From b79a65cb931742ac78556db3d1a784df0ea24064 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Wed, 14 Apr 2021 12:44:47 -0600 Subject: [PATCH 01/21] Tor FF config reformat --- source/misc-guides/tor-firefox/android.rst | 2 +- source/misc-guides/tor-firefox/desktop.rst | 98 ++++++++++++++++++++++ source/misc-guides/tor-firefox/index.rst | 8 +- source/misc-guides/tor-firefox/ios.rst | 10 +++ source/misc-guides/tor-firefox/linux.rst | 54 ------------ source/misc-guides/tor-firefox/mac.rst | 64 -------------- source/misc-guides/tor-firefox/mobile.rst | 13 +++ source/misc-guides/tor-firefox/windows.rst | 54 ------------ source/misc-guides/tor-os/index.rst | 3 +- source/misc-guides/tor-os/ios.rst | 10 +++ source/misc-guides/tor-os/windows.rst | 4 +- 11 files changed, 139 insertions(+), 181 deletions(-) create mode 100644 source/misc-guides/tor-firefox/desktop.rst create mode 100644 source/misc-guides/tor-firefox/ios.rst delete mode 100644 source/misc-guides/tor-firefox/linux.rst delete mode 100644 source/misc-guides/tor-firefox/mac.rst create mode 100644 source/misc-guides/tor-firefox/mobile.rst delete mode 100644 source/misc-guides/tor-firefox/windows.rst create mode 100644 source/misc-guides/tor-os/ios.rst diff --git a/source/misc-guides/tor-firefox/android.rst b/source/misc-guides/tor-firefox/android.rst index c89876a..05d5df6 100644 --- a/source/misc-guides/tor-firefox/android.rst +++ b/source/misc-guides/tor-firefox/android.rst @@ -43,4 +43,4 @@ Once Tor is setup on your system, you can proceed to setup Firefox: :width: 50% :alt: Firefox whitelist onions screenshot -8. Restart Firefox, and you’re all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Password Manager `_ native application. \ No newline at end of file +8. Restart Firefox, and you’re all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Password Manager `_ native application. diff --git a/source/misc-guides/tor-firefox/desktop.rst b/source/misc-guides/tor-firefox/desktop.rst new file mode 100644 index 0000000..9f08de9 --- /dev/null +++ b/source/misc-guides/tor-firefox/desktop.rst @@ -0,0 +1,98 @@ +.. _firefox-tor-desktop: + +************************************** +Setting up Firefox with Tor on Desktop +************************************** + +.. warning:: + This guide assumes you have completed :ref:`setting up Tor`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor. + +1. Open Firefox. + +2. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings. + +3. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``. + + .. figure:: /_static/images/tor/firefox_whitelist.png + :width: 80% + :alt: Firefox whitelist onions screenshot + +On Windows, use the following proxy config file instructions: + + #. Download a `Proxy Auto Config` file that will use the Tor service to resolve .onion urls. We have one hosted `here `_. Save it somewhere you won’t delete it. For this example: + + .. code-block:: + + C:\Program Files\Tor Browser\proxy.pac + +On Mac, use the following proxy config file instructions: + + #. Open the `Terminal` App on your Mac. You can find it in your list of Applications. + + #. Enter into the terminal: + + .. code-block:: + + brew install wget + + #. And then: + + .. code-block:: + + wget -P /usr/local/etc/tor https://registry.start9labs.com/sys/proxy.pac + +On Linux, use the following proxy config file instructions: + + #. Create a `Proxy Auto Config` file (advanced) or use our standard one (recommended): + + #. From a terminal, enter: + + .. code-block:: + + sudo wget -P /etc/tor https://registry.start9labs.com/sys/proxy.pac + + +4. Now open your Firefox web browser, and select options (Windows), or preferences (Mac/Linux): + + .. figure:: /_static/images/tor/firefox_options_windows.png + :width: 80% + :alt: Firefox options screenshot + + Select :menuselection:`Settings --> Options` + + +5. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`: + + .. figure:: /_static/images/tor/firefox_search.png + :width: 80% + :alt: Firefox search screenshot + +6. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example: + +Windows: + + .. code-block:: + + file://C:/Program Files/Tor Browser/proxy.pac + +Mac: + + .. code-block:: + + file:///usr/local/etc/tor/proxy.pac + +Linux: + + .. code-block:: + + file:///etc/tor/proxy.pac + +7. Then, check the box labeled `Proxy DNS when using SOCKS v5`: + + .. figure:: /_static/images/tor/firefox_proxy.png + :width: 80% + :alt: Firefox proxy settings screenshot + +8. Click ``OK`` and then restart Firefox for the changes to take effect. + +9. You’re all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin `_. diff --git a/source/misc-guides/tor-firefox/index.rst b/source/misc-guides/tor-firefox/index.rst index 493112b..5f4ef38 100644 --- a/source/misc-guides/tor-firefox/index.rst +++ b/source/misc-guides/tor-firefox/index.rst @@ -10,9 +10,7 @@ Configuring Firefox for Tor Once you have completed the above guide, select your device's operating system below: .. toctree:: - :maxdepth: 1 + :maxdepth: 2 - MacOS - Windows - Linux - Android \ No newline at end of file + Desktop + Mobile diff --git a/source/misc-guides/tor-firefox/ios.rst b/source/misc-guides/tor-firefox/ios.rst new file mode 100644 index 0000000..bbc1016 --- /dev/null +++ b/source/misc-guides/tor-firefox/ios.rst @@ -0,0 +1,10 @@ +.. _firefox-tor-ios: + +********************************** +Setting up Firefox with Tor on iOS +********************************** + +Unfortunately, Apple does not allow tor to be run natively on iOS. This means that Firefox cannot be configured to use tor. This leaves 2 options for iOS users: + +#. You can use Start9 Labs' own Consulate Browser, which is available `here `_. +#. You can use another Tor Browser from the app store by searching `here `_. diff --git a/source/misc-guides/tor-firefox/linux.rst b/source/misc-guides/tor-firefox/linux.rst deleted file mode 100644 index 9df525b..0000000 --- a/source/misc-guides/tor-firefox/linux.rst +++ /dev/null @@ -1,54 +0,0 @@ -.. _firefox-tor-linux: - -************************************ -Setting up Firefox with Tor on Linux -************************************ - -.. warning:: - This guide assumes you have completed :ref:`setting up Tor for Linux`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor. - -#. Open Firefox. - -#. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings. - -#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``. - - .. figure:: /_static/images/tor/firefox_whitelist.png - :width: 80% - :alt: Firefox whitelist onions screenshot - -#. Create a `Proxy Auto Config` file (advanced) or use our standard one (recommended): - - .. code-block:: - - sudo wget -P /etc/tor https://registry.start9labs.com/sys/proxy.pac - -#. Now open your Firefox web browser, and select preferences. - - .. figure:: /_static/images/tor/firefox_preferences.png - :width: 80% - :alt: Firefox preferences screenshot - - Select :menuselection:`Settings --> Preferences` - -#. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`. - - .. figure:: /_static/images/tor/firefox_search.png - :width: 80% - :alt: Firefox search screenshot - -#. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in: - - .. code-block:: - - file:///etc/tor/proxy.pac - -#. Check the box labeled `Proxy DNS when using SOCKS v5`. - - .. figure:: /_static/images/tor/firefox_proxy.png - :width: 80% - :alt: Firefox proxy settings screenshot - -#. Click ``OK`` and then restart Firefox for the changes to take effect. - -You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin `_. \ No newline at end of file diff --git a/source/misc-guides/tor-firefox/mac.rst b/source/misc-guides/tor-firefox/mac.rst deleted file mode 100644 index 9d8e0a7..0000000 --- a/source/misc-guides/tor-firefox/mac.rst +++ /dev/null @@ -1,64 +0,0 @@ -.. _firefox-tor-mac: - -************************************ -Setting up Firefox with Tor on MacOS -************************************ - -.. warning:: - This guide assumes you have completed :ref:`setting up Tor for MacOS`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor. - -#. Open Firefox. - -#. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings. - -#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``. - - .. figure:: /_static/images/tor/firefox_whitelist.png - :width: 80% - :alt: Firefox whitelist onions screenshot - -#. Next, download the `Proxy Auto Config` file. This file tells Firefox which URLs to use for Tor. - - #. Open the `Terminal` App on your Mac. You can find it in your list of Applications. - - #. Enter into the terminal: - - .. code-block:: - - brew install wget - - #. And then: - - .. code-block:: - - wget -P /usr/local/etc/tor https://registry.start9labs.com/sys/proxy.pac - -#. Open your Firefox web browser, and select preferences: - - .. figure:: /_static/images/tor/firefox_preferences.png - :width: 80% - :alt: Firefox preferences screenshot - - Select :menuselection:`Settings --> Preferences` - -#. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`: - - .. figure:: /_static/images/tor/firefox_search.png - :width: 80% - :alt: Firefox search screenshot - -#. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in: - - .. code-block:: - - file:///usr/local/etc/tor/proxy.pac - -#. Then, check the box labeled `Proxy DNS when using SOCKS v5`: - - .. figure:: /_static/images/tor/firefox_proxy.png - :width: 80% - :alt: Firefox proxy settings screenshot - -#. Click ``OK`` and then restart Firefox for the changes to take effect. - -#. You’re all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin `_. \ No newline at end of file diff --git a/source/misc-guides/tor-firefox/mobile.rst b/source/misc-guides/tor-firefox/mobile.rst new file mode 100644 index 0000000..9b290f6 --- /dev/null +++ b/source/misc-guides/tor-firefox/mobile.rst @@ -0,0 +1,13 @@ +.. _firefox-tor-mobile: + +************************************** +Setting up Firefox with Tor on Mobile +************************************** + +If you are on Android, you can continue after setting up Tor on your device. If you are on iOS, click below for your options. + +.. toctree:: + :maxdepth: 1 + + Android + iOS diff --git a/source/misc-guides/tor-firefox/windows.rst b/source/misc-guides/tor-firefox/windows.rst deleted file mode 100644 index f4a4cdd..0000000 --- a/source/misc-guides/tor-firefox/windows.rst +++ /dev/null @@ -1,54 +0,0 @@ -.. _firefox-tor-windows: - -************************************** -Setting up Firefox with Tor on Windows -************************************** - -.. warning:: - This guide assumes you have completed :ref:`setting up Tor for Windows`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor. - -#. Open Firefox. - -#. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings. - -#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``. - - .. figure:: /_static/images/tor/firefox_whitelist.png - :width: 80% - :alt: Firefox whitelist onions screenshot - -#. Download a `Proxy Auto Config` file that will use the Tor service to resolve .onion urls. We have one hosted `here `_. Save it somewhere you won’t delete it. For this example: - - .. code-block:: - - C:\Program Files\Tor Browser\proxy.pac - -#. Now open your Firefox web browser, and select options: - - .. figure:: /_static/images/tor/firefox_options_windows.png - :width: 80% - :alt: Firefox options screenshot - - Select :menuselection:`Settings --> Options` - -#. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`: - - .. figure:: /_static/images/tor/firefox_search.png - :width: 80% - :alt: Firefox search screenshot - -#. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example: - - .. code-block:: - - file://C:/Program Files/Tor Browser/proxy.pac - -#. Check the box labeled `Proxy DNS when using SOCKS v5`: - - .. figure:: /_static/images/tor/firefox_proxy.png - :width: 80% - :alt: Firefox proxy settings screenshot - -#. Click ``OK`` and then restart Firefox for the changes to take effect. - -#. You’re all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin `_. \ No newline at end of file diff --git a/source/misc-guides/tor-os/index.rst b/source/misc-guides/tor-os/index.rst index 328c50c..6bdd88b 100644 --- a/source/misc-guides/tor-os/index.rst +++ b/source/misc-guides/tor-os/index.rst @@ -14,4 +14,5 @@ Select your operating system to get started: MacOS Windows Linux - Android \ No newline at end of file + Android + iOS diff --git a/source/misc-guides/tor-os/ios.rst b/source/misc-guides/tor-os/ios.rst new file mode 100644 index 0000000..4bb6b26 --- /dev/null +++ b/source/misc-guides/tor-os/ios.rst @@ -0,0 +1,10 @@ +.. _firefox-tor-ios: + +********************* +Setting up Tor on iOS +********************* + +Unfortunately, Apple does not allow tor to be run natively on iOS. This means that Firefox cannot be configured to use tor. This leaves 2 options for iOS users: + +#. You can use Start9 Labs' own Consulate Browser, which is available `here `_. +#. You can use another Tor Browser from the app store by searching `here `_. diff --git a/source/misc-guides/tor-os/windows.rst b/source/misc-guides/tor-os/windows.rst index 4b9284f..133a5ba 100644 --- a/source/misc-guides/tor-os/windows.rst +++ b/source/misc-guides/tor-os/windows.rst @@ -12,7 +12,7 @@ Running Tor on Windows Download Tor for Windows -#. Once it is downloaded, go ahead and run the installer. If you want to install the program outside of your user directory, you will have to right click and select `Run as Administrator`. +#. Once it is downloaded, go ahead and run the installer. If you want to install the program outside of your user directory, you will have to right click and select `Run as Administrator`. #. Once you have selected a language, you should see a menu like this: @@ -43,4 +43,4 @@ Running Tor on Windows Replace highlighted section with noted destination folder -#. That's it! Your Windows computer is now setup to natively use Tor. \ No newline at end of file +#. That's it! Your Windows computer is now setup to natively use Tor. From 37929994c0018dd948efea2fd8aad7eca4e21e35 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Wed, 14 Apr 2021 14:37:59 -0600 Subject: [PATCH 02/21] LAN setup reformat --- .../user-manual/general/lan-setup/browser.rst | 27 ++- .../user-manual/general/lan-setup/desktop.rst | 205 +----------------- .../user-manual/general/lan-setup/index.rst | 4 +- .../general/lan-setup/os-config.rst | 185 ++++++++++++++++ 4 files changed, 211 insertions(+), 210 deletions(-) create mode 100644 source/user-manual/general/lan-setup/os-config.rst diff --git a/source/user-manual/general/lan-setup/browser.rst b/source/user-manual/general/lan-setup/browser.rst index 0e02e21..258adea 100644 --- a/source/user-manual/general/lan-setup/browser.rst +++ b/source/user-manual/general/lan-setup/browser.rst @@ -1,15 +1,26 @@ .. _browsers: -******* -Browser -******* +Browser Config +============== .. warning:: Make sure you have completed setup on your :ref:`device ` before continuing! +Select the browser you would like to configure to import the certificate from your desktop: + +.. .. toctree:: +.. :hidden: + +.. browser + +- :ref:`Brave ` +- :ref:`Chrome ` +- :ref:`Firefox ` +- :ref:`Safari ` + .. _brave: Brave -===== +----- #. Navigate to your Brave Settings in a new tab. @@ -38,7 +49,7 @@ Brave .. _chrome: Chrome -====== +------ #. Once you have followed the steps to setup your device, open a new tab to apply the certificate. If this does not work, quit and restart Chrome. @@ -49,7 +60,7 @@ Chrome .. _firefox: Firefox -======== +------- #. Navigate to your Firefox Settings in a new tab. @@ -88,6 +99,6 @@ Firefox .. _safari: Safari -====== +------ -Once you have completed the steps to install a SSL certificate on your device, simply open a new tab to apply the changes. If this does not work, quit and restart Safari. You can now securely navigate to the LAN address for your Embassy! \ No newline at end of file +Once you have completed the steps to install a SSL certificate on your device, simply open a new tab to apply the changes. If this does not work, quit and restart Safari. You can now securely navigate to the LAN address for your Embassy! diff --git a/source/user-manual/general/lan-setup/desktop.rst b/source/user-manual/general/lan-setup/desktop.rst index ec7fb99..ac1470b 100644 --- a/source/user-manual/general/lan-setup/desktop.rst +++ b/source/user-manual/general/lan-setup/desktop.rst @@ -1,204 +1,9 @@ -******** +******* Desktop -******** - -Operating Systems -================= - -MacOS ------ - -#. Visit your Embassy at its Tor Address. - -#. Navigate to --> Embassy --> Connect Over LAN - - .. figure:: /_static/images/embassy_lan_setup.png - :width: 90% - :alt: LAN setup menu item - - Select the "Connect over LAN" menu item - -#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. - - .. figure:: /_static/images/secure_lan_setup_page.png - :width: 90% - :alt: LAN setup page - - Select the "Root Certificate Authority" sub menu - -#. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded. - - .. figure:: /_static/images/secure_lan_setup_prompt.png - :width: 90% - :alt: LAN setup prompt - - Open with "Keychain Access" and select "OK" - -#. Enter your computer password when prompted. It will be imported into your computer’s keychain. - - .. figure:: /_static/images/ssl/macos/certificate_untrusted.png - :width: 90% - :alt: Keychain access import menu - - Keychain access import menu - -#. If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it. - -#. Navigate to the "System" tab and find the certificate entitled “Embassy Local Root CA”. - -#. Double click on this certificate. A second window will pop up. - -#. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “when using this certificate”. - - .. figure:: /_static/images/ssl/macos/always_trust.png - :width: 90% - :alt: Keychain submenu - - Select "Always trust" under SSL dropdown for Embassy Local CA - -#. Close this window and enter your password to apply the settings. - -#. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access. - - .. figure:: /_static/images/ssl/macos/certificate_trusted.png - :width: 90% - :alt: Keychain menu trusted certificate - - Trusted Embassy Local CA certificate - -#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. - -Windows -------- - -#. Install `Bonjour Print Services `_ on your Windows machine. This is necessary in order to visit .local addresses on Windows. -#. If you are having issues running Bonjour after installing, you might have had Bonjour previously installed. To fix: - - #. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ - #. UNinstall Bonjour completely via ``system settings -> remove programs`` - #. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US) - #. Restart Windows - #. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings. - -#. Visit your Embassy at its Tor Address. - -#. Navigate to --> Embassy --> Connect Over LAN - - .. figure:: /_static/images/embassy_lan_setup.png - :width: 90% - :alt: LAN setup menu item - - Select the "Connect over LAN" menu item - -#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. - - .. figure:: /_static/images/secure_lan_setup_page.png - :width: 90% - :alt: LAN setup page - - Select the "Root Certificate Authority" sub menu download icon - -#. Select the option to save the *Embassy Local CA.crt* file. - - .. figure:: /_static/images/ssl/windows/windows_download_cert.png - :width: 90% - :alt: LAN setup prompt - - "Save file" when Opening Embassy Local CA.crt - -#. On your computer, right-click the “Start” menu and select “Run”. - -#. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run. - - .. figure:: /_static/images/ssl/windows/1_windows_mmc.png - :width: 90% - :alt: Windows MMC - - Access the Windows Management Console - -#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*. - - .. figure:: /_static/images/ssl/windows/2_windows_console_root.png - :width: 90% - :alt: Windows Console Root - - Add Snap-in from Console Root - -#. Select “Certificates” in the left side menu, then “Add”. This will open another window. - - .. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png - :width: 90% - :alt: Add Certificates - - Add Certificates to selected snap-ins - -#. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”. - -#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”. - - .. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png - :width: 90% - :alt: Snap-in Selected - - Certificates (Local Computer) is selected as snap-in - -#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. - - .. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png - :width: 90% - :alt: Certificates in Management Console - - Access Certificates in Management Console - -#. Right click on “Certificates”, then navigate to *All Tasks > Import*. - - .. figure:: /_static/images/ssl/windows/6_windows_import_cert.png - :width: 90% - :alt: Import certificate - - Select "Import" from Certificates sub-menu - -#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”. - - .. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png - :width: 90% - :alt: Import cert wizard - - Add downloaded certificate int he Certificate Import Wizard - -#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. - -#. Select “OK” when the import is successful. - -#. Verify the Embassy Local Root CA certificate is in the “Certificates” folder. - - .. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png - :width: 90% - :alt: Successful cert install - - Embassy Local Root CA imported into Certificate folder - -#. You can save the settings to the console if desired or cancel. - -#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. - - -Linux ------ - -Nothing specific needs to be configured for this environment. Follow the guides below to import the certificate into your desired browser. - -Browsers -======== - -Select the browser you would like to configure to import the certificate from your desktop: +******* .. toctree:: - :hidden: + :maxdepth: 1 - browser - -- :ref:`Brave ` -- :ref:`Chrome ` -- :ref:`Firefox ` -- :ref:`Safari ` \ No newline at end of file + OS Config + Browser Config diff --git a/source/user-manual/general/lan-setup/index.rst b/source/user-manual/general/lan-setup/index.rst index ceadd34..6ccdea8 100644 --- a/source/user-manual/general/lan-setup/index.rst +++ b/source/user-manual/general/lan-setup/index.rst @@ -11,5 +11,5 @@ The guides below will walk you through the steps to install and trust your Embas .. toctree:: :maxdepth: 2 - desktop - mobile \ No newline at end of file + Desktop + Mobile diff --git a/source/user-manual/general/lan-setup/os-config.rst b/source/user-manual/general/lan-setup/os-config.rst new file mode 100644 index 0000000..9bd2a52 --- /dev/null +++ b/source/user-manual/general/lan-setup/os-config.rst @@ -0,0 +1,185 @@ +Operating System Config +======================= + +MacOS +----- + +#. Visit your Embassy at its Tor Address. + +#. Navigate to --> Embassy --> Connect Over LAN + + .. figure:: /_static/images/embassy_lan_setup.png + :width: 90% + :alt: LAN setup menu item + + Select the "Connect over LAN" menu item + +#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. + + .. figure:: /_static/images/secure_lan_setup_page.png + :width: 90% + :alt: LAN setup page + + Select the "Root Certificate Authority" sub menu + +#. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded. + + .. figure:: /_static/images/secure_lan_setup_prompt.png + :width: 90% + :alt: LAN setup prompt + + Open with "Keychain Access" and select "OK" + +#. Enter your computer password when prompted. It will be imported into your computer’s keychain. + + .. figure:: /_static/images/ssl/macos/certificate_untrusted.png + :width: 90% + :alt: Keychain access import menu + + Keychain access import menu + +#. If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it. + +#. Navigate to the "System" tab and find the certificate entitled “Embassy Local Root CA”. + +#. Double click on this certificate. A second window will pop up. + +#. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “when using this certificate”. + + .. figure:: /_static/images/ssl/macos/always_trust.png + :width: 90% + :alt: Keychain submenu + + Select "Always trust" under SSL dropdown for Embassy Local CA + +#. Close this window and enter your password to apply the settings. + +#. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access. + + .. figure:: /_static/images/ssl/macos/certificate_trusted.png + :width: 90% + :alt: Keychain menu trusted certificate + + Trusted Embassy Local CA certificate + +#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. + +Windows +------- + +#. Install `Bonjour Print Services `_ on your Windows machine. This is necessary in order to visit .local addresses on Windows. +#. If you are having issues running Bonjour after installing, you might have had Bonjour previously installed. To fix: + + #. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ + #. UNinstall Bonjour completely via ``system settings -> remove programs`` + #. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US) + #. Restart Windows + #. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings. + +#. Visit your Embassy at its Tor Address. + +#. Navigate to --> Embassy --> Connect Over LAN + + .. figure:: /_static/images/embassy_lan_setup.png + :width: 90% + :alt: LAN setup menu item + + Select the "Connect over LAN" menu item + +#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. + + .. figure:: /_static/images/secure_lan_setup_page.png + :width: 90% + :alt: LAN setup page + + Select the "Root Certificate Authority" sub menu download icon + +#. Select the option to save the *Embassy Local CA.crt* file. + + .. figure:: /_static/images/ssl/windows/windows_download_cert.png + :width: 90% + :alt: LAN setup prompt + + "Save file" when Opening Embassy Local CA.crt + +#. On your computer, right-click the “Start” menu and select “Run”. + +#. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run. + + .. figure:: /_static/images/ssl/windows/1_windows_mmc.png + :width: 90% + :alt: Windows MMC + + Access the Windows Management Console + +#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*. + + .. figure:: /_static/images/ssl/windows/2_windows_console_root.png + :width: 90% + :alt: Windows Console Root + + Add Snap-in from Console Root + +#. Select “Certificates” in the left side menu, then “Add”. This will open another window. + + .. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png + :width: 90% + :alt: Add Certificates + + Add Certificates to selected snap-ins + +#. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”. + +#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”. + + .. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png + :width: 90% + :alt: Snap-in Selected + + Certificates (Local Computer) is selected as snap-in + +#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. + + .. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png + :width: 90% + :alt: Certificates in Management Console + + Access Certificates in Management Console + +#. Right click on “Certificates”, then navigate to *All Tasks > Import*. + + .. figure:: /_static/images/ssl/windows/6_windows_import_cert.png + :width: 90% + :alt: Import certificate + + Select "Import" from Certificates sub-menu + +#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”. + + .. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png + :width: 90% + :alt: Import cert wizard + + Add downloaded certificate int he Certificate Import Wizard + +#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. + +#. Select “OK” when the import is successful. + +#. Verify the Embassy Local Root CA certificate is in the “Certificates” folder. + + .. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png + :width: 90% + :alt: Successful cert install + + Embassy Local Root CA imported into Certificate folder + +#. You can save the settings to the console if desired or cancel. + +#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. + + +Linux +----- + +Nothing specific needs to be configured for this environment. Follow the guides below to import the certificate into your desired browser. From 65e419f801c2fbbfbc8bd2e742356d698a0e2a57 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Wed, 14 Apr 2021 15:17:31 -0600 Subject: [PATCH 03/21] SD backup FAQ added --- source/support/FAQ/usage-faq.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/source/support/FAQ/usage-faq.rst b/source/support/FAQ/usage-faq.rst index df274d2..2d35608 100644 --- a/source/support/FAQ/usage-faq.rst +++ b/source/support/FAQ/usage-faq.rst @@ -52,6 +52,18 @@ Do I need to delete existing backups before doing a new backup? Or does a new ba ------------------------------------------------------------------------------------------------------------- No, you don’t need to delete the old backups. The technology we use updates the existing backup. +Can I clone my Embassy SD card for backup purposes? +--------------------------------------------------- +It is absolutely possible to do a deep clone of the card as a backup if you wish to do so, but there are some considerations when it comes to this. First off, we don't test/support that officially; it doesn't get nearly the same level of attention that the backups feature *within* the Embassy does. Secondly, it may take a while to do a deep clone of the card since the ones we ship are 128GB and there isn't a really effective way to clone the Embassy card that isn't a byte-for-byte copy. However, if you do a byte for byte copy (128GB), and run pishrink you could flash that image file onto a new card and restore all of your data. + +Another thing that must be mentioned, depending on what services you are running, if you are going outside of the Embassy backup flow you should be deeply aware of the implications of restoring backups. For instance, with LND it is *dangerous* to have multiple instances of the same LND node running at once because it can cause your channel funds to be completely lost. So while it would be safe for LND to restore the SD card if the original copy was completely offline, you should be aware that if it isn't offline you can lose all of that money. + +This is not just if you run two embassies. It can also happen if you conduct any lightning activity including letting the commitment fees update. The embassy backup system informs each service when it has been restored through the backup flow so that each service can respond appropriately how it sees fit. At the moment LND and c-lightning both respond to this by deleting their dangerous state. If you restore with a deep clone of the sd, this information is not included and so LND/c-lightning will unwittingly expose themselves to channel fund loss. + +And to be crystal clear, commitment fees update without user action. + +So all in all, if you are running lightning, we strongly advise that you DO NOT DO THIS. + Why would I even buy this when I can just build it for free?? ------------------------------------------------------------- (1) White glove support. Because each Embassy comes with a unique product key engraved on it, and we have a record of all product keys ever, we can ask the user to verify their product key in order to receive a higher tier of support, such as phone calls. From bd3204da7c0be3a7d0ca9c5895e34138f952fb00 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Wed, 14 Apr 2021 15:29:44 -0600 Subject: [PATCH 04/21] Security FAQ added, minor edits --- source/misc-guides/tor-firefox/ios.rst | 5 ++--- source/support/FAQ/setup-faq.rst | 4 ++++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/source/misc-guides/tor-firefox/ios.rst b/source/misc-guides/tor-firefox/ios.rst index bbc1016..b97cff5 100644 --- a/source/misc-guides/tor-firefox/ios.rst +++ b/source/misc-guides/tor-firefox/ios.rst @@ -4,7 +4,6 @@ Setting up Firefox with Tor on iOS ********************************** -Unfortunately, Apple does not allow tor to be run natively on iOS. This means that Firefox cannot be configured to use tor. This leaves 2 options for iOS users: +Unfortunately, Apple does not allow tor to be run natively on iOS. This means that Firefox cannot be configured to use tor. This leaves the following options for iOS users: -#. You can use Start9 Labs' own Consulate Browser, which is available `here `_. -#. You can use another Tor Browser from the app store by searching `here `_. +You can use Start9 Labs' own Consulate Browser, which is available `here `_, or you can select another Tor Browser from the app store by searching `here `_. diff --git a/source/support/FAQ/setup-faq.rst b/source/support/FAQ/setup-faq.rst index 22377de..fc71d7d 100644 --- a/source/support/FAQ/setup-faq.rst +++ b/source/support/FAQ/setup-faq.rst @@ -28,6 +28,10 @@ This is most likely a transient networking issue that will correct itself in a f 3. Restart your router. +Do I need to take any additional security precautions with my device, for example with my router/modem? +------------------------------------------------------------------------------------------------------- +Nothing special is required, however, it is best practice to use good passwords, i.e. for your WiFi and your Embassy. Here's a `comic `_ explaining how to make strong passwords, simply. + What if I have an unique network issue, for example, with a firewall? --------------------------------------------------------------------- The Embassy is designed to work as simply as possible, for as many as possible, while providing the ability to self-host in a private manner. If you have an agressive or custom firewall, or other custom network settings, there is a good chance that addtional configuration may be necessary. We will continue to learn about custom networking issues, update our docs with resources, and help in the community :ref:`channels ` to the best of our ability. From f6f09dd3ff7a7b309a06ecc2e3bbfd57fa469041 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Wed, 14 Apr 2021 16:35:23 -0600 Subject: [PATCH 05/21] Tor Windows Path fix --- source/misc-guides/tor-os/windows.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/misc-guides/tor-os/windows.rst b/source/misc-guides/tor-os/windows.rst index 133a5ba..67ad3cd 100644 --- a/source/misc-guides/tor-os/windows.rst +++ b/source/misc-guides/tor-os/windows.rst @@ -32,7 +32,7 @@ Running Tor on Windows .. code-block:: - sc create tor start=auto binPath="\Tor Browser\Browser\TorBrowser\Tor\tor.exe -nt-service" + sc create tor start=auto binPath="\Browser\TorBrowser\Tor\tor.exe -nt-service" sc start tor #. When you run this, it should look something like this: From a888baa9434a84bc6bd126d1b359be1bf029d204 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Wed, 14 Apr 2021 16:45:00 -0600 Subject: [PATCH 06/21] Fixed sphinx errors --- source/misc-guides/tor-firefox/ios.rst | 2 +- source/misc-guides/tor-os/ios.rst | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/source/misc-guides/tor-firefox/ios.rst b/source/misc-guides/tor-firefox/ios.rst index b97cff5..ad0a5b8 100644 --- a/source/misc-guides/tor-firefox/ios.rst +++ b/source/misc-guides/tor-firefox/ios.rst @@ -6,4 +6,4 @@ Setting up Firefox with Tor on iOS Unfortunately, Apple does not allow tor to be run natively on iOS. This means that Firefox cannot be configured to use tor. This leaves the following options for iOS users: -You can use Start9 Labs' own Consulate Browser, which is available `here `_, or you can select another Tor Browser from the app store by searching `here `_. +You can use Start9 Labs' own Consulate Browser, which is available `here `_, or you can select another Tor Browser by searching the `App Store `_. diff --git a/source/misc-guides/tor-os/ios.rst b/source/misc-guides/tor-os/ios.rst index 4bb6b26..145f372 100644 --- a/source/misc-guides/tor-os/ios.rst +++ b/source/misc-guides/tor-os/ios.rst @@ -1,4 +1,4 @@ -.. _firefox-tor-ios: +.. _tor-ios: ********************* Setting up Tor on iOS @@ -6,5 +6,4 @@ Setting up Tor on iOS Unfortunately, Apple does not allow tor to be run natively on iOS. This means that Firefox cannot be configured to use tor. This leaves 2 options for iOS users: -#. You can use Start9 Labs' own Consulate Browser, which is available `here `_. -#. You can use another Tor Browser from the app store by searching `here `_. +You can use Start9 Labs' own Consulate Browser, which is available `here `_, or you can select another Tor Browser by searching the `App Store `_. From cd6aa71bf659e1d6c2099f3c7d8550b801e8aa35 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Wed, 14 Apr 2021 17:00:16 -0600 Subject: [PATCH 07/21] Reformatting FF Tor Desktop --- source/misc-guides/tor-firefox/desktop.rst | 46 +++++++++++----------- 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/source/misc-guides/tor-firefox/desktop.rst b/source/misc-guides/tor-firefox/desktop.rst index 9f08de9..4c02d91 100644 --- a/source/misc-guides/tor-firefox/desktop.rst +++ b/source/misc-guides/tor-firefox/desktop.rst @@ -17,42 +17,40 @@ Setting up Firefox with Tor on Desktop :width: 80% :alt: Firefox whitelist onions screenshot -On Windows, use the following proxy config file instructions: +4. Create a `Proxy Auto Config` file (advanced) or use our `standard one `_ (recommended), using the OS-specific instructions below: - #. Download a `Proxy Auto Config` file that will use the Tor service to resolve .onion urls. We have one hosted `here `_. Save it somewhere you won’t delete it. For this example: +Windows - .. code-block:: +Download a `Proxy Auto Config` file that will use the Tor service to resolve .onion urls. We have one hosted. Save it somewhere you won’t delete it. For this example: - C:\Program Files\Tor Browser\proxy.pac + .. code-block:: -On Mac, use the following proxy config file instructions: + C:\Program Files\Tor Browser\proxy.pac - #. Open the `Terminal` App on your Mac. You can find it in your list of Applications. +Mac - #. Enter into the terminal: +Open the `Terminal` App on your Mac. You can find it in your list of Applications. In the terminal, enter: - .. code-block:: + .. code-block:: - brew install wget + brew install wget - #. And then: + And then: - .. code-block:: + .. code-block:: - wget -P /usr/local/etc/tor https://registry.start9labs.com/sys/proxy.pac + wget -P /usr/local/etc/tor https://registry.start9labs.com/sys/proxy.pac -On Linux, use the following proxy config file instructions: +Linux - #. Create a `Proxy Auto Config` file (advanced) or use our standard one (recommended): +From a terminal, enter: - #. From a terminal, enter: + .. code-block:: - .. code-block:: - - sudo wget -P /etc/tor https://registry.start9labs.com/sys/proxy.pac + sudo wget -P /etc/tor https://registry.start9labs.com/sys/proxy.pac -4. Now open your Firefox web browser, and select options (Windows), or preferences (Mac/Linux): +5. Now open your Firefox web browser, and select options (Windows), or preferences (Mac/Linux): .. figure:: /_static/images/tor/firefox_options_windows.png :width: 80% @@ -61,13 +59,13 @@ On Linux, use the following proxy config file instructions: Select :menuselection:`Settings --> Options` -5. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`: +6. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`: .. figure:: /_static/images/tor/firefox_search.png :width: 80% :alt: Firefox search screenshot -6. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example: +7. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example: Windows: @@ -87,12 +85,12 @@ Linux: file:///etc/tor/proxy.pac -7. Then, check the box labeled `Proxy DNS when using SOCKS v5`: +8. Then, check the box labeled `Proxy DNS when using SOCKS v5`: .. figure:: /_static/images/tor/firefox_proxy.png :width: 80% :alt: Firefox proxy settings screenshot -8. Click ``OK`` and then restart Firefox for the changes to take effect. +9. Click ``OK`` and then restart Firefox for the changes to take effect. -9. You’re all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin `_. +10. You’re all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin `_. From 8b5f05a4525c586e21b870becf18f561c2d40744 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Tue, 20 Apr 2021 11:39:08 -0600 Subject: [PATCH 08/21] More FAQs --- source/support/FAQ/bitcoin-faq.rst | 20 +++++++++++++++++++- source/support/FAQ/usage-faq.rst | 4 ++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/source/support/FAQ/bitcoin-faq.rst b/source/support/FAQ/bitcoin-faq.rst index dad04b7..bcbada3 100644 --- a/source/support/FAQ/bitcoin-faq.rst +++ b/source/support/FAQ/bitcoin-faq.rst @@ -70,6 +70,24 @@ Bitcoin Wallet Tracker and Electrum Personal Server are 2 services that do the s Both work with your Bitcoin node to provide a richer set of information to wallets than could be done with bitcoind alone. They are basically identical in purpose, their differences are notably in the software memory requirements and how snappily they can answer the same questions. Electrum (and some other wallets) require more than just a Bitcoin node to run in a sovereign way, they require an “Electrum Server”. Both Electrum Personal Server and Bitcoin Wallet Tracker are “Electrum servers”. +I want to use my hardware signer, such as Coldcard or Trezor with my Embassy. How does this work? +-------------------------------------------------------------------------------------------------- +You do not use hardware signers directly with your node. Hardware signers interface with wallets, and wallets interface with nodes. + +Node (Embassy) <— Wallet (Specter, Sparrow, Electrum) <— Hardware signer (Coldcard, Trezor) + +You would use your hardware with your wallet, then instruct that wallet to use Embassy as its node. + +- Nodes are for interacting with the Bitcoin network: enforcing consensus rules, validating and relaying blocks/transactions, and broadcasting transactions. + +- Wallets are for constructing and viewing transactions, as well as generating addresses. + +- Signers are for generating and storing keys, as well as signing transactions. + +The reason there is so much confusion about these 3 concepts is that the Bitcoin Core Node comes with its own Wallet (which you should not use), and that wallet is also a signer. In fact, most wallets double as signers, and most wallets do NOT support connecting to your own node. So, most wallets are actually serving as a wallet, a node, and a signer, which might be convenient, but it is neither trustless nor maximally secure. Ideally, you are using a wallet that supports both integrating with a hardware signer (like Coldcard or Trezor) AND a backend node (like on the Embassy). + +Please note: of the wallets listed (Specter/Sparrow/Electrum), only Specter is currently able to use Embassy as it's node, but the other two should be available soon. + Which wallets can I use that sync with my Embassy Bitcoin node? --------------------------------------------------------------- There are many wallets that support linking to your own full node. You will need one that supports tor. Here are a few options that are compatible: FullyNoded, Samourai, Specter, Wasabi, Zap, and Zeus. @@ -96,7 +114,7 @@ All LND backups are best done via the Embassy backup flow. It is not supported To clarify some of the reasons for this choice: -First off, Lightning is fundamentally different than on-chain/Layer1(L1) bitcoin. There is no way to compress all of that information down into a single 24 word seed in such a way that it will continue to work throughout your usage of the Lightning Network. +First off, Lightning is fundamentally different than on-chain/Layer1(L1) bitcoin. There is no way to compress all of that information down into a single 24 word seed in such a way that it will continue to work throughout your usage of the Lightning Network. So, what is the LND seed *for*? In short, the seed is only used for the Layer1 portion of the funds you have locked up in LND. Due to the live nature of LND and lightning nodes in general, we tend to discourage keeping any significant amounts of money in the onchain portion of your wallet. Given that we cannot actually recover the Layer2(L2) funds with that seed, we needed to have a more holistic way to backup LND funds such that the backup would encompass the ability to get L2 funds back. The Embassy backup system does this, and this approach also happens to be a perfectly valid backup of your L1 funds as well. While Bitcoin users have been trained that the 24 word seed can be used to recover all of their funds, it is important to state that lightning does not and cannot work this way. Exposing the seed gives you two separate things to keep track of in order to recover your funds instead of just one. diff --git a/source/support/FAQ/usage-faq.rst b/source/support/FAQ/usage-faq.rst index 62474c5..5474fee 100644 --- a/source/support/FAQ/usage-faq.rst +++ b/source/support/FAQ/usage-faq.rst @@ -48,6 +48,10 @@ Can I have multiple users on my Embassy? ---------------------------------------- Currently, the Embassy itself is designed to for a single user. There is no way to grant others access to your Embassy without sharing your personal, master password, which is not recommended. There are certain services, however, such as Bitwarden, File Browser, and Mastodon, that absolutely support multiple users (aka multi-tenancy, aka uncle Jim model) where people who trust you can create their own, personal accounts for these services on your Embassy. Just remind them that they are trusting you with their data, and that it might be preferable for them to take the final leap of self-sovereignty and get an Embassy of their own. +What can I do if I am having issues connecting to an Android app? +----------------------------------------------------------------- +Unfortunately, Orbot can be finicky, and therefore the best solution to Android issues is normally to restart Orbot, or to reboot the phone. This will solve most common problems. + Do I need to delete existing backups before doing a new backup? Or does a new backup override the old backup? ------------------------------------------------------------------------------------------------------------- No, you don’t need to delete the old backups. The technology we use updates the existing backup. From bbe74f41580f2ca3bec634862c3c5e616bd47764 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Tue, 20 Apr 2021 11:50:50 -0600 Subject: [PATCH 09/21] Sphinx update, minor edits --- source/support/FAQ/bitcoin-faq.rst | 14 ++++++++++---- source/support/FAQ/services-faq.rst | 6 +----- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/source/support/FAQ/bitcoin-faq.rst b/source/support/FAQ/bitcoin-faq.rst index bcbada3..583a73a 100644 --- a/source/support/FAQ/bitcoin-faq.rst +++ b/source/support/FAQ/bitcoin-faq.rst @@ -46,8 +46,8 @@ The commitment fees are automatically negotiated every few blocks with your peer What would happen if I shut down an Embassy that is running a Lightning node with open channels? ------------------------------------------------------------------------------------------------ -It is REALLY IMPORTANT that people understand that if they shut off their Lightning services for long periods of time (days on end) it is possible for your peers to cheat you out of money. If you are not prepared to LOSE ALL THE MONEY IN YOUR CHANNELS, KEEP YOUR NODE RUNNING. -That said, malicious actors on the network right now are probably sparse, however you are still open to that risk if you do not keep your node online. +It is REALLY IMPORTANT to understand that if Lightning services are shut off for long periods of time (days on end) it is possible for your peers to cheat you out of money. If you are not prepared to LOSE ALL THE MONEY IN YOUR CHANNELS, KEEP YOUR NODE RUNNING. +That said, malicious actors on the network right now are probably sparse. However, you are still open to that risk if you do not keep your node online. Is there a solution to this? ---------------------------- @@ -70,8 +70,8 @@ Bitcoin Wallet Tracker and Electrum Personal Server are 2 services that do the s Both work with your Bitcoin node to provide a richer set of information to wallets than could be done with bitcoind alone. They are basically identical in purpose, their differences are notably in the software memory requirements and how snappily they can answer the same questions. Electrum (and some other wallets) require more than just a Bitcoin node to run in a sovereign way, they require an “Electrum Server”. Both Electrum Personal Server and Bitcoin Wallet Tracker are “Electrum servers”. -I want to use my hardware signer, such as Coldcard or Trezor with my Embassy. How does this work? --------------------------------------------------------------------------------------------------- +I want to use my hardware signer, such as Coldcard or Trezor, with my Embassy. How does this work? +--------------------------------------------------------------------------------------------------- You do not use hardware signers directly with your node. Hardware signers interface with wallets, and wallets interface with nodes. Node (Embassy) <— Wallet (Specter, Sparrow, Electrum) <— Hardware signer (Coldcard, Trezor) @@ -92,6 +92,12 @@ Which wallets can I use that sync with my Embassy Bitcoin node? --------------------------------------------------------------- There are many wallets that support linking to your own full node. You will need one that supports tor. Here are a few options that are compatible: FullyNoded, Samourai, Specter, Wasabi, Zap, and Zeus. +Is there a guide for connecting Specter Wallet to my Embassy? +------------------------------------------------------------- +There is. Please follow the integration guide `here `_ and select the tutorial based on your operating system. + +More guides, particularly in video form, are forthcoming. + Is BlueWallet an option? ------------------------ BlueWallet requires a separate backend service called LNDHub, which is not available on the Embassy at this time. diff --git a/source/support/FAQ/services-faq.rst b/source/support/FAQ/services-faq.rst index 0f40152..f0cc6f6 100644 --- a/source/support/FAQ/services-faq.rst +++ b/source/support/FAQ/services-faq.rst @@ -49,7 +49,7 @@ Cups does not have multiple accounts support. Each person would need their own E Is the embassy able to connect to Sphinxchat? --------------------------------------------- -Maybe, but we are also planning to add Sphinxchat to the Embassy directly. +We have added Sphinx as an Embassy service. Please see the announcement `here `_ and check the Marketplace to start using Sphinx! I get an error ("Unlock Wallet Failed") when trying to log in to RTL, what can I do? ------------------------------------------------------------------------------------ @@ -63,10 +63,6 @@ Can the browser extension be used with Bitwarden hosted on the embassy? ----------------------------------------------------------------------- Yes, but only in a tor-enabled browser. Just add your .onion address as the server in the extension. -I heard I can connect Specter Wallet to my Embassy; is there a guide for that? ------------------------------------------------------------------------------- -There is. Please follow the integration guide `here `_ and select the tutorial based on your operating system. - I don't see an answer to my question regarding a certain service. Is there more documentation? ----------------------------------------------------------------------------------------------- While we are intent on providing the most friendly experience possible to our customers, ultimately it will be impossible for Start9 to create documentation and tutorials for every service we make available on the Embassy. Each service *should* have its own documentation produced by the service developers themselves, and we will do our best keep track, consolidate, and link to it. Also, much of the reason good tutorials don't exist is simply because no one in the community has taken the time to produce it. If you come across something useful or write something up yourself, please let us know and we will promote it. Otherwise we will do our best to answer questions as they arise and gradually build out tutorials where they are lacking. From 23389bee34c6cee4501dc590b9e91c8a3024dd96 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Tue, 20 Apr 2021 12:08:22 -0600 Subject: [PATCH 10/21] Added https article, FAQ moves --- source/support/FAQ/embassy-faq.rst | 2 +- source/support/FAQ/general-faq.rst | 18 ++++++++++++++++++ source/support/FAQ/usage-faq.rst | 18 ------------------ 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/source/support/FAQ/embassy-faq.rst b/source/support/FAQ/embassy-faq.rst index f2d2171..f46f89f 100644 --- a/source/support/FAQ/embassy-faq.rst +++ b/source/support/FAQ/embassy-faq.rst @@ -61,4 +61,4 @@ Apps like Bitwarden however do not store plaintext information, so your password Why http and not https for .onion websites? ------------------------------------------- -When visiting a Tor V3 URL (.onion website), your communications are end-to-end encrypted and onion-routed by default. There is no added benefit to using https. +When visiting a Tor V3 URL (.onion website), your communications are end-to-end encrypted and onion-routed by default. There is no added benefit to using https. See this `article `_ from the Tor Project for more details. diff --git a/source/support/FAQ/general-faq.rst b/source/support/FAQ/general-faq.rst index 3d5b525..4f1d968 100644 --- a/source/support/FAQ/general-faq.rst +++ b/source/support/FAQ/general-faq.rst @@ -74,6 +74,24 @@ Is the power supply that comes with Embassy 220v compatible? ------------------------------------------------------------ Yes. +Is the software Open Source? +---------------------------- +Yes! EmbassyOS is open sourced under the `Start9 Personal Use License `_. Some of our other projects are currently open sourced under MIT. You can find these in the Start9 Labs `GitHub repository `_. + +Is there a product warranty? +---------------------------- +Yes! Start9 commits, to the best of our ability, to serving each beta Embassy product released until the wild. We will resolve any issue encountered with our provided hardware or software in a personalized matter. We strive to provide highly available, quality customer service. + +Can you tell me about the License? +---------------------------------- +EmbassyOS is published under our own Start9 Non-Commercial License, which has similar properties to many open source licenses with the exception that users cannot in any way, either through products or services, commercialize the source code, and any changes to the code or derivative works of the code are treated in the same manner. This means people will be welcome to access the source code, download it, use it, run it, fork it, change it, improve it - whatever they want - except sell it or sell services related to it. + +I run a business, can I use an Embassy for tasks such as password management and file sharing? +---------------------------------------------------------------------------------------------- +Absolutely. An Embassy would be a great addition to any business as it is easy to use and provides services that you control, with no subscription fees. + +With the addition of `BTCPay Server `_, you can even run your own payment processor and accept cryptocurrency payments with no third party necessary! + How does pricing work for EmbassyOS? Are you targeting a specific USD price? ----------------------------------------------------------------------------- The price is changed every 2016 blocks, which occurs about every 14 days. And no, the intent is not to tie EmbassyOS to a USD value, though at the moment USD is a convenient proxy for real purchasing power. diff --git a/source/support/FAQ/usage-faq.rst b/source/support/FAQ/usage-faq.rst index 5474fee..f175f5e 100644 --- a/source/support/FAQ/usage-faq.rst +++ b/source/support/FAQ/usage-faq.rst @@ -26,24 +26,6 @@ What’s the advantage of using the .local address over the .onion address? ------------------------------------------------------------------------- If you are in your home network it is both faster and more private since the connection never leaves your household. The downside is that it won’t work if you’re on the go. -Is the software Open Source? ----------------------------- -Yes! EmbassyOS is open sourced under the `Start9 Personal Use License `_. Some of our other projects are currently open sourced under MIT. You can find these in the Start9 Labs `GitHub repository `_. - -Is there a product warranty? ----------------------------- -Yes! Start9 commits, to the best of our ability, to serving each beta Embassy product released until the wild. We will resolve any issue encountered with our provided hardware or software in a personalized matter. We strive to provide highly available, quality customer service. - -Can you tell me about the License? ----------------------------------- -EmbassyOS is published under our own Start9 Non-Commercial License, which has similar properties to many open source licenses with the exception that users cannot in any way, either through products or services, commercialize the source code, and any changes to the code or derivative works of the code are treated in the same manner. This means people will be welcome to access the source code, download it, use it, run it, fork it, change it, improve it - whatever they want - except sell it or sell services related to it. - -I run a business, can I use an Embassy for tasks such as password management and file sharing? ----------------------------------------------------------------------------------------------- -Absolutely. An Embassy would be a great addition to any business as it is easy to use and provides services that you control, with no subscription fees. - -With the addition of `BTCPay Server `_, you can even run your own payment processor and accept cryptocurrency payments with no third party necessary! - Can I have multiple users on my Embassy? ---------------------------------------- Currently, the Embassy itself is designed to for a single user. There is no way to grant others access to your Embassy without sharing your personal, master password, which is not recommended. There are certain services, however, such as Bitwarden, File Browser, and Mastodon, that absolutely support multiple users (aka multi-tenancy, aka uncle Jim model) where people who trust you can create their own, personal accounts for these services on your Embassy. Just remind them that they are trusting you with their data, and that it might be preferable for them to take the final leap of self-sovereignty and get an Embassy of their own. From a234c660eec5e1f0ac237d5bc4f45a305f7e9be8 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Fri, 23 Apr 2021 10:55:20 -0600 Subject: [PATCH 11/21] Added Tor Browser FAQ --- source/support/FAQ/usage-faq.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source/support/FAQ/usage-faq.rst b/source/support/FAQ/usage-faq.rst index f175f5e..0bc7a86 100644 --- a/source/support/FAQ/usage-faq.rst +++ b/source/support/FAQ/usage-faq.rst @@ -26,6 +26,10 @@ What’s the advantage of using the .local address over the .onion address? ------------------------------------------------------------------------- If you are in your home network it is both faster and more private since the connection never leaves your household. The downside is that it won’t work if you’re on the go. +Can I use the .local addresses over the Tor Browser? +---------------------------------------------------- +Unfortunately, no. The tor browser requires all web visits to first enter the tor network. Once you have entered the tor network there is no way to exit the tor network in such a way that .local/mDNS addresses resolve. + Can I have multiple users on my Embassy? ---------------------------------------- Currently, the Embassy itself is designed to for a single user. There is no way to grant others access to your Embassy without sharing your personal, master password, which is not recommended. There are certain services, however, such as Bitwarden, File Browser, and Mastodon, that absolutely support multiple users (aka multi-tenancy, aka uncle Jim model) where people who trust you can create their own, personal accounts for these services on your Embassy. Just remind them that they are trusting you with their data, and that it might be preferable for them to take the final leap of self-sovereignty and get an Embassy of their own. From a4cb088d2f7e8d9de0fdfa94652be34fac8c7698 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Mon, 26 Apr 2021 08:56:08 -0600 Subject: [PATCH 12/21] Added steps for Tor install errors on Windows --- source/misc-guides/tor-os/windows.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/source/misc-guides/tor-os/windows.rst b/source/misc-guides/tor-os/windows.rst index 9af4a0c..ac0363f 100644 --- a/source/misc-guides/tor-os/windows.rst +++ b/source/misc-guides/tor-os/windows.rst @@ -35,6 +35,18 @@ Running Tor on Windows sc create tor start=auto binPath="\Browser\TorBrowser\Tor\tor.exe -nt-service" sc start tor + .. note:: If you get the error "Access denied," please ensure you are running the command prompt in Administrator mode. You can tell because the prompt will show C:\\Users\\YOUR-USERNAME> if you are NOT in admin mode, and it will show C:\\WINDOWS\\system32 if you ARE in admin mode. + + .. note:: If you get the error "The specified service already exists," complete the following steps: + #. Run the command: + + .. code-block:: + + sc delete tor + + #. Uninstall the Tor Browser, following the steps `here `_. + #. Begin this guide again from the beginning. + #. When you run this, it should look something like this: .. figure:: /_static/images/tor/tor_windows_terminal.png From c8e4835ebf006548059df1e1c44a36e45a2fcdca Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Mon, 26 Apr 2021 09:19:52 -0600 Subject: [PATCH 13/21] Typo fix --- source/misc-guides/tor-os/windows.rst | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/source/misc-guides/tor-os/windows.rst b/source/misc-guides/tor-os/windows.rst index ac0363f..b1139e2 100644 --- a/source/misc-guides/tor-os/windows.rst +++ b/source/misc-guides/tor-os/windows.rst @@ -38,14 +38,15 @@ Running Tor on Windows .. note:: If you get the error "Access denied," please ensure you are running the command prompt in Administrator mode. You can tell because the prompt will show C:\\Users\\YOUR-USERNAME> if you are NOT in admin mode, and it will show C:\\WINDOWS\\system32 if you ARE in admin mode. .. note:: If you get the error "The specified service already exists," complete the following steps: - #. Run the command: - + + 1. Run the command: + .. code-block:: sc delete tor - #. Uninstall the Tor Browser, following the steps `here `_. - #. Begin this guide again from the beginning. + 2. Uninstall the Tor Browser, following the steps `here `_. + 3. Begin this guide again from the beginning. #. When you run this, it should look something like this: From da216d05995e150d848fe511eacbfad05d7de040 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Mon, 26 Apr 2021 10:17:43 -0600 Subject: [PATCH 14/21] Expand FAQ toc --- source/support/FAQ/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/support/FAQ/index.rst b/source/support/FAQ/index.rst index a28af45..4bc00b3 100644 --- a/source/support/FAQ/index.rst +++ b/source/support/FAQ/index.rst @@ -5,7 +5,7 @@ Frequently Asked Questions A collection of common questions and concerns from our community. .. toctree:: - :maxdepth: 1 + :maxdepth: 2 general-faq embassy-faq From f84bbddeaa3b0f5f679f3865c99f8f130bbd6e93 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Mon, 26 Apr 2021 15:13:11 -0600 Subject: [PATCH 15/21] Added homepage link under left nav --- source/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/conf.py b/source/conf.py index d17a295..e70bf65 100644 --- a/source/conf.py +++ b/source/conf.py @@ -59,7 +59,7 @@ html_theme_options = { "use_edit_page_button": True, "use_issues_button": True, "use_repository_button": True, - "extra_navbar": "", + "extra_navbar": "Powered by Start9", # Will be displayed underneath the left navbar", "show_navbar_depth": 1, "use_download_button": False, "use_edit_page_button": True, From de47fa5b3d92d51567bca0735851239df7f84fc6 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Wed, 28 Apr 2021 15:37:41 -0600 Subject: [PATCH 16/21] Clarified Linux LAN setup instruction --- .../general/lan-setup/computer-setup.rst | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/source/user-manual/general/lan-setup/computer-setup.rst b/source/user-manual/general/lan-setup/computer-setup.rst index 960459b..b246f1b 100644 --- a/source/user-manual/general/lan-setup/computer-setup.rst +++ b/source/user-manual/general/lan-setup/computer-setup.rst @@ -184,4 +184,24 @@ Windows Linux ----- -Nothing specific needs to be configured for this environment. Open your favorite browser to import this certificate and follow the steps for :ref:`browser setup `. +Nothing specific needs to be configured for this environment, you just need the certificate from your Embassy. + +#. Visit your Embassy at its Tor Address. + +#. Navigate to --> Embassy --> Connect Over LAN + + .. figure:: /_static/images/embassy_lan_setup.png + :width: 90% + :alt: LAN setup menu item + + Select the "Connect over LAN" menu item + +#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. + + .. figure:: /_static/images/secure_lan_setup_page.png + :width: 90% + :alt: LAN setup page + + Select the "Root Certificate Authority" sub menu + +Then open your favorite browser to import this certificate and follow the steps for :ref:`browser setup `. From 530ae35363ec18abf641d601cc4ea1662c01bb40 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Thu, 29 Apr 2021 07:53:31 -0600 Subject: [PATCH 17/21] Minor typo --- source/user-manual/general/lan-setup/computer-setup.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/user-manual/general/lan-setup/computer-setup.rst b/source/user-manual/general/lan-setup/computer-setup.rst index b246f1b..a45fdb2 100644 --- a/source/user-manual/general/lan-setup/computer-setup.rst +++ b/source/user-manual/general/lan-setup/computer-setup.rst @@ -184,7 +184,7 @@ Windows Linux ----- -Nothing specific needs to be configured for this environment, you just need the certificate from your Embassy. +Nothing specific needs to be configured for this environment, so you just need the certificate from your Embassy. #. Visit your Embassy at its Tor Address. From f034cf9ae5963e520da8da9c9a00289f4d3ca784 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Thu, 29 Apr 2021 15:10:03 -0600 Subject: [PATCH 18/21] Further FAQ additions --- source/support/FAQ/bitcoin-faq.rst | 2 +- source/support/FAQ/services-faq.rst | 6 ++++++ source/support/FAQ/usage-faq.rst | 5 +++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/source/support/FAQ/bitcoin-faq.rst b/source/support/FAQ/bitcoin-faq.rst index 583a73a..528462c 100644 --- a/source/support/FAQ/bitcoin-faq.rst +++ b/source/support/FAQ/bitcoin-faq.rst @@ -26,7 +26,7 @@ It is fully validating and verifying consensus all the way from Genesis. Really, What actions, specifically, are only possible with an archival, or ‘unpruned’ node? ----------------------------------------------------------------------------------- -The more sophisticated the blockchain analysis being done is, the more index data is required, which will increase the system resources required. For example, if you wanted to run a block explorer, you would require not only a full archival node, but also a full transaction index. +The more sophisticated the blockchain analysis being done is, the more index data is required, which will increase the system resources required. For example, if you wanted to run a block explorer, you would require not only a full archival node, but also a full transaction index. So, specifically, at this time, a full archival node is required for running an Electrum server, a block explorer, and for doing advanced chainalysis in general. Is it insecure to run a pruned node? ------------------------------------ diff --git a/source/support/FAQ/services-faq.rst b/source/support/FAQ/services-faq.rst index f0cc6f6..ac0c2a8 100644 --- a/source/support/FAQ/services-faq.rst +++ b/source/support/FAQ/services-faq.rst @@ -63,6 +63,12 @@ Can the browser extension be used with Bitwarden hosted on the embassy? ----------------------------------------------------------------------- Yes, but only in a tor-enabled browser. Just add your .onion address as the server in the extension. +I want to use BTCPayServer on my website, but Tor is the only option, how can visitors access my BTCPay on clearnet? +-------------------------------------------------------------------------------------------------------------------- +As the Embassy produces a Tor Hidden Service for each service, BTCPayServer is only available via Tor by default. For a brick and mortar business, this is no problem as you can use your own device for a customer to pay you on. If you run your own website, it is possible to set up a reverse proxy in order to serve BTCPay content to your clearnet visitors. A guide to doing this is available in the `BTCPayServer docs `_. + +We understand that this can be a frustrating limitation, and adding clearnet support is high on our list of priorities for the Embassy. This will allow a number of services to have better interoperability with the broader Web. + I don't see an answer to my question regarding a certain service. Is there more documentation? ----------------------------------------------------------------------------------------------- While we are intent on providing the most friendly experience possible to our customers, ultimately it will be impossible for Start9 to create documentation and tutorials for every service we make available on the Embassy. Each service *should* have its own documentation produced by the service developers themselves, and we will do our best keep track, consolidate, and link to it. Also, much of the reason good tutorials don't exist is simply because no one in the community has taken the time to produce it. If you come across something useful or write something up yourself, please let us know and we will promote it. Otherwise we will do our best to answer questions as they arise and gradually build out tutorials where they are lacking. diff --git a/source/support/FAQ/usage-faq.rst b/source/support/FAQ/usage-faq.rst index 7943b36..78168f2 100644 --- a/source/support/FAQ/usage-faq.rst +++ b/source/support/FAQ/usage-faq.rst @@ -29,6 +29,11 @@ If you are in your home network it is both faster and more private since the con Can I use the .local addresses over the Tor Browser? ---------------------------------------------------- Unfortunately, no. The tor browser requires all web visits to first enter the tor network. Once you have entered the tor network there is no way to exit the tor network in such a way that .local/mDNS addresses resolve. + +Can I not use .local addresses on Android? Why not? +---------------------------------------------------- +Unfortunately, no. Google has not included support for .local addresses via mDNS for Android. + Is the software Open Source? ---------------------------- Yes! EmbassyOS is open sourced under the `Start9 Personal Use License `_. Some of our other projects are currently open sourced under MIT. You can find these in the Start9 Labs `GitHub repository `_. From 2fbbdb41ddf51a36bc38ddb44bbde2722eae5499 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Mon, 3 May 2021 11:13:04 -0600 Subject: [PATCH 19/21] Added setup verbosity --- source/support/FAQ/setup-faq.rst | 4 ++-- source/user-manual/initial-setup.rst | 8 +++++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/source/support/FAQ/setup-faq.rst b/source/support/FAQ/setup-faq.rst index fc71d7d..7f2eb7c 100644 --- a/source/support/FAQ/setup-faq.rst +++ b/source/support/FAQ/setup-faq.rst @@ -4,11 +4,11 @@ Setup and Troubleshooting What do I do first? ------------------- -Simply plug the device into power and internet, typically from your home internet router. That's it! After this, get the :ref:`Setup App `, and follow the instructions. +Simply plug the device into power and internet, most easily by using an empty ethernet port on your home internet router. That's it! After this, get the :ref:`Setup App `, and follow the instructions. How do I know if my Embassy is running? --------------------------------------- -After plugging into power and internet, you will hear 2 distinct sounds: first, a “bep” ‐ indicating the device is powering on, and second, a “chime” ‐ indicating the device is ready for setup. +After plugging into power and your router, you will hear 2 distinct sounds: first, a “bep” ‐ indicating the device is powering on, and second, a “chime” ‐ indicating the device is ready for setup. What if I can't connect to my Embassy? -------------------------------------- diff --git a/source/user-manual/initial-setup.rst b/source/user-manual/initial-setup.rst index da9fda5..e5faf3a 100644 --- a/source/user-manual/initial-setup.rst +++ b/source/user-manual/initial-setup.rst @@ -16,9 +16,9 @@ Download the Setup App Power On ======== -Connect your Embassy to power and Ethernet. +Connect your Embassy to power and Internet, normally using an ethernet port on your home Internet router. -.. note:: to avoid networking issues, it is recommended to use your primary router, not an extender or mesh router. +.. note:: To avoid networking issues, it is recommended to use your primary router, not an extender or mesh router. You will hear 2 distinct sounds: @@ -28,7 +28,9 @@ You will hear 2 distinct sounds: Claim Your Embassy ================== -1. Ensure your phone is connected to the same WiFi network as your router. +1. Ensure your phone is connected to the same WiFi network as your router. + +.. warning:: Sometmies a router will have a "guest WiFi network," which might be different than the network your Embassy is placed on via ethernet. 2. Inside the Setup App, enter the product key located on the bottom of your Embassy From 4c227fe9a31475b1df7845c46cf86102a26a9663 Mon Sep 17 00:00:00 2001 From: kn0wmad Date: Mon, 3 May 2021 14:04:27 -0600 Subject: [PATCH 20/21] Added LND error FAQ --- source/support/FAQ/bitcoin-faq.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source/support/FAQ/bitcoin-faq.rst b/source/support/FAQ/bitcoin-faq.rst index 528462c..cc5c654 100644 --- a/source/support/FAQ/bitcoin-faq.rst +++ b/source/support/FAQ/bitcoin-faq.rst @@ -136,6 +136,10 @@ Check the LND logs, it can take a while to bootstrap, and starting RTL before th --------------------------------------------------------------------------------------------------- You may need to restart the LND Service. +I get the following error from LND: "Error ECONNREFUSED Fetching Info Failed! Unknown Error." What's wrong? +----------------------------------------------------------------------------------------------------------- +LND is waiting for Bitcoin to completely sync, and then needs to catch up on block scanning itself. This may take several minutes, and in some cases might require a restart of the LND service. Do this if the process takes more than 5-10min. + What's the best way to move a small lightning balance? ------------------------------------------------------ It is possible to have lightning balances that are so low that they will not (or barely will) cover the on-chain fees to recoup into an on-chain wallet. From 0e40343b1b0a41551af52a83207070dd78d86328 Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Mon, 3 May 2021 17:09:40 -0600 Subject: [PATCH 21/21] fxing typos and removing duplicate page --- source/conf.py | 2 +- source/misc-guides/tor-os/windows.rst | 4 +- source/support/FAQ/bitcoin-faq.rst | 10 +- source/support/FAQ/general-faq.rst | 2 +- source/support/FAQ/usage-faq.rst | 2 +- .../general/lan-setup/os-config.rst | 185 ------------------ 6 files changed, 10 insertions(+), 195 deletions(-) delete mode 100644 source/user-manual/general/lan-setup/os-config.rst diff --git a/source/conf.py b/source/conf.py index e70bf65..7886234 100644 --- a/source/conf.py +++ b/source/conf.py @@ -59,7 +59,7 @@ html_theme_options = { "use_edit_page_button": True, "use_issues_button": True, "use_repository_button": True, - "extra_navbar": "Powered by Start9", # Will be displayed underneath the left navbar", + "extra_navbar": "Powered by Start9", # Will be displayed underneath the left navbar" "show_navbar_depth": 1, "use_download_button": False, "use_edit_page_button": True, diff --git a/source/misc-guides/tor-os/windows.rst b/source/misc-guides/tor-os/windows.rst index b1139e2..a6a6fc0 100644 --- a/source/misc-guides/tor-os/windows.rst +++ b/source/misc-guides/tor-os/windows.rst @@ -45,8 +45,8 @@ Running Tor on Windows sc delete tor - 2. Uninstall the Tor Browser, following the steps `here `_. - 3. Begin this guide again from the beginning. + 1. Uninstall the Tor Browser, following `these steps `_. + 2. Begin this guide again from the beginning. #. When you run this, it should look something like this: diff --git a/source/support/FAQ/bitcoin-faq.rst b/source/support/FAQ/bitcoin-faq.rst index cc5c654..85bd7f8 100644 --- a/source/support/FAQ/bitcoin-faq.rst +++ b/source/support/FAQ/bitcoin-faq.rst @@ -26,7 +26,7 @@ It is fully validating and verifying consensus all the way from Genesis. Really, What actions, specifically, are only possible with an archival, or ‘unpruned’ node? ----------------------------------------------------------------------------------- -The more sophisticated the blockchain analysis being done is, the more index data is required, which will increase the system resources required. For example, if you wanted to run a block explorer, you would require not only a full archival node, but also a full transaction index. So, specifically, at this time, a full archival node is required for running an Electrum server, a block explorer, and for doing advanced chainalysis in general. +The more sophisticated the blockchain analysis being done is, the more index data is required, which will increase the system resources required. For example, if you wanted to run a block explorer, you would require not only a full archival node, but also a full transaction index. So, specifically, at this time, a full archival node is required for running an Electrum server, a block explorer, and for doing advanced chain analysis in general. Is it insecure to run a pruned node? ------------------------------------ @@ -47,7 +47,7 @@ The commitment fees are automatically negotiated every few blocks with your peer What would happen if I shut down an Embassy that is running a Lightning node with open channels? ------------------------------------------------------------------------------------------------ It is REALLY IMPORTANT to understand that if Lightning services are shut off for long periods of time (days on end) it is possible for your peers to cheat you out of money. If you are not prepared to LOSE ALL THE MONEY IN YOUR CHANNELS, KEEP YOUR NODE RUNNING. -That said, malicious actors on the network right now are probably sparse. However, you are still open to that risk if you do not keep your node online. +That said, malicious actors on the network right now are probably sparse. However, you are still open to that risk if you do not keep your node online. Is there a solution to this? ---------------------------- @@ -76,7 +76,7 @@ You do not use hardware signers directly with your node. Hardware signers interf Node (Embassy) <— Wallet (Specter, Sparrow, Electrum) <— Hardware signer (Coldcard, Trezor) -You would use your hardware with your wallet, then instruct that wallet to use Embassy as its node. +You would use your hardware signee with your wallet, then instruct that wallet to use Embassy as its node. - Nodes are for interacting with the Bitcoin network: enforcing consensus rules, validating and relaying blocks/transactions, and broadcasting transactions. @@ -90,7 +90,7 @@ Please note: of the wallets listed (Specter/Sparrow/Electrum), only Specter is c Which wallets can I use that sync with my Embassy Bitcoin node? --------------------------------------------------------------- -There are many wallets that support linking to your own full node. You will need one that supports tor. Here are a few options that are compatible: FullyNoded, Samourai, Specter, Wasabi, Zap, and Zeus. +There are many wallets that support linking to your own full node. You will need one that supports Tor. Here are a few options that are compatible: FullyNoded, Samourai, Specter, Wasabi, Zap, and Zeus. Is there a guide for connecting Specter Wallet to my Embassy? ------------------------------------------------------------- @@ -138,7 +138,7 @@ You may need to restart the LND Service. I get the following error from LND: "Error ECONNREFUSED Fetching Info Failed! Unknown Error." What's wrong? ----------------------------------------------------------------------------------------------------------- -LND is waiting for Bitcoin to completely sync, and then needs to catch up on block scanning itself. This may take several minutes, and in some cases might require a restart of the LND service. Do this if the process takes more than 5-10min. +LND is waiting for Bitcoin to completely sync, and then needs to catch up on block scanning itself. This may take several minutes, and in some cases might require a restart of the LND service. Do this if the process takes more than 5-10 minutes. What's the best way to move a small lightning balance? ------------------------------------------------------ diff --git a/source/support/FAQ/general-faq.rst b/source/support/FAQ/general-faq.rst index 4f1d968..3ecce31 100644 --- a/source/support/FAQ/general-faq.rst +++ b/source/support/FAQ/general-faq.rst @@ -80,7 +80,7 @@ Yes! EmbassyOS is open sourced under the `Start9 Personal Use License Embassy --> Connect Over LAN - - .. figure:: /_static/images/embassy_lan_setup.png - :width: 90% - :alt: LAN setup menu item - - Select the "Connect over LAN" menu item - -#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. - - .. figure:: /_static/images/secure_lan_setup_page.png - :width: 90% - :alt: LAN setup page - - Select the "Root Certificate Authority" sub menu - -#. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded. - - .. figure:: /_static/images/secure_lan_setup_prompt.png - :width: 90% - :alt: LAN setup prompt - - Open with "Keychain Access" and select "OK" - -#. Enter your computer password when prompted. It will be imported into your computer’s keychain. - - .. figure:: /_static/images/ssl/macos/certificate_untrusted.png - :width: 90% - :alt: Keychain access import menu - - Keychain access import menu - -#. If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it. - -#. Navigate to the "System" tab and find the certificate entitled “Embassy Local Root CA”. - -#. Double click on this certificate. A second window will pop up. - -#. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “when using this certificate”. - - .. figure:: /_static/images/ssl/macos/always_trust.png - :width: 90% - :alt: Keychain submenu - - Select "Always trust" under SSL dropdown for Embassy Local CA - -#. Close this window and enter your password to apply the settings. - -#. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access. - - .. figure:: /_static/images/ssl/macos/certificate_trusted.png - :width: 90% - :alt: Keychain menu trusted certificate - - Trusted Embassy Local CA certificate - -#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. - -Windows -------- - -#. Install `Bonjour Print Services `_ on your Windows machine. This is necessary in order to visit .local addresses on Windows. -#. If you are having issues running Bonjour after installing, you might have had Bonjour previously installed. To fix: - - #. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ - #. UNinstall Bonjour completely via ``system settings -> remove programs`` - #. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US) - #. Restart Windows - #. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings. - -#. Visit your Embassy at its Tor Address. - -#. Navigate to --> Embassy --> Connect Over LAN - - .. figure:: /_static/images/embassy_lan_setup.png - :width: 90% - :alt: LAN setup menu item - - Select the "Connect over LAN" menu item - -#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. - - .. figure:: /_static/images/secure_lan_setup_page.png - :width: 90% - :alt: LAN setup page - - Select the "Root Certificate Authority" sub menu download icon - -#. Select the option to save the *Embassy Local CA.crt* file. - - .. figure:: /_static/images/ssl/windows/windows_download_cert.png - :width: 90% - :alt: LAN setup prompt - - "Save file" when Opening Embassy Local CA.crt - -#. On your computer, right-click the “Start” menu and select “Run”. - -#. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run. - - .. figure:: /_static/images/ssl/windows/1_windows_mmc.png - :width: 90% - :alt: Windows MMC - - Access the Windows Management Console - -#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*. - - .. figure:: /_static/images/ssl/windows/2_windows_console_root.png - :width: 90% - :alt: Windows Console Root - - Add Snap-in from Console Root - -#. Select “Certificates” in the left side menu, then “Add”. This will open another window. - - .. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png - :width: 90% - :alt: Add Certificates - - Add Certificates to selected snap-ins - -#. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”. - -#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”. - - .. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png - :width: 90% - :alt: Snap-in Selected - - Certificates (Local Computer) is selected as snap-in - -#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. - - .. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png - :width: 90% - :alt: Certificates in Management Console - - Access Certificates in Management Console - -#. Right click on “Certificates”, then navigate to *All Tasks > Import*. - - .. figure:: /_static/images/ssl/windows/6_windows_import_cert.png - :width: 90% - :alt: Import certificate - - Select "Import" from Certificates sub-menu - -#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”. - - .. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png - :width: 90% - :alt: Import cert wizard - - Add downloaded certificate int he Certificate Import Wizard - -#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. - -#. Select “OK” when the import is successful. - -#. Verify the Embassy Local Root CA certificate is in the “Certificates” folder. - - .. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png - :width: 90% - :alt: Successful cert install - - Embassy Local Root CA imported into Certificate folder - -#. You can save the settings to the console if desired or cancel. - -#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. - - -Linux ------ - -Nothing specific needs to be configured for this environment. Follow the guides below to import the certificate into your desired browser.