mirror of
https://github.com/Start9Labs/documentation.git
synced 2026-03-26 02:11:55 +00:00
clarify lan-tor setup
This commit is contained in:
Matt Hill
@@ -7,7 +7,7 @@ Complete this guide to trust your server's Root Certificate Authority (Root CA)
|
||||
|
||||
.. note:: This guide only applies to Android phones running Android v13+, as well as phones running CalyxOS, GrapheneOS, or LineageOS (v19+).
|
||||
|
||||
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
|
||||
#. Ensure you have already :ref:`downloaded your Root CA <download-root-ca>`
|
||||
|
||||
#. Tap **Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA Certificate > Install Anyway** and select your custom-named ``adjective-noun.local.crt`` certificate.
|
||||
|
||||
|
||||
@@ -3,21 +3,20 @@
|
||||
==============================
|
||||
Configuring Firefox on Android
|
||||
==============================
|
||||
|
||||
Download `Firefox Beta <https://play.google.com/store/apps/details?id=org.mozilla.firefox_beta>`_ from the Play Store, or `Fennec <https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/>`_ from F-Droid.
|
||||
|
||||
.. caution:: You must use **Firefox Beta** on Android. Regular Firefox does not permit advanced configuration.
|
||||
|
||||
Local
|
||||
-----
|
||||
Local (required for initial setup)
|
||||
----------------------------------
|
||||
#. Ensure you have already :ref:`trusted your Root CA<ca-android>` on your Android device
|
||||
|
||||
#. Tap ``Kebab Menu > Settings > About Firefox`` and tap the Firefox icon 5 times to enable "developer mode"
|
||||
|
||||
#. Go back to ``Kebab Menu > Settings > Secret Settings`` (at the bottom), and tap ``Use third party CA certificates``
|
||||
|
||||
Tor
|
||||
---
|
||||
Tor (can be completed later)
|
||||
----------------------------
|
||||
#. Ensure you are already :ref:`running Tor<tor-android>` on your Android device
|
||||
|
||||
#. Download the `Proxy Auto Config` file that will use Orbot to resolve `.onion` URLs. We have one hosted `here <https://start9.com/assets/proxy.pac>`_
|
||||
|
||||
@@ -5,7 +5,7 @@ Trusting Your Server's Root CA on iOS
|
||||
=====================================
|
||||
Complete this guide to trust your server's Root Certificate Authority (Root CA) on iOS.
|
||||
|
||||
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
|
||||
#. Ensure you have already :ref:`downloaded your Root CA <download-root-ca>`
|
||||
|
||||
#. Open your iCloud Downloads folder and click on the certificate. It will display a dialog box that says "Profile Downloaded." Click `Close`.
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ Trusting Your Server's Root CA on Linux
|
||||
|
||||
These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc.
|
||||
|
||||
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
|
||||
#. Ensure you have already :ref:`downloaded your Root CA <download-root-ca>`
|
||||
|
||||
#. Perform the following commands in the Terminal:
|
||||
|
||||
@@ -37,7 +37,7 @@ Trusting Your Server's Root CA on Linux
|
||||
|
||||
.. group-tab:: Arch/Garuda
|
||||
|
||||
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
|
||||
#. Ensure you have already :ref:`downloaded your Root CA <download-root-ca>`
|
||||
|
||||
#. From the folder you have downloaded your Start9 server's Root CA, run the following commands. Take care to replace `adjective-noun` with your server's unique adjective-noun combination in the command below. If you have changed the certificate's filename, be sure to change it here.
|
||||
|
||||
@@ -51,7 +51,7 @@ Trusting Your Server's Root CA on Linux
|
||||
|
||||
.. group-tab:: CentOS/Fedora
|
||||
|
||||
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
|
||||
#. Ensure you have already :ref:`downloaded your Root CA <download-root-ca>`
|
||||
|
||||
#. In `/etc/systemd/resolved.conf`, ensure you have ``MulticastDNS=Yes``
|
||||
|
||||
|
||||
@@ -5,12 +5,10 @@ Configuring Firefox on Linux
|
||||
============================
|
||||
Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services.
|
||||
|
||||
Local
|
||||
-----
|
||||
Local (required for initial setup)
|
||||
----------------------------------
|
||||
This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their `blog post <https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/>`_ on the topic (TLDR: for security purposes).
|
||||
|
||||
#. Ensure you have already :ref:`trusted your server's Root CA<ca-linux>`
|
||||
|
||||
#. Select your distribution below and follow instructions:
|
||||
|
||||
.. tabs::
|
||||
@@ -49,24 +47,8 @@ This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla
|
||||
|
||||
#. Restart Firefox
|
||||
|
||||
#. When you visit your server URL using ``https``, you should see this symbol indicating a secure connection:
|
||||
|
||||
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
|
||||
:width: 80%
|
||||
:alt: Firefox security settings
|
||||
|
||||
#. If you see an exclamation point inside a triangle by the lock, it means you previously made a security exception in the browser. You will need to remove the exception by clicking the lock -> Connection not secure -> Remove Exception.
|
||||
|
||||
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
|
||||
:width: 80%
|
||||
:alt: Firefox - Remove security exception (Part 1)
|
||||
|
||||
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
|
||||
:width: 80%
|
||||
:alt: Firefox - Remove security exception (Part 2)
|
||||
|
||||
Tor
|
||||
---
|
||||
Tor (can be completed later)
|
||||
----------------------------
|
||||
#. Ensure you have already :ref:`set up Tor<tor-linux>`
|
||||
|
||||
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
|
||||
|
||||
@@ -5,7 +5,7 @@ Trusting Your Server's Root CA on Mac
|
||||
=====================================
|
||||
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Mac.
|
||||
|
||||
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
|
||||
#. Ensure you have already :ref:`downloaded your Root CA <download-root-ca>`
|
||||
|
||||
#. Locate your downloaded Root CA. Right click it and select *Show in Folder*:
|
||||
|
||||
|
||||
@@ -5,11 +5,8 @@ Configuring Firefox on Mac
|
||||
==========================
|
||||
Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services.
|
||||
|
||||
Local
|
||||
-----
|
||||
|
||||
#. Ensure you have already :ref:`trusted your server's Root CA<ca-mac>`
|
||||
|
||||
Local (required for initial setup)
|
||||
----------------------------------
|
||||
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
|
||||
|
||||
#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
|
||||
@@ -20,24 +17,8 @@ Local
|
||||
|
||||
#. Restart Firefox
|
||||
|
||||
#. When you visit your server URL using ``https``, you should see this symbol indicating a secure connection:
|
||||
|
||||
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
|
||||
:width: 80%
|
||||
:alt: Firefox security settings
|
||||
|
||||
#. If you see an exclamation point inside a triangle by the lock, it means you previously made a security exception in the browser. You will need to remove the exception by clicking the lock -> Connection not secure -> Remove Exception.
|
||||
|
||||
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
|
||||
:width: 80%
|
||||
:alt: Firefox - Remove security exception (Part 1)
|
||||
|
||||
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
|
||||
:width: 80%
|
||||
:alt: Firefox - Remove security exception (Part 2)
|
||||
|
||||
Tor
|
||||
---
|
||||
Tor (can be completed later)
|
||||
----------------------------
|
||||
#. Ensure you have already :ref:`set up Tor<tor-mac>`
|
||||
|
||||
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
|
||||
|
||||
@@ -5,9 +5,9 @@ Trusting Your Server's Root CA on Windows
|
||||
=========================================
|
||||
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Windows.
|
||||
|
||||
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
|
||||
#. Ensure you have already :ref:`downloaded your Root CA <download-root-ca>`
|
||||
|
||||
#. Ensure you have already `installed bonjour </getting-started/connecting-lan/#windows-only>`_
|
||||
#. Ensure you have already :ref:`installed bonjour <connecting-lan-windows>`
|
||||
|
||||
#. Click the “Start” menu, type “mmc”, and select "Run as administrator" to access the Windows Management Console.
|
||||
|
||||
|
||||
@@ -5,11 +5,8 @@ Configuring Firefox on Windows
|
||||
==============================
|
||||
Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services.
|
||||
|
||||
Local
|
||||
-----
|
||||
|
||||
#. Ensure you have already :ref:`trusted your server's Root CA<ca-mac>`
|
||||
|
||||
Local (required for initial setup)
|
||||
----------------------------------
|
||||
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
|
||||
|
||||
#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
|
||||
@@ -20,24 +17,8 @@ Local
|
||||
|
||||
#. Restart Firefox
|
||||
|
||||
#. When you visit your server URL using ``https``, you should see this symbol indicating a secure connection:
|
||||
|
||||
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
|
||||
:width: 80%
|
||||
:alt: Firefox security settings
|
||||
|
||||
#. If you see an exclamation point inside a triangle by the lock, it means you previously made a security exception in the browser. You will need to remove the exception by clicking the lock -> Connection not secure -> Remove Exception.
|
||||
|
||||
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
|
||||
:width: 80%
|
||||
:alt: Firefox - Remove security exception (Part 1)
|
||||
|
||||
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
|
||||
:width: 80%
|
||||
:alt: Firefox - Remove security exception (Part 2)
|
||||
|
||||
Tor
|
||||
---
|
||||
Tor (can be completed later)
|
||||
----------------------------
|
||||
#. Ensure you have already :ref:`set up Tor<tor-mac>`
|
||||
|
||||
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
|
||||
|
||||
@@ -3,13 +3,13 @@
|
||||
===================
|
||||
Configuring Firefox
|
||||
===================
|
||||
Firefox is a privacy-focused browser that can be configured to resolve LAN (`.local`) URLs and Tor (`.onion`) URLs without affecting normal browser functionality. We highly recommend using Firefox for connecting to your server and its installed services.
|
||||
Firefox is the only browser that can be configured to access both LAN (`.local`) and Tor (`.onion`) URLs, including extensions, without affecting normal browser functionality. We highly recommend using Firefox for connecting to your server and its installed services.
|
||||
|
||||
.. note:: For iOS, we recommend Safari instead of Firefox. That is because on iOS, all browsers use Safari under the hood anyway, so it is preferable not to stack unnecessary software on top of it.
|
||||
.. note:: For iOS, we recommend using Safari instead of Firefox. That is because on iOS, all browsers must use Safari under the hood, so it is preferable not to stack unnecessary software on top of it.
|
||||
|
||||
Select your OS:
|
||||
|
||||
- :ref:`Linux <ff-linux>`
|
||||
- :ref:`Mac <ff-mac>`
|
||||
- :ref:`Windows <ff-windows>`
|
||||
- :ref:`Android <ff-android>`
|
||||
- :ref:`Android (Firefox Beta) <ff-android>`
|
||||
|
||||
@@ -11,9 +11,20 @@ All clients
|
||||
|
||||
#. Follow instructions to :ref:`trust your server's Root CA<trust-ca>`
|
||||
|
||||
Windows Only
|
||||
If using Firefox (recommended)
|
||||
------------------------------
|
||||
#. Complete the "Local" portion for your OS. Use Safari for iOS.
|
||||
|
||||
- :ref:`Linux <ff-linux>`
|
||||
- :ref:`Mac <ff-mac>`
|
||||
- :ref:`Windows <ff-windows>`
|
||||
- :ref:`Android <ff-android>`
|
||||
|
||||
.. _connecting-lan-windows:
|
||||
|
||||
Windows only
|
||||
------------
|
||||
On Windows, it is currently necessary to install Bonjour Print Services in order to access the `.local` URLs of your installed services. With the release of StartOS v0.4.0, it will no longer be necessary.
|
||||
On Windows, it is necessary to install Bonjour Print Services in order to access the `.local` URLs of your installed services. In a future release of StartOS, this will no longer be necessary.
|
||||
|
||||
#. Simply install Bonjour Print Services from Apple: https://support.apple.com/kb/DL999
|
||||
|
||||
|
||||
@@ -3,13 +3,12 @@
|
||||
===================
|
||||
Connecting Remotely
|
||||
===================
|
||||
You can connect to your server from anywhere in the world, privately and anonymously, by using its unique Tor Address (`.onion` URL)
|
||||
You can connect to your server and installed services from anywhere in the world, privately and anonymously, by using their unique Tor (`.onion`) URLs
|
||||
|
||||
.. note:: It is normal for Tor connections to be slow or unreliable at times
|
||||
|
||||
Running Tor on Your Phone/Computer (Recommended)
|
||||
------------------------------------------------
|
||||
|
||||
Select your OS:
|
||||
|
||||
- :ref:`Linux <tor-linux>`
|
||||
@@ -18,8 +17,17 @@ Select your OS:
|
||||
- :ref:`Android <tor-android>`
|
||||
- :ref:`iOS <tor-ios>`
|
||||
|
||||
Using a Tor Browser
|
||||
-------------------
|
||||
Using Firefox (recommended)
|
||||
------------------------------
|
||||
#. Complete the "Tor" portion for your OS. Use Safari for iOS
|
||||
|
||||
- :ref:`Linux <ff-linux>`
|
||||
- :ref:`Mac <ff-mac>`
|
||||
- :ref:`Windows <ff-windows>`
|
||||
- :ref:`Android <ff-android>`
|
||||
|
||||
Using the Tor Browser
|
||||
---------------------
|
||||
Using the official Tor Browser allows you to access `.onion` URLs without additional configuration. However, accessing clearnet (`.com`, `.org`, ect) websites will also be routed over Tor, making them slower, and `.local` URLs cannot be accessed at all.
|
||||
|
||||
Linux, Mac, Windows, Android
|
||||
|
||||
@@ -4,9 +4,16 @@
|
||||
Initial Setup
|
||||
=============
|
||||
|
||||
#. If using Firefox (*highly recommended*) to connect to your server, you must complete the "Local" portion for your OS. For iOS, use Safari:
|
||||
|
||||
- :ref:`Linux <ff-linux>`
|
||||
- :ref:`Mac <ff-mac>`
|
||||
- :ref:`Windows <ff-windows>`
|
||||
- :ref:`Android <ff-android>`
|
||||
|
||||
#. Connect your server to power and Ethernet
|
||||
|
||||
#. From a client device (desktop/laptop/phone), open a browser and visit ``http://start.local``. Your client must be connected to the same Local Area Network (LAN) as your server. This usually means they are using the same router, either by ethernet or WiFi
|
||||
#. From a client device (desktop/laptop/phone), open a browser (Firefox recommended) and visit ``http://start.local``. Your client device must be connected to the same Local Area Network (LAN) as your server. This usually means they are using the same router, either by ethernet or WiFi
|
||||
|
||||
.. note:: If you are `not` using a Raspberry Pi, you can also plug a monitor and keyboard into the server. This is known as "Kiosk mode".
|
||||
|
||||
@@ -20,6 +27,7 @@ If you are experiencing issues with setup, try the following:
|
||||
|
||||
#. Confirm that the server is plugged into both power `and` Ethernet
|
||||
#. Confirm your phone/computer is `not` connected to a "Guest" network
|
||||
#. If using Firefox (recommended) from Mac, Windows or Android, ensure you have set ``security.enterprise_roots.enable`` to ``true`` in ``about:config`` per the :ref:`instructions<configuring-ff>`
|
||||
#. Confirm your phone/computer is not using a VPN, or that if you are, that it allows LAN connections, such as the examples below:
|
||||
|
||||
- Mullvad - Go to "Settings -> VPN Settings -> Local Network Sharing"
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 274 KiB |
@@ -6,33 +6,42 @@ Trusting Your Root CA
|
||||
|
||||
Download and trust your server's Root Certificate Authority (Root CA) to establish a secure (HTTPS) connection with your server, and to enhance speeds over Tor.
|
||||
|
||||
.. warning:: If using Firefox (recommended), ensure you have completed the "Local" portion for your OS:
|
||||
:ref:`Linux <ff-linux>`,
|
||||
:ref:`Mac <ff-mac>`,
|
||||
:ref:`Windows <ff-windows>`,
|
||||
:ref:`Android <ff-android>`
|
||||
|
||||
.. _download-root-ca:
|
||||
|
||||
Downloading Root CA
|
||||
===================
|
||||
1. Downloading
|
||||
==============
|
||||
There are multiple ways to obtain your server's Root CA.
|
||||
|
||||
After Initial Setup
|
||||
-------------------
|
||||
You will be directed to your server's **http**://adjective-noun.local. Follow the on screen instructions to complete these mandatory steps.
|
||||
|
||||
.. note:: You can click "SKIP" to forego trusting your Root CA (not recommended) and bypass the browser's security warning.
|
||||
a. After Initial Setup
|
||||
----------------------
|
||||
To download and trust your Root CA following initial setup, simply follow the on-screen instructions
|
||||
|
||||
.. figure:: /_static/images/setup/trust-ca.png
|
||||
:width: 40%
|
||||
:alt: Trust your Root CA
|
||||
|
||||
From StartOS-info.html File
|
||||
----------------------------
|
||||
.. note:: You can click "SKIP" to forego trusting your Root CA (not recommended) and then manually bypass the browser's security warning.
|
||||
|
||||
b. From StartOS-info.html File
|
||||
------------------------------
|
||||
You can download your Root CA by clicking "Download certificate" in the file downloaded at the end of initial setup.
|
||||
|
||||
.. figure:: /_static/images/setup/startos-address-info.png
|
||||
:width: 40%
|
||||
:alt: StartOS address info
|
||||
|
||||
In StartOS UI
|
||||
-------------
|
||||
c. Sending to yourself
|
||||
----------------------
|
||||
Once you have downloaded your Root CA on any device, you can simply send the file to yourself using email, messaging app, or other file sharing technique.
|
||||
|
||||
d. In StartOS UI
|
||||
----------------
|
||||
You can find your server's Root CA inside the StartOS dashboard.
|
||||
|
||||
#. Navigate to `System > Root CA` and click `Download Certificate`
|
||||
@@ -43,9 +52,8 @@ You can find your server's Root CA inside the StartOS dashboard.
|
||||
|
||||
.. _trust-root-ca:
|
||||
|
||||
Establishing Trust
|
||||
==================
|
||||
|
||||
2. Trusting
|
||||
===========
|
||||
To trust your Root CA, select your operating system and follow the guide:
|
||||
|
||||
- :ref:`Linux <ca-linux>`
|
||||
|
||||
Reference in New Issue
Block a user