Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-04-04 14:29:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

abstract firefox guides for ca and tor

Browse Source
This commit is contained in:
Matt Hill
2023-11-19 09:13:19 -07:00
parent 24e051aa3f
commit 6cfd6c0206
14 changed files with 263 additions and 328 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
site/source/device-guides/android/ca-android.rst
View File

@@ -7,11 +7,6 @@ Complete this guide to trust your server's Root Certificate Authority (Root CA)
.. note:: This guide only applies to Android phones running Android v13+, as well as phones running CalyxOS, GrapheneOS, or LineageOS (v19+). .. note:: This guide only applies to Android phones running Android v13+, as well as phones running CalyxOS, GrapheneOS, or LineageOS (v19+).
.. _ca-android-trust:
Trusting
--------
#. Ensure you have already :ref:`downloaded your Root CA <root-ca-download>` #. Ensure you have already :ref:`downloaded your Root CA <root-ca-download>`
#. Tap **Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA Certificate > Install Anyway** and select your custom-named ``adjective-noun.local.crt`` certificate. #. Tap **Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA Certificate > Install Anyway** and select your custom-named ``adjective-noun.local.crt`` certificate.
@@ -20,11 +15,4 @@ Trusting
:width: 15% :width: 15%
:alt: Install certificate :alt: Install certificate
.. _ca-android-ff: #. If using Firefox (recommended), complete :ref:`this final step <ca-ff>`
If using Firefox (recommended)
------------------------------
#. Tap ``Kebab Menu > Settings > About Firefox`` and tap the Firefox icon 5 times to enable "developer mode"
#. Go back to ``Kebab Menu > Settings > Secret Settings`` (at the bottom), and tap ``Use third party CA certificates``

55
site/source/device-guides/android/tor-android.rst
View File

@@ -76,58 +76,7 @@ You can also add the following browsers to the Tor-Enabled Apps list to easily a
.. caution:: Pushing apps through Orbot's VPN mode will allow you to access .onion URLs, however, all other traffic will also go through Tor. This means connections to some sites may be blocked by site operators' fraud prevention measures, especially e-commerce sites where credit cards are used. Proceed with caution especially for Web Browsers. .. caution:: Pushing apps through Orbot's VPN mode will allow you to access .onion URLs, however, all other traffic will also go through Tor. This means connections to some sites may be blocked by site operators' fraud prevention measures, especially e-commerce sites where credit cards are used. Proceed with caution especially for Web Browsers.
If using Firefox (recommended) If using Firefox (recommended)
------------------------------ ------------------------------
Complete this guide: :ref:`tor-ff`
#. Download the `Proxy Auto Config` file that will use Orbot to resolve `.onion` URLs. We have one hosted `here <https://start9.com/assets/proxy.pac>`_
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``network.proxy.autoconfig_url``, and set the value to ``file:///storage/emulated/0/Download/proxy.pac``. This is the default location of a the proxy.pac file downloaded in step 2, although your path may vary:
.. figure:: /_static/images/tor/autoconfig_url.png
:width: 30%
:alt: Firefox autoconfig url setting screenshot
#. Navigate to ``about:config`` in the Firefox URL bar:
.. figure:: /_static/images/tor/about_config.png
:width: 30%
:alt: Firefox about config
#. Search for ``network.proxy.type`` into the search bar, and set the value to ``2``:
.. figure:: /_static/images/tor/network_proxy_type.png
:width: 30%
:alt: Firefox network proxy type setting screenshot
#. Search for ``network.proxy.socks_remote_dns``, and set the value to ``true``:
.. figure:: /_static/images/tor/socks_remote_dns.png
:width: 30%
:alt: Firefox socks remote dns setting screenshot
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist_mobile.png
:width: 30%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets_droid.png
:width: 30%
:alt: Firefox allow insecure websockets over https
#. Search for ``network.http.referer.hideOnionsSource`` and set the value to ``true``
#. (**GrapheneOS users only**): Head to ``Settings -> Apps -> Firefox Beta -> Permissions -> Photos and videos -> Configure Storage Scopes -> ADD FILE``, then navigate to where you placed the proxy.pac file:
.. figure:: /_static/images/tor/storage-scopes-proxy.jpg
:width: 15%
#. Restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services

6
site/source/device-guides/ios/tor-ios.rst
View File

@@ -4,8 +4,6 @@
Running Tor on iOS Running Tor on iOS
================== ==================
Running Orbot
-------------
Orbot is a system-wide proxy for your Android device that enables communications over Tor. Orbot is a system-wide proxy for your Android device that enables communications over Tor.
#. Download and install `Orbot from the Apple appstore <https://apps.apple.com/us/app/orbot/id1609461599>`_. #. Download and install `Orbot from the Apple appstore <https://apps.apple.com/us/app/orbot/id1609461599>`_.
@@ -23,7 +21,3 @@ Orbot is a system-wide proxy for your Android device that enables communications
:alt: iOS Orbot Connecting to Tor :alt: iOS Orbot Connecting to Tor
#. Apps will now work transparently when requesting onion urls! #. Apps will now work transparently when requesting onion urls!
Access Onionsites
-----------------
Once Orbot is setup on your system as you've just done, you don't need any browser configuration. All browsers in iOS are Safari under the hood, and this Orbot configuration enables access to ``.onion`` URLs. Regular clearnet requests will not use tor.

51
site/source/device-guides/linux/ca-linux.rst
View File

@@ -6,11 +6,6 @@ Trusting Your Root CA on Linux
.. caution:: If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so. .. caution:: If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so.
.. _ca-linux-trust:
Trusting
--------
.. tabs:: .. tabs::
.. group-tab:: Debian/Ubuntu .. group-tab:: Debian/Ubuntu
@@ -40,6 +35,8 @@ Trusting
In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``. In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``.
#. If using Firefox (recommended), complete :ref:`this final step <ca-ff>`
.. group-tab:: Arch/Garuda .. group-tab:: Arch/Garuda
#. Ensure you have already :ref:`downloaded your Root CA <root-ca-download>` #. Ensure you have already :ref:`downloaded your Root CA <root-ca-download>`
@@ -74,47 +71,3 @@ Trusting
sudo cp "adjective-noun.local.crt" /etc/pki/ca-trust/source/anchors/ sudo cp "adjective-noun.local.crt" /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust sudo update-ca-trust
.. _ca-linux-ff:
If using Firefox (recommended)
------------------------------
This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their `blog post <https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/>`_ on the topic (TLDR: for security purposes).
#. Select your distribution below and follow instructions:
.. tabs::
.. group-tab:: Debian/Ubuntu
#. Select the hamburger menu -> ``Settings``. Search for ``security devices`` and select ``Security Devices...``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-1.png
:width: 60%
:alt: Mozilla application p11kit trust #1
#. When the Device Manager dialog window opens, select ``Load``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-2.png
:width: 60%
:alt: Mozilla application p11kit trust #2
#. Give the Module Name a title such as "System CA Trust Module". For the Module filename, paste in ``/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so`` and hit ``OK``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-3.png
:width: 60%
:alt: Mozilla application p11kit trust #3
.. tip:: The path to p11-kit-trust.so will be slightly different if your processor's architecture is not x86_64.
#. Verify that the new module shows up on the left hand side and select ``OK`` at the bottom right:
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-4.png
:width: 60%
:alt: Mozilla application p11kit trust #4
.. group-tab:: Arch/Garuda/CentOS/Fedora
No special steps are needed for Arch/Garuda/CentOS/Fedora. Continue below.
#. Restart Firefox

62
site/source/device-guides/linux/tor-linux.rst
View File

@@ -4,9 +4,6 @@
Using Tor on Linux Using Tor on Linux
================== ==================
Running Tor
-----------
.. tabs:: .. tabs::
.. group-tab:: Debian / Ubuntu .. group-tab:: Debian / Ubuntu
@@ -97,61 +94,4 @@ Running Tor
sudo systemctl enable --now tor sudo systemctl enable --now tor
If using Firefox (recommended) If using Firefox (recommended), you will also need to complete this guide: :ref:`tor-ff`
------------------------------
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file from a terminal, by using:
.. code-block::
sudo wget -P ~/ https://start9.com/assets/proxy.pac
#. Determine the full path of `proxy.pac`, which we will use in step 9, by executing the following command in the terminal, and copying its output to your clipboard:
.. code-block::
echo file://$HOME/proxy.pac
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Select ``Automatic proxy configuration URL`` and paste the output from the command you performed in step 6. Be aware, the triple ``///`` is intentional, and your path *will* be different from the one below - namely, YOUR_LINUX_USERNAME will be your actual linux username:
.. code-block::
file:///home/YOUR_LINUX_USERNAME/proxy.pac
.. figure:: /_static/images/tor/firefox_proxy_linux.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Check the box labeled ``Proxy DNS when using SOCKS v5`` in the image above
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services

20
site/source/device-guides/mac/ca-mac.rst
View File

@@ -5,11 +5,6 @@ Trusting Your Root CA on Mac
============================ ============================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Mac. Complete this guide to trust your server's Root Certificate Authority (Root CA) on Mac.
.. _ca-mac-trust:
Trusting
--------
#. Ensure you have already :ref:`downloaded your Root CA <root-ca-download>` #. Ensure you have already :ref:`downloaded your Root CA <root-ca-download>`
#. Locate your downloaded Root CA. Right click it and select *Show in Folder*: #. Locate your downloaded Root CA. Right click it and select *Show in Folder*:
@@ -56,17 +51,4 @@ Trusting
.. tip:: If the keychain console did not show the certificate as trusted, press "Command + spacebar" and type “Keychain Access”, and hit enter to re-open it. .. tip:: If the keychain console did not show the certificate as trusted, press "Command + spacebar" and type “Keychain Access”, and hit enter to re-open it.
.. _ca-mac-ff: #. If using Firefox (recommended), complete :ref:`this final step <ca-ff>`
If using Firefox (recommended)
------------------------------
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
#. Restart Firefox

38
site/source/device-guides/mac/tor-mac.rst
View File

@@ -176,40 +176,4 @@ Enable Tor System-wide
If using Firefox (recommended) If using Firefox (recommended)
------------------------------ ------------------------------
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear Complete this guide: :ref:`tor-ff`
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Check the option labeled ``Use System Proxy Settings`` *and* the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services

18
site/source/device-guides/windows/ca-windows.rst
View File

@@ -5,11 +5,6 @@ Trusting Your Root CA on Windows
================================ ================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Windows. Complete this guide to trust your server's Root Certificate Authority (Root CA) on Windows.
.. _ca-windows-trust:
Trusting
--------
#. Ensure you have already :ref:`downloaded your Root CA <root-ca-download>` #. Ensure you have already :ref:`downloaded your Root CA <root-ca-download>`
#. Ensure you have already :ref:`installed bonjour <connecting-lan-windows>` #. Ensure you have already :ref:`installed bonjour <connecting-lan-windows>`
@@ -88,15 +83,4 @@ Trusting
:width: 20% :width: 20%
:alt: Console settings :alt: Console settings
.. _ca-windows-ff: #. If using Firefox (recommended), complete :ref:`this final step <ca-ff>`
If using Firefox (recommended)
------------------------------
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings

58
site/source/device-guides/windows/tor-windows.rst
View File

@@ -4,9 +4,6 @@
Running Tor on Windows Running Tor on Windows
====================== ======================
Running Tor
-----------
#. Unfortunately, `The Tor Project <https://torproject.org>`_ no longer publishes a standalone Tor binary for Windows, so the recommended way to get it is with the Tor Browser Bundle. You can download it `here <https://www.torproject.org/download/>`_. #. Unfortunately, `The Tor Project <https://torproject.org>`_ no longer publishes a standalone Tor binary for Windows, so the recommended way to get it is with the Tor Browser Bundle. You can download it `here <https://www.torproject.org/download/>`_.
.. figure:: /_static/images/tor/tor_download_windows.png .. figure:: /_static/images/tor/tor_download_windows.png
@@ -57,57 +54,4 @@ Running Tor
2. Uninstall the Tor Browser, following `these steps <https://tb-manual.torproject.org/uninstalling/>`_. 2. Uninstall the Tor Browser, following `these steps <https://tb-manual.torproject.org/uninstalling/>`_.
3. Begin this guide again from the beginning. 3. Begin this guide again from the beginning.
#. That's it! Your Windows computer is now setup to natively use Tor. #. If using Firefox (recommended), complete :ref:`this final step <tor-ff>`
If using Firefox (recommended)
------------------------------
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Download a ``Proxy Auto Config`` file to inform Firefox how to use the Tor daemon running on your computer. Click `here <https://start9.com/assets/proxy.pac>`_ to get the one offered by Start9 and save it somewhere you will not delete it. Remember where you save the file. For this example:
.. code-block::
C:\Program Files\Tor Browser\proxy.pac
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file://C:/Program Files/Tor Browser/proxy.pac
#. Check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services

64
site/source/misc-guides/ca-ff.rst Normal file
View File

@@ -0,0 +1,64 @@
.. _ca-ff:
===========================================
Configuring Firefox to Respect Your Root CA
===========================================
.. tabs::
.. group-tab:: Mac/Windows
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
#. Restart Firefox
.. group-tab:: Debian/Ubuntu
This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their `blog post <https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/>`_ on the topic (TLDR: for security purposes).
#. Select the hamburger menu -> ``Settings``. Search for ``security devices`` and select ``Security Devices...``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-1.png
:width: 60%
:alt: Mozilla application p11kit trust #1
#. When the Device Manager dialog window opens, select ``Load``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-2.png
:width: 60%
:alt: Mozilla application p11kit trust #2
#. Give the Module Name a title such as "System CA Trust Module". For the Module filename, paste in ``/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so`` and hit ``OK``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-3.png
:width: 60%
:alt: Mozilla application p11kit trust #3
.. tip:: The path to p11-kit-trust.so will be slightly different if your processor's architecture is not x86_64.
#. Verify that the new module shows up on the left hand side and select ``OK`` at the bottom right:
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-4.png
:width: 60%
:alt: Mozilla application p11kit trust #4
#. Restart Firefox
.. group-tab:: Arch/Garuda/CentOS/Fedora
No special steps are needed for Arch/Garuda/CentOS/Fedora.
.. group-tab:: Android
.. note:: You must use Firefox Beta on Android. The regular Firefox app will not work.
#. Tap ``Kebab Menu > Settings > About Firefox`` and tap the Firefox icon 5 times to enable "developer mode"
#. Go back to ``Kebab Menu > Settings > Secret Settings`` (at the bottom), and tap ``Use third party CA certificates``

2
site/source/misc-guides/index.rst
View File

@@ -8,6 +8,8 @@ Guides that do not fit into the categories of "devices" or "services."
.. toctree:: .. toctree::
:maxdepth: 1 :maxdepth: 1
ca-ff
tor-ff
attach-drive attach-drive
transfer-data transfer-data
upgrade-pi upgrade-pi

180
site/source/misc-guides/tor-ff.rst Normal file
View File

@@ -0,0 +1,180 @@
.. _ca-ff:
===========================
Configuring Firefox for Tor
===========================
.. tabs::
.. group-tab:: Mac
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Check the option labeled ``Use System Proxy Settings`` *and* the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion.
.. group-tab:: Windows
#. Download the ``Proxy Auto Config`` file to inform Firefox how to resolve `.onion` URLs. Click `here <https://start9.com/assets/proxy.pac>`_ to get the one offered by Start9. Save it somewhere you will not delete it, and remember where you save it. For example:
.. code-block::
C:\Program Files\Tor Browser\proxy.pac
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file://C:/Program Files/Tor Browser/proxy.pac
#. Check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion.
.. group-tab:: Linux
#. Download the `Proxy Auto Config` file to inform Firefox how to resolve `.onion` URLs. You can get Start9's standard file from a terminal, by using:
.. code-block::
sudo wget -P ~/ https://start9.com/assets/proxy.pac
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Determine the full path of `proxy.pac`, which we will use in step 9, by executing the following command in the terminal, and copying its output to your clipboard:
.. code-block::
echo file://$HOME/proxy.pac
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Select ``Automatic proxy configuration URL`` and paste the output from the command you performed in step 6. Be aware, the triple ``///`` is intentional, and your path *will* be different from the one below - namely, YOUR_LINUX_USERNAME will be your actual linux username:
.. code-block::
file:///home/YOUR_LINUX_USERNAME/proxy.pac
.. figure:: /_static/images/tor/firefox_proxy_linux.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Check the box labeled ``Proxy DNS when using SOCKS v5`` in the image above
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion.
.. group-tab:: Android
#. Download the `Proxy Auto Config` file to inform Firefox how to resolve `.onion` URLs. We have one hosted `here <https://start9.com/assets/proxy.pac>`_
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.proxy.autoconfig_url``, and set the value to ``file:///storage/emulated/0/Download/proxy.pac``. This is the default location of a the proxy.pac file downloaded in step 2, although your path may vary:
.. figure:: /_static/images/tor/autoconfig_url.png
:width: 30%
:alt: Firefox autoconfig url setting screenshot
#. Search for ``network.proxy.type`` into the search bar, and set the value to ``2``:
.. figure:: /_static/images/tor/network_proxy_type.png
:width: 30%
:alt: Firefox network proxy type setting screenshot
#. Search for ``network.proxy.socks_remote_dns``, and set the value to ``true``:
.. figure:: /_static/images/tor/socks_remote_dns.png
:width: 30%
:alt: Firefox socks remote dns setting screenshot
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist_mobile.png
:width: 30%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.http.referer.hideOnionsSource`` and set the value to ``true``
#. (**GrapheneOS users only**): Head to ``Settings -> Apps -> Firefox Beta -> Permissions -> Photos and videos -> Configure Storage Scopes -> ADD FILE``, then navigate to where you placed the proxy.pac file:
.. figure:: /_static/images/tor/storage-scopes-proxy.jpg
:width: 15%
#. Restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion.

16
site/source/user-manual/connecting-tor.rst
View File

@@ -3,13 +3,14 @@
=================== ===================
Connecting Remotely Connecting Remotely
=================== ===================
You can connect to your server and installed services from anywhere in the world, privately and anonymously, by using their unique Tor (`.onion`) URLs You can connect to your server and installed services from anywhere in the world, privately and anonymously, by using their unique Tor (`.onion`) URLs.
It is not currently supported to access your server and its installed services using a VPN. This functionality is coming in the next major release of StartOS.
.. note:: It is normal for Tor connections to be slow or unreliable at times .. note:: It is normal for Tor connections to be slow or unreliable at times
Running Tor on Your Phone/Computer (Recommended) Running Tor on Your Phone/Computer (Recommended)
------------------------------------------------ ------------------------------------------------
Select your OS:
- :ref:`Linux <tor-linux>` - :ref:`Linux <tor-linux>`
- :ref:`Mac <tor-mac>` - :ref:`Mac <tor-mac>`
@@ -21,12 +22,5 @@ Using the Tor Browser
--------------------- ---------------------
Using the official Tor Browser allows you to access `.onion` URLs without additional configuration. However, accessing clearnet (`.com`, `.org`, ect) websites will also be routed over Tor, making them slower, and `.local` URLs cannot be accessed at all. Using the official Tor Browser allows you to access `.onion` URLs without additional configuration. However, accessing clearnet (`.com`, `.org`, ect) websites will also be routed over Tor, making them slower, and `.local` URLs cannot be accessed at all.
Linux, Mac, Windows, Android #. Linux, Mac, Windows, Android: `Download Tor Browser <https://torproject.org/download/>`_
............................ #. iOS: lacks a well-functioning Tor Browser. We recommend following the guide above.
`Download Tor Browser <https://torproject.org/download/>`_
iOS
...
iOS lacks a well-functioning Tor Browser.

7
site/source/user-manual/initial-setup.rst
View File

@@ -9,14 +9,11 @@ Initial Setup
Starting Fresh Starting Fresh
-------------- --------------
#. If using Firefox (*recommended for all platform except iOS*) to connect to your server, you must complete the "Local" portion for your OS: #. Prepare your client device. If using Firefox (recommended), complete this short guide for your OS:
.. note:: Firefox is the only browser that can be configured to access both LAN (`.local`) and Tor (`.onion`) URLs, including extensions, without affecting normal browser functionality. For iOS, all browsers actually use Safari under the hood, so it is preferable not to stack unnecessary software on top of it. Just use Safari. .. note:: Firefox is the only browser that can be configured to access both LAN (`.local`) and Tor (`.onion`) URLs, including extensions, without affecting normal browser functionality. For iOS, all browsers actually use Safari under the hood, so it is preferable not to stack unnecessary software on top of it. Just use Safari.
- :ref:`Linux <ca-linux-ff>` - Mac/Windows/Linux/Android :ref:`Linux <ca-ff>`
- :ref:`Mac <ca-mac-ff>`
- :ref:`Windows <ca-windows-ff>`
- :ref:`Android <ca-android-ff>`
- iOS (use Safari) - iOS (use Safari)
#. Connect your server to power and Ethernet #. Connect your server to power and Ethernet