From 1f7ca9d91541478e09dab280acd67090973ff868 Mon Sep 17 00:00:00 2001 From: Matt Hill Date: Sat, 9 Dec 2023 09:38:50 -0700 Subject: [PATCH] rework tor and ff recommendations --- .../device-guides/android/ca-android.rst | 4 +- .../device-guides/android/tor-android.rst | 14 ++-- site/source/device-guides/ios/tor-ios.rst | 4 +- site/source/device-guides/linux/ca-linux.rst | 2 +- site/source/device-guides/linux/tor-linux.rst | 2 +- site/source/device-guides/mac/ca-mac.rst | 2 +- site/source/device-guides/mac/tor-mac.rst | 6 +- .../device-guides/windows/ca-windows.rst | 2 +- .../device-guides/windows/tor-windows.rst | 7 +- site/source/misc-guides/tor-ff.rst | 8 ++ .../vaultwarden/bitwarden-client-setup.rst | 60 ++++++++------- site/source/support/common-issues.rst | 75 ++++++++----------- site/source/user-manual/connecting-lan.rst | 19 ++++- site/source/user-manual/connecting-tor.rst | 29 ++++--- site/source/user-manual/initial-setup.rst | 31 +------- site/source/user-manual/trust-ca.rst | 2 +- 16 files changed, 131 insertions(+), 136 deletions(-) diff --git a/site/source/device-guides/android/ca-android.rst b/site/source/device-guides/android/ca-android.rst index 3d6de03..4bd13b6 100644 --- a/site/source/device-guides/android/ca-android.rst +++ b/site/source/device-guides/android/ca-android.rst @@ -5,8 +5,6 @@ Trusting Your Root CA on Android ================================ Complete this guide to trust your server's Root Certificate Authority (Root CA) on Android. -.. warning:: You must use `Firefox Beta `_ on Android. The regular Firefox app will not work. - .. warning:: This guide only applies to Android phones running Android v13+, as well as phones running CalyxOS, GrapheneOS, or LineageOS (v19+). #. Ensure you have :ref:`downloaded your Root CA ` @@ -17,4 +15,4 @@ Complete this guide to trust your server's Root Certificate Authority (Root CA) :width: 15% :alt: Install certificate -#. If using Firefox (recommended), complete :ref:`this final step ` \ No newline at end of file +#. If you choose to use Firefox, you must use `Firefox Beta `_. Then complete :ref:`this final step `. \ No newline at end of file diff --git a/site/source/device-guides/android/tor-android.rst b/site/source/device-guides/android/tor-android.rst index d7c4318..d9889b9 100644 --- a/site/source/device-guides/android/tor-android.rst +++ b/site/source/device-guides/android/tor-android.rst @@ -5,12 +5,8 @@ Running Tor on Android ====================== Some apps, such as the official Tor Browser, have Tor built in. They do not require additional software or configurations to utilize Tor. Most apps, however, do not have Tor built in. They require an app called Orbot to be installed in order to utilize the Tor Network. -.. warning:: You must use `Firefox Beta `_ on Android. The regular Firefox app will not work. - Running Orbot ------------- -Orbot is a system-wide proxy for your Android device that enables communications over Tor. - #. Download and install Orbot from the `Play Store `_, or from `F-Droid `_ (must open with F-Droid app). Then launch the app. .. note:: When using F-Droid, you will need to activate the Guardian Project repository by visiting the ``Settings`` menu (bottom right) -> ``Repositories`` -> ``Guardian Project Official Releases`` @@ -75,10 +71,12 @@ You can also add the following browsers to the Tor-Enabled Apps list to easily a - Chrome - Vanadium +- Firefox (see below) - .. caution:: Pushing apps through Orbot's VPN mode will allow you to access .onion URLs, however, all other traffic will also go through Tor. This means connections to some sites may be blocked by site operators' fraud prevention measures, especially e-commerce sites where credit cards are used. Proceed with caution especially for Web Browsers. + .. caution:: Pushing apps through Orbot's VPN mode will allow you to access .onion URLs, however, all other traffic will also go through Tor. This means connections to some sites may be blocked by site operators' fraud prevention measures, especially e-commerce sites where credit cards are used. Proceed with caution especially for Web Browsers. Use Firefox (below) to avoid these issues. +If Using Firefox +---------------- +.. warning:: You must use `Firefox Beta `_ on Android. -If using Firefox (recommended) ------------------------------- -Complete this guide: :ref:`tor-ff` \ No newline at end of file +You can configure the Firefox Beta browser to use Orbot `without` adding it as a VPN app by following :ref:`this guide `. This way, Firefox will use Tor only when necessary and avoid some of the issue created by using Tor unconditionally. \ No newline at end of file diff --git a/site/source/device-guides/ios/tor-ios.rst b/site/source/device-guides/ios/tor-ios.rst index b2a8a0d..bdb129d 100644 --- a/site/source/device-guides/ios/tor-ios.rst +++ b/site/source/device-guides/ios/tor-ios.rst @@ -4,7 +4,7 @@ Running Tor on iOS ================== -Orbot is a system-wide proxy for your iOS device that enables communications over Tor. +.. warning:: Orbot is currently broken for iOS. We are hopeful that a future release of Orbot or iOS will resolve the issue. #. Download and install `Orbot from the Apple appstore `_. #. Open Orbot and tap on "Settings". @@ -19,5 +19,3 @@ Orbot is a system-wide proxy for your iOS device that enables communications ove .. figure:: /_static/images/tor/ios-orbot-connecting-full.png :width: 35% :alt: iOS Orbot Connecting to Tor - -#. Apps will now work transparently when requesting onion urls! diff --git a/site/source/device-guides/linux/ca-linux.rst b/site/source/device-guides/linux/ca-linux.rst index 14411ed..efe4280 100644 --- a/site/source/device-guides/linux/ca-linux.rst +++ b/site/source/device-guides/linux/ca-linux.rst @@ -35,7 +35,7 @@ Trusting Your Root CA on Linux In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``. - #. If using Firefox (recommended), complete :ref:`this final step ` + #. If using Firefox, complete :ref:`this final step ` .. group-tab:: Arch/Garuda diff --git a/site/source/device-guides/linux/tor-linux.rst b/site/source/device-guides/linux/tor-linux.rst index 8f199ef..70963c8 100644 --- a/site/source/device-guides/linux/tor-linux.rst +++ b/site/source/device-guides/linux/tor-linux.rst @@ -94,4 +94,4 @@ Using Tor on Linux sudo systemctl enable --now tor -If using Firefox (recommended), you will also need to complete this guide: :ref:`tor-ff` \ No newline at end of file +If using Firefox, you will also need to complete this guide: :ref:`tor-ff` \ No newline at end of file diff --git a/site/source/device-guides/mac/ca-mac.rst b/site/source/device-guides/mac/ca-mac.rst index 7a7798b..49f41ee 100644 --- a/site/source/device-guides/mac/ca-mac.rst +++ b/site/source/device-guides/mac/ca-mac.rst @@ -51,4 +51,4 @@ Complete this guide to trust your server's Root Certificate Authority (Root CA) .. tip:: If the keychain console did not show the certificate as trusted, press "Command + spacebar" and type “Keychain Access”, and hit enter to re-open it. -#. If using Firefox (recommended), complete :ref:`this final step ` +#. If using Firefox, complete :ref:`this final step ` diff --git a/site/source/device-guides/mac/tor-mac.rst b/site/source/device-guides/mac/tor-mac.rst index 578e072..9687e09 100644 --- a/site/source/device-guides/mac/tor-mac.rst +++ b/site/source/device-guides/mac/tor-mac.rst @@ -170,6 +170,6 @@ Enable Tor System-wide cat /usr/local/var/log/tor.log || sudo cat /opt/homebrew/var/log/tor.log -If using Firefox (recommended) ------------------------------- -Complete this guide: :ref:`tor-ff` +If using Firefox +---------------- +Firefox can be configured to use Tor on your Mac to resolve .onion URLs. Complete this guide: :ref:`tor-ff` diff --git a/site/source/device-guides/windows/ca-windows.rst b/site/source/device-guides/windows/ca-windows.rst index 8f0fb55..381874c 100644 --- a/site/source/device-guides/windows/ca-windows.rst +++ b/site/source/device-guides/windows/ca-windows.rst @@ -83,4 +83,4 @@ Complete this guide to trust your server's Root Certificate Authority (Root CA) :width: 20% :alt: Console settings -#. If using Firefox (recommended), complete :ref:`this final step ` +#. If using Firefox, complete :ref:`this final step ` diff --git a/site/source/device-guides/windows/tor-windows.rst b/site/source/device-guides/windows/tor-windows.rst index c133347..1f73733 100644 --- a/site/source/device-guides/windows/tor-windows.rst +++ b/site/source/device-guides/windows/tor-windows.rst @@ -4,6 +4,9 @@ Running Tor on Windows ====================== +Install Tor +----------- + #. Unfortunately, `The Tor Project `_ no longer publishes a standalone Tor binary for Windows, so the recommended way to get it is with the Tor Browser Bundle. You can download it `here `_. .. figure:: /_static/images/tor/tor_download_windows.png @@ -54,4 +57,6 @@ Running Tor on Windows 2. Uninstall the Tor Browser, following `these steps `_. 3. Begin this guide again from the beginning. -#. If using Firefox (recommended), complete :ref:`this final step ` +If using Firefox +---------------- +Firefox can be configured to use Tor running on your Windows machine to resolve .onion URLs. Complete this guide: :ref:`tor-ff` diff --git a/site/source/misc-guides/tor-ff.rst b/site/source/misc-guides/tor-ff.rst index 33c6252..ba699db 100644 --- a/site/source/misc-guides/tor-ff.rst +++ b/site/source/misc-guides/tor-ff.rst @@ -8,6 +8,8 @@ Configuring Firefox for Tor .. group-tab:: Mac + #. Ensure you are already :ref:`running Tor on your Mac `. + #. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear #. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``: @@ -40,6 +42,8 @@ Configuring Firefox for Tor .. group-tab:: Windows + #. Ensure you are already :ref:`running Tor on your Windows machine `. + #. Download the ``Proxy Auto Config`` file to inform Firefox how to resolve `.onion` URLs. Click `here `_ to get the one offered by Start9. Save it somewhere you will not delete it, and remember where you save it. For example: .. code-block:: @@ -84,6 +88,8 @@ Configuring Firefox for Tor .. group-tab:: Linux + #. Ensure you are already :ref:`running Tor on your Linux machine `. + #. Download the `Proxy Auto Config` file to inform Firefox how to resolve `.onion` URLs. You can get Start9's standard file from a terminal, by using: .. code-block:: @@ -134,6 +140,8 @@ Configuring Firefox for Tor .. group-tab:: Android + #. Ensure you are already :ref:`running Tor on your Android device `. + #. Download the `Proxy Auto Config` file to inform Firefox how to resolve `.onion` URLs. We have one hosted `here `_ #. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear diff --git a/site/source/service-guides/vaultwarden/bitwarden-client-setup.rst b/site/source/service-guides/vaultwarden/bitwarden-client-setup.rst index c9a450e..b03b1ea 100644 --- a/site/source/service-guides/vaultwarden/bitwarden-client-setup.rst +++ b/site/source/service-guides/vaultwarden/bitwarden-client-setup.rst @@ -13,9 +13,9 @@ Browser Extension .. group-tab:: Tor - If connecting via Tor (i.e using the .onion address) the Bitwarden browser extension will only work with a Tor enabled browser. You can use Firefox (recommended), Tor Browser or Brave Browser. + If connecting via Tor (i.e using the .onion address) the Bitwarden browser extension will only work with a Tor enabled browser. - #. If you choose Firefox, you will need to :ref:`follow this guide ` to run Tor on your device and configure Firefox to use it. If using Brave you will just need to :ref:`setup Tor on your device `. With Tor Browser, everything will just work right out of the box. + #. If you choose Firefox, you will need to :ref:`follow this guide ` to run Tor on your device and configure Firefox to use it. If using Brave you will just need to :ref:`setup Tor on your device `. With Tor Browser, everything will just work right out of the box. .. tip:: We recommend using Firefox as it is the most compatible browser with Start9 Servers. @@ -147,51 +147,53 @@ iOS .. group-tab:: Tor - Begin by :ref:`setting up Tor ` on your iPhone. + .. warning:: Orbot is currently broken for iOS, which means it is not possible to use Bitwarden over Tor. We are hopeful that a future release of Orbot or iOS will resolve the issue. - You will also need :ref:`LAN access ` setup on your iPhone. + .. Begin by :ref:`setting up Tor ` on your iPhone. - #. Visit the App Store and download the `Bitwarden app `_ + .. You will also need :ref:`LAN access ` setup on your iPhone. - #. Open the Bitwarden app. You'll be greeted with a log-in screen. Click the "Region" drop-down menu. + .. #. Visit the App Store and download the `Bitwarden app `_ - .. figure:: /_static/images/services/vaultwarden/bitwarden-iOS-setup-step1.png - :width: 40% - :alt: vaultwarden-iOS-log-in-screen + .. #. Open the Bitwarden app. You'll be greeted with a log-in screen. Click the "Region" drop-down menu. + + .. .. figure:: /_static/images/services/vaultwarden/bitwarden-iOS-setup-step1.png + .. :width: 40% + .. :alt: vaultwarden-iOS-log-in-screen - #. Choose the "Self-hosted" option. + .. #. Choose the "Self-hosted" option. - .. figure:: /_static/images/services/vaultwarden/bitwarden-iOS-setup-step2.png - :width: 40% - :alt: vaultwarden-iOS-self-hosted-screen + .. .. figure:: /_static/images/services/vaultwarden/bitwarden-iOS-setup-step2.png + .. :width: 40% + .. :alt: vaultwarden-iOS-self-hosted-screen - #. Head to the "Interfaces" tab in the Vaultwarden service on your Start9 Server: + .. #. Head to the "Interfaces" tab in the Vaultwarden service on your Start9 Server: - .. figure:: /_static/images/services/vaultwarden/vaultwarden-interfaces.png - :width: 50% - :alt: vaultwarden-interfaces + .. .. figure:: /_static/images/services/vaultwarden/vaultwarden-interfaces.png + .. :width: 50% + .. :alt: vaultwarden-interfaces - #. Copy the Tor address: + .. #. Copy the Tor address: - .. figure:: /_static/images/services/vaultwarden/vaultwarden-tor-address.png - :width: 50% - :alt: vaultwarden-tor-address + .. .. figure:: /_static/images/services/vaultwarden/vaultwarden-tor-address.png + .. :width: 50% + .. :alt: vaultwarden-tor-address - #. Now send that address to your phone and paste it into Bitwarden. + .. #. Now send that address to your phone and paste it into Bitwarden. - .. caution:: **Before you hit save:** The Tor address you will have copied will begin with **http** - Please change this to **https** instead of **http** + .. .. caution:: **Before you hit save:** The Tor address you will have copied will begin with **http** - Please change this to **https** instead of **http** - .. figure:: /_static/images/services/vaultwarden/bitwarden-iOS-setup-step3.png - :width: 40% - :alt: vaultwarden-iOS-url-screen + .. .. figure:: /_static/images/services/vaultwarden/bitwarden-iOS-setup-step3.png + .. :width: 40% + .. :alt: vaultwarden-iOS-url-screen - #. Now you can hit save, and you'll be returned to the log-in screen. + .. #. Now you can hit save, and you'll be returned to the log-in screen. - #. Go ahead and tap 'Log In,' enter your credentials, and you'll be able to access your Bitwarden app / Vaultwarden server! + .. #. Go ahead and tap 'Log In,' enter your credentials, and you'll be able to access your Bitwarden app / Vaultwarden server! .. group-tab:: LAN - We suggest using Tor, however it is possible have a good experience with LAN. Once synced, your app and all your passwords will be cached and available when you are on the go and not connected to your Start9 Server, and you will only need to be on LAN to update any edits to your vault. + .. note:: You must be connected to your home network to create and update your passwords. The iOS Bitwarden app is good at caching, so you *will* have access to your passwords remotely. Begin by :ref:`setting up LAN ` on your device. diff --git a/site/source/support/common-issues.rst b/site/source/support/common-issues.rst index 348ff0b..7afc07b 100644 --- a/site/source/support/common-issues.rst +++ b/site/source/support/common-issues.rst @@ -11,7 +11,7 @@ Sometimes things don't go as planned. Check here for solutions to common problem StartOS will not boot --------------------- -If the device will not power on at all (no lights whatsoever), then the only issues could be that the Pi is not getting the power it needs, or it is completely dead (extremely rare). If you sourced your own parts, please ensure that the power supply meets the minimum required specifications in the :ref:`DIY Guide`. If you received your device from us and it will not power up at all, please `Contact us `_ for assistance. +If the device will not power on at all (no lights whatsoever), then the only issues could be that the Pi is not getting the power it needs, or it is completely dead (extremely rare). If you sourced your own parts, please ensure that the power supply meets the minimum required specifications in the :ref:`DIY Guide`. If you received your device from us and it will not power up at all, please `Contact us `_ for assistance. StartOS boots into "Diagnostic Mode" ------------------------------------ @@ -21,44 +21,41 @@ Diagnostic Mode is a new UI that will launch in the event that no drive, or an i During initial setup, I am unable to connect to "start.local". ---------------------------------------------------------------- -* Confirm that the server is plugged into both power and Ethernet. +#. Confirm that the server is plugged into both power `and` Ethernet +#. Confirm your phone/computer is `not` connected to a "Guest" network +#. Confirm you are `not` using the Tor Browser. +#. If using Firefox from Mac, Windows or Android, ensure you have set ``security.enterprise_roots.enable`` to ``true`` in ``about:config`` per the :ref:`instructions` +#. Confirm your phone/computer is not using a VPN, or that if you are, that it allows LAN connections, such as the examples below: + - Mullvad - Go to "Settings -> VPN Settings -> Local Network Sharing" + - ProtonVPN - Go to "Preferences -> Connection -> Allow LAN Connections" +#. Visit or refresh (ctrl+shift+R on Linux/Windows, cmd+shift+R on macOS Firefox, cmd+option+E then cmd+R on macOS Safari) the start.local page in a web browser +#. To avoid networking issues, it is recommended to use your `primary` router, not an extender or mesh router +#. Very rarely, your firewall settings may block mDNS. In this case: + - From your browser, navigate to your router configuration settings. This is usually an IP address such as 192.168.1.1. A simple web search will usually reveal how to access the router configuration settings for a particular brand. + - Once in the router config settings, find the section that lists the devices on your network. You should see a device labeled ``start``. Take note of the associated IP address and enter it into your browser's URL field to enter the setup. +#. Log into your router (the directions for which can be found with a simple web search for your router model and 'how to log in'). Once you are in your router, find the device labeled ``start``, and visit its associated IP address, which will look something like: ``192.168.1.9`` -* Confirm the the server emitted two sounds when powering on: a bep and a chime. - -* Confirm your phone is **not** connected to a “Guest” network - -* Confirm your phone is **not** using a VPN. - -If you still cannot connect, try logging into your router (the directions for which can be found with a simple web search for your router model and 'how to log in'). Once you are in your router, find the device labeled ``start``, and visit it's associated IP address, which will look something like: ``192.168.1.9`` +.. _lan-troubleshoot: I am unable to reach my server via its *.local* (LAN) address ------------------------------------------------------------------------------ -Make sure you have successfully followed the :ref:`LAN Setup` instructions for your device. If you are using Windows, your problem is almost certainly with Bonjour - follow the directions to reinstall, even if you have already done so. If you still cannot connect, try all the solutions listed under :ref:`initial setup `. +In addition to :ref:`these step `, try the steps below: + +#. Make sure you have successfully followed the :ref:`connecting-lan` instructions for your device. +#. If you are using Windows, the problem is almost certainly with Bonjour. Follow the directions to reinstall, even if you have already done so. +#. Try connecting using a different browser on the same device. If this works, it means you need to clear cache on your current browser. +#. Try connecting using a different device. If this works, it means you need to clear cache on your current browser and/or restart your current device. +#. Try visiting start.local. Your server may be in diagnostic mode. +#. Try restarting your router. +#. Try restarting your server. Be patient and give it plenty of time to come back online. + +.. _tor-troubleshoot: I am unable to reach my server via its xxxxxxxxxxxxxxxxxx.onion (Tor) address --------------------------------------------------------------------------------- - -#. **Test** - Try connecting to your server using the official Tor Browser. - - #. **If Tor Browser works** - It means the issue is either with the Tor daemon on your device or with the browser settings. - - #. **Solutions** - #. If you are not yet running a Tor daemon on your device, follow :ref:`these instructions `. If you are already running a Tor daemon, restart it, or in the case of Android, restart your phone. - #. If you are using Firefox, ensure it has been :ref:`properly configured ` to work with .onion URLs. - - #. **If Tor Browser does not work** - It means there is an issue with your server or with the Tor network. - - #. **Test** - Try visiting your server over :ref:`LAN` from a non-Tor browser such as Firefox, Chrome, or Safari. - - #. **If LAN works** - it means the issue is an issue your server's Tor connection. - - #. **Solutions** - #. Check if there are any ongoing network-wide service issues with Tor at `the Tor Project status page `_ - #. Wait an hour or so to allow Tor on your server to fix itself. - #. Restart your server through the UI (System -> Restart). - #. **If LAN does not work** - It means your server is experiencing general networking issues. - - #. **Solutions** - Power cycle your server by unplugging it and plugging it back in, then wait a few minutes before trying to connect again. +----------------------------------------------------------------------------- +#. Tor can be slow and unreliable. Often, the solution to poor connectivity is just to wait an hour and try again. +#. Try connecting using the official Tor Browser. If this works, it means the issue is with (1) your current browser or native app, (2) the Tor daemon running on your phone/laptop. Try clearing cache and restarting things. +#. Try connecting to your server using its *.local* URL or IP its address. If this works, it means the issue is specific to Tor on your server. Check out your Tor logs (System -> Tor Logs). If you see errors, such as Tor stuck bootstrapping, navigate to System -> Experimental Features -> Reset Tor. Request Error ------------- @@ -121,15 +118,3 @@ Server Lite, Server Pure, and Server One (2022 and older) have an internal speak * Beethoven's 5th - Something has gone wrong and Diagnostic Mode has been launched on ``http://start.local``, please check here for solutions. - -Raspberry Pi Lights -------------------- -Server Lite has 2 status lights: - -- Red - Power. This will be on solid when powered up and running normally. -- Green - SD Card. This will display when there is SD Card activity, such as during OS installation. It may be off, flashing, or on solid during normal operation. - -Server One (2022) has 2 additional lights: - -- Blue power button - Power. This will be on solid when powered up and running normally. -- Blue drive light - SSD. This will display when there is SSD activity. It may be off, flashing, or on solid during normal operation. diff --git a/site/source/user-manual/connecting-lan.rst b/site/source/user-manual/connecting-lan.rst index 2948a96..6fa3945 100644 --- a/site/source/user-manual/connecting-lan.rst +++ b/site/source/user-manual/connecting-lan.rst @@ -5,9 +5,16 @@ Connecting Locally ================== When connected to the same Local Area Network (LAN) as your server, you can use its `.local` URLs for fast and secure connections. -#. Ensure you have properly :ref:`downloaded and trusted your Root CA`, including configuring Firefox if you are using it (recommended). +All platforms +------------- -#. Ensure your client device (phone/laptop) is connected to the same Local Area Network (LAN) as your server. This usually means your server and your client device are using the same router, either by ethernet or WiFi +.. warning:: You cannot access .local URLs from the Tor Browser. + +#. Ensure you have properly :ref:`downloaded and trusted your Root CA`. + +#. Ensure your client device (phone/laptop) is connected to the same Local Area Network (LAN) as your server. This usually means your server and your client device are using the same router, either by ethernet or WiFi. + +#. Input your .local URL into the browser. .. _connecting-lan-windows: @@ -17,4 +24,10 @@ On Windows, it is necessary to install Bonjour Print Services in order to access #. Simply install Bonjour Print Services from Apple: https://support.apple.com/kb/DL999 -.. warning:: Bonjour can be unreliable. If your `local` URLs suddenly stop working, you may need to uninstall and re-install Bonjour. Go to `System Settings > Remove Programs`, uninstall Bonjour `and` Bonjour Print Services, re-install Bonjour Print Services from the link above, then restart Windows. \ No newline at end of file +.. warning:: Bonjour can be unreliable. If your `local` URLs suddenly stop working, you may need to uninstall and re-install Bonjour. Go to `System Settings > Remove Programs`, uninstall Bonjour `and` Bonjour Print Services, re-install Bonjour Print Services from the link above, then restart Windows. + +Troubleshooting +--------------- +If you followed the above instructions and are experiencing issues, click :ref:`here ` to resolve. + + diff --git a/site/source/user-manual/connecting-tor.rst b/site/source/user-manual/connecting-tor.rst index 46ba294..c7b740a 100644 --- a/site/source/user-manual/connecting-tor.rst +++ b/site/source/user-manual/connecting-tor.rst @@ -7,10 +7,24 @@ You can connect to your server and installed services from anywhere in the world It is not currently supported to access your server and its installed services using a VPN. This functionality is coming in the next major release of StartOS. -.. note:: It is normal for Tor connections to be slow or unreliable at times +.. caution:: It is normal for Tor connections to be slow or unreliable at times. -Running Tor on Your Phone/Computer (Recommended) ------------------------------------------------- +Using a Tor Browser +------------------- +Your StartOS dashboard, as well as many installed services, can be accessed via their unique Tor (.onion) URLs. These URLs and the websites they serve are completely private, known only to you. + +#. To access your private websites, simply download the official Tor Browser and input the URL. + +- For Linux, Mac, Windows, and Android, download the `Official Tor Browser `_ +- For iOS, download `Onion Browser `_ (iOS 17+ only). When prompted, use Orbot *inn-app* Tor, *not* Orbot. + +.. _connecting-tor-native: + +Using Native Apps +----------------- +Some apps have Tor built in, allowing you to use your .onion URLs without extra configuration. + +Other apps lack support for Tor. In such cases, you must run Tor as a global process on your laptop/desktop/phone. - :ref:`Linux ` - :ref:`Mac ` @@ -18,9 +32,6 @@ Running Tor on Your Phone/Computer (Recommended) - :ref:`Android ` - :ref:`iOS ` -Using the Tor Browser ---------------------- -Using the official Tor Browser allows you to access `.onion` URLs without additional configuration. However, accessing clearnet (`.com`, `.org`, ect) websites will also be routed over Tor, making them slower, and `.local` URLs cannot be accessed at all. - -#. Linux, Mac, Windows, Android: `Download Tor Browser `_ -#. iOS: lacks a well-functioning Tor Browser. We recommend following the guide above. +Troubleshooting +--------------- +If you followed the above instructions and are experiencing issues, click :ref:`here ` to resolve diff --git a/site/source/user-manual/initial-setup.rst b/site/source/user-manual/initial-setup.rst index f961e96..929fe81 100644 --- a/site/source/user-manual/initial-setup.rst +++ b/site/source/user-manual/initial-setup.rst @@ -8,17 +8,9 @@ Initial Setup Starting Fresh -------------- +#. Connect your server to power and ethernet. -#. If using Firefox to connect to your server (recommended), complete this short guide for your OS: - - .. note:: Start9 recommends Firefox because it is the only browser that can be configured to access both LAN (`.local`) and Tor (`.onion`) URLs, including through browser extensions, without affecting normal browser functionality. For iOS, all browsers actually use Safari under the hood, so it is preferable not to stack unnecessary software on top of it. Just use Safari. - - - :ref:`Mac/Windows/Linux/Android` - - iOS (use Safari) - -#. Connect your server to power and Ethernet - -#. From your client device (desktop/laptop/phone), open a browser (Firefox recommended) and visit ``http://start.local``. Your client device must be connected to the same Local Area Network (LAN) as your server. This usually means they are using the same router, either by ethernet or WiFi +#. From a client device (desktop/laptop/phone) connected to the same local network as your server, open a browser and visit ``http://start.local``. .. note:: If you are `not` using a Raspberry Pi, you can also plug a monitor and keyboard into the server. This is known as "Kiosk mode". @@ -38,21 +30,6 @@ If you are using an existing drive, transferring data from one drive to another, Troubleshooting --------------- -If you are experiencing issues with setup, try the following: +If you followed the above instructions and are experiencing issues, click :ref:`here ` to resolve. -#. Confirm that the server is plugged into both power `and` Ethernet -#. Confirm your phone/computer is `not` connected to a "Guest" network -#. If using Firefox (recommended) from Mac, Windows or Android, ensure you have set ``security.enterprise_roots.enable`` to ``true`` in ``about:config`` per the :ref:`instructions` -#. Confirm your phone/computer is not using a VPN, or that if you are, that it allows LAN connections, such as the examples below: - - - Mullvad - Go to "Settings -> VPN Settings -> Local Network Sharing" - - ProtonVPN - Go to "Preferences -> Connection -> Allow LAN Connections" - -#. Visit or refresh (ctrl+shift+R on Linux/Windows, cmd+shift+R on macOS Firefox, cmd+option+E then cmd+R on macOS Safari) the start.local page in a web browser -#. To avoid networking issues, it is recommended to use your `primary` router, not an extender or mesh router -#. Very rarely, your firewall settings may block mDNS. In this case: - - - From your browser, navigate to your router configuration settings. This is usually an IP address such as 192.168.1.1. A simple web search will usually reveal how to access the router configuration settings for a particular brand. - - Once in the router config settings, find the section that lists the devices on your network. You should see a device labeled ``start``. Take note of the associated IP address and enter it into your browser's URL field to enter the setup. - -You can always to `reach out to support `_ if you need a hand. +You can also to `reach out to support `_ if you need a hand. diff --git a/site/source/user-manual/trust-ca.rst b/site/source/user-manual/trust-ca.rst index 0c2bbef..3b9fe20 100644 --- a/site/source/user-manual/trust-ca.rst +++ b/site/source/user-manual/trust-ca.rst @@ -3,7 +3,7 @@ ===================== Trusting Your Root CA ===================== -Download and trust your server's Root Certificate Authority (Root CA) to establish a secure (HTTPS) connection with your server, and to enhance speeds over Tor. +Download and trust your server's Root Certificate Authority (Root CA) to establish a secure (HTTPS) connection with your server. .. _root-ca-download: