From 24e051aa3f525d4f10027577f16b6844df2bc402 Mon Sep 17 00:00:00 2001 From: Matt Hill Date: Sun, 19 Nov 2023 07:04:33 -0700 Subject: [PATCH] rework ca trusting flow --- .../device-guides/android/ca-android.rst | 22 +++- .../device-guides/android/ff-android.rst | 80 ------------- site/source/device-guides/android/index.rst | 1 - .../device-guides/android/tor-android.rst | 63 +++++++++- site/source/device-guides/ios/ca-ios.rst | 2 +- site/source/device-guides/linux/ca-linux.rst | 64 +++++++++-- site/source/device-guides/linux/ff-linux.rst | 108 ------------------ site/source/device-guides/linux/index.rst | 1 - site/source/device-guides/linux/tor-linux.rst | 68 ++++++++++- site/source/device-guides/mac/ca-mac.rst | 28 ++++- site/source/device-guides/mac/ff-mac.rst | 60 ---------- site/source/device-guides/mac/index.rst | 1 - site/source/device-guides/mac/tor-mac.rst | 42 ++++++- .../device-guides/windows/ca-windows.rst | 26 ++++- .../device-guides/windows/ff-windows.rst | 72 ------------ site/source/device-guides/windows/index.rst | 1 - .../device-guides/windows/tor-windows.rst | 56 +++++++++ .../service-guides/lightning/alby-cln.rst | 2 +- .../service-guides/lightning/alby-lnbits.rst | 4 +- .../service-guides/lightning/alby-lnd.rst | 4 +- .../lightning/connecting-lnbits.rst | 2 +- .../vaultwarden/bitwarden-client-setup.rst | 2 +- site/source/support/common-issues.rst | 2 +- site/source/user-manual/configuring-ff.rst | 15 --- site/source/user-manual/connecting-lan.rst | 15 +-- site/source/user-manual/connecting-tor.rst | 9 -- site/source/user-manual/index.rst | 1 - site/source/user-manual/initial-setup.rst | 12 +- site/source/user-manual/trust-ca.rst | 11 +- 29 files changed, 360 insertions(+), 414 deletions(-) delete mode 100644 site/source/device-guides/android/ff-android.rst delete mode 100644 site/source/device-guides/linux/ff-linux.rst delete mode 100644 site/source/device-guides/mac/ff-mac.rst delete mode 100644 site/source/device-guides/windows/ff-windows.rst delete mode 100644 site/source/user-manual/configuring-ff.rst diff --git a/site/source/device-guides/android/ca-android.rst b/site/source/device-guides/android/ca-android.rst index fe6de0a..01985d5 100644 --- a/site/source/device-guides/android/ca-android.rst +++ b/site/source/device-guides/android/ca-android.rst @@ -1,16 +1,30 @@ .. _ca-android: -========================================= -Trusting Your Server's Root CA on Android -========================================= +================================ +Trusting Your Root CA on Android +================================ Complete this guide to trust your server's Root Certificate Authority (Root CA) on Android. .. note:: This guide only applies to Android phones running Android v13+, as well as phones running CalyxOS, GrapheneOS, or LineageOS (v19+). -#. Ensure you have already :ref:`downloaded your Root CA ` +.. _ca-android-trust: + +Trusting +-------- + +#. Ensure you have already :ref:`downloaded your Root CA ` #. Tap **Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA Certificate > Install Anyway** and select your custom-named ``adjective-noun.local.crt`` certificate. .. figure:: /_static/images/ssl/android/droidLAN2.png :width: 15% :alt: Install certificate + +.. _ca-android-ff: + +If using Firefox (recommended) +------------------------------ + +#. Tap ``Kebab Menu > Settings > About Firefox`` and tap the Firefox icon 5 times to enable "developer mode" + +#. Go back to ``Kebab Menu > Settings > Secret Settings`` (at the bottom), and tap ``Use third party CA certificates`` \ No newline at end of file diff --git a/site/source/device-guides/android/ff-android.rst b/site/source/device-guides/android/ff-android.rst deleted file mode 100644 index 5d25ff0..0000000 --- a/site/source/device-guides/android/ff-android.rst +++ /dev/null @@ -1,80 +0,0 @@ -.. _ff-android: - -============================== -Configuring Firefox on Android -============================== -Download `Firefox Beta `_ from the Play Store, or `Fennec `_ from F-Droid. - - .. caution:: You must use **Firefox Beta** on Android. Regular Firefox does not permit advanced configuration. - -Local (required for initial setup) ----------------------------------- -#. Ensure you have already :ref:`trusted your Root CA` on your Android device - -#. Tap ``Kebab Menu > Settings > About Firefox`` and tap the Firefox icon 5 times to enable "developer mode" - -#. Go back to ``Kebab Menu > Settings > Secret Settings`` (at the bottom), and tap ``Use third party CA certificates`` - -Tor (can be completed later) ----------------------------- -#. Ensure you are already :ref:`running Tor` on your Android device - -#. Download the `Proxy Auto Config` file that will use Orbot to resolve `.onion` URLs. We have one hosted `here `_ - -#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear - -#. Search for ``network.proxy.autoconfig_url``, and set the value to ``file:///storage/emulated/0/Download/proxy.pac``. This is the default location of a the proxy.pac file downloaded in step 2, although your path may vary: - - .. figure:: /_static/images/tor/autoconfig_url.png - :width: 30% - :alt: Firefox autoconfig url setting screenshot - -#. Navigate to ``about:config`` in the Firefox URL bar: - - .. figure:: /_static/images/tor/about_config.png - :width: 30% - :alt: Firefox about config - -#. Search for ``network.proxy.type`` into the search bar, and set the value to ``2``: - - .. figure:: /_static/images/tor/network_proxy_type.png - :width: 30% - :alt: Firefox network proxy type setting screenshot - -#. Search for ``network.proxy.socks_remote_dns``, and set the value to ``true``: - - .. figure:: /_static/images/tor/socks_remote_dns.png - :width: 30% - :alt: Firefox socks remote dns setting screenshot - -#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``: - - .. figure:: /_static/images/tor/firefox_allowlist_mobile.png - :width: 30% - :alt: Firefox whitelist onions screenshot - -#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``: - - .. figure:: /_static/images/tor/firefox_insecure_websockets_droid.png - :width: 30% - :alt: Firefox allow insecure websockets over https - -#. Search for ``network.http.referer.hideOnionsSource`` and set the value to ``true`` - -#. (**GrapheneOS users only**): Head to ``Settings -> Apps -> Firefox Beta -> Permissions -> Photos and videos -> Configure Storage Scopes -> ADD FILE``, then navigate to where you placed the proxy.pac file: - - .. figure:: /_static/images/tor/storage-scopes-proxy.jpg - :width: 15% - -#. Restart Firefox - -#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide - -#. You can now use the `.onion` URLs of your server and installed services - - -Install StartOS as a PWA ------------------------- -Depending on your version of Firefox, you may be prompted to "Add to Home screen", when visiting your main UI. If you do this, you can access your UI as a Progressive Web App (PWA), meaining that all browser context is removed, and StartOS will behave as a native Android app! - -If you are not prompted, or skipped that screen, simply go to the **Kebab (Settings) Menu > Install** while visiting your server's UI to complete the action. diff --git a/site/source/device-guides/android/index.rst b/site/source/device-guides/android/index.rst index c0f5aa3..55ad9dc 100644 --- a/site/source/device-guides/android/index.rst +++ b/site/source/device-guides/android/index.rst @@ -12,4 +12,3 @@ Recommended Guides ca-android tor-android - ff-android diff --git a/site/source/device-guides/android/tor-android.rst b/site/source/device-guides/android/tor-android.rst index 58784f6..ce206d0 100644 --- a/site/source/device-guides/android/tor-android.rst +++ b/site/source/device-guides/android/tor-android.rst @@ -1,8 +1,8 @@ .. _tor-android: -====================== -Running Tor on Android -====================== +==================== +Using Tor on Android +==================== Some apps, such as the official Tor Browser, have Tor built in. They do not require additional software or configurations to utilize Tor. Most apps, however, do not have Tor built in. They require an app called Orbot to be installed in order to utilize the Tor Network. Running Orbot @@ -45,7 +45,6 @@ Orbot is a system-wide proxy for your Android device that enables communications Orbot VPN mode -------------- - To utilize Tor, some apps require that Orbot be running in VPN mode. This means that you are sending your application's traffic across the Tor network via Orbot. #. Disable Private DNS on your device. Navigate to: ``Settings > Network & Internet > Advanced > Private DNS > Off`` and toggle Private DNS to "off". @@ -76,3 +75,59 @@ You can also add the following browsers to the Tor-Enabled Apps list to easily a - Vanadium .. caution:: Pushing apps through Orbot's VPN mode will allow you to access .onion URLs, however, all other traffic will also go through Tor. This means connections to some sites may be blocked by site operators' fraud prevention measures, especially e-commerce sites where credit cards are used. Proceed with caution especially for Web Browsers. + +If using Firefox (recommended) +------------------------------ + +#. Download the `Proxy Auto Config` file that will use Orbot to resolve `.onion` URLs. We have one hosted `here `_ + +#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear + +#. Search for ``network.proxy.autoconfig_url``, and set the value to ``file:///storage/emulated/0/Download/proxy.pac``. This is the default location of a the proxy.pac file downloaded in step 2, although your path may vary: + + .. figure:: /_static/images/tor/autoconfig_url.png + :width: 30% + :alt: Firefox autoconfig url setting screenshot + +#. Navigate to ``about:config`` in the Firefox URL bar: + + .. figure:: /_static/images/tor/about_config.png + :width: 30% + :alt: Firefox about config + +#. Search for ``network.proxy.type`` into the search bar, and set the value to ``2``: + + .. figure:: /_static/images/tor/network_proxy_type.png + :width: 30% + :alt: Firefox network proxy type setting screenshot + +#. Search for ``network.proxy.socks_remote_dns``, and set the value to ``true``: + + .. figure:: /_static/images/tor/socks_remote_dns.png + :width: 30% + :alt: Firefox socks remote dns setting screenshot + +#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``: + + .. figure:: /_static/images/tor/firefox_allowlist_mobile.png + :width: 30% + :alt: Firefox whitelist onions screenshot + +#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``: + + .. figure:: /_static/images/tor/firefox_insecure_websockets_droid.png + :width: 30% + :alt: Firefox allow insecure websockets over https + +#. Search for ``network.http.referer.hideOnionsSource`` and set the value to ``true`` + +#. (**GrapheneOS users only**): Head to ``Settings -> Apps -> Firefox Beta -> Permissions -> Photos and videos -> Configure Storage Scopes -> ADD FILE``, then navigate to where you placed the proxy.pac file: + + .. figure:: /_static/images/tor/storage-scopes-proxy.jpg + :width: 15% + +#. Restart Firefox + +#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide + +#. You can now use the `.onion` URLs of your server and installed services diff --git a/site/source/device-guides/ios/ca-ios.rst b/site/source/device-guides/ios/ca-ios.rst index f36d617..ec2f2af 100644 --- a/site/source/device-guides/ios/ca-ios.rst +++ b/site/source/device-guides/ios/ca-ios.rst @@ -5,7 +5,7 @@ Trusting Your Server's Root CA on iOS ===================================== Complete this guide to trust your server's Root Certificate Authority (Root CA) on iOS. -#. Ensure you have already :ref:`downloaded your Root CA ` +#. Ensure you have already :ref:`downloaded your Root CA ` #. Open your iCloud Downloads folder and click on the certificate. It will display a dialog box that says "Profile Downloaded." Click `Close`. diff --git a/site/source/device-guides/linux/ca-linux.rst b/site/source/device-guides/linux/ca-linux.rst index c654783..ea71e41 100644 --- a/site/source/device-guides/linux/ca-linux.rst +++ b/site/source/device-guides/linux/ca-linux.rst @@ -1,18 +1,23 @@ .. _ca-linux: -======================================= -Trusting Your Server's Root CA on Linux -======================================= +============================== +Trusting Your Root CA on Linux +============================== .. caution:: If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so. +.. _ca-linux-trust: + +Trusting +-------- + .. tabs:: .. group-tab:: Debian/Ubuntu These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc. - #. Ensure you have already :ref:`downloaded your Root CA ` + #. Ensure you have already :ref:`downloaded your Root CA ` #. Perform the following commands in the Terminal: @@ -33,11 +38,11 @@ Trusting Your Server's Root CA on Linux sudo bash -c "echo 'start9/adjective-noun.local.crt' >> /etc/ca-certificates.conf" sudo update-ca-certificates - In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``. We highly recommend continuing on to our :ref:`Configuring Firefox ` guide. + In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``. .. group-tab:: Arch/Garuda - #. Ensure you have already :ref:`downloaded your Root CA ` + #. Ensure you have already :ref:`downloaded your Root CA ` #. From the folder you have downloaded your Start9 server's Root CA, run the following commands. Take care to replace `adjective-noun` with your server's unique adjective-noun combination in the command below. If you have changed the certificate's filename, be sure to change it here. @@ -51,7 +56,7 @@ Trusting Your Server's Root CA on Linux .. group-tab:: CentOS/Fedora - #. Ensure you have already :ref:`downloaded your Root CA ` + #. Ensure you have already :ref:`downloaded your Root CA ` #. In `/etc/systemd/resolved.conf`, ensure you have ``MulticastDNS=Yes`` @@ -68,3 +73,48 @@ Trusting Your Server's Root CA on Linux sudo yum install ca-certificates sudo cp "adjective-noun.local.crt" /etc/pki/ca-trust/source/anchors/ sudo update-ca-trust + +.. _ca-linux-ff: + +If using Firefox (recommended) +------------------------------ + +This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their `blog post `_ on the topic (TLDR: for security purposes). + +#. Select your distribution below and follow instructions: + + .. tabs:: + + .. group-tab:: Debian/Ubuntu + + #. Select the hamburger menu -> ``Settings``. Search for ``security devices`` and select ``Security Devices...`` + + .. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-1.png + :width: 60% + :alt: Mozilla application p11kit trust #1 + + #. When the Device Manager dialog window opens, select ``Load`` + + .. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-2.png + :width: 60% + :alt: Mozilla application p11kit trust #2 + + #. Give the Module Name a title such as "System CA Trust Module". For the Module filename, paste in ``/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so`` and hit ``OK`` + + .. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-3.png + :width: 60% + :alt: Mozilla application p11kit trust #3 + + .. tip:: The path to p11-kit-trust.so will be slightly different if your processor's architecture is not x86_64. + + #. Verify that the new module shows up on the left hand side and select ``OK`` at the bottom right: + + .. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-4.png + :width: 60% + :alt: Mozilla application p11kit trust #4 + + .. group-tab:: Arch/Garuda/CentOS/Fedora + + No special steps are needed for Arch/Garuda/CentOS/Fedora. Continue below. + +#. Restart Firefox diff --git a/site/source/device-guides/linux/ff-linux.rst b/site/source/device-guides/linux/ff-linux.rst deleted file mode 100644 index c072e49..0000000 --- a/site/source/device-guides/linux/ff-linux.rst +++ /dev/null @@ -1,108 +0,0 @@ -.. _ff-linux: - -============================ -Configuring Firefox on Linux -============================ -Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services. - -Local (required for initial setup) ----------------------------------- -This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their `blog post `_ on the topic (TLDR: for security purposes). - -#. Select your distribution below and follow instructions: - - .. tabs:: - - .. group-tab:: Debian/Ubuntu - - #. Select the hamburger menu -> ``Settings``. Search for ``security devices`` and select ``Security Devices...`` - - .. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-1.png - :width: 60% - :alt: Mozilla application p11kit trust #1 - - #. When the Device Manager dialog window opens, select ``Load`` - - .. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-2.png - :width: 60% - :alt: Mozilla application p11kit trust #2 - - #. Give the Module Name a title such as "System CA Trust Module". For the Module filename, paste in ``/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so`` and hit ``OK`` - - .. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-3.png - :width: 60% - :alt: Mozilla application p11kit trust #3 - - .. tip:: The path to p11-kit-trust.so will be slightly different if your processor's architecture is not x86_64. - - #. Verify that the new module shows up on the left hand side and select ``OK`` at the bottom right: - - .. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-4.png - :width: 60% - :alt: Mozilla application p11kit trust #4 - - .. group-tab:: Arch/Garuda/CentOS/Fedora - - No special steps are needed for Arch/Garuda/CentOS/Fedora. Continue below. - -#. Restart Firefox - -Tor (can be completed later) ----------------------------- -#. Ensure you have already :ref:`set up Tor` - -#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear - -#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``: - - .. figure:: /_static/images/tor/firefox_allowlist.png - :width: 60% - :alt: Firefox whitelist onions screenshot - -#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``: - - .. figure:: /_static/images/tor/firefox_insecure_websockets.png - :width: 60% - :alt: Firefox allow insecure websockets over https - -#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file from a terminal, by using: - - .. code-block:: - - sudo wget -P ~/ https://start9.com/assets/proxy.pac - -#. Determine the full path of `proxy.pac`, which we will use in step 9, by executing the following command in the terminal, and copying its output to your clipboard: - - .. code-block:: - - echo file://$HOME/proxy.pac - -#. Go to the right-hand hamburger menu and select ``Settings``: - - .. figure:: /_static/images/tor/os_ff_settings.png - :width: 30% - :alt: Firefox options screenshot - -#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``: - - .. figure:: /_static/images/tor/firefox_search.png - :width: 60% - :alt: Firefox search screenshot - -#. Select ``Automatic proxy configuration URL`` and paste the output from the command you performed in step 6. Be aware, the triple ``///`` is intentional, and your path *will* be different from the one below - namely, YOUR_LINUX_USERNAME will be your actual linux username: - - .. code-block:: - - file:///home/YOUR_LINUX_USERNAME/proxy.pac - - .. figure:: /_static/images/tor/firefox_proxy_linux.png - :width: 60% - :alt: Firefox proxy settings screenshot - -#. Check the box labeled ``Proxy DNS when using SOCKS v5`` in the image above - -#. Click ``OK`` and restart Firefox - -#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide - -#. You can now use the `.onion` URLs of your server and installed services diff --git a/site/source/device-guides/linux/index.rst b/site/source/device-guides/linux/index.rst index 5bfa4c4..4a863ee 100644 --- a/site/source/device-guides/linux/index.rst +++ b/site/source/device-guides/linux/index.rst @@ -12,7 +12,6 @@ Recommended Guides ca-linux tor-linux - ff-linux Other Useful Guides ------------------- diff --git a/site/source/device-guides/linux/tor-linux.rst b/site/source/device-guides/linux/tor-linux.rst index e5dfca9..ae2e4b7 100644 --- a/site/source/device-guides/linux/tor-linux.rst +++ b/site/source/device-guides/linux/tor-linux.rst @@ -1,8 +1,11 @@ .. _tor-linux: -==================== -Running Tor on Linux -==================== +================== +Using Tor on Linux +================== + +Running Tor +----------- .. tabs:: @@ -93,3 +96,62 @@ Running Tor on Linux .. code-block:: bash sudo systemctl enable --now tor + +If using Firefox (recommended) +------------------------------ + +#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear + +#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``: + + .. figure:: /_static/images/tor/firefox_allowlist.png + :width: 60% + :alt: Firefox whitelist onions screenshot + +#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``: + + .. figure:: /_static/images/tor/firefox_insecure_websockets.png + :width: 60% + :alt: Firefox allow insecure websockets over https + +#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file from a terminal, by using: + + .. code-block:: + + sudo wget -P ~/ https://start9.com/assets/proxy.pac + +#. Determine the full path of `proxy.pac`, which we will use in step 9, by executing the following command in the terminal, and copying its output to your clipboard: + + .. code-block:: + + echo file://$HOME/proxy.pac + +#. Go to the right-hand hamburger menu and select ``Settings``: + + .. figure:: /_static/images/tor/os_ff_settings.png + :width: 30% + :alt: Firefox options screenshot + +#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``: + + .. figure:: /_static/images/tor/firefox_search.png + :width: 60% + :alt: Firefox search screenshot + +#. Select ``Automatic proxy configuration URL`` and paste the output from the command you performed in step 6. Be aware, the triple ``///`` is intentional, and your path *will* be different from the one below - namely, YOUR_LINUX_USERNAME will be your actual linux username: + + .. code-block:: + + file:///home/YOUR_LINUX_USERNAME/proxy.pac + + .. figure:: /_static/images/tor/firefox_proxy_linux.png + :width: 60% + :alt: Firefox proxy settings screenshot + +#. Check the box labeled ``Proxy DNS when using SOCKS v5`` in the image above + +#. Click ``OK`` and restart Firefox + +#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide + +#. You can now use the `.onion` URLs of your server and installed services diff --git a/site/source/device-guides/mac/ca-mac.rst b/site/source/device-guides/mac/ca-mac.rst index 874f0ab..8e8f234 100644 --- a/site/source/device-guides/mac/ca-mac.rst +++ b/site/source/device-guides/mac/ca-mac.rst @@ -1,11 +1,16 @@ .. _ca-mac: -===================================== -Trusting Your Server's Root CA on Mac -===================================== +============================ +Trusting Your Root CA on Mac +============================ Complete this guide to trust your server's Root Certificate Authority (Root CA) on Mac. -#. Ensure you have already :ref:`downloaded your Root CA ` +.. _ca-mac-trust: + +Trusting +-------- + +#. Ensure you have already :ref:`downloaded your Root CA ` #. Locate your downloaded Root CA. Right click it and select *Show in Folder*: @@ -50,3 +55,18 @@ Complete this guide to trust your server's Root Certificate Authority (Root CA) :alt: Keychain submenu .. tip:: If the keychain console did not show the certificate as trusted, press "Command + spacebar" and type “Keychain Access”, and hit enter to re-open it. + +.. _ca-mac-ff: + +If using Firefox (recommended) +------------------------------ + +#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear + +#. Search for ``security.enterprise_roots.enable``, set it to ``true``. + + .. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png + :width: 80% + :alt: Firefox security settings + +#. Restart Firefox diff --git a/site/source/device-guides/mac/ff-mac.rst b/site/source/device-guides/mac/ff-mac.rst deleted file mode 100644 index 5d2b524..0000000 --- a/site/source/device-guides/mac/ff-mac.rst +++ /dev/null @@ -1,60 +0,0 @@ -.. _ff-mac: - -========================== -Configuring Firefox on Mac -========================== -Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services. - -Local (required for initial setup) ----------------------------------- -#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear - -#. Search for ``security.enterprise_roots.enable``, set it to ``true``. - - .. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png - :width: 80% - :alt: Firefox security settings - -#. Restart Firefox - -Tor (can be completed later) ----------------------------- -#. Ensure you have already :ref:`set up Tor` - -#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear - -#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``: - - .. figure:: /_static/images/tor/firefox_allowlist.png - :width: 60% - :alt: Firefox whitelist onions screenshot - -#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``: - - .. figure:: /_static/images/tor/firefox_insecure_websockets.png - :width: 60% - :alt: Firefox allow insecure websockets over https - -#. Go to the right-hand hamburger menu and select ``Settings``: - - .. figure:: /_static/images/tor/os_ff_settings.png - :width: 30% - :alt: Firefox options screenshot - -#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``: - - .. figure:: /_static/images/tor/firefox_search.png - :width: 60% - :alt: Firefox search screenshot - -#. Check the option labeled ``Use System Proxy Settings`` *and* the box labeled ``Proxy DNS when using SOCKS v5``: - - .. figure:: /_static/images/tor/firefox_proxy.png - :width: 60% - :alt: Firefox proxy settings screenshot - -#. Click ``OK`` and restart Firefox - -#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide - -#. You can now use the `.onion` URLs of your server and installed services diff --git a/site/source/device-guides/mac/index.rst b/site/source/device-guides/mac/index.rst index 12990f9..7d9f0a8 100644 --- a/site/source/device-guides/mac/index.rst +++ b/site/source/device-guides/mac/index.rst @@ -12,7 +12,6 @@ Recommended Guides ca-mac tor-mac - ff-mac Other Useful Guides ------------------- diff --git a/site/source/device-guides/mac/tor-mac.rst b/site/source/device-guides/mac/tor-mac.rst index c943d0a..b7e7022 100644 --- a/site/source/device-guides/mac/tor-mac.rst +++ b/site/source/device-guides/mac/tor-mac.rst @@ -114,8 +114,6 @@ Enable Tor System-wide cat /usr/local/var/log/tor.log || sudo cat /opt/homebrew/var/log/tor.log - If you'd like to setup Firefox to use Tor you can follow :ref:`this guide`. - .. group-tab:: Pre-Ventura #. Enable proxy autoconfig file (This will download the Start9 standard proxy config file. You can use your own if you prefer): @@ -176,4 +174,42 @@ Enable Tor System-wide cat /usr/local/var/log/tor.log || sudo cat /opt/homebrew/var/log/tor.log - If you'd like to setup Firefox to use Tor you can follow :ref:`this guide`. +If using Firefox (recommended) +------------------------------ +#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear + +#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``: + + .. figure:: /_static/images/tor/firefox_allowlist.png + :width: 60% + :alt: Firefox whitelist onions screenshot + +#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``: + + .. figure:: /_static/images/tor/firefox_insecure_websockets.png + :width: 60% + :alt: Firefox allow insecure websockets over https + +#. Go to the right-hand hamburger menu and select ``Settings``: + + .. figure:: /_static/images/tor/os_ff_settings.png + :width: 30% + :alt: Firefox options screenshot + +#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``: + + .. figure:: /_static/images/tor/firefox_search.png + :width: 60% + :alt: Firefox search screenshot + +#. Check the option labeled ``Use System Proxy Settings`` *and* the box labeled ``Proxy DNS when using SOCKS v5``: + + .. figure:: /_static/images/tor/firefox_proxy.png + :width: 60% + :alt: Firefox proxy settings screenshot + +#. Click ``OK`` and restart Firefox + +#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide + +#. You can now use the `.onion` URLs of your server and installed services diff --git a/site/source/device-guides/windows/ca-windows.rst b/site/source/device-guides/windows/ca-windows.rst index 6971f46..bd83074 100644 --- a/site/source/device-guides/windows/ca-windows.rst +++ b/site/source/device-guides/windows/ca-windows.rst @@ -1,11 +1,16 @@ .. _ca-windows: -========================================= -Trusting Your Server's Root CA on Windows -========================================= +================================ +Trusting Your Root CA on Windows +================================ Complete this guide to trust your server's Root Certificate Authority (Root CA) on Windows. -#. Ensure you have already :ref:`downloaded your Root CA ` +.. _ca-windows-trust: + +Trusting +-------- + +#. Ensure you have already :ref:`downloaded your Root CA ` #. Ensure you have already :ref:`installed bonjour ` @@ -82,3 +87,16 @@ Complete this guide to trust your server's Root Certificate Authority (Root CA) .. figure:: /_static/images/ssl/windows/11_console_settings.png :width: 20% :alt: Console settings + +.. _ca-windows-ff: + +If using Firefox (recommended) +------------------------------ + +#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear + +#. Search for ``security.enterprise_roots.enable``, set it to ``true``. + + .. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png + :width: 80% + :alt: Firefox security settings \ No newline at end of file diff --git a/site/source/device-guides/windows/ff-windows.rst b/site/source/device-guides/windows/ff-windows.rst deleted file mode 100644 index 7ffe313..0000000 --- a/site/source/device-guides/windows/ff-windows.rst +++ /dev/null @@ -1,72 +0,0 @@ -.. _ff-windows: - -============================== -Configuring Firefox on Windows -============================== -Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services. - -Local (required for initial setup) ----------------------------------- -#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear - -#. Search for ``security.enterprise_roots.enable``, set it to ``true``. - - .. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png - :width: 80% - :alt: Firefox security settings - -#. Restart Firefox - -Tor (can be completed later) ----------------------------- -#. Ensure you have already :ref:`set up Tor` - -#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear - -#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``: - - .. figure:: /_static/images/tor/firefox_allowlist.png - :width: 60% - :alt: Firefox whitelist onions screenshot - -#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``: - - .. figure:: /_static/images/tor/firefox_insecure_websockets.png - :width: 60% - :alt: Firefox allow insecure websockets over https - -#. Download a ``Proxy Auto Config`` file to inform Firefox how to use the Tor daemon running on your computer. Click `here `_ to get the one offered by Start9 and save it somewhere you will not delete it. Remember where you save the file. For this example: - - .. code-block:: - - C:\Program Files\Tor Browser\proxy.pac - -#. Go to the right-hand hamburger menu and select ``Settings``: - - .. figure:: /_static/images/tor/os_ff_settings.png - :width: 30% - :alt: Firefox options screenshot - -#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``: - - .. figure:: /_static/images/tor/firefox_search.png - :width: 60% - :alt: Firefox search screenshot - -#. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example: - - .. code-block:: - - file://C:/Program Files/Tor Browser/proxy.pac - -#. Check the box labeled ``Proxy DNS when using SOCKS v5``: - - .. figure:: /_static/images/tor/firefox_proxy.png - :width: 60% - :alt: Firefox proxy settings screenshot - -#. Click ``OK`` and restart Firefox - -#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide - -#. You can now use the `.onion` URLs of your server and installed services diff --git a/site/source/device-guides/windows/index.rst b/site/source/device-guides/windows/index.rst index e55b778..6aeb80e 100644 --- a/site/source/device-guides/windows/index.rst +++ b/site/source/device-guides/windows/index.rst @@ -12,7 +12,6 @@ Recommended Guides ca-windows tor-windows - ff-windows Other Useful Guides ------------------- diff --git a/site/source/device-guides/windows/tor-windows.rst b/site/source/device-guides/windows/tor-windows.rst index 59eeef7..6919929 100644 --- a/site/source/device-guides/windows/tor-windows.rst +++ b/site/source/device-guides/windows/tor-windows.rst @@ -4,6 +4,9 @@ Running Tor on Windows ====================== +Running Tor +----------- + #. Unfortunately, `The Tor Project `_ no longer publishes a standalone Tor binary for Windows, so the recommended way to get it is with the Tor Browser Bundle. You can download it `here `_. .. figure:: /_static/images/tor/tor_download_windows.png @@ -55,3 +58,56 @@ Running Tor on Windows 3. Begin this guide again from the beginning. #. That's it! Your Windows computer is now setup to natively use Tor. + +If using Firefox (recommended) +------------------------------ + +#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear + +#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``: + + .. figure:: /_static/images/tor/firefox_allowlist.png + :width: 60% + :alt: Firefox whitelist onions screenshot + +#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``: + + .. figure:: /_static/images/tor/firefox_insecure_websockets.png + :width: 60% + :alt: Firefox allow insecure websockets over https + +#. Download a ``Proxy Auto Config`` file to inform Firefox how to use the Tor daemon running on your computer. Click `here `_ to get the one offered by Start9 and save it somewhere you will not delete it. Remember where you save the file. For this example: + + .. code-block:: + + C:\Program Files\Tor Browser\proxy.pac + +#. Go to the right-hand hamburger menu and select ``Settings``: + + .. figure:: /_static/images/tor/os_ff_settings.png + :width: 30% + :alt: Firefox options screenshot + +#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``: + + .. figure:: /_static/images/tor/firefox_search.png + :width: 60% + :alt: Firefox search screenshot + +#. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example: + + .. code-block:: + + file://C:/Program Files/Tor Browser/proxy.pac + +#. Check the box labeled ``Proxy DNS when using SOCKS v5``: + + .. figure:: /_static/images/tor/firefox_proxy.png + :width: 60% + :alt: Firefox proxy settings screenshot + +#. Click ``OK`` and restart Firefox + +#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide + +#. You can now use the `.onion` URLs of your server and installed services diff --git a/site/source/service-guides/lightning/alby-cln.rst b/site/source/service-guides/lightning/alby-cln.rst index 55dc2d5..5801a56 100644 --- a/site/source/service-guides/lightning/alby-cln.rst +++ b/site/source/service-guides/lightning/alby-cln.rst @@ -10,7 +10,7 @@ If you'd like to connect via `LNbits ` on your system and we suggest using Firefox which must be :ref:`configured to use Tor.` +#. Make sure you are already :ref:`running Tor` on your system and we suggest using Firefox which must be :ref:`configured to use Tor.` #. Download the Alby extension by visiting the `Alby Github `_, selecting your browser, and installing. #. On the Alby welcome screen, select **Get Started**. diff --git a/site/source/service-guides/lightning/alby-lnbits.rst b/site/source/service-guides/lightning/alby-lnbits.rst index 5acd724..bc565a0 100644 --- a/site/source/service-guides/lightning/alby-lnbits.rst +++ b/site/source/service-guides/lightning/alby-lnbits.rst @@ -9,7 +9,7 @@ Alby Alby is a browser extension that can be connected to your lightning node a number of ways. This guide will go over connecting via LNbits which allows allocation of funds. -Make sure you are already :ref:`running Tor` on your system and we suggest using Firefox which must be :ref:`configured to use Tor.` +Make sure you are already :ref:`running Tor` on your system and we suggest using Firefox which must be :ref:`configured to use Tor.` #. Download the Alby extension by visiting the `Alby Github `_, selecting your browser, and installing. #. On the Alby welcome screen, select **Get Started**. @@ -66,7 +66,7 @@ Make sure you are already :ref:`running Tor` on your system and :width: 45% :alt: alby-lnbits-fields-complete - .. tip:: Make sure to include the http:// at the start of the address. If it is not working make sure that you are already :ref:`running Tor` on your system and that your browser is :ref:`configured to use Tor.` + .. tip:: Make sure to include the http:// at the start of the address. If it is not working make sure that you are properly :ref:`configured Tor` on your system. #. Once connected you should see the following success page: diff --git a/site/source/service-guides/lightning/alby-lnd.rst b/site/source/service-guides/lightning/alby-lnd.rst index 44519e3..a332fdb 100644 --- a/site/source/service-guides/lightning/alby-lnd.rst +++ b/site/source/service-guides/lightning/alby-lnd.rst @@ -10,7 +10,7 @@ If you'd like to connect via `LNbits ` on your system and we suggest using Firefox which must be :ref:`configured to use Tor.` +#. Make sure you are already :ref:`running Tor` on your system and we suggest using Firefox which must be :ref:`configured to use Tor.` #. Download the Alby extension by visiting the `Alby Github `_, selecting your browser, and installing. #. On the Alby welcome screen, select **Get Started**. @@ -39,7 +39,7 @@ If you'd like to connect via `LNbits ` and that :ref:`Firefox is configured to use it.` If you can't get this to work it's OK to use the Companion App - but you will have a better experience with your Start9 server elsewhere if you take the time to get Tor running on your devices. + .. note:: If this does not work, please ensure that :ref:`Tor is running on your system` and that :ref:`Firefox is configured to use it.` If you can't get this to work it's OK to use the Companion App - but you will have a better experience with your Start9 server elsewhere if you take the time to get Tor running on your devices. #. Once connection is completed you will see a success page that displays the balance of your LND node in Sats. diff --git a/site/source/service-guides/lightning/connecting-lnbits.rst b/site/source/service-guides/lightning/connecting-lnbits.rst index 76574b8..ea18b75 100644 --- a/site/source/service-guides/lightning/connecting-lnbits.rst +++ b/site/source/service-guides/lightning/connecting-lnbits.rst @@ -21,7 +21,7 @@ If you are looking to connect the `Alby `. This also requires having :ref:`native tor setup`. +.. note:: You will need a Tor enabled browser. We suggest using Firefox which will need to have been setup to use Tor - if you have yet to do this please see our guide :ref:`here`. This also requires having :ref:`native tor setup`. #. Start by ensuring that you have LNbits installed already as well as LND or Core Lightning (CLN). You also need your lightning node to have at least one channel set up otherwise payments will not work. If you have not set up a channel yet, please follow :ref:`this guide`. diff --git a/site/source/service-guides/vaultwarden/bitwarden-client-setup.rst b/site/source/service-guides/vaultwarden/bitwarden-client-setup.rst index 9021e41..c9a450e 100644 --- a/site/source/service-guides/vaultwarden/bitwarden-client-setup.rst +++ b/site/source/service-guides/vaultwarden/bitwarden-client-setup.rst @@ -15,7 +15,7 @@ Browser Extension If connecting via Tor (i.e using the .onion address) the Bitwarden browser extension will only work with a Tor enabled browser. You can use Firefox (recommended), Tor Browser or Brave Browser. - #. If you choose Firefox, you will need to :ref:`setup Tor on your device ` and :ref:`configure Firefox to use Tor `. If using Brave you will just need to :ref:`setup Tor on your device `. With Tor Browser, everything will just work right out of the box. + #. If you choose Firefox, you will need to :ref:`follow this guide ` to run Tor on your device and configure Firefox to use it. If using Brave you will just need to :ref:`setup Tor on your device `. With Tor Browser, everything will just work right out of the box. .. tip:: We recommend using Firefox as it is the most compatible browser with Start9 Servers. diff --git a/site/source/support/common-issues.rst b/site/source/support/common-issues.rst index fdb2c9d..8e5167b 100644 --- a/site/source/support/common-issues.rst +++ b/site/source/support/common-issues.rst @@ -44,7 +44,7 @@ I am unable to reach my server via its xxxxxxxxxxxxxxxxxx.onion (Tor) address #. **Solutions** #. If you are not yet running a Tor daemon on your device, follow :ref:`these instructions `. If you are already running a Tor daemon, restart it, or in the case of Android, restart your phone. - #. If you are using Firefox, ensure it has been :ref:`properly configured ` to work with .onion URLs. + #. If you are using Firefox, ensure it has been :ref:`properly configured ` to work with .onion URLs. #. **If Tor Browser does not work** - It means there is an issue with your server or with the Tor network. diff --git a/site/source/user-manual/configuring-ff.rst b/site/source/user-manual/configuring-ff.rst deleted file mode 100644 index ee19d61..0000000 --- a/site/source/user-manual/configuring-ff.rst +++ /dev/null @@ -1,15 +0,0 @@ -.. _configuring-ff: - -=================== -Configuring Firefox -=================== -Firefox is the only browser that can be configured to access both LAN (`.local`) and Tor (`.onion`) URLs, including extensions, without affecting normal browser functionality. We highly recommend using Firefox for connecting to your server and its installed services. - -.. note:: For iOS, we recommend using Safari instead of Firefox. That is because on iOS, all browsers must use Safari under the hood, so it is preferable not to stack unnecessary software on top of it. - -Select your OS: - -- :ref:`Linux ` -- :ref:`Mac ` -- :ref:`Windows ` -- :ref:`Android (Firefox Beta) ` diff --git a/site/source/user-manual/connecting-lan.rst b/site/source/user-manual/connecting-lan.rst index 4845a74..2948a96 100644 --- a/site/source/user-manual/connecting-lan.rst +++ b/site/source/user-manual/connecting-lan.rst @@ -5,21 +5,10 @@ Connecting Locally ================== When connected to the same Local Area Network (LAN) as your server, you can use its `.local` URLs for fast and secure connections. -All clients ------------ +#. Ensure you have properly :ref:`downloaded and trusted your Root CA`, including configuring Firefox if you are using it (recommended). + #. Ensure your client device (phone/laptop) is connected to the same Local Area Network (LAN) as your server. This usually means your server and your client device are using the same router, either by ethernet or WiFi -#. Follow instructions to :ref:`trust your server's Root CA` - -If using Firefox (recommended) ------------------------------- -#. Complete the "Local" portion for your OS. Use Safari for iOS. - -- :ref:`Linux ` -- :ref:`Mac ` -- :ref:`Windows ` -- :ref:`Android ` - .. _connecting-lan-windows: Windows only diff --git a/site/source/user-manual/connecting-tor.rst b/site/source/user-manual/connecting-tor.rst index 83ad1c2..e8652ed 100644 --- a/site/source/user-manual/connecting-tor.rst +++ b/site/source/user-manual/connecting-tor.rst @@ -17,15 +17,6 @@ Select your OS: - :ref:`Android ` - :ref:`iOS ` -Using Firefox (recommended) ------------------------------- -#. Complete the "Tor" portion for your OS. Use Safari for iOS - -- :ref:`Linux ` -- :ref:`Mac ` -- :ref:`Windows ` -- :ref:`Android ` - Using the Tor Browser --------------------- Using the official Tor Browser allows you to access `.onion` URLs without additional configuration. However, accessing clearnet (`.com`, `.org`, ect) websites will also be routed over Tor, making them slower, and `.local` URLs cannot be accessed at all. diff --git a/site/source/user-manual/index.rst b/site/source/user-manual/index.rst index cefb9c3..8de0af0 100644 --- a/site/source/user-manual/index.rst +++ b/site/source/user-manual/index.rst @@ -10,7 +10,6 @@ User Manual initial-setup trust-ca - configuring-ff connecting-lan connecting-tor dashboard-overview diff --git a/site/source/user-manual/initial-setup.rst b/site/source/user-manual/initial-setup.rst index 599a74a..0d756f3 100644 --- a/site/source/user-manual/initial-setup.rst +++ b/site/source/user-manual/initial-setup.rst @@ -9,12 +9,14 @@ Initial Setup Starting Fresh -------------- -#. If using Firefox (*recommended*) to connect to your server, you must complete the "Local" portion for your OS: +#. If using Firefox (*recommended for all platform except iOS*) to connect to your server, you must complete the "Local" portion for your OS: - - :ref:`Linux ` - - :ref:`Mac ` - - :ref:`Windows ` - - :ref:`Android ` + .. note:: Firefox is the only browser that can be configured to access both LAN (`.local`) and Tor (`.onion`) URLs, including extensions, without affecting normal browser functionality. For iOS, all browsers actually use Safari under the hood, so it is preferable not to stack unnecessary software on top of it. Just use Safari. + + - :ref:`Linux ` + - :ref:`Mac ` + - :ref:`Windows ` + - :ref:`Android ` - iOS (use Safari) #. Connect your server to power and Ethernet diff --git a/site/source/user-manual/trust-ca.rst b/site/source/user-manual/trust-ca.rst index 9bae333..0c2bbef 100644 --- a/site/source/user-manual/trust-ca.rst +++ b/site/source/user-manual/trust-ca.rst @@ -3,16 +3,9 @@ ===================== Trusting Your Root CA ===================== - Download and trust your server's Root Certificate Authority (Root CA) to establish a secure (HTTPS) connection with your server, and to enhance speeds over Tor. -.. warning:: If using Firefox (recommended), ensure you have completed the "Local" portion for your OS: - :ref:`Linux `, - :ref:`Mac `, - :ref:`Windows `, - :ref:`Android ` - -.. _download-root-ca: +.. _root-ca-download: 1. Downloading ============== @@ -50,7 +43,7 @@ You can find your server's Root CA inside the StartOS dashboard. :width: 40% :alt: LAN setup menu item -.. _trust-root-ca: +.. _root-ca-trust: 2. Trusting ===========