-stuff/priv-security.png
:width: 20%
#. Click the lock to make changes and select "Privacy":
.. figure:: /_static/images/mac-stuff/click-lock.png
:width: 20%
#. Click "Screen Recording" and click the + icon:
.. figure:: /_static/images/mac-stuff/screen-rec-plus.png
:width: 20%
#. Find your browser within the applications folder and click "Open":
.. figure:: /_static/images/mac-stuff/add-browser-screen-rec.png
:width: 20%
#. Restart your browser and you should now be able to share your screen by clicking on this button within the Jitsi call:
.. figure:: /_static/images/mac-stuff/jitsi-screenshare.png
:width: 20%
.. group-tab:: Ventura:
#. Head to System Settings and scroll down to "Privacy & Security":
.. figure:: /_static/images/mac-stuff/system-settings-priv-sec.png
:width: 20%
#. Scroll down and click "Screen Recording":
.. figure:: /_static/images/mac-stuff/screen-rec-vent.png
:width: 20%
#. You can then click the + icon and add your browser - you may need to restart your browser after this:
.. figure:: /_static/images/mac-stuff/screen-rec-plus-vent.png
:width: 20%
#. You should now be able to share your screen by clicking on this button within the Jitsi call:
.. figure:: /_static/images/mac-stuff/jitsi-screenshare.png
:width: 20%

179
site/source/guides/device-guides/dg-mac/tor-mac.rst Normal file
View File

@@ -0,0 +1,179 @@
.. _tor-mac:
==================
Running Tor on Mac
==================
Install Homebrew
----------------
#. If you do not have Homebrew installed, follow the installation instructions `here <https://brew.sh/>`_. TLDR: Open the Terminal and paste the following line:
.. code-block:: bash
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
#. You will be prompted for your system password before installation; proceed with entering your password. You may be asked more than once.
.. figure:: /_static/images/tor/install_homebrew.png
:width: 80%
:alt: Homebrew installation
#. You will be notified which directories Homebrew is going to create, hit :code:`RETURN`:
.. figure:: /_static/images/tor/install_homebrew1.png
:width: 80%
:alt: Homebrew installation
Homebrew creates the directories and downloads any other files it needs e.g. “Command Line Tool for Xcode” and “Homebrew”.
Wait a few minutes while it downloads and installs what it needs.
.. note:: Once installation is complete you will need to add "brew" to your path. There will be instructions on how to do this with the specific commands you need to enter if you scroll up a little in your terminal. Look for "Add homebrew to your path". Enter the commands and then type **brew --version** to ensure that brew is working. If you see something like **"Homebrew 3.6.18"** then it is installed. If you see **"zsh: command not found: brew"** then it either hasn't installed correctly, has not been added to your path yet or you simply need to open a new terminal. (If you do try restarting terminal, make a note of the commands suggested in case you need them again).
.. warning:: Surprisingly, Homebrew uses Google Analytics to collect anonymous usage data. You can deselect the option to share usage data by `opting out <https://docs.brew.sh/Analytics#opting-out>`_.
Install Tor
-----------
.. caution:: If you have the Tor Browser open, close it and quit the application.
.. note:: If you are on a very old version of macOS, such as High Sierra (10.13) or below, first execute this command in a Terminal window:
.. code-block::
echo 'export PATH="/usr/local/bin:$PATH"' >> ~/.bash_profile
Then close the Terminal.
#. Open a new Terminal and install Tor using the following command:
.. code-block:: bash
brew install tor
#. Then run Tor with:
.. code-block:: bash
brew services start tor
This will start Tor and ensure that it is always running, even after a restart. See the `Tor Project docs <https://2019.www.torproject.org/docs/tor-doc-osx.html.en>`_ for more details.
Enable Tor System-wide
----------------------
.. tabs::
.. group-tab:: Ventura
#. Enable proxy autoconfig file (This will download the Start9 standard proxy config file. You can use your own if you prefer):
.. code-block:: bash
sudo curl https://start9.com/assets/proxy.pac --output /Library/WebServer/Documents/proxy.pac
#. Now enable apache service:
.. code-block:: bash
sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist
#. Go to System Settings:
.. figure:: /_static/images/tor/systemSettings.png
:width: 40%
:alt: System Preferences
#. Click on *Network* and then select the interface on which you wish to enable Tor system-wide (both Ethernet and WiFi advised - do one then the other):
.. figure:: /_static/images/tor/ventura-settings.png
:width: 80%
:alt: Select Network
#. Click *Details*:
.. figure:: /_static/images/tor/ventura-network-advanced.png
:width: 80%
:alt: Click Advanced
#. Click "Proxies," then select "Automatic Proxy Configuration," add this URL: ``http://localhost/proxy.pac``, then click "OK":
.. figure:: /_static/images/tor/ventura-proxies-corrected.png
:width: 80%
:alt: Select Proxys
Done! You have now enabled system-wide Tor potential.
We advise going back to step 4 and repeating this for Wifi/Ethernet depending on which interface you haven't done yet.
If you ever need to view the status of the tor service, enter the following into a Terminal:
.. code-block:: bash
cat /usr/local/var/log/tor.log || sudo cat /opt/homebrew/var/log/tor.log
If you'd like to setup Firefox to use Tor you can follow :ref:`this guide<ff-mac>`.
.. group-tab:: Pre-Ventura
#. Enable proxy autoconfig file (This will download the Start9 standard proxy config file. You can use your own if you prefer):
.. code-block:: bash
sudo curl https://start9.com/assets/proxy.pac --output /Library/WebServer/Documents/proxy.pac
#. Now enable apache service:
.. code-block:: bash
sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist
#. Go to System Preferences:
.. figure:: /_static/images/tor/systemprefs.png
:width: 40%
:alt: System Preferences
#. Click on Network:
.. figure:: /_static/images/tor/network.png
:width: 80%
:alt: Select Network
#. In this example, we'll select WiFi on the left panel. If you're using Ethernet, click that instead. Next click "Advanced" (We suggest returning to this step in order to do both Ethernet AND WiFi):
.. figure:: /_static/images/tor/wifi_click_advanced.png
:width: 80%
:alt: Click Advanced
#. Select "Proxies":
.. figure:: /_static/images/tor/proxys.png
:width: 80%
:alt: Select Proxys
#. Select "Automatic Proxy Configuration", add this URL: **http://localhost/proxy.pac** then click "OK"
.. figure:: /_static/images/tor/entertorproxyURL-pre-ventura.png
:width: 80%
:alt: Select Automatic proxy config and enter URL
#. Finally, click "Apply"
.. figure:: /_static/images/tor/applyproxy.png
:width: 80%
:alt: Apply proxy
Done! You have now enabled system-wide Tor potential.
We suggest heading back to step 5 and enabling Tor system-wide on Ethernet/WiFi now - whichever you did not do already.
If you ever need to view the status of the tor service, enter the following into a Terminal:
.. code-block:: bash
cat /usr/local/var/log/tor.log || sudo cat /opt/homebrew/var/log/tor.log
If you'd like to setup Firefox to use Tor you can follow :ref:`this guide<ff-mac>`.

83
site/source/guides/device-guides/dg-windows/backup-windows.rst Normal file
View File

@@ -0,0 +1,83 @@
.. _backup-windows:
======================
Windows Network Folder
======================
.. contents::
:depth: 2
:local:
Check out the video below, and follow along with the steps in this guide to setup a Network Folder on your Windows machine (or attached drive), such that you may create encrypted, private backups of all your StartOS data.
.. youtube:: wqbXRjttJQY
:width: 100%
Setup Network Folder
--------------------
#. Create a folder, or select an existing one. Right-click the folder and select "Properties"
.. figure:: /_static/images/cifs/cifs-win0.png
:width: 60%
#. Click the "Sharing" tab...
.. figure:: /_static/images/cifs/cifs-win1.png
:width: 60%
then click "Share"
.. figure:: /_static/images/cifs/cifs-win2.png
:width: 60%
#. Select a user you want to use for login and click "Share"
.. figure:: /_static/images/cifs/cifs-win3.png
:width: 60%
.. note::
If you get the following dialogue box, you have designated your network "Public." You may wish to change to "Private" if this is your home network. Otherwise you may turn on network sharing for public networks.
.. figure:: /_static/images/cifs/cifs-win4.png
:width: 60%
#. Note the share's name, "SharedFolder" displayed in black text in the example screenshot below, above the long hostname and Windows directory path in grey text, both highlighted in blue. We will take the share's name and enter it in the final step below.
.. figure:: /_static/images/cifs/cifs-win5.png
:width: 60%
Connect StartOS
---------------
#. Return to your StartOS UI, and go to *System > Create Backup*
.. figure:: /_static/images/config/backup.png
:width: 60%
#. Click "Open" to set up a new connection to your Shared Folder
.. figure:: /_static/images/config/backup0.png
:width: 60%
#. Fill out the following fields as shown below:
.. figure:: /_static/images/config/backup1.png
:width: 60%
- For "Hostname" - Enter your Windows computer name (this is shown after a ``\\`` in Windows)
- For "Path" - Enter the full path followed by the share name displayed in the Windows sharing dialog shown in Step 4 above. In our example this would be, literally, ``/Users/win/Desktop/SharedFolder``. When entering the path, make sure replace the backshashes ``\`` shown by Windows with forward slashes ``/``.
- Enter your Windows username and password in the "User" and "Password" fields
.. caution::
If you use a "PIN" to log in to Windows, keep in mind that your password needs to be the user's full password, NOT the PIN! Office365 accounts also may **not** work, try a regular user in this case.
.. tip::
If you receive the following error:
**Filesystem I/O Error mount error(115): Operation now in progress**
Click Start > Settings > Network & Internet > Ethernet (or WiFi) and select the "Private" profile to treat your LAN as a trusted network that allows file sharing.
That's it! You can now :ref:`Create<backup-create>` encrypted, private backups of all your server data to your Windows machine or external drive!!

57
site/source/guides/device-guides/dg-windows/ff-windows.rst Normal file
View File

@@ -0,0 +1,57 @@
.. _ff-windows:
==============================
Configuring Firefox on Windows
==============================
.. caution:: This guide assumes you have completed :ref:`setting up Tor<tor-windows>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to "true":
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Next, search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Download a *Proxy Auto Config* file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file by following instructions below:
- Click `here <https://start9.com/assets/proxy.pac>`_ to get the file and save the file somewhere you will not delete it. Remember where you save the file. For this example:
.. code-block::
C:\Program Files\Tor Browser\proxy.pac
#. Now, back in your Firefox web browser, select "Settings" from the right-hand hamburger menu:
.. figure:: /_static/images/tor/firefox_options_windows.png
:width: 60%
:alt: Firefox options screenshot
#. Search for the term "proxy" in the search bar in the upper right, then select the button that says "Settings":
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. This should open a menu that will allow you to configure your proxy settings. Select "Automatic proxy configuration URL" and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file://C:/Program Files/Tor Browser/proxy.pac
#. Then, check the box labeled "Proxy DNS when using SOCKS v5":
.. figure:: /_static/images/tor/firefox_proxy_windows.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click "OK" and then restart Firefox for the changes to take effect.
#. You're all set! You should now be able to navigate to ".onion" URLs in Firefox. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`__.

59
site/source/guides/device-guides/dg-windows/index.rst Normal file
View File

@@ -0,0 +1,59 @@
.. _dg-windows:
=======
Windows
=======
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides. At minimum, you will want to set up your Root CA in the first guide.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-windows
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Backup Configuration
:link: backup-windows
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: Setup
Configure a Network Folder on your Windows machine (or attached external drive) to receive StartOS backups.
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-windows
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your Windows device. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. topic-box::
:title: Configure Firefox
:link: ff-windows
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: Config
Configure Firefox for an optimal experience with your server.
.. toctree::
:maxdepth: 4
:hidden:
lan-windows
backup-windows
tor-windows
ff-windows

111
site/source/guides/device-guides/dg-windows/lan-windows.rst Normal file
View File

@@ -0,0 +1,111 @@
.. _lan-windows:
==================================
Trusting Your Start9 CA On Windows
==================================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Windows). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The self-signed certificate was created by your server when you perfomed the initial setup, and applies to your server's main UI connection, as well as all service connections.
Unfortunately, Windows does not have mDNS alias support built-in, which is necessary in order to visit .local addresses for any service you install on your Start9 server, so we recommend using the Bonjour service. Check out this :ref:`FAQ answer<why-bonjour>` for details.
.. note:: Some users who run through the following instructions have successfully connected to their LAN services only to have them stop working weeks or months later. We believe this to be due to a change in Windows. When this happens the fix is to simply reinstall Bonjour and Bonjour Print Services. A solution is being worked on and Bonjour will not be necessary to connect to your Start9 server for much longer.
Download Root CA
----------------
First, download your Start9 server's Root CA, if you have not already.
- Navigate to *System > LAN*, then click "Download Certificate".
.. figure:: /_static/images/ssl/lan_setup.png
:width: 40%
:alt: LAN setup menu item
Alternatively, you can download to another machine, then transfer the file to your device.
Trust Root CA
-------------
#. Install `Bonjour Print Services <https://support.apple.com/kb/DL999>`_ on your Windows machine.
.. tip:: If you are experiencing issues after installing Bonjour, you might have had a previous or failed install. To fix:
#. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ
#. Uninstall Bonjour and Bonjour Print Services completely via *system settings > remove programs*
#. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US)
#. Restart Windows
#. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings.
#. Back in Windows, click the “Start” menu, type “mmc”, and select "Run as administrator" to access the Windows Management Console.
.. figure:: /_static/images/ssl/windows/0_windows_mmc.png
:width: 50%
:alt: Windows MMC
When prompted with the “User Account Control” window, select “Yes” to allow this program to run.
#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*.
.. figure:: /_static/images/ssl/windows/1_windows_console_root.png
:width: 50%
:alt: Windows Console Root
#. Select “Certificates” in the left side menu, then “Add”. This will open another window.
.. figure:: /_static/images/ssl/windows/2_windows_add_certificates.png
:width: 50%
:alt: Add Certificates
#. Select “Computer account” and click “Next". Leave defaulted options on the next screen and click “Finish”.
.. figure:: /_static/images/ssl/windows/3_snap_in_wizard.png
:width: 50%
:alt: Add Snap-in
#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”.
.. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png
:width: 50%
:alt: Snap-in Selected
#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
.. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png
:width: 50%
:alt: Certificates in Management Console
#. Right click on the “Certificates” directory, then navigate to *All Tasks > Import*.
.. figure:: /_static/images/ssl/windows/6_windows_import_cert.png
:width: 50%
:alt: Import certificate
#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and open it. Then click "Next".
.. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png
:width: 50%
:alt: Import cert wizard
#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. Then click "Finish" on the final screen.
.. figure:: /_static/images/ssl/windows/8_windows_import_cert_wizard.png
:width: 50%
:alt: Import cert wizard
#. Select “OK” when the import is successful.
.. figure:: /_static/images/ssl/windows/9_success.png
:width: 20%
:alt: Import success!
#. Verify your server's unique `<adjective-noun> Local Root CA` certificate is in the “Certificates” folder:
.. figure:: /_static/images/ssl/windows/10_successful_cert_install.png
:width: 50%
:alt: Successful cert install
#. You can save the console settings (where we added a snap-in), if desired. The CA certificate will remain imported to the CA certificate store either way, and you will likely use this guide if you need to import a new certificate.
.. figure:: /_static/images/ssl/windows/11_console_settings.png
:width: 20%
:alt: Console settings
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <lan-ff>` guide, which we highly recommend.

60
site/source/guides/device-guides/dg-windows/tor-windows.rst Normal file
View File

@@ -0,0 +1,60 @@
.. _tor-windows:
======================
Running Tor on Windows
======================
.. youtube:: j_ldDT2zPsg
:width: 100%
#. Unfortunately, `The Tor Project <https://torproject.org>`_ no longer publishes a standalone Tor binary for Windows, so the recommended way to get it is with the Tor Browser Bundle. You can download it `here <https://www.torproject.org/download/>`_.
.. figure:: /_static/images/tor/tor_download_windows.png
:width: 80%
:alt: Tor download
Download Tor for Windows
#. Once it is downloaded, run the installer by right clicking on it and selecting `Run as Administrator`.
#. Once you have selected a language, you should see a menu like this:
.. figure:: /_static/images/tor/tor_windows_install.png
:width: 80%
:alt: Tor install wizard
We will install it to ``C:\Program Files\Tor Browser``. If you choose a different folder, it needs to *not* be anywhere under ``C:\Users\``. Note the path you use here for the step after next.
#. Now you want to set up Tor to run as a service: to run in the background and keep itself running so you don't have to worry about it again. To do so, you need to open your Command Prompt as an administrator.
* In Windows 10, you can simply type ``cmd`` in the Windows search bar, right click on the first result, and select `Run as Administrator`.
#. Once it opens, you can run the following commands, inserting your destination folder (from above) between `binPath="` and the `Browser` subfolder, like this:
.. code-block::
sc create tor start= auto binPath="C:\Program Files\Tor Browser\Browser\TorBrowser\Tor\tor.exe -nt-service"
.. tip:: If you get the error "Access denied," please ensure you are running the command prompt in Administrator mode. You can tell because the prompt will show C:\\Users\\YOUR-USERNAME> if you are NOT in admin mode, and it will show C:\\WINDOWS\\system32 if you ARE in admin mode.
.. code-block::
sc start tor
#. When you run this, it should look something like this:
.. figure:: /_static/images/tor/tor_windows_terminal.png
:width: 80%
:alt: Tor windows terminal
.. note:: If you get the error "The specified service already exists," complete the following steps:
1. Run the command:
.. code-block::
sc delete tor
2. Uninstall the Tor Browser, following `these steps <https://tb-manual.torproject.org/uninstalling/>`_.
3. Begin this guide again from the beginning.
#. That's it! Your Windows computer is now setup to natively use Tor.

67
site/source/guides/device-guides/index.rst Normal file
View File

@@ -0,0 +1,67 @@
.. _device-guides:
=============
Device Guides
=============
Guides for integrating your devices with your Start9 server.
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Linux
:link: dg-linux
:icon: scylla-icon scylla-icon--linux
:class: large-4
:anchor: Connect
Integrate Linux devices
.. topic-box::
:title: Mac
:link: dg-mac
:icon: scylla-icon scylla-icon--apple
:class: large-4
:anchor: Connect
Integrate Mac devices
.. topic-box::
:title: Windows
:link: dg-windows
:icon: scylla-icon scylla-icon--windows
:class: large-4
:anchor: Connect
Integrate Windows devices
.. topic-box::
:title: Android
:link: dg-android
:icon: scylla-icon scylla-icon--android
:class: large-4
:anchor: Connect
Integrate Android devices
.. topic-box::
:title: iOS
:icon: scylla-icon scylla-icon--ios
:link: dg-ios
:class: large-4
:anchor: Connect
Integrate iOS devices
.. toctree::
:maxdepth: 2
:hidden:
dg-linux/index
dg-mac/index
dg-windows/index
dg-android/index
dg-ios/index