restructure to account for new theme, add new build process, update readme

docs/source/user-manual/general/lan-setup/browser-setup.rst

@@ -0,0 +1,104 @@
+.. _browser-setup:
+
+Browser Setup
+=============
+
+.. warning:: Make sure you have completed your :ref:`computer setup <computer-setup>` before continuing!
+
+Select the browser you would like to configure to import the certificate from your desktop:
+
+.. .. toctree::
+..   :hidden:
+
+..   browser
+
+- :ref:`Brave <brave>`
+- :ref:`Chrome <chrome>`
+- :ref:`Firefox <firefox>`
+- :ref:`Safari <safari>`
+
+.. _brave:
+
+Brave
+-----
+
+#. Navigate to your Brave Settings in a new tab.
+
+#. On the left hand sidebar, navigate to *Additional Settings > Privacy and Security*.
+
+#. Add the bottom of the section, select "Manage Certificates".
+
+   .. figure:: /_static/images/ssl/browser/brave_security_settings.png
+    :width: 90%
+    :alt: Brave privacy and security settings page
+
+#. If you see a trusted “Embassy Local Root CA”, open a new tab to apply the certificate. If this does not work, quit and restart Brave.
+
+#. If you do not see a trusted “Embassy Local Root CA” certificate in the list, ensure the certificate is properly set up on your computer system.
+
+   .. figure:: /_static/images/ssl/browser/brave_view_certs.png
+    :width: 90%
+    :alt: Brave Manage Certificates sub-menu on MacOS
+
+#. Obtain the LAN address provided in the Setup App and enter it in a new tab.
+
+#. You can now securely navigate to your Embassy over HTTPS!
+
+#. Additionally, you can start a Brave private window with Tor to visit the Tor address over HTTPS (unnecessary in principle, but will circumvent annoying browser warnings).
+
+.. _chrome:
+
+Chrome
+------
+
+#. Once you have followed the steps to setup your device, open a new tab to apply the certificate. If this does not work, quit and restart Chrome.
+
+#. Obtain the LAN address provided in the Setup App and enter it in the URL bar.
+
+#. You can now securely navigate to your Embassy over HTTPS!
+
+.. _firefox:
+
+Firefox
+-------
+
+#. Navigate to your Firefox Settings in a new tab.
+
+#. Select “Privacy and Security” from the left hand navigation menu.
+
+#. Scroll all the way to the bottom of the page and select “View Certificates”.
+
+   .. figure:: /_static/images/ssl/browser/firefox_security_settings.png
+    :width: 90%
+    :alt: Firefox security settings
+
+    Firefox privacy and security settings page
+
+#. Select the "Authorities" tab from the "Certificate Manager".
+
+#. Click “Import” and open the downloaded *Embassy Local Root CA.crt* file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <ssl-setup>`.
+
+#. When prompted, check “Trust this CA to identity websites” and select “OK”.
+
+   .. figure:: /_static/images/ssl/browser/firefox_security_settings.png
+    :width: 90%
+    :alt: Firefox import cert
+
+    Firefox import certificate page
+
+#. Ensure the “Embassy Local Root CA” exists under “Start9 Labs”.
+
+#. Click “OK” to save.
+
+#. Open a new tab in Firefox to apply the changes. If this does not work, quit and restart Firefox.
+
+#. Navigate to the LAN address provided in the Setup App.
+
+#. You can now securely navigate to your Embassy over HTTPS!
+
+.. _safari:
+
+Safari
+------
+
+Once you have completed the steps to install a SSL certificate on your device, simply open a new tab to apply the changes. If this does not work, quit and restart Safari. You can now securely navigate to the LAN address for your Embassy!

docs/source/user-manual/general/lan-setup/computer-setup.rst

@@ -0,0 +1,207 @@
+.. _computer-setup:
+
+Computer Setup
+==============
+
+MacOS
+-----
+
+#. Visit your Embassy at its Tor Address.
+
+#. Navigate to --> Embassy --> Connect Over LAN
+
+   .. figure:: /_static/images/embassy_lan_setup.png
+    :width: 90%
+    :alt: LAN setup menu item
+
+    Select the "Connect over LAN" menu item
+
+#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine.
+
+   .. figure:: /_static/images/secure_lan_setup_page.png
+    :width: 90%
+    :alt: LAN setup page
+
+    Select the "Root Certificate Authority" sub menu
+
+#. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded.
+
+   .. figure:: /_static/images/secure_lan_setup_prompt.png
+    :width: 90%
+    :alt: LAN setup prompt
+
+    Open with "Keychain Access" and select "OK"
+
+#. Enter your computer password when prompted. It will be imported into your computer’s keychain.
+
+   .. figure:: /_static/images/ssl/macos/certificate_untrusted.png
+    :width: 90%
+    :alt: Keychain access import menu
+
+    Keychain access import menu
+
+#. If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it.
+
+#. Navigate to the "System" tab and find the certificate entitled “Embassy Local Root CA”.
+
+#. Double click on this certificate. A second window will pop up.
+
+#. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “when using this certificate”.
+
+   .. figure:: /_static/images/ssl/macos/always_trust.png
+    :width: 90%
+    :alt: Keychain submenu
+
+    Select "Always trust" under SSL dropdown for Embassy Local CA
+
+#. Close this window and enter your password to apply the settings.
+
+#. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access.
+
+   .. figure:: /_static/images/ssl/macos/certificate_trusted.png
+    :width: 90%
+    :alt: Keychain menu trusted certificate
+
+    Trusted Embassy Local CA certificate
+
+#. Open your favorite browser to import this certificate and follow the steps for :ref:`browser setup <browser-setup>`.
+
+Windows
+-------
+
+#. Install `Bonjour Print Services <https://support.apple.com/kb/DL999>`_ on your Windows machine. This is necessary in order to visit .local addresses on Windows.
+#. If you are having issues running Bonjour after installing, you might have had Bonjour previously installed. To fix:
+
+   #. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ
+   #. Uninstall Bonjour completely via ``system settings -> remove programs``
+   #. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US)
+   #. Restart Windows
+   #. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings.
+
+#. Visit your Embassy at its Tor Address.
+
+#. Navigate to --> Embassy --> Connect Over LAN
+
+   .. figure:: /_static/images/embassy_lan_setup.png
+    :width: 90%
+    :alt: LAN setup menu item
+
+    Select the "Connect over LAN" menu item
+
+#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine.
+
+   .. figure:: /_static/images/secure_lan_setup_page.png
+    :width: 90%
+    :alt: LAN setup page
+
+    Select the "Root Certificate Authority" sub menu download icon
+
+#. Select the option to save the *Embassy Local CA.crt* file.
+
+   .. figure:: /_static/images/ssl/windows/windows_download_cert.png
+    :width: 90%
+    :alt: LAN setup prompt
+
+    "Save file" when Opening Embassy Local CA.crt
+
+#. On your computer, right-click the “Start” menu and select “Run”.
+
+#. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run.
+
+   .. figure:: /_static/images/ssl/windows/1_windows_mmc.png
+    :width: 90%
+    :alt: Windows MMC
+
+    Access the Windows Management Console
+
+#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*.
+
+   .. figure:: /_static/images/ssl/windows/2_windows_console_root.png
+    :width: 90%
+    :alt: Windows Console Root
+
+    Add Snap-in from Console Root
+
+#. Select “Certificates” in the left side menu, then “Add”. This will open another window.
+
+   .. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png
+    :width: 90%
+    :alt: Add Certificates
+
+    Add Certificates to selected snap-ins
+
+#. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”.
+
+#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”.
+
+   .. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png
+    :width: 90%
+    :alt: Snap-in Selected
+
+    Certificates (Local Computer) is selected as snap-in
+
+#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
+
+   .. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png
+    :width: 90%
+    :alt: Certificates in Management Console
+
+    Access Certificates in Management Console
+
+#. Right click on “Certificates”, then navigate to *All Tasks > Import*.
+
+   .. figure:: /_static/images/ssl/windows/6_windows_import_cert.png
+    :width: 90%
+    :alt: Import certificate
+
+    Select "Import" from Certificates sub-menu
+
+#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”.
+
+   .. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png
+    :width: 90%
+    :alt: Import cert wizard
+
+    Add downloaded certificate int he Certificate Import Wizard
+
+#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”.
+
+#. Select “OK” when the import is successful.
+
+#. Verify the Embassy Local Root CA certificate is in the “Certificates” folder.
+
+   .. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png
+    :width: 90%
+    :alt: Successful cert install
+
+    Embassy Local Root CA imported into Certificate folder
+
+#. You can save the settings to the console if desired or cancel.
+
+#. Open your favorite browser to import this certificate and follow the steps for :ref:`browser setup <browser-setup>`.
+
+
+Linux
+-----
+
+Nothing specific needs to be configured for this environment, so you just need the certificate from your Embassy.
+
+#. Visit your Embassy at its Tor Address.
+
+#. Navigate to --> Embassy --> Connect Over LAN
+
+   .. figure:: /_static/images/embassy_lan_setup.png
+    :width: 90%
+    :alt: LAN setup menu item
+
+    Select the "Connect over LAN" menu item
+
+#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine.
+
+   .. figure:: /_static/images/secure_lan_setup_page.png
+    :width: 90%
+    :alt: LAN setup page
+
+    Select the "Root Certificate Authority" sub menu
+
+Then open your favorite browser to import this certificate and follow the steps for :ref:`browser setup <browser-setup>`.

docs/source/user-manual/general/lan-setup/desktop.rst

@@ -0,0 +1,11 @@
+*******
+Desktop
+*******
+
+Enabling LAN connectivity for desktop involves configuring both your computer and your browser.
+
+.. toctree::
+  :maxdepth: 1
+
+  Computer Setup<computer-setup>
+  Browser Setup<browser-setup>

docs/source/user-manual/general/lan-setup/index.rst

@@ -0,0 +1,15 @@
+.. _ssl-setup:
+
+*********
+LAN Setup
+*********
+
+You can securely access your Embassy over LAN while connected to the same network. This method of communicating with your Embassy is significantly faster than Tor, and it also serves as a fallback in case the Tor network is experiencing connectivity issues.
+
+The guides below will walk you through the steps to install and trust your Embassy's SSL certificate, such that your communications are encrypted over HTTPS.
+
+.. toctree::
+  :maxdepth: 2
+
+  Desktop<desktop>
+  Mobile<mobile>

docs/source/user-manual/general/lan-setup/mobile.rst

@@ -0,0 +1,86 @@
+******
+Mobile
+******
+
+Android
+=======
+
+Unfortunately, LAN addresses (URLs ending in `.local`) are not supported on Android devices. This is because Android does not yet natively support mDNS, which is used to access LAN addresses on mobile device browsers. As a result, you cannot access your Embassy's or service's LAN address from the browser on Android. We are tracking this issue `here <https://issuetracker.google.com/issues/140786115>`_, please star it to get more attention from the development team!
+
+iOS
+====
+
+#. Navigate back to the `Start9 Setup App <https://apps.apple.com/us/app/start9-setup-app/id1528125889>`_. 
+
+#. Select your claimed Embassy to view the setup results.
+
+#. Find the "LAN (advanced)" menu item at the bottom of the Setup App screen.
+
+   .. figure:: /_static/images/ssl/mobile/ssl_setup_app_complete.png
+    :width: 70%
+    :alt: Setup app complete
+
+    Completed Setup App screen
+
+#. Select the "Embassy Local Root CA" menu item. Clicking this will prompt you to “Save to device”.
+
+   .. figure:: /_static/images/ssl/mobile/ssl_setup_app_advanced.png
+    :width: 70%
+    :alt: Setup app advanced menu
+
+    Setup App advanced menu
+
+#. You will be directed to a page in your default browser indicating next steps and that the profile has been successfully downloaded. 
+
+   .. note::
+        If you have changed the default browser from Safari to Brave, the following auto save certificate to device flow will *not* work. Safari, Firefox, and Chrome work as expected. We recommend you temporarily use one of these browsers to complete this action.
+
+#. Be sure to complete all steps in this process! These steps are also outlined below.
+
+   .. figure:: /_static/images/ssl/mobile/ssl_certificate_install_page.png
+    :width: 70%
+    :alt: Certificate install page
+
+    Select "Allow" on the certificate install page
+
+#. Go to Settings on your iOS device.
+
+   .. figure:: /_static/images/ssl/mobile/ssl_ipad_general_settings.png
+    :width: 70%
+    :alt: General settings
+
+    General settings
+
+#. Navigate to *General > Profile(s) > Downloaded Profile > Install*.
+
+   .. figure:: /_static/images/ssl/mobile/ssl_ipad_profiles.png
+    :width: 70%
+    :alt: Profiles
+
+    Profiles view
+
+   .. figure:: /_static/images/ssl/mobile/ssl_ipad_install_profile.png
+    :width: 70%
+    :alt: Install profile
+
+    Select "Install" for Embassy Local Root CA
+
+#. Select “yes” to any warning prompts.
+
+#. Next, navigate to *General > About > Certificate Trust Settings*.
+
+   .. figure:: /_static/images/ssl/mobile/ssl_ipad_cert_trust_settings.png
+    :width: 70%
+    :alt: Certificate trust settings
+
+    Select Certificate Trust Settings (scroll all the way down)
+
+#. Enable full trust for root certificates.
+
+   .. figure:: /_static/images/ssl/mobile/ssl_ipad_cert_trust.png
+    :width: 70%
+    :alt: Enable full trust
+
+    Toggle to enable full trust for root certificates. "Continue" when warning prompts.
+
+#. Test that this process worked successfully by navigating to the LAN address provided in the Setup App. You should no longer see warnings about the security of this site in your browser. We recommend using Start9’s own `Consulate browser <https://apps.apple.com/us/app/consulate/id1528124570>`_ for a faster and better experience.