Chrome SSL, Brave SSL, concepts, misc edits

2026-03-26 10:21:53 +00:00 · 2022-01-29 01:55:01 -07:00
parent 7b98cc3fc4
commit 5be68f6a40
15 changed files with 91 additions and 51 deletions
--- a/site/03-todo.md
+++ b/site/03-todo.md
@@ -1,35 +1,28 @@
 # ToDo
- [ ] Refactor and update Roadmap
- [ ] Footer links need update (or removal?)
- [ ] Add screenshots and details
- [ ] Verify ALL links (especially in device guides as they are all external)
-    - [ ] Check all menus behave and display as expected (issues cut)
-    - [ ] Verify all TOCs, etc
-    - [ ] Add / verify ALL links in the **UI** go to the right place in docs
- [ ] Update all guides in service repos
- [ ] Address build errors
- [ ] Launch versioned site/docs to start9.com
- [ ] There are many issues that should be closed by 0.3 docs release (some issues await new processes in order to test)
- [ ] Getting Started
-    - Initial Setup
-    - Device-specific Guides <connectivity, performance, resilience and/or tuning>
-        - (after release) create badges for topic boxes
- [ ] Configuration
-    - LAN Setup
-        - Android - Screenshots of LAN setup and verify steps on an Android 12+ device
-        - Chrome
-        - Firefox
- [ ] Tuning
-    - DIY Guide
+- LAN Setup - Android - Screenshots of LAN setup and verify steps on an Android 12+ device
+- Update all guides in service repos
    - Service-specific Guides
- [ ] Alt Market Build Guide
- [ ] Mission / values
- [ ] Backups
+- Verify LAN setup steps on a Mac
+- Verify Tor setup steps on a Mac
+- Add / verify ALL links in the **UI** go to the right place in docs
+- Address build errors
+
+# BLOCKED:
+- Mission / values
+- Initial Setup
+- DIY Guide
+- Possible sounds in troubleshooting (and walkthrough?)
+- Migrations
+- Backups
    - CIFS
        - OS guides for CIFS (screens)
    - Local
    - Restore from backup
- [ ] Migrations
- [ ] Possible sounds in troubleshooting (and walkthrough?)
- [ ] Verify LAN setup steps on a Mac
- [ ] Verify Tor setup steps on a Mac
+- Alt Market Build Guide
+- Refactor and update Roadmap
+- Launch versioned site/docs to start9.com
+- Verify ALL links (especially in device guides as they are all external)
+
+# AFTER PUBLISHING:
+- Create badges for device guide topic boxes <connectivity, performance, resilience and/or tuning>
+- There are many issues that should be closed by 0.3 docs release (some issues await new processes in order to test)
--- a/site/source/_static/images/ssl/browser/chrome_authorities.svg
+++ b/site/source/_static/images/ssl/browser/chrome_authorities.svg
--- a/site/source/_static/images/ssl/browser/chrome_https.svg
+++ b/site/source/_static/images/ssl/browser/chrome_https.svg
--- a/site/source/_static/images/ssl/browser/chrome_s9ca.svg
+++ b/site/source/_static/images/ssl/browser/chrome_s9ca.svg
--- a/site/source/_static/images/ssl/browser/chrome_settings.svg
+++ b/site/source/_static/images/ssl/browser/chrome_settings.svg
--- a/site/source/_static/images/ssl/browser/chrome_trust.svg
+++ b/site/source/_static/images/ssl/browser/chrome_trust.svg
--- a/site/source/learn/concepts/index.rst
+++ b/site/source/learn/concepts/index.rst
@@ -13,5 +13,5 @@ An overview of the ideas and technologies surrounding Start9 Labs and Embassy
  networks
  self-hosting
  embassy
-  software
+  .. software
  bitcoin-lightning
--- a/site/source/learn/concepts/networks.rst
+++ b/site/source/learn/concepts/networks.rst
@@ -38,7 +38,7 @@ This domain is not broadcast outside of your local network, so it is as private

 SSL
 ---
-Visiting websites on the Tor network is slow. We wanted to provide a better option to access the Embassy at home. That’s why we created an address for the Embassy that can be accessed on your Local Area Network.
+Visiting websites on the Tor network is slow. We wanted to provide a better option to access the Embassy at home. That's why we created an address for the Embassy that can be accessed on your Local Area Network.

 By default, this ``.local`` address is served like a regular website, over HTTP. Browsers make it noticeable when visiting a site over HTTP in the URL bar - it could be red, show an unlocked lock, or warn that the connection is not secure.

--- a/site/source/learn/concepts/software.rst
+++ b/site/source/learn/concepts/software.rst
@@ -1,12 +1,12 @@
-.. _software:
+.. .. _software:

-===================
-Associated Software
-===================
+.. ===================
+.. Associated Software
+.. ===================

-.. _firefox:
+.. .. _firefox:

-Firefox
-------
+.. Firefox
+.. -------

-firefox.com
+.. firefox.com
--- a/site/source/support/dev-docs/packaging-example.rst
+++ b/site/source/support/dev-docs/packaging-example.rst
@@ -28,7 +28,7 @@ There are 3 options for this:
 Development Environment
 =======================

-Once you have EOS installed, you'll want to set up your development system set up with the necessary software.
+Once you have EOS installed, you'll want to get your development system set up with the necessary software.

 At minimum you will need the following:
    #. `Docker <https://docs.docker.com/get-docker>`_
--- a/site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-brave.rst
+++ b/site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-brave.rst
@@ -24,16 +24,23 @@ Brave
        :width: 60%
        :alt: Brave Security settings page

-#. If you see a trusted “Embassy Local Root CA”, open a new tab to apply the certificate. If this does not work, quit and restart Brave.
+#. If you **EITHER** see "org-Start9" with a trusted “Embassy Local Root CA” listed under it, open a new tab to apply the certificate. If this does not work, quit and restart Chrome.
+
+    **OR**
+
+#. If you do not see "org-Start9"in the list, ensure the certificate is properly set up on your computer system.  Otherwise, click “Import” and open the downloaded ``Embassy Local Root CA.crt`` file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <lan-os>`.

-#. If you do not see a trusted “Embassy Local Root CA” certificate in the list, ensure the certificate is properly set up on your computer system.

    .. figure:: /_static/images/ssl/browser/brave_view_certs.svg
        :width: 60%
        :alt: Brave Manage Certificates sub-menu on MacOS

+    Check the box for "Trust this certificate for identitying websites" and click "OK"
+
 #. Obtain the LAN address that was provided at the end of your initial Embassy setup, or from the :ref:`Embassy tab<embassy-tab>` -> ``About`` (Under ``Insights``) and enter it in a new tab.

-#. You can now securely navigate to your Embassy over HTTPS!
+    .. tip:: You may need to restart the browser

-.. note:: Additionally, you can start a Brave private window with Tor to visit the Tor address over HTTPS (unnecessary in principle, but will circumvent annoying browser warnings).
+#. You will see a green padlock and ``https://`` to the left of the URL bar.  You can now securely navigate to your Embassy on your :ref:`LAN<lan>` with :ref:`HTTPS<ssl>`!
+
+.. note:: Additionally, you can start a Brave private window with Tor to visit the Tor address over HTTPS (unnecessary in principle, but will circumvent annoying browser warnings).
--- a/site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-chrome.rst
+++ b/site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-chrome.rst
@@ -4,8 +4,46 @@
 Chrome
 ======

-#. Once you have followed the steps to setup your device, open a new tab to apply the certificate. If this does not work, quit and restart Chrome.
+.. caution:: You will first need to complete :ref:`LAN Setup<lan-os>` for your device before continuing.

-#. Obtain the LAN address provided in the Setup App and enter it in the URL bar.
+.. tip:: The following guide also works with Chromium and Vivaldi.

-#. You can now securely navigate to your Embassy over HTTPS!
+#. Open a new tab in Chrome and navigate to ``chrome://settings/certificates``.
+
+    .. figure:: /_static/images/ssl/browser/chrome_settings.svg
+        :width: 60%
+        :alt: Chrome Certificates Settings page
+
+#. Click on the "Authorities" tab.
+
+    .. figure:: /_static/images/ssl/browser/chrome_authorities.svg
+        :width: 60%
+        :alt: Chrome Certificate Authorities page
+
+#. You will **EITHER** see "org-Start9" with a trusted “Embassy Local Root CA” listed under it,
+
+    .. figure:: /_static/images/ssl/browser/chrome_s9ca.svg
+        :width: 60%
+        :alt: Start9 Certificate Authority
+
+    in which case, open a new tab to apply the certificate. If this does not work, quit and restart Chrome.
+
+    **OR**
+
+#. If you do not see "org-Start9"in the list, ensure the certificate is properly set up on your computer system.  Otherwise, click “Import” and open the downloaded ``Embassy Local Root CA.crt`` file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <lan-os>`.
+
+    .. figure:: /_static/images/ssl/browser/chrome_trust.svg
+        :width: 60%
+        :alt: Trust the CA
+
+    Check the box for "Trust this certificate for identitying websites" and click "OK"
+
+#. Obtain the LAN address that was provided at the end of your initial Embassy setup, or from the :ref:`Embassy tab<embassy-tab>` -> ``About`` (Under ``Insights``) and enter it in a new tab.
+
+    .. tip:: You may need to restart the browser
+
+    .. figure:: /_static/images/ssl/browser/chrome_https.svg
+        :width: 60%
+        :alt: Success
+
+#. You will see a green padlock and ``https://`` to the left of the URL bar.  You can now securely navigate to your Embassy on your :ref:`LAN<lan>` with :ref:`HTTPS<ssl>`!
--- a/site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-ff.rst
+++ b/site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-ff.rst
@@ -22,7 +22,7 @@ Firefox

 #. Select the "Authorities" tab from the "Certificate Manager".

-#. Click “Import” and open the downloaded *Embassy Local Root CA.crt* file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <ssl-setup>`.
+#. Click “Import” and open the downloaded ``Embassy Local Root CA.crt`` file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <ssl-setup>`.

 #. When prompted, check “Trust this CA to identity websites” and select “OK”.

--- a/site/source/support/user-manual/configuration/tor-setup/tor-os/tor-linux.rst
+++ b/site/source/support/user-manual/configuration/tor-setup/tor-os/tor-linux.rst
@@ -30,7 +30,7 @@ Linux

                sudo systemctl restart tor

-    .. group-tab:: Arch / Manjaro / Garuda
+    .. group-tab:: Arch / Garuda / Manjaro

        Simply install Tor with:

--- a/site/source/support/user-manual/tuning/advanced-config/ssh-tor.rst
+++ b/site/source/support/user-manual/tuning/advanced-config/ssh-tor.rst
@@ -4,6 +4,8 @@
 SSH Over Tor
 ============

+.. warning:: This is an advanced feature and should be used with caution. Start9 is not responsible for any damage you might cause while using SSH access.
+
 .. note:: The following guide requires that you have already added an `SSH key to your Embassy<ssh-setup>`.

 This is currently only supported on Linux, but may work on Windows with `Torifier <https://torifier.com/>`_.
@@ -21,7 +23,7 @@ Setup

                apt install torsocks

-        .. group-tab:: Arch / Manjaro / Garuda
+        .. group-tab:: Arch / Garuda / Manjaro

            .. code-block:: bash

@@ -33,7 +35,7 @@ Setup

        ssh root@embassy-xxxxxxx.local

-#. Add the following 2 lines to ``/etc/tor/torrc`` **EITHER** by using your preferred text editor:
+#. Add the following 2 lines to ``/etc/tor/torrc`` **EITHER** by using your preferred text editor (such as ``nano`` or ``vim``):

    ``HiddenServiceDir /var/lib/tor/ssh``
    ``HiddenServicePort 22 127.0.0.1:22``