Big refactor, many minor fixes (#441)

* Big refactor, many minor fixes * Link fixes, icon edits * Index and ToC fixes * update icons in theme lib and add to device guides index * WIP - refactor Initial setup, LAN, FF, others * First draft ready, many fixes and edits * Ooops - minor edits and changes on initial setup * Add change password guide (try 2). * Remove change password menu item from guides * Fix display bug, think different --------- Co-authored-by: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Co-authored-by: gStart9 <george@start9labs.com>
2026-03-31 04:23:41 +00:00 · 2023-07-28 18:02:43 +00:00
parent eceae35a2b
commit 09b61c7e33
149 changed files with 1362 additions and 785 deletions
--- a/site/source/guides/device-guides/dg-windows/backup-windows.rst
+++ b/site/source/guides/device-guides/dg-windows/backup-windows.rst
@@ -0,0 +1,83 @@
+.. _backup-windows:
+
+======================
+Windows Network Folder
+======================
+
+.. contents::
+  :depth: 2 
+  :local:
+
+Check out the video below, and follow along with the steps in this guide to setup a Network Folder on your Windows machine (or attached drive), such that you may create encrypted, private backups of all your StartOS data.
+
+   .. youtube:: wqbXRjttJQY 
+      :width: 100%
+
+Setup Network Folder
+--------------------
+
+#. Create a folder, or select an existing one.  Right-click the folder and select "Properties"
+
+    .. figure:: /_static/images/cifs/cifs-win0.png
+        :width: 60%
+
+#. Click the "Sharing" tab...
+
+    .. figure:: /_static/images/cifs/cifs-win1.png
+        :width: 60%
+
+    then click "Share"
+
+    .. figure:: /_static/images/cifs/cifs-win2.png
+        :width: 60%
+
+#. Select a user you want to use for login and click "Share"
+
+    .. figure:: /_static/images/cifs/cifs-win3.png
+        :width: 60%
+
+    .. note::
+
+        If you get the following dialogue box, you have designated your network "Public."  You may wish to change to "Private" if this is your home network.  Otherwise you may turn on network sharing for public networks.
+
+            .. figure:: /_static/images/cifs/cifs-win4.png
+                :width: 60%
+
+#. Note the share's name, "SharedFolder" displayed in black text in the example screenshot below, above the long hostname and Windows directory path in grey text, both highlighted in blue.  We will take the share's name and enter it in the final step below.
+
+    .. figure:: /_static/images/cifs/cifs-win5.png
+        :width: 60%
+
+Connect StartOS
+---------------
+
+#. Return to your StartOS UI, and go to *System > Create Backup*
+
+    .. figure:: /_static/images/config/backup.png
+        :width: 60%
+
+#. Click "Open" to set up a new connection to your Shared Folder
+
+    .. figure:: /_static/images/config/backup0.png
+        :width: 60%
+
+#. Fill out the following fields as shown below:
+
+    .. figure:: /_static/images/config/backup1.png
+        :width: 60%
+
+    - For "Hostname" - Enter your Windows computer name (this is shown after a ``\\`` in Windows)
+    - For "Path" - Enter the full path followed by the share name displayed in the Windows sharing dialog shown in Step 4 above.  In our example this would be, literally, ``/Users/win/Desktop/SharedFolder``. When entering the path, make sure replace the backshashes ``\`` shown by Windows with forward slashes ``/``.
+    - Enter your Windows username and password in the "User" and "Password" fields
+
+.. caution::
+    If you use a "PIN" to log in to Windows, keep in mind that your password needs to be the user's full password, NOT the PIN!  Office365 accounts also may **not** work, try a regular user in this case.
+
+.. tip::
+    If you receive the following error:
+    
+    **Filesystem I/O Error mount error(115): Operation now in progress**
+
+    Click Start > Settings > Network & Internet > Ethernet (or WiFi) and select the "Private" profile to treat your LAN as a trusted network that allows file sharing.
+
+That's it!  You can now :ref:`Create<backup-create>` encrypted, private backups of all your server data to your Windows machine or external drive!!
--- a/site/source/guides/device-guides/dg-windows/ff-windows.rst
+++ b/site/source/guides/device-guides/dg-windows/ff-windows.rst
@@ -0,0 +1,57 @@
+.. _ff-windows:
+
+==============================
+Configuring Firefox on Windows
+==============================
+.. caution::  This guide assumes you have completed :ref:`setting up Tor<tor-windows>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
+
+#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
+
+#. Search for ``dom.securecontext.allowlist_onions`` and set the value to "true":
+
+    .. figure:: /_static/images/tor/firefox_allowlist.png
+      :width: 60%
+      :alt: Firefox whitelist onions screenshot
+
+#. Next, search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
+
+    .. figure:: /_static/images/tor/firefox_insecure_websockets.png
+      :width: 60%
+      :alt: Firefox allow insecure websockets over https
+
+#. Download a *Proxy Auto Config* file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file by following instructions below:
+
+    - Click `here <https://start9.com/assets/proxy.pac>`_ to get the file and save the file somewhere you will not delete it. Remember where you save the file. For this example:
+
+    .. code-block::
+
+      C:\Program Files\Tor Browser\proxy.pac
+
+#. Now, back in your Firefox web browser, select "Settings" from the right-hand hamburger menu:
+
+    .. figure:: /_static/images/tor/firefox_options_windows.png
+      :width: 60%
+      :alt: Firefox options screenshot
+
+#. Search for the term "proxy" in the search bar in the upper right, then select the button that says "Settings":
+
+    .. figure:: /_static/images/tor/firefox_search.png
+      :width: 60%
+      :alt: Firefox search screenshot
+
+#. This should open a menu that will allow you to configure your proxy settings. Select "Automatic proxy configuration URL" and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
+
+    .. code-block::
+
+      file://C:/Program Files/Tor Browser/proxy.pac
+
+#. Then, check the box labeled "Proxy DNS when using SOCKS v5":
+
+    .. figure:: /_static/images/tor/firefox_proxy_windows.png
+      :width: 60%
+      :alt: Firefox proxy settings screenshot
+
+#. Click "OK" and then restart Firefox for the changes to take effect.
+
+#. You're all set! You should now be able to navigate to ".onion" URLs in Firefox. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`__.
+
--- a/site/source/guides/device-guides/dg-windows/index.rst
+++ b/site/source/guides/device-guides/dg-windows/index.rst
@@ -0,0 +1,59 @@
+.. _dg-windows:
+
+=======
+Windows
+=======
+To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides.  At minimum, you will want to set up your Root CA in the first guide.
+
+.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
+
+.. raw:: html
+
+  <div class="topics-grid grid-container full">
+
+  <div class="grid-x grid-margin-x">
+
+.. topic-box::
+  :title: Trust Root CA
+  :link: lan-windows
+  :icon: scylla-icon scylla-icon--partners
+  :class: large-4
+  :anchor: Connect
+
+  Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
+
+.. topic-box::
+  :title: Backup Configuration
+  :link: backup-windows
+  :icon: scylla-icon scylla-icon--cloud
+  :class: large-4
+  :anchor: Setup
+
+  Configure a Network Folder on your Windows machine (or attached external drive) to receive StartOS backups.
+
+.. topic-box::
+  :title: Connect to Tor Network
+  :icon: scylla-icon scylla-icon--networking
+  :link: tor-windows
+  :class: large-4
+  :anchor: Run Tor
+
+  Run Tor natively (in the background) on your Windows device. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
+
+.. topic-box::
+  :title: Configure Firefox
+  :link: ff-windows
+  :icon: scylla-icon scylla-icon--integrations
+  :class: large-4
+  :anchor: Config
+
+  Configure Firefox for an optimal experience with your server.
+
+.. toctree::
+   :maxdepth: 4
+   :hidden:
+
+   lan-windows
+   backup-windows
+   tor-windows
+   ff-windows
--- a/site/source/guides/device-guides/dg-windows/lan-windows.rst
+++ b/site/source/guides/device-guides/dg-windows/lan-windows.rst
@@ -0,0 +1,111 @@
+.. _lan-windows:
+
+==================================
+Trusting Your Start9 CA On Windows
+==================================
+Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Windows).  This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor.  The self-signed certificate was created by your server when you perfomed the initial setup, and applies to your server's main UI connection, as well as all service connections.
+
+Unfortunately, Windows does not have mDNS alias support built-in, which is necessary in order to visit .local addresses for any service you install on your Start9 server, so we recommend using the Bonjour service. Check out this :ref:`FAQ answer<why-bonjour>` for details.
+
+.. note:: Some users who run through the following instructions have successfully connected to their LAN services only to have them stop working weeks or months later. We believe this to be due to a change in Windows. When this happens the fix is to simply reinstall Bonjour and Bonjour Print Services. A solution is being worked on and Bonjour will not be necessary to connect to your Start9 server for much longer.
+
+Download Root CA
+----------------
+First, download your Start9 server's Root CA, if you have not already.
+
+    - Navigate to *System > LAN*, then click "Download Certificate".
+
+      .. figure:: /_static/images/ssl/lan_setup.png
+        :width: 40%
+        :alt: LAN setup menu item
+
+Alternatively, you can download to another machine, then transfer the file to your device.
+
+Trust Root CA
+-------------
+
+#. Install `Bonjour Print Services <https://support.apple.com/kb/DL999>`_ on your Windows machine.
+
+   .. tip::  If you are experiencing issues after installing Bonjour, you might have had a previous or failed install. To fix:
+
+      #. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ
+      #. Uninstall Bonjour and Bonjour Print Services completely via *system settings > remove programs*
+      #. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US)
+      #. Restart Windows
+      #. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings.
+
+#. Back in Windows, click the “Start” menu, type “mmc”, and select "Run as administrator" to access the Windows Management Console.
+
+   .. figure:: /_static/images/ssl/windows/0_windows_mmc.png
+    :width: 50%
+    :alt: Windows MMC
+
+    When prompted with the “User Account Control” window, select “Yes” to allow this program to run.
+
+#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*.
+
+   .. figure:: /_static/images/ssl/windows/1_windows_console_root.png
+    :width: 50%
+    :alt: Windows Console Root
+
+#. Select “Certificates” in the left side menu, then “Add”. This will open another window.
+
+   .. figure:: /_static/images/ssl/windows/2_windows_add_certificates.png
+    :width: 50%
+    :alt: Add Certificates
+
+#. Select “Computer account” and click “Next". Leave defaulted options on the next screen and click “Finish”.
+
+   .. figure:: /_static/images/ssl/windows/3_snap_in_wizard.png
+    :width: 50%
+    :alt: Add Snap-in
+
+#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”.
+
+   .. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png
+    :width: 50%
+    :alt: Snap-in Selected
+
+#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
+
+   .. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png
+    :width: 50%
+    :alt: Certificates in Management Console
+
+#. Right click on the “Certificates” directory, then navigate to *All Tasks > Import*.
+
+   .. figure:: /_static/images/ssl/windows/6_windows_import_cert.png
+    :width: 50%
+    :alt: Import certificate
+
+#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and open it.  Then click "Next".
+
+   .. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png
+    :width: 50%
+    :alt: Import cert wizard
+
+#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”.  Then click "Finish" on the final screen.
+
+   .. figure:: /_static/images/ssl/windows/8_windows_import_cert_wizard.png
+    :width: 50%
+    :alt: Import cert wizard
+
+#. Select “OK” when the import is successful.
+
+   .. figure:: /_static/images/ssl/windows/9_success.png
+    :width: 20%
+    :alt: Import success!
+
+#. Verify your server's unique `<adjective-noun> Local Root CA` certificate is in the “Certificates” folder:
+
+   .. figure:: /_static/images/ssl/windows/10_successful_cert_install.png
+    :width: 50%
+    :alt: Successful cert install
+
+#. You can save the console settings (where we added a snap-in), if desired.  The CA certificate will remain imported to the CA certificate store either way, and you will likely use this guide if you need to import a new certificate.
+
+   .. figure:: /_static/images/ssl/windows/11_console_settings.png
+    :width: 20%
+    :alt: Console settings
+
+You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps.  For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <lan-ff>` guide, which we highly recommend.
--- a/site/source/guides/device-guides/dg-windows/tor-windows.rst
+++ b/site/source/guides/device-guides/dg-windows/tor-windows.rst
@@ -0,0 +1,60 @@
+.. _tor-windows:
+
+======================
+Running Tor on Windows
+======================
+
+.. youtube:: j_ldDT2zPsg
+   :width: 100%
+
+#. Unfortunately, `The Tor Project <https://torproject.org>`_ no longer publishes a standalone Tor binary for Windows, so the recommended way to get it is with the Tor Browser Bundle. You can download it `here <https://www.torproject.org/download/>`_.
+
+   .. figure:: /_static/images/tor/tor_download_windows.png
+    :width: 80%
+    :alt: Tor download
+
+    Download Tor for Windows
+
+#. Once it is downloaded, run the installer by right clicking on it and selecting `Run as Administrator`.
+
+#. Once you have selected a language, you should see a menu like this:
+
+   .. figure:: /_static/images/tor/tor_windows_install.png
+    :width: 80%
+    :alt: Tor install wizard
+
+   We will install it to ``C:\Program Files\Tor Browser``.  If you choose a different folder, it needs to *not* be anywhere under ``C:\Users\``.  Note the path you use here for the step after next.
+
+#. Now you want to set up Tor to run as a service: to run in the background and keep itself running so you don't have to worry about it again. To do so, you need to open your Command Prompt as an administrator.
+
+   * In Windows 10, you can simply type ``cmd`` in the Windows search bar, right click on the first result, and select `Run as Administrator`.
+
+#. Once it opens, you can run the following commands, inserting your destination folder (from above) between `binPath="` and the `Browser` subfolder, like this:
+
+   .. code-block::
+
+      sc create tor start= auto binPath="C:\Program Files\Tor Browser\Browser\TorBrowser\Tor\tor.exe -nt-service"
+
+   .. tip:: If you get the error "Access denied," please ensure you are running the command prompt in Administrator mode.  You can tell because the prompt will show C:\\Users\\YOUR-USERNAME> if you are NOT in admin mode, and it will show C:\\WINDOWS\\system32 if you ARE in admin mode.
+
+   .. code-block::
+
+      sc start tor
+
+#. When you run this, it should look something like this:
+
+   .. figure:: /_static/images/tor/tor_windows_terminal.png
+    :width: 80%
+    :alt: Tor windows terminal
+
+   .. note:: If you get the error "The specified service already exists," complete the following steps:
+
+      1. Run the command:
+
+         .. code-block::
+
+            sc delete tor
+      2. Uninstall the Tor Browser, following `these steps <https://tb-manual.torproject.org/uninstalling/>`_.
+      3. Begin this guide again from the beginning.
+
+#. That's it! Your Windows computer is now setup to natively use Tor.