Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-30 20:14:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

a bunch of changes

Browse Source
This commit is contained in:
Matt Hill
2022-02-23 15:58:41 -07:00
parent df6cc9b23f
commit 659ca38d6e
86 changed files with 979 additions and 1215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
site/source/user-manual/connecting/connecting-lan/index.rst Normal file
View File

@@ -0,0 +1,50 @@
.. _connecting-lan:
===================
Connecting Over LAN
===================
Whenever you are connected the same Local Area Network (LAN) as your Embassy (i.e. the same WiFi network), it is best to access your Embassy's LAN Address (.local URL). LAN connections are fast and secure and do not even require Internet access!
.. note:: Your Embassy creates its own Certificate Authority (CA) to establish trust with client devices.
Download Root CA
----------------
First, download your Embassy's Root CA. There are two way to accomplish this:
Option 1
........
Download it from html page you saved at the completion of :ref:`Initial Setup<initial-setup>`.
Option 2
........
visit your Embassy over :ref:`Tor<connecting-tor>` and navigate to *Embassy > LAN*, then click "Download".
.. figure:: /_static/images/ssl/embassy_lan_setup.png
:width: 60%
:alt: LAN setup menu item
Trust Root CA
-------------
First instruct your **operating system** to trust your Embassy's Root CA.
.. toctree::
:maxdepth: 2
lan-os/index
Then instruct your **browser** to trust your Embassy's Root CA.
.. toctree::
:maxdepth: 2
lan-browser/index
Access your Embassy LAN Address
-------------------------------
With the Root CA downloaded and trusted by both your operating system and your browser, you can now visit your Embassy's LAN Address (.local URL) over secure https. Any service that offers a LAN URL will also be securely accessible!

17
site/source/user-manual/connecting/connecting-lan/lan-browser/index.rst Normal file
View File

@@ -0,0 +1,17 @@
.. _lan-browser:
==================
Trust CA - Browser
==================
Instruct your **browser** to trust your Embassy's Root CA.
.. caution:: You will first need to complete :ref:`lan-os` for your device before continuing.
.. toctree::
:maxdepth: 1
Firefox <lan-ff>
Brave <lan-brave>
Chrome <lan-chrome>
Safari <lan-safari>

33
site/source/user-manual/connecting/connecting-lan/lan-browser/lan-brave.rst Normal file
View File

@@ -0,0 +1,33 @@
.. _lan-brave:
=========================
Trust Embassy CA in Brave
=========================
.. caution:: You will first need to complete :ref:`lan-os` for your device before continuing.
#. Open a new tab in Brave and open to "Settings" from the top-right hamburger menu.
.. figure:: /_static/images/ssl/browser/brave_settings.png
:width: 30%
:alt: Brave settings page
#. On the left hand sidebar, select the "Security and Privacy" section, then the "Security" menu item.
.. figure:: /_static/images/ssl/browser/brave_security.png
:width: 60%
:alt: Brave Security and Privacy settings
#. At the bottom of the section, select "Manage Certificates".
.. figure:: /_static/images/ssl/browser/brave_security_settings.png
:width: 60%
:alt: Brave Security settings page
#. If you see "org-Start9" with a trusted “Embassy Local Root CA” listed under it, open a new tab to apply the certificate. If this does not work, quit and restart Brave.
#. If you do not see "org-Start9" in the list, click "Import" and open the downloaded "Embassy Local Root CA.crt" file on your device. Check the box for "Trust this certificate for identifying websites" and click "OK".
.. figure:: /_static/images/ssl/browser/brave_view_certs.png
:width: 60%
:alt: Brave Manage Certificates sub-menu on MacOS

33
site/source/user-manual/connecting/connecting-lan/lan-browser/lan-chrome.rst Normal file
View File

@@ -0,0 +1,33 @@
.. _lan-chrome:
=============================
Trusting Embassy CA in Chrome
=============================
.. caution:: You will first need to complete :ref:`lan-os` for your device before continuing.
.. tip:: The following guide also works with Chromium and Vivaldi.
#. Open a new tab in Chrome and visit *chrome://settings/certificates* in the URL bar.
.. figure:: /_static/images/ssl/browser/chrome_settings.png
:width: 60%
:alt: Chrome Certificates Settings page
#. Click on the "Authorities" tab.
.. figure:: /_static/images/ssl/browser/chrome_authorities.png
:width: 60%
:alt: Chrome Certificate Authorities page
#. If you see "org-Start9" with a trusted “Embassy Local Root CA” listed under it, open a new tab to apply the certificate. If this does not work, quit and restart Chrome.
.. figure:: /_static/images/ssl/browser/chrome_s9ca.png
:width: 60%
:alt: Start9 Certificate Authority
#. If you do not see "org-Start9"in the list, click “Import” and open the downloaded "Embassy Local Root CA.crt" file on your device. Check the box for "Trust this certificate for identifying websites" and click "OK"
.. figure:: /_static/images/ssl/browser/chrome_trust.png
:width: 60%
:alt: Trust the CA

48
site/source/user-manual/connecting/connecting-lan/lan-browser/lan-ff.rst Normal file
View File

@@ -0,0 +1,48 @@
.. _lan-ff:
==============================
Trusting Embassy CA in Firefox
==============================
.. caution:: You will first need to complete :ref:`lan-os` for your device before continuing.
Linux/Mac/Windows
-----------------
#. Open Firefox and in a new tab select "Settings" from the right-hand hamburger menu:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Select “Privacy and Security” from the left hand navigation menu.
#. Scroll all the way to the bottom of the page and select “View Certificates”.
.. figure:: /_static/images/ssl/browser/firefox_security_settings.png
:width: 80%
:alt: Firefox security settings
#. Select the "Authorities" tab from the "Certificate Manager".
#. Click "Import" and open the downloaded "Embassy Local Root CA.crt" file on your device.
#. When prompted, check "Trust this CA to identity websites" and select “OK”.
.. figure:: /_static/images/ssl/browser/firefox_view_certs.png
:width: 80%
:alt: Firefox import cert
#. Ensure the "Embassy Local Root CA" exists under "Start9 Labs". If it does not appear, you may need to close the Certificates pop-up and re-open to refresh the list. Then click “OK” to save.
#. Open a new tab in Firefox to apply the changes. If this does not work, quit and restart Firefox.
Android
-------
#. To setup in Firefox Beta or Fennec, go to *Settings > About Firefox Beta* and tap the Firefox logo several times until it says "Debug menu enabled." Then return to *Settings > Secret Settings* and enable "Use third party CA certificates".
iOS
---
No additional configuration for iOS is required.

7
site/source/user-manual/connecting/connecting-lan/lan-browser/lan-safari.rst Normal file
View File

@@ -0,0 +1,7 @@
.. _lan-safari:
=============================
Trusting Embassy CA In Safari
=============================
Once you have completed the :ref:`lan-os` steps on your device, simply open a new tab to apply the changes. If this does not work, quit and restart Safari. You can now securely navigate to the LAN address for your Embassy!

16
site/source/user-manual/connecting/connecting-lan/lan-os/index.rst Normal file
View File

@@ -0,0 +1,16 @@
.. _lan-os:
=============
Trust CA - OS
=============
Instruct your **operating system** to trust your Embassy's Root CA.
.. toctree::
:maxdepth: 2
Linux <lan-linux>
Mac <lan-mac>
Windows <lan-windows>
Android/Graphene/Calyx <lan-android>
iOS <lan-ios>

13
site/source/user-manual/connecting/connecting-lan/lan-os/lan-android.rst Normal file
View File

@@ -0,0 +1,13 @@
.. _lan-android:
==============================
Trusting Embassy CA on Android
==============================
.. warning:: This is only possible on Android 12+, which is not yet available on Graphene/Calyx.
#. On your Android device, go to *Settings > Security > Advanced > Encryption and Credentials > Install from Storage* and select your "Embassy Local Root CA" certificate.
.. figure:: /_static/images/ssl/android/droidLAN0.png
:width: 30%
:alt: Install certificate

31
site/source/user-manual/connecting/connecting-lan/lan-os/lan-ios.rst Normal file
View File

@@ -0,0 +1,31 @@
.. _lan-ios:
==========================
Trusting Embassy CA on iOS
==========================
#. On your iOS device, go to *Settings > General > Profiles*. Under "Downloaded Profile", click "Embassy Local Root CA"
.. figure:: /_static/images/ssl/ios/ssl_ipad_profiles.png
:width: 40%
:alt: Profiles
#. Click "Install"
.. tip:: You can safely click ``Yes`` for any warning prompts.
.. figure:: /_static/images/ssl/ios/ssl_ipad_install_profile.png
:width: 40%
:alt: Install profile
#. Next, navigate to *General > About > Certificate Trust Settings*.
.. figure:: /_static/images/ssl/ios/ssl_ipad_cert_trust_settings.png
:width: 40%
:alt: Certificate trust settings
#. Under "Enable full trust for root certificates", enable "Embassy Local Root CA".
.. figure:: /_static/images/ssl/ios/ssl_ipad_cert_trust.png
:width: 40%
:alt: Enable full trust

7
site/source/user-manual/connecting/connecting-lan/lan-os/lan-linux.rst Normal file
View File

@@ -0,0 +1,7 @@
.. _lan-linux:
============================
Trusting Embassy CA on Linux
============================
Nothing specific needs to be configured for the Linux environment.

35
site/source/user-manual/connecting/connecting-lan/lan-os/lan-mac.rst Normal file
View File

@@ -0,0 +1,35 @@
.. _lan-mac:
==========================
Trusting Embassy CA on Mac
==========================
#. Locate your Embassy's Root CA, right click, then click *Open with > Keychain Access*.
.. figure:: /_static/images/ssl/embassy_lan_setup1.png
:width: 60%
:alt: LAN setup prompt
#. Enter your computer password when prompted. It will be imported into your mac's keychain.
.. figure:: /_static/images/ssl/macos/certificate_untrusted.png
:width: 60%
:alt: Keychain access import menu
.. note:: If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it.
#. Navigate to the "System" tab on the left, find the certificate named "Embassy Local Root CA", and double click on this certificate. A second window will pop up.
#. Open the "Trust" dropdown and select "Always Trust" from the dropdown next to "When using this certificate".
.. figure:: /_static/images/ssl/macos/always_trust.png
:width: 60%
:alt: Keychain submenu
#. Close this window and enter your password to apply the settings.
#. The "Embassy Local Root CA" cert will now read "This certificate is marked as trusted for all users" in Keychain Access.
.. figure:: /_static/images/ssl/macos/certificate_trusted.png
:width: 60%
:alt: Keychain menu trusted certificate

28
site/source/user-manual/connecting/lan-setup/lan-os/lan-windows.rst → site/source/user-manual/connecting/connecting-lan/lan-os/lan-windows.rst
View File

@@ -1,37 +1,21 @@
.. _lan-windows:
=======
Windows
=======
==============================
Trusting Embassy CA On Windows
==============================
Unfortunately, Windows does not have mDNS support built-in, which is necessary in order to visit .local addresses, so we recommend using the Bonjour service. Check out this :ref:`FAQ answer<why-bonjour>` for details.
Unfortunately, Windows does not have mDNS support built-in, which is necessary in order to visit .local addresses, so we recommend using the Bonjour service. Check out this :ref:`FAQ answer<why-bonjour>` for details.
#. Install `Bonjour Print Services <https://support.apple.com/kb/DL999>`_ on your Windows machine.
.. tip:: If you are experiencing issues after installing Bonjour, you might have had a previous or failed install. To fix:
#. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ
#. Uninstall Bonjour completely via ``system settings -> remove programs``
#. Uninstall Bonjour completely via *system settings > remove programs*
#. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US)
#. Restart Windows
#. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings.
#. Visit your Embassy at its Tor Address.
.. note:: Using this encrypted Tor connection is required for security reasons.
#. Navigate to the :ref:`Embassy tab<embassy-tab>` -> Settings -> LAN
.. figure:: /_static/images/ssl/embassy_lan_setup.png
:width: 90%
:alt: LAN setup menu item
#. Click "Download Root CA". This will prompt a download to save the certificate file to your machine.
.. figure:: /_static/images/ssl/embassy_lan_setup0.png
:width: 90%
:alt: LAN setup page
#. Back in Windows, right-click the “Start” menu and select “Run”.
#. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run.
@@ -105,5 +89,3 @@ Unfortunately, Windows does not have mDNS support built-in, which is necessary i
Embassy Local Root CA imported into Certificate folder
#. You can save the settings to the console if desired or cancel.
#. Open your favorite browser to import this certificate and follow the steps for :ref:`browser setup <lan-browser>`.

42
site/source/user-manual/connecting/connecting-tor/index.rst Normal file
View File

@@ -0,0 +1,42 @@
.. _connecting-tor:
===================
Connecting Over Tor
===================
You can connect to your Embassy from anywhere in the world, privately and anonymously, by using its unique Tor Address (.onion URL).
.. note:: Tor connection can sometimes be unreliable and have higher latency than normal internet connections.
Using a Tor Browser
-------------------
The fastest, easiest way to connect to your Embassy over Tor is to download a Tor-enabled browser and visit your Embassy's .onion URL. We recommend:
* Linux, Mac, Windows, Android
* `Tor Browser <https://torproject.org/download/>`_
* `Brave <https://brave.com>`_ (requires using Tor tabs)
* iOS
* `Onion Browser <https://apps.apple.com/us/app/onion-browser/id519296448>`_
Using Firefox
-------------
.. tip:: This is recommended way to connect to your Embassy over Tor, but it requires some additional steps.
#. Run Tor on your connecting device.
.. toctree::
:maxdepth: 2
tor-os/index
#. Configure Firefox
.. toctree::
:maxdepth: 2
tor-firefox/index

12
site/source/user-manual/connecting/tor-setup/tor-firefox/index.rst → site/source/user-manual/connecting/connecting-tor/tor-firefox/index.rst
View File

@@ -4,15 +4,15 @@
Tor - Firefox
=============
.. caution:: This guide assumes you are already :ref:`running Tor on your phone or computer<running-tor>`.
.. caution:: This guide assumes you are already :ref:`running Tor on your phone or computer<tor-os>`.
Once you have completed native :ref:`Tor Setup<tor-os>`, you can configure Firefox to use the Tor Network. This will allow you to visit both ``.onion`` and "normal" (.com, .net, etc) websites from within the same browser.
.. toctree::
:maxdepth: 2
torff-linux
torff-mac
torff-windows
torff-android
torff-ios
Linux <torff-linux>
Mac <torff-mac>
Windows <torff-windows>
Android/Graphene/Calyx <torff-android>
iOS <torff-ios>

6
site/source/user-manual/connecting/tor-setup/tor-firefox/torff-android.rst → site/source/user-manual/connecting/connecting-tor/tor-firefox/torff-android.rst
View File

@@ -1,8 +1,8 @@
.. _torff-android:
=======
Android
=======
======================================
Configuring Firefox for Tor on Android
======================================
.. caution::
This guide assumes you have completed :ref:`setting up Tor for Android<tor-android>`. Please visit this section before proceeding as it is required for Firefox to properly work with Tor.

6
site/source/user-manual/connecting/tor-setup/tor-firefox/torff-ios.rst → site/source/user-manual/connecting/connecting-tor/tor-firefox/torff-ios.rst
View File

@@ -1,7 +1,7 @@
.. _torff-ios:
===
iOS
===
==================================
Configuring Firefox for Tor on iOS
==================================
Unforutnately, it is not currently possible to run Tor natively on iOS. This means that Firefox cannot be configured to use tor. Please see :ref:`iOS Limitations<lim-ios>` for details and workarounds.

8
site/source/user-manual/connecting/tor-setup/tor-firefox/torff-linux.rst → site/source/user-manual/connecting/connecting-tor/tor-firefox/torff-linux.rst
View File

@@ -1,11 +1,11 @@
.. _torff-linux:
=====
Linux
=====
====================================
Configuring Firefox for Tor on Linux
====================================
.. caution::
This guide assumes you have completed :ref:`setting up Tor<running-tor>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
This guide assumes you have completed :ref:`setting up Tor<tor-linux>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.

8
site/source/user-manual/connecting/tor-setup/tor-firefox/torff-mac.rst → site/source/user-manual/connecting/connecting-tor/tor-firefox/torff-mac.rst
View File

@@ -1,11 +1,11 @@
.. _torff-mac:
===
Mac
===
==================================
Configuring Firefox for Tor on Mac
==================================
.. caution::
This guide assumes you have completed :ref:`setting up Tor<running-tor>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
This guide assumes you have completed :ref:`setting up Tor<tor-mac>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.

52
site/source/user-manual/connecting/connecting-tor/tor-firefox/torff-windows.rst Normal file
View File

@@ -0,0 +1,52 @@
.. _torff-windows:
======================================
Configuring Firefox for Tor on Windows
======================================
.. caution:: This guide assumes you have completed :ref:`setting up Tor<tor-windows>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.whitelist_onions`` and set the value to "true".
.. figure:: /_static/images/tor/firefox_whitelist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Download a *Proxy Auto Config* file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file by following instructions below:
- Click `here <https://registry.start9labs.com/sys/proxy.pac>`_ to get the file and save the file somewhere you will not delete it. Remember where you save the file. For this example:
.. code-block::
C:\Program Files\Tor Browser\proxy.pac
#. Now, back in your Firefox web browser, select "Options" from the right-hand hamburger menu:
.. figure:: /_static/images/tor/firefox_options_windows.png
:width: 60%
:alt: Firefox options screenshot
#. Search for the term "proxy" in the search bar in the upper right, then select the button that says "Settings":
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. This should open a menu that will allow you to configure your proxy settings. Select "Automatic proxy configuration URL" and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file://C:/Program Files/Tor Browser/proxy.pac
#. Then, check the box labeled "Proxy DNS when using SOCKS v5":
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click "OK" and then restart Firefox for the changes to take effect.
#. You're all set! You should now be able to navigate to ".onion" URLs in Firefox. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`__.

16
site/source/user-manual/connecting/tor-setup/tor-os/index.rst → site/source/user-manual/connecting/connecting-tor/tor-os/index.rst
View File

@@ -1,16 +1,16 @@
.. _tor-os:
============
Tor - Device
============
========
Tor - OS
========
Select your Operating System to setup Tor to run in the background (natively) of any device that you might want to use to access your Embassy with remotely.
.. toctree::
:maxdepth: 2
tor-linux
tor-mac
tor-windows
tor-android
tor-ios
Linux <tor-linux>
Mac <tor-mac>
Windows <tor-windows>
Android/Graphene/Calyx <tor-android>
iOS <tor-ios>

6
site/source/user-manual/connecting/tor-setup/tor-os/tor-android.rst → site/source/user-manual/connecting/connecting-tor/tor-os/tor-android.rst
View File

@@ -1,8 +1,8 @@
.. _tor-android:
=======
Android
=======
======================
Running Tor on Android
======================
Some apps, such as :ref:`Tor Browser<tor-browser>`, have Tor built in. They do not require additional software or configurations to utilize Tor. Most apps, however, do not have Tor built in. They require an app called Orbot to be installed in order to utilize the Tor Network.

7
site/source/user-manual/connecting/connecting-tor/tor-os/tor-ios.rst Normal file
View File

@@ -0,0 +1,7 @@
.. _tor-ios:
==================
Running Tor on iOS
==================
Unfortunately, it is not currently possible to run Tor natively on iOS. Please see :ref:`iOS Limitations<lim-ios>` for details and workarounds.

6
site/source/user-manual/connecting/tor-setup/tor-os/tor-linux.rst → site/source/user-manual/connecting/connecting-tor/tor-os/tor-linux.rst
View File

@@ -1,8 +1,8 @@
.. _tor-linux:
=====
Linux
=====
====================
Running Tor on Linux
====================
.. tabs::

6
site/source/user-manual/connecting/tor-setup/tor-os/tor-mac.rst → site/source/user-manual/connecting/connecting-tor/tor-os/tor-mac.rst
View File

@@ -1,8 +1,8 @@
.. _tor-mac:
===
Mac
===
==================
Running Tor on Mac
==================
Install Homebrew
----------------

6
site/source/user-manual/connecting/tor-setup/tor-os/tor-windows.rst → site/source/user-manual/connecting/connecting-tor/tor-os/tor-windows.rst
View File

@@ -1,8 +1,8 @@
.. _tor-windows:
=======
Windows
=======
======================
Running Tor on Windows
======================
#. Unfortunately, `The Tor Project <https://torproject.org>`_ no longer publishes a standalone Tor binary for Windows, so the recommended way to get it is with the Tor Browser Bundle. You can download it `here <https://www.torproject.org/download/>`_.

16
site/source/user-manual/connecting/index.rst
View File

@@ -11,22 +11,22 @@ Connecting
<div class="grid-x grid-margin-x">
.. topic-box::
:title: LAN
:link: lan-setup
:title: Connecting Over LAN
:link: connecting-lan
:icon: scylla-icon scylla-icon--home
:class: large-5
:anchor: Setup
Connect to Embassy over your Local Area Network.
Local Area Network connections are fast and secure and do not even require Internet access.
.. topic-box::
:title: Tor
:link: tor-setup
:title: Connecting Over Tor
:link: connecting-tor
:icon: scylla-icon scylla-icon--tor
:class: large-5
:anchor: Setup
Connect to Embassy over the Tor network.
Leverage Tor to connect to your Embassy privately and anonymously from anywhere in the world.
.. raw:: html
@@ -36,5 +36,5 @@ Connecting
:maxdepth: 2
:hidden:
lan-setup/index
tor-setup/index
Lan <connecting-lan/index>
Tor <connecting-tor/index>

13
site/source/user-manual/connecting/lan-setup/index.rst
View File

@@ -1,13 +0,0 @@
.. _lan-setup:
=========
LAN Setup
=========
When you are on the same network as your Embassy (typically a home or small office), :ref:`Local Access<lan>` is much faster and will allow access to your data, even with no Internet connection. Begin by setting up :ref:`Devices<lan-os>` before setting up a :ref:`Browser<lan-browser>`.
.. toctree::
:maxdepth: 2
lan-os/index
lan-browser/index

17
site/source/user-manual/connecting/lan-setup/lan-browser/index.rst
View File

@@ -1,17 +0,0 @@
.. _lan-browser:
=============
LAN - Browser
=============
When you are on the same network as your Embassy (typically a home or small office), :ref:`Local Access<lan>` is much faster and will allow access to your data, even with no Internet connection.
.. caution:: You will first need to complete :ref:`LAN Setup<lan-os>` for your device before continuing.
.. toctree::
:maxdepth: 2
lan-brave
lan-chrome
lan-ff
lan-safari

46
site/source/user-manual/connecting/lan-setup/lan-browser/lan-brave.rst
View File

@@ -1,46 +0,0 @@
.. _lan-brave:
=====
Brave
=====
.. caution:: You will first need to complete :ref:`LAN Setup<lan-os>` for your device before continuing.
#. Open a new tab in Brave and Navigate to ``Settings`` from the top-right hamburger menu.
.. figure:: /_static/images/ssl/browser/brave_settings.png
:width: 30%
:alt: Brave settings page
#. On the left hand sidebar, select the Security and Privacy section, then the Security menu item.
.. figure:: /_static/images/ssl/browser/brave_security.png
:width: 60%
:alt: Brave Security and Privacy settings
#. At the bottom of the section, select "Manage Certificates".
.. figure:: /_static/images/ssl/browser/brave_security_settings.png
:width: 60%
:alt: Brave Security settings page
#. If you **EITHER** see "org-Start9" with a trusted “Embassy Local Root CA” listed under it, open a new tab to apply the certificate. If this does not work, quit and restart Chrome.
**OR**
#. If you do not see "org-Start9"in the list, ensure the certificate is properly set up on your computer system. Otherwise, click “Import” and open the downloaded ``Embassy Local Root CA.crt`` file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <lan-os>`.
.. figure:: /_static/images/ssl/browser/brave_view_certs.png
:width: 60%
:alt: Brave Manage Certificates sub-menu on MacOS
Check the box for "Trust this certificate for identitying websites" and click "OK"
#. Obtain the LAN address that was provided at the end of your initial Embassy setup, or from the :ref:`Embassy tab<embassy-tab>` -> ``About`` (Under ``Insights``) and enter it in a new tab.
.. tip:: You may need to restart the browser
#. You will see a green padlock and ``https://`` to the left of the URL bar. You can now securely navigate to your Embassy on your :ref:`LAN<lan>` with :ref:`HTTPS<ssl>`!
.. note:: Additionally, you can start a Brave private window with Tor to visit the Tor address over HTTPS (unnecessary in principle, but will circumvent annoying browser warnings).

49
site/source/user-manual/connecting/lan-setup/lan-browser/lan-chrome.rst
View File

@@ -1,49 +0,0 @@
.. _lan-chrome:
======
Chrome
======
.. caution:: You will first need to complete :ref:`LAN Setup<lan-os>` for your device before continuing.
.. tip:: The following guide also works with Chromium and Vivaldi.
#. Open a new tab in Chrome and navigate to ``chrome://settings/certificates``.
.. figure:: /_static/images/ssl/browser/chrome_settings.png
:width: 60%
:alt: Chrome Certificates Settings page
#. Click on the "Authorities" tab.
.. figure:: /_static/images/ssl/browser/chrome_authorities.png
:width: 60%
:alt: Chrome Certificate Authorities page
#. You will **EITHER** see "org-Start9" with a trusted “Embassy Local Root CA” listed under it,
.. figure:: /_static/images/ssl/browser/chrome_s9ca.png
:width: 60%
:alt: Start9 Certificate Authority
in which case, open a new tab to apply the certificate. If this does not work, quit and restart Chrome.
**OR**
#. If you do not see "org-Start9"in the list, ensure the certificate is properly set up on your computer system. Otherwise, click “Import” and open the downloaded ``Embassy Local Root CA.crt`` file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <lan-os>`.
.. figure:: /_static/images/ssl/browser/chrome_trust.png
:width: 60%
:alt: Trust the CA
Check the box for "Trust this certificate for identitying websites" and click "OK"
#. Obtain the LAN address that was provided at the end of your initial Embassy setup, or from the :ref:`Embassy tab<embassy-tab>` -> ``About`` (Under ``Insights``) and enter it in a new tab.
.. tip:: You may need to restart the browser
.. figure:: /_static/images/ssl/browser/chrome_https.png
:width: 60%
:alt: Success
#. You will see a green padlock and ``https://`` to the left of the URL bar. You can now securely navigate to your Embassy on your :ref:`LAN<lan>` with :ref:`HTTPS<ssl>`!

39
site/source/user-manual/connecting/lan-setup/lan-browser/lan-ff.rst
View File

@@ -1,39 +0,0 @@
.. _lan-ff:
=======
Firefox
=======
#. Open Firefox and in a new tab select ``Settings`` from the right-hand hamburger menu:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Select “Privacy and Security” from the left hand navigation menu.
#. Scroll all the way to the bottom of the page and select “View Certificates”.
.. figure:: /_static/images/ssl/browser/firefox_security_settings.png
:width: 80%
:alt: Firefox security settings
Firefox privacy and security settings page
#. Select the "Authorities" tab from the "Certificate Manager".
#. Click “Import” and open the downloaded ``Embassy Local Root CA.crt`` file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <lan-setup>`.
#. When prompted, check “Trust this CA to identity websites” and select “OK”.
.. figure:: /_static/images/ssl/browser/firefox_view_certs.png
:width: 80%
:alt: Firefox import cert
Firefox import certificate page
#. Ensure the “Embassy Local Root CA” exists under “Start9 Labs”. If it does not appear, you may need to close the Certificates pop-up and re-open to refresh the list. Then click “OK” to save.
#. Open a new tab in Firefox to apply the changes. If this does not work, quit and restart Firefox.
#. Navigate to the LAN address provided at setup, or in the :ref:`Embassy tab<embassy-tab>` -> LAN. You can now securely navigate to your Embassy over HTTPS!

7
site/source/user-manual/connecting/lan-setup/lan-browser/lan-safari.rst
View File

@@ -1,7 +0,0 @@
.. _lan-safari:
======
Safari
======
Once you have completed the :ref:`LAN Setup<lan-os>` steps on your device, simply open a new tab to apply the changes. If this does not work, quit and restart Safari. You can now securely navigate to the LAN address for your Embassy!

16
site/source/user-manual/connecting/lan-setup/lan-os/index.rst
View File

@@ -1,16 +0,0 @@
.. _lan-os:
============
LAN - Device
============
When you are on the same network as your Embassy (typically a home or small office), :ref:`Local Access<lan>` is much faster and will allow access to your data, even with no Internet connection.
.. toctree::
:maxdepth: 2
lan-linux
lan-mac
lan-windows
lan-android
lan-ios

33
site/source/user-manual/connecting/lan-setup/lan-os/lan-android.rst
View File

@@ -1,33 +0,0 @@
.. _lan-android:
=======
Android
=======
If you are running Android 12+ (not yet available on Calyx/Graphene), you can setup :ref:`Local Access<lan>`, please refer to :ref:`Android Limitations <lim-android>` for more details.
.. note:: You must download your certificate via desktop/laptop over Tor and then transfer it to your phone (Step 3)
#. Either use the Root CA you downloaded at the completion of :ref:`Initial Setup<initial-setup>`, or visit your Embassy at its Tor Address (for security purposes), and navigate to the :ref:`Embassy tab<embassy-tab>` -> LAN
.. figure:: /_static/images/ssl/embassy_lan_setup.png
:width: 60%
:alt: LAN setup menu item
#. Click "Download Root CA". This will prompt a download to save the certificate file to your machine
.. figure:: /_static/images/ssl/embassy_lan_setup0.png
:width: 60%
:alt: LAN setup page
#. Send the cert to yourself via Signal, email, File Browser, etc and download onto your Android device
#. Go to Settings -> Security -> Advanced -> Encryption and Credentials -> Install a Certificate and select the cert you downloaded from the file system
.. figure:: /_static/images/ssl/android/droidLAN0.png
:width: 30%
:alt: Install certificate
#. To setup in Firefox Beta or Fennec, go to Settings -> About -> tap the logo several times until it says "Debug menu enabled." Then return to Settings -> Secret Settings and toggle on "Use third party CA certificates."
#. That's it! You may now browse the ``.local`` addresses on your Embassy.

75
site/source/user-manual/connecting/lan-setup/lan-os/lan-ios.rst
View File

@@ -1,75 +0,0 @@
.. _lan-ios:
===
iOS
===
.. note:: For security, this will need to be done using a Tor connection. Please use Onion Browser or Consulate to access your Embassy and complete the following steps.
#. You will first need to get your :ref:`LAN Certificate<lan-cert>`, which can be found either:
#. When completing your Embassy :ref:`Initial Setup<initial-setup>`, it is provided on the final screen
or:
#. In the ``Embassy`` tab in your Embassy, under ``Settings`` -> ``LAN``
.. figure:: /_static/images/ssl/embassy_lan_setup.png
:width: 60%
:alt: LAN setup menu item
#. Select ``Download Root CA``. Clicking this will prompt you to “Save to device”.
.. figure:: /_static/images/ssl/embassy_lan_setup0.png
:width: 60%
:alt: LAN setup page
#. You will be directed to a page in your default browser indicating next steps and that the profile has been successfully downloaded. Be sure to complete all steps in this process! These steps are also outlined below.
.. note::
If you have changed the default browser from Safari to Brave, the following auto save certificate to device flow will *not* work. Safari, Firefox, and Chrome work as expected. We recommend you temporarily use one of these browsers to complete this action.
.. figure:: /_static/images/ssl/ios/ssl_certificate_install_page.png
:width: 40%
:alt: Certificate install page
Select "Allow" on the certificate install page
#. Go to Settings on your iOS device.
.. figure:: /_static/images/ssl/ios/ssl_ipad_general_settings.png
:width: 40%
:alt: General settings
#. Navigate to *General > Profile(s) > Downloaded Profile > Install*.
.. figure:: /_static/images/ssl/ios/ssl_ipad_profiles.png
:width: 40%
:alt: Profiles
.. figure:: /_static/images/ssl/ios/ssl_ipad_install_profile.png
:width: 40%
:alt: Install profile
Select "Install" for Embassy Local Root CA
#. Select “Yes” to any warning prompts.
#. Next, navigate to *General > About > Certificate Trust Settings*.
.. figure:: /_static/images/ssl/ios/ssl_ipad_cert_trust_settings.png
:width: 40%
:alt: Certificate trust settings
Select Certificate Trust Settings (scroll all the way down)
#. Enable full trust for root certificates.
.. figure:: /_static/images/ssl/ios/ssl_ipad_cert_trust.png
:width: 40%
:alt: Enable full trust
Toggle to enable full trust for root certificates. "Continue" when warning prompts.
#. Test that this process worked successfully by navigating to the LAN address provided from one of the locations listed under Step 1 at the top of this page. You should not see warnings about the security of this site in your browser (if you do, setup was not successful).

25
site/source/user-manual/connecting/lan-setup/lan-os/lan-linux.rst
View File

@@ -1,25 +0,0 @@
.. _lan-linux:
=====
Linux
=====
Nothing specific needs to be configured for the Linux environment, so you just need to download the certificate from your Embassy.
#. Visit your Embassy at its Tor Address.
.. note:: Using this encrypted Tor connection is required for security reasons.
#. Navigate to the :ref:`Embassy tab<embassy-tab>` -> Settings -> LAN
.. figure:: /_static/images/ssl/embassy_lan_setup.png
:width: 60%
:alt: LAN setup menu item
#. Click "Download Root CA". This will prompt a download to save the certificate file to your machine.
.. figure:: /_static/images/ssl/embassy_lan_setup0.png
:width: 60%
:alt: LAN setup page
Then open your favorite browser to import this certificate and follow the steps for :ref:`browser setup <lan-browser>`.

55
site/source/user-manual/connecting/lan-setup/lan-os/lan-mac.rst
View File

@@ -1,55 +0,0 @@
.. _lan-mac:
===
Mac
===
#. Visit your Embassy at its Tor Address (for security purposes), and navigate to the :ref:`Embassy tab<embassy-tab>` -> LAN
.. figure:: /_static/images/ssl/embassy_lan_setup.png
:width: 60%
:alt: LAN setup menu item
#. Click "Download Root CA". This will prompt a download to save the certificate file to your machine.
.. figure:: /_static/images/ssl/embassy_lan_setup0.png
:width: 60%
:alt: LAN setup page
#. Select the option to ``Open with`` "Keychain Access" and select ``OK``. If you choose to save the file, double click on it once downloaded.
.. figure:: /_static/images/ssl/embassy_lan_setup1.png
:width: 60%
:alt: LAN setup prompt
#. Enter your computer password when prompted. It will be imported into your mac's keychain.
.. figure:: /_static/images/ssl/macos/certificate_untrusted.png
:width: 60%
:alt: Keychain access import menu
Keychain access import menu
.. note:: If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it.
#. Navigate to the "System" tab on the left, find the certificate entitled “Embassy Local Root CA”, and double click on this certificate. A second window will pop up.
#. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “When using this certificate”.
.. figure:: /_static/images/ssl/macos/always_trust.png
:width: 60%
:alt: Keychain submenu
Select "Always trust" under the "Trust" dropdown for Embassy Local CA
#. Close this window and enter your password to apply the settings.
#. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access.
.. figure:: /_static/images/ssl/macos/certificate_trusted.png
:width: 60%
:alt: Keychain menu trusted certificate
Trusted Embassy Local CA certificate
#. Open your favorite browser and follow the steps for :ref:`browser setup <lan-browser>` to complete LAN setup.

13
site/source/user-manual/connecting/tor-setup/index.rst
View File

@@ -1,13 +0,0 @@
.. _running-tor:
=========
Tor Setup
=========
Setup :ref:`Tor<tor>` to run on your devices, either natively (in the background), or by configuring an application, such as Firefox.
.. toctree::
:maxdepth: 2
tor-os/index
tor-firefox/index

53
site/source/user-manual/connecting/tor-setup/tor-firefox/torff-windows.rst
View File

@@ -1,53 +0,0 @@
.. _torff-windows:
=======
Windows
=======
.. caution:: This guide assumes you have completed :ref:`setting up Tor<running-tor>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
.. figure:: /_static/images/tor/firefox_whitelist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file by following instructions below:
- Click `here <https://registry.start9labs.com/sys/proxy.pac>`_ to get the file and save the file somewhere you wont delete it. Please remember the location you save the file in if you do not use our example location. For this example:
.. code-block::
C:\Program Files\Tor Browser\proxy.pac
#. Now, back in your Firefox web browser, select ``Options`` from the right-hand hamburger menu:
.. figure:: /_static/images/tor/firefox_options_windows.png
:width: 60%
:alt: Firefox options screenshot
#. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. This should open a menu that will allow you to configure your proxy settings. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file://C:/Program Files/Tor Browser/proxy.pac
#. Then, check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and then restart Firefox for the changes to take effect.
#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can access tor-only service :ref:`WebUIs <web-ui>`, such as Cups Messenger, and use your :ref:`Vaultwarden<vaultwarden>` Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`__.

7
site/source/user-manual/connecting/tor-setup/tor-os/tor-ios.rst
View File

@@ -1,7 +0,0 @@
.. _tor-ios:
===
iOS
===
Unforutnately, it is not currently possible to run Tor natively on iOS. Please see :ref:`iOS Limitations<lim-ios>` for details and workarounds.