Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-04-04 06:19:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

abstract firefox guides for ca and tor

Browse Source
This commit is contained in:
Matt Hill
2023-11-19 09:13:19 -07:00
parent 24e051aa3f
commit 6cfd6c0206
14 changed files with 263 additions and 328 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
site/source/device-guides/android/ca-android.rst
View File

@@ -7,11 +7,6 @@ Complete this guide to trust your server's Root Certificate Authority (Root CA)
.. note:: This guide only applies to Android phones running Android v13+, as well as phones running CalyxOS, GrapheneOS, or LineageOS (v19+).
.. _ca-android-trust:
Trusting
--------
#. Ensure you have already :ref:`downloaded your Root CA <root-ca-download>`
#. Tap **Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA Certificate > Install Anyway** and select your custom-named ``adjective-noun.local.crt`` certificate.
@@ -20,11 +15,4 @@ Trusting
:width: 15%
:alt: Install certificate
.. _ca-android-ff:
If using Firefox (recommended)
------------------------------
#. Tap ``Kebab Menu > Settings > About Firefox`` and tap the Firefox icon 5 times to enable "developer mode"
#. Go back to ``Kebab Menu > Settings > Secret Settings`` (at the bottom), and tap ``Use third party CA certificates``
#. If using Firefox (recommended), complete :ref:`this final step <ca-ff>`

55
site/source/device-guides/android/tor-android.rst
View File

@@ -76,58 +76,7 @@ You can also add the following browsers to the Tor-Enabled Apps list to easily a
.. caution:: Pushing apps through Orbot's VPN mode will allow you to access .onion URLs, however, all other traffic will also go through Tor. This means connections to some sites may be blocked by site operators' fraud prevention measures, especially e-commerce sites where credit cards are used. Proceed with caution especially for Web Browsers.
If using Firefox (recommended)
------------------------------
#. Download the `Proxy Auto Config` file that will use Orbot to resolve `.onion` URLs. We have one hosted `here <https://start9.com/assets/proxy.pac>`_
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``network.proxy.autoconfig_url``, and set the value to ``file:///storage/emulated/0/Download/proxy.pac``. This is the default location of a the proxy.pac file downloaded in step 2, although your path may vary:
.. figure:: /_static/images/tor/autoconfig_url.png
:width: 30%
:alt: Firefox autoconfig url setting screenshot
#. Navigate to ``about:config`` in the Firefox URL bar:
.. figure:: /_static/images/tor/about_config.png
:width: 30%
:alt: Firefox about config
#. Search for ``network.proxy.type`` into the search bar, and set the value to ``2``:
.. figure:: /_static/images/tor/network_proxy_type.png
:width: 30%
:alt: Firefox network proxy type setting screenshot
#. Search for ``network.proxy.socks_remote_dns``, and set the value to ``true``:
.. figure:: /_static/images/tor/socks_remote_dns.png
:width: 30%
:alt: Firefox socks remote dns setting screenshot
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist_mobile.png
:width: 30%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets_droid.png
:width: 30%
:alt: Firefox allow insecure websockets over https
#. Search for ``network.http.referer.hideOnionsSource`` and set the value to ``true``
#. (**GrapheneOS users only**): Head to ``Settings -> Apps -> Firefox Beta -> Permissions -> Photos and videos -> Configure Storage Scopes -> ADD FILE``, then navigate to where you placed the proxy.pac file:
.. figure:: /_static/images/tor/storage-scopes-proxy.jpg
:width: 15%
#. Restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services
Complete this guide: :ref:`tor-ff`

6
site/source/device-guides/ios/tor-ios.rst
View File

@@ -4,8 +4,6 @@
Running Tor on iOS
==================
Running Orbot
-------------
Orbot is a system-wide proxy for your Android device that enables communications over Tor.
#. Download and install `Orbot from the Apple appstore <https://apps.apple.com/us/app/orbot/id1609461599>`_.
@@ -23,7 +21,3 @@ Orbot is a system-wide proxy for your Android device that enables communications
:alt: iOS Orbot Connecting to Tor
#. Apps will now work transparently when requesting onion urls!
Access Onionsites
-----------------
Once Orbot is setup on your system as you've just done, you don't need any browser configuration. All browsers in iOS are Safari under the hood, and this Orbot configuration enables access to ``.onion`` URLs. Regular clearnet requests will not use tor.

51
site/source/device-guides/linux/ca-linux.rst
View File

@@ -6,11 +6,6 @@ Trusting Your Root CA on Linux
.. caution:: If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so.
.. _ca-linux-trust:
Trusting
--------
.. tabs::
.. group-tab:: Debian/Ubuntu
@@ -40,6 +35,8 @@ Trusting
In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``.
#. If using Firefox (recommended), complete :ref:`this final step <ca-ff>`
.. group-tab:: Arch/Garuda
#. Ensure you have already :ref:`downloaded your Root CA <root-ca-download>`
@@ -74,47 +71,3 @@ Trusting
sudo cp "adjective-noun.local.crt" /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust
.. _ca-linux-ff:
If using Firefox (recommended)
------------------------------
This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their `blog post <https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/>`_ on the topic (TLDR: for security purposes).
#. Select your distribution below and follow instructions:
.. tabs::
.. group-tab:: Debian/Ubuntu
#. Select the hamburger menu -> ``Settings``. Search for ``security devices`` and select ``Security Devices...``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-1.png
:width: 60%
:alt: Mozilla application p11kit trust #1
#. When the Device Manager dialog window opens, select ``Load``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-2.png
:width: 60%
:alt: Mozilla application p11kit trust #2
#. Give the Module Name a title such as "System CA Trust Module". For the Module filename, paste in ``/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so`` and hit ``OK``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-3.png
:width: 60%
:alt: Mozilla application p11kit trust #3
.. tip:: The path to p11-kit-trust.so will be slightly different if your processor's architecture is not x86_64.
#. Verify that the new module shows up on the left hand side and select ``OK`` at the bottom right:
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-4.png
:width: 60%
:alt: Mozilla application p11kit trust #4
.. group-tab:: Arch/Garuda/CentOS/Fedora
No special steps are needed for Arch/Garuda/CentOS/Fedora. Continue below.
#. Restart Firefox

62
site/source/device-guides/linux/tor-linux.rst
View File

@@ -4,9 +4,6 @@
Using Tor on Linux
==================
Running Tor
-----------
.. tabs::
.. group-tab:: Debian / Ubuntu
@@ -97,61 +94,4 @@ Running Tor
sudo systemctl enable --now tor
If using Firefox (recommended)
------------------------------
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file from a terminal, by using:
.. code-block::
sudo wget -P ~/ https://start9.com/assets/proxy.pac
#. Determine the full path of `proxy.pac`, which we will use in step 9, by executing the following command in the terminal, and copying its output to your clipboard:
.. code-block::
echo file://$HOME/proxy.pac
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Select ``Automatic proxy configuration URL`` and paste the output from the command you performed in step 6. Be aware, the triple ``///`` is intentional, and your path *will* be different from the one below - namely, YOUR_LINUX_USERNAME will be your actual linux username:
.. code-block::
file:///home/YOUR_LINUX_USERNAME/proxy.pac
.. figure:: /_static/images/tor/firefox_proxy_linux.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Check the box labeled ``Proxy DNS when using SOCKS v5`` in the image above
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services
If using Firefox (recommended), you will also need to complete this guide: :ref:`tor-ff`

20
site/source/device-guides/mac/ca-mac.rst
View File

@@ -5,11 +5,6 @@ Trusting Your Root CA on Mac
============================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Mac.
.. _ca-mac-trust:
Trusting
--------
#. Ensure you have already :ref:`downloaded your Root CA <root-ca-download>`
#. Locate your downloaded Root CA. Right click it and select *Show in Folder*:
@@ -56,17 +51,4 @@ Trusting
.. tip:: If the keychain console did not show the certificate as trusted, press "Command + spacebar" and type “Keychain Access”, and hit enter to re-open it.
.. _ca-mac-ff:
If using Firefox (recommended)
------------------------------
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
#. Restart Firefox
#. If using Firefox (recommended), complete :ref:`this final step <ca-ff>`

38
site/source/device-guides/mac/tor-mac.rst
View File

@@ -176,40 +176,4 @@ Enable Tor System-wide
If using Firefox (recommended)
------------------------------
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Check the option labeled ``Use System Proxy Settings`` *and* the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services
Complete this guide: :ref:`tor-ff`

18
site/source/device-guides/windows/ca-windows.rst
View File

@@ -5,11 +5,6 @@ Trusting Your Root CA on Windows
================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Windows.
.. _ca-windows-trust:
Trusting
--------
#. Ensure you have already :ref:`downloaded your Root CA <root-ca-download>`
#. Ensure you have already :ref:`installed bonjour <connecting-lan-windows>`
@@ -88,15 +83,4 @@ Trusting
:width: 20%
:alt: Console settings
.. _ca-windows-ff:
If using Firefox (recommended)
------------------------------
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
#. If using Firefox (recommended), complete :ref:`this final step <ca-ff>`

58
site/source/device-guides/windows/tor-windows.rst
View File

@@ -4,9 +4,6 @@
Running Tor on Windows
======================
Running Tor
-----------
#. Unfortunately, `The Tor Project <https://torproject.org>`_ no longer publishes a standalone Tor binary for Windows, so the recommended way to get it is with the Tor Browser Bundle. You can download it `here <https://www.torproject.org/download/>`_.
.. figure:: /_static/images/tor/tor_download_windows.png
@@ -57,57 +54,4 @@ Running Tor
2. Uninstall the Tor Browser, following `these steps <https://tb-manual.torproject.org/uninstalling/>`_.
3. Begin this guide again from the beginning.
#. That's it! Your Windows computer is now setup to natively use Tor.
If using Firefox (recommended)
------------------------------
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Download a ``Proxy Auto Config`` file to inform Firefox how to use the Tor daemon running on your computer. Click `here <https://start9.com/assets/proxy.pac>`_ to get the one offered by Start9 and save it somewhere you will not delete it. Remember where you save the file. For this example:
.. code-block::
C:\Program Files\Tor Browser\proxy.pac
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file://C:/Program Files/Tor Browser/proxy.pac
#. Check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services
#. If using Firefox (recommended), complete :ref:`this final step <tor-ff>`