Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-26 10:21:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Feat/re arrange (#475)

Browse Source 
* move things around a lot

* move up a layer

* some edits

* rename some paths
This commit is contained in:
Matt Hill
2023-08-15 13:31:05 -06:00
committed by GitHub
parent 3f8d6b8c02
commit adcff208ac
76 changed files with 1223 additions and 1278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
site/source/developer-docs/specification/instructions.rst
View File

@@ -25,7 +25,6 @@ Below is the markdown file for Start9 Pages' instructions, as shown above:
When you first install Start9 Pages, there will be a default Homepage hosted at the root, <tor-address>.onion. You can change the behavior of this page, and you can also create Subdomain websites. For example, one site could be hello.<tor-address>.onion and another could be goodbye.<tor-address>.onion. What is served from the Homepage and each Subdomain is totally up to you.
Self-hosting Tor websites using Start9 Pages is easy, permissionless, and censorship-resistant; there are no trusted third parties involved.
Anyone can do it. No one can stop it.
## Instructions

52
site/source/getting-started/configuring-ff.rst Normal file
View File

@@ -0,0 +1,52 @@
.. _connecting-ff:
===================
Configuring Firefox
===================
Firefox is a privacy-focused browser that can be configured to resolve LAN (`.local`) URLs and Tor (`.onion`) URLs without affecting normal browser functionality. We highly recommend using Firefox for connecting to your server and its installed services.
.. note:: For iOS, we recommend Safari instead of Firefox. That is because on iOS, all browsers use Safari under the hood anyway, so it is preferable not to stack unnecessary software on top of it.
Select your OS:
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Linux
:link: ../../../../guides/device-guides/linux/ff-linux
:icon: scylla-icon scylla-icon--linux
:class: large-4
:anchor: View
Configuring Firefox on Linux
.. topic-box::
:title: Mac
:link: ../../../../guides/device-guides/mac/ff-mac
:icon: scylla-icon scylla-icon--apple
:class: large-4
:anchor: View
Configuring Firefox on Mac
.. topic-box::
:title: Windows
:link: ../../../../guides/device-guides/windows/ff-windows
:icon: scylla-icon scylla-icon--windows
:class: large-4
:anchor: View
Configuring Firefox on Windows
.. topic-box::
:title: Android
:link: ../../../../guides/device-guides/android/ff-android
:icon: scylla-icon scylla-icon--android
:class: large-4
:anchor: View
Configuring Firefox on Android

20
site/source/getting-started/connecting-lan.rst Normal file
View File

@@ -0,0 +1,20 @@
.. _connecting-lan:
==================
Connecting Locally
==================
When connected to the same Local Area Network (LAN) as your server, you can use its `.local` URLs for fast and secure connections.
All clients
-----------
#. Ensure your client device (phone/laptop) is connected to the same Local Area Network (LAN) as your server. This usually means your server and your client device are using the same router, either by ethernet or WiFi
#. Follow instructions to :ref:`trust your server's Root CA<trust-ca>`
Windows Only
------------
On Windows, it is currently necessary to install Bonjour Print Services in order to access the `.local` URLs of your installed services. With the release of StartOS v0.4.0, it will no longer be necessary.
#. Simply install Bonjour Print Services from Apple: https://support.apple.com/kb/DL999
.. warning:: Bonjour can be unreliable. If your `local` URLs suddenly stop working, you may need to uninstall and re-install Bonjour. Go to `System Settings > Remove Programs`, uninstall Bonjour `and` Bonjour Print Services, re-install Bonjour Print Services from the link above, then restart Windows.

76
site/source/getting-started/connecting-tor.rst Normal file
View File

@@ -0,0 +1,76 @@
.. _connecting-tor:
===================
Connecting Remotely
===================
You can connect to your server from anywhere in the world, privately and anonymously, by using its unique Tor Address (`.onion` URL)
.. note:: It is normal for Tor connections to be slow or unreliable at times
Running Tor Natively on Your Phone/Computer (Recommended)
---------------------------------------------------------
Select your OS below:
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Linux
:link: ../../../../guides/device-guides/linux/tor-linux
:icon: scylla-icon scylla-icon--linux
:class: large-4
:anchor: View
Running Tor on Linux
.. topic-box::
:title: Mac
:link: ../../../../guides/device-guides/mac/tor-mac
:icon: scylla-icon scylla-icon--apple
:class: large-4
:anchor: View
Running Tor on Mac
.. topic-box::
:title: Windows
:link: ../../../../guides/device-guides/windows/tor-windows
:icon: scylla-icon scylla-icon--windows
:class: large-4
:anchor: View
Running Tor on Windows
.. topic-box::
:title: Android
:link: ../../../../guides/device-guides/android/tor-android
:icon: scylla-icon scylla-icon--android
:class: large-4
:anchor: View
Running Tor on Android
.. topic-box::
:title: iOS
:link: ../../../../guides/device-guides/ios/tor-ios
:icon: scylla-icon scylla-icon--ios
:class: large-4
:anchor: View
Running Tor on iOS
Using The Tor Browser
---------------------
Using the official Tor Browser allows you to access `.onion` URLs without additional configuration. However, accessing clearnet (`.com`, `.org`, ect) websites will also be routed over Tor, making them slower, and `.local` URLs cannot be accessed at all.
* Linux, Mac, Windows, Android
* `Tor Browser <https://torproject.org/download/>`_
* iOS
* iOS lacks a well-functioning Tor Browser. Instead, we recommend :ref:`using Safari with Orbot<tor-ios>`.

67
site/source/getting-started/index.rst Normal file
View File

@@ -0,0 +1,67 @@
.. _getting-started:
===============
Getting Started
===============
The guides below are considered mandatory for a safe and smooth experience with StartOS
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Initial Setup
:link: initial-setup
:icon: scylla-icon scylla-icon--home
:class: large-4
:anchor: View
Step by step instructions for setting up your server
.. topic-box::
:title: Trusting your Root CA
:link: trust-ca
:icon: scylla-icon scylla-icon--testing
:class: large-4
:anchor: View
Use encryption for a secure connection to your server
.. topic-box::
:title: Configuring Firefox
:link: configuring-ff
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: View
Configure Firefox for optimal Local and Tor connectivity
.. topic-box::
:title: Connecting Locally
:link: connecting-lan
:icon: scylla-icon scylla-icon--networking
:class: large-4
:anchor: View
Connect to your server while on the same LAN
.. topic-box::
:title: Connecting Remotely
:link: connecting-tor
:icon: scylla-icon scylla-icon--networking
:class: large-4
:anchor: View
Connect to your server remotely using Tor
.. toctree::
:hidden:
:maxdepth: 2
initial-setup
trust-ca
configuring-ff
connecting-lan
connecting-tor

74
site/source/getting-started/initial-setup.rst Normal file
View File

@@ -0,0 +1,74 @@
.. _initial-setup:
=============
Initial Setup
=============
Follow the instructions below to set up your server for the first time.
#. Connect your server to power and Ethernet
#. From a client device (desktop/laptop/phone), open a browser and visit ``http://start.local``. Your client must be connected to the same Local Area Network (LAN) as your server. This usually means they are using the same router, either by ethernet or WiFi
.. note:: If you are `not` using a Raspberry Pi, you can also plug a monitor and keyboard into the server.
#. Select ``Start Fresh``
.. figure:: /_static/images/setup/screen0-startfresh_or_recover.jpg
:width: 50%
:alt: Fresh Setup
#. Select your storage drive. In most cases, there will be only one
.. figure:: /_static/images/setup/screen4-select_storage.jpg
:width: 50%
:alt: Select Drive
#. Create a master password for your server and click ``Finish``
.. warning:: Choose a strong master password. Write it down. Store it somewhere safe. DO NOT LOSE IT.
.. figure:: /_static/images/setup/screen5-set_password.jpg
:width: 50%
:alt: Create New Password
#. StartOS will initialize. This can take a few minutes
.. figure:: /_static/images/setup/screen6-storage_initialize.jpg
:width: 50%
:alt: SSD Initialization
#. Click the ``Download`` button to download a file containing the URLs (`.local` and `.onion`) and Root CA of your server. Keep this file for future reference.
.. note:: If you connected a monitor, you will `not` see the download button
.. figure:: /_static/images/setup/screen7-startfresh_complete.jpg
:width: 50%
:alt: Setup Complete
#. Setup complete! Click ``Login to StartOS`` to access your new server
.. figure:: /_static/images/setup/screen9-startfresh_complete-savedfile-go_to_start_login.jpg
:width: 50%
:alt: Setup Complete
.. _setup-troubleshooting:
Troubleshooting
---------------
If you are experiencing issues with setup, try the following:
#. Confirm that the server is plugged into both power `and` Ethernet
#. Confirm your phone/computer is `not` connected to a "Guest" network
#. Confirm your phone/computer is not using a VPN, or that if you are, that it allows LAN connections, such as the examples below:
- Mullvad - Go to "Settings -> VPN Settings -> Local Network Sharing"
- ProtonVPN - Go to "Preferences -> Connection -> Allow LAN Connections"
#. Visit or refresh (ctrl+shift+R - Linux/Windows, cmd+shift+R - Mac) the start.local page in a web browser
#. To avoid networking issues, it is recommended to use your `primary` router, not an extender or mesh router
#. Very rarely, your firewall settings may block mDNS. In this case:
- From your browser, navigate to your router configuration settings. This is usually an IP address such as 192.168.1.1. A simple web search will usually reveal how to access the router configuration settings for a particular brand.
- Once in the router config settings, find the section that lists the devices on your network. You should see a device labeled ``start``. Take note of the associated IP address and enter it into your browser's URL field to enter the setup.
You can always to `reach out to support <https://start9.com/contact>`_ if you need a hand.

73
site/source/getting-started/trust-ca.rst Normal file
View File

@@ -0,0 +1,73 @@
.. _trust-ca:
=====================
Trusting Your Root CA
=====================
Download and trust your server's Root Certificate Authority (Root CA) to enable encrypted communications locally and enhance speeds over Tor.
Download Your Server's Root CA
------------------------------
Your server's Root CA was included in the downloaded file at the end of initial setup. If you do not have that file, you can find your server's Root CA inside the StartOS dashboard.
#. Navigate to `System > Root CA` and click `Download Certificate`
.. figure:: /_static/images/ssl/lan_setup.png
:width: 40%
:alt: LAN setup menu item
Trust Your Server's Root CA
---------------------------
Select your OS:
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Linux
:link: ../../../../guides/device-guides/linux/ca-linux/
:icon: scylla-icon scylla-icon--linux
:class: large-4
:anchor: View
Trust your Root CA on Linux
.. topic-box::
:title: Mac
:link: ../../../../guides/device-guides/mac/ca-mac
:icon: scylla-icon scylla-icon--apple
:class: large-4
:anchor: View
Trust your Root CA on Mac
.. topic-box::
:title: Windows
:link: ../../../../guides/device-guides/windows/ca-windows
:icon: scylla-icon scylla-icon--windows
:class: large-4
:anchor: View
Trust your Root CA on Windows
.. topic-box::
:title: Android
:link: ../../../../guides/device-guides/android/ca-android
:icon: scylla-icon scylla-icon--android
:class: large-4
:anchor: View
Trust your Root CA on Android
.. topic-box::
:title: iOS
:link: ../../../../guides/device-guides/ios/ca-ios
:icon: scylla-icon scylla-icon--ios
:class: large-4
:anchor: View
Trust your Root CA on iOS

16
site/source/guides/device-guides/android/ca-android.rst Normal file
View File

@@ -0,0 +1,16 @@
.. _ca-android:
=========================================
Trusting Your Server's Root CA on Android
=========================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Android.
.. note:: This guide only applies to Android phones running Android v13+, as well as phones running CalyxOS, GrapheneOS, or LineageOS (v19+).
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
#. Tap **Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA Certificate > Install Anyway** and select your custom-named ``adjective-noun.local.crt`` certificate.
.. figure:: /_static/images/ssl/android/droidLAN2.png
:width: 15%
:alt: Install certificate

81
site/source/guides/device-guides/android/ff-android.rst Normal file
View File

@@ -0,0 +1,81 @@
.. _ff-android:
==============================
Configuring Firefox on Android
==============================
Download `Firefox Beta <https://play.google.com/store/apps/details?id=org.mozilla.firefox_beta>`_ from the Play Store, or `Fennec <https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/>`_ from F-Droid.
.. caution:: You must use **Firefox Beta** on Android. Regular Firefox does not permit advanced configuration.
Local
-----
#. Ensure you have already :ref:`trusted your Root CA<ca-android>` on your Android device
#. Tap ``Kebab Menu > Settings > About Firefox`` and tap the Firefox icon 5 times to enable "developer mode"
#. Go back to ``Kebab Menu > Settings > Secret Settings`` (at the bottom), and tap ``Use third party CA certificates``
Tor
---
#. Ensure you are already :ref:`running Tor<tor-android>` on your Android device
#. Download the `Proxy Auto Config` file that will use Orbot to resolve `.onion` URLs. We have one hosted `here <https://start9.com/assets/proxy.pac>`_
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``network.proxy.autoconfig_url``, and set the value to ``file:///storage/emulated/0/Download/proxy.pac``. This is the default location of a the proxy.pac file downloaded in step 2, although your path may vary:
.. figure:: /_static/images/tor/autoconfig_url.png
:width: 30%
:alt: Firefox autoconfig url setting screenshot
#. Navigate to ``about:config`` in the Firefox URL bar:
.. figure:: /_static/images/tor/about_config.png
:width: 30%
:alt: Firefox about config
#. Search for ``network.proxy.type`` into the search bar, and set the value to ``2``:
.. figure:: /_static/images/tor/network_proxy_type.png
:width: 30%
:alt: Firefox network proxy type setting screenshot
#. Search for ``network.proxy.socks_remote_dns``, and set the value to ``true``:
.. figure:: /_static/images/tor/socks_remote_dns.png
:width: 30%
:alt: Firefox socks remote dns setting screenshot
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist_mobile.png
:width: 30%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets_droid.png
:width: 30%
:alt: Firefox allow insecure websockets over https
#. Search for ``network.http.referer.hideOnionsSource`` and set the value to ``true``
#. (**GrapheneOS users only**): Head to ``Settings -> Apps -> Firefox Beta -> Permissions -> Photos and videos -> Configure Storage Scopes -> ADD FILE``, then navigate to where you placed the proxy.pac file:
.. figure:: /_static/images/tor/storage-scopes-proxy.jpg
:width: 15%
#. Restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services
Install StartOS as a PWA
------------------------
Depending on your version of Firefox, you may be prompted to "Add to Home screen", when visiting your main UI. If you do this, you can access your UI as a Progressive Web App (PWA), meaining that all browser context is removed, and StartOS will behave as a native Android app!
If you are not prompted, or skipped that screen, simply go to the **Kebab (Settings) Menu > Install** while visiting your server's UI to complete the action.

47
site/source/guides/device-guides/android/index.rst Normal file
View File

@@ -0,0 +1,47 @@
.. _android:
=======
Android
=======
It is recommended you complete all of the guides below.
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: ca-android
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: View
Trust your server's Root Certificate Authority for fast, secure connections
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-android
:class: large-4
:anchor: View
Run Tor natively for remote connectivity
.. topic-box::
:title: Configure Firefox
:link: ff-android
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: View
Configure Firefox for an optimal browser experience
.. toctree::
:maxdepth: 4
:hidden:
ca-android
tor-android
ff-android

0
site/source/guides/device-guides/dg-android/tor-android.rst → site/source/guides/device-guides/android/tor-android.rst
View File

74
site/source/guides/device-guides/dg-android/ff-android.rst
View File

@@ -1,74 +0,0 @@
.. _ff-android:
===============================
Configuring Firefox for Android
===============================
Mozilla provides some of the most flexible, secure, and freedom-principled applications for using the web. We highly recommend completing all configuration below.
.. caution:: Setups may strongly vary across different Android forks
LAN Config
----------
Configure Tor
-------------
Once you have :ref:`setup your Root CA<lan-android>` and :ref:`Tor is running on your device<tor-android>`, you can proceed to configure Firefox:
#. Download `Firefox Beta <https://play.google.com/store/apps/details?id=org.mozilla.firefox_beta>`_ from the Play Store, or `Fennec <https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/>`_ from F-Droid.
.. caution:: Regular Firefox offered in the Play Store will not allow this configuration - be sure to use Firefox Beta.
#. Next, download the `Proxy Auto Config` file that will use Orbot to resolve `.onion` URLs. We have one hosted `here <https://start9.com/assets/proxy.pac>`_.
#. Navigate to ``about:config`` in the Firefox URL bar.
.. figure:: /_static/images/tor/about_config.png
:width: 30%
:alt: Firefox about config
#. You are going to have to change a few options in here. First, type ``network.proxy.type`` into the search bar, and set the value to ``2``.
.. figure:: /_static/images/tor/network_proxy_type.png
:width: 30%
:alt: Firefox network proxy type setting screenshot
#. (This step is for GrapheneOS users **only**): Head to *Settings -> Apps -> Firefox Beta -> Permissions -> Photos and videos -> Configure Storage Scopes -> ADD FILE* then navigate to where you placed the proxy.pac file.
.. figure:: /_static/images/tor/storage-scopes-proxy.jpg
:width: 15%
#. (All users): Search for ``network.proxy.autoconfig_url``, and set the value to ``file:///storage/emulated/0/Download/proxy.pac``. This is the default location of a the proxy.pac file downloaded in step 2, although your path may vary.
.. figure:: /_static/images/tor/autoconfig_url.png
:width: 30%
:alt: Firefox autoconfig url setting screenshot
#. Search for ``network.proxy.socks_remote_dns``, and set the value to ``true``.
.. figure:: /_static/images/tor/socks_remote_dns.png
:width: 30%
:alt: Firefox socks remote dns setting screenshot
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``.
.. figure:: /_static/images/tor/firefox_allowlist_mobile.png
:width: 30%
:alt: Firefox whitelist onions screenshot
#. Finally, search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets_droid.png
:width: 30%
:alt: Firefox allow insecure websockets over https
#. Optional but recommended: search for ``network.http.referer.hideOnionsSource`` and set the value to ``true``.
#. Restart Firefox, and you're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can bookmark your Start9 services' ``.onion`` addresses, as well as use integrations, such as the :ref:`Bitwarden<vaultwarden-service>` browser extension.
Install StartOS as a PWA
------------------------
Depending on your version of Firefox, you may be prompted to "Add to Home screen", when visiting your main UI. If you do this, you can access your UI as a Progressive Web App (PWA), meaining that all browser context is removed, and StartOS will behave as a native Android app!
If you are not prompted, or skipped that screen, simply go to the **Kebab (Settings) Menu > Install** while visiting your server's UI to complete the action.

49
site/source/guides/device-guides/dg-android/index.rst
View File

@@ -1,49 +0,0 @@
.. _dg-android:
=======
Android
=======
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides. At minimum, you will want to set up your Root CA in the first guide.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-android
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Setup Orbot
:icon: scylla-icon scylla-icon--networking
:link: tor-android
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your Android device. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. topic-box::
:title: Configure Firefox
:link: ff-android
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: Config
Configure Firefox for an optimal experience with your server.
.. toctree::
:maxdepth: 4
:hidden:
lan-android
tor-android
ff-android

54
site/source/guides/device-guides/dg-android/lan-android.rst
View File

@@ -1,54 +0,0 @@
.. _lan-android:
=============================
Trust Your Root CA on Android
=============================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Android). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server's main UI, as well as that of all services.
.. note:: This guide applies to most Android phones running Android v13+, as well as phones running CalyxOS, GrapheneOS, or LineageOS (v19+).
Download Root CA
----------------
First, download your Start9 server's Root CA, if you have not already.
- Navigate to **System** -> **Root CA**, then click "Download Root CA".
.. figure:: /_static/images/ssl/lan_setup.png
:width: 40%
:alt: Navigate to System > Root CA
Alternatively, you can download to another machine, then transfer the file to your device.
Trust Root CA
-------------
.. tabs::
.. group-tab:: Android v13+
Tap **Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA Certificate > Install Anyway** and select your custom-named ``adjective-noun.local.crt`` certificate.
.. figure:: /_static/images/ssl/android/droidLAN2.png
:width: 15%
:alt: Install certificate
.. group-tab:: Android v12
.. caution:: Some phones running Android v12 will work, others won't. It depends on the vendor. Most Androids running v12 that we have tested do work with the exception of the Samsung Galaxy S10 which does not.
Tap **Settings > Security > Advanced > Encryption and Credentials > Install from Storage** and select your unique ``adjective-noun.local.crt`` certificate.
.. figure:: /_static/images/ssl/android/droidLAN0.png
:width: 15%
:alt: Install certificate
.. _lan-ff-android:
Configure Firefox
-----------------
On some devices, it may be necessary to also activate this setting in Firefox / Fennec:
#. Tap **Kebab Menu > Settings > About Firefox** and tap the Firefox icon 5 times to enable "developer mode."
#. Go back to **Kebab Menu > Settings > Secret Settings** (at the bottom), and tap "Use third party CA certificates" to enable the use of your system-wide Root CA.
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <ff-android>` guide, which we highly recommend.

39
site/source/guides/device-guides/dg-ios/index.rst
View File

@@ -1,39 +0,0 @@
.. _dg-ios:
===
iOS
===
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-ios
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Setup Orbot
:icon: scylla-icon scylla-icon--networking
:link: tor-ios
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your iOS device. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. toctree::
:maxdepth: 4
:hidden:
lan-ios
tor-ios

129
site/source/guides/device-guides/dg-linux/ff-linux.rst
View File

@@ -1,129 +0,0 @@
.. _ff-linux:
============================
Configuring Firefox on Linux
============================
Mozilla provides some of the most flexible, secure, and freedom-principled applications for using the web. We highly recommend completing all configuration below.
LAN Config
----------
This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their `blog post <https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/>`_ on the topic (TLDR: for security purposes).
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about changing advanced configuration preferences.
#. Search for *security.enterprise_roots.enabled* and double click on *false* so that it turns to *true*:
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
.. tabs::
.. group-tab:: Debian/Ubuntu
For each Mozilla-based application (Firefox, Firefox ESR, LibreWolf, Thunderbird, etc) you plan on using, you will need to complete the following guide. This is in order for them to trust your Start9 server's CA certificate directly from your Linux distribution's certificate trust store.
#. Select the hamgurger menu, then *Settings*, then search for "*security devices*", then select "*Security Devices...*"
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-1.png
:width: 60%
:alt: Mozilla application p11kit trust #1
#. When the Device Manager dialog window opens, select "*Load*"
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-2.png
:width: 60%
:alt: Mozilla application p11kit trust #2
#. Give the Module Name a title such as "*System CA Trust Module*" and for the Module filename, paste in ``/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so`` and hit *OK*:
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-3.png
:width: 60%
:alt: Mozilla application p11kit trust #3
#. Verify that the new module shows up on the left hand side and select *OK* at the bottom right:
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-4.png
:width: 60%
:alt: Mozilla application p11kit trust #4
.. group-tab:: Arch/Garuda
.. group-tab:: CentOS/Fedora
Now restart Firefox (or other Mozilla application), and log in to your server using ``https``. You should now see this symbol indicating a secure connection:
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
:width: 80%
:alt: Firefox security settings
.. tip:: If you see an exclamation point inside a triangle by the lock, you have made a security exception in the browser. You will need to remove it by clicking the lock and then "Connection not secure":
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
:width: 80%
:alt: Firefox - Remove security exception (Part 1)
Then click "Remove Exception":
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
:width: 80%
:alt: Firefox - Remove security exception (Part 2)
You should now see that the website is trusted as in the final step show above.
Tor Config
----------
.. caution::
This guide assumes you have completed :ref:`setting up Tor<tor-linux>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Next, search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file from a terminal, by using:
.. code-block::
sudo wget -P /etc/tor https://start9.com/assets/proxy.pac
#. Now, back in your Firefox web browser, select ``Settings`` from the right-hand hamburger menu:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. This should open a menu that will allow you to configure your proxy settings. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file:///etc/tor/proxy.pac
#. Then, check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and then restart Firefox for the changes to take effect.
#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can access tor service :ref:`WebUIs <web-ui>`, and use client integrations such as :ref:`Vaultwarden<vaultwarden-service>` apps and extensions. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`_.
If you still encounter issues, `contact support <https://start9.com/contact>`_.

59
site/source/guides/device-guides/dg-linux/index.rst
View File

@@ -1,59 +0,0 @@
.. _dg-linux:
=====
Linux
=====
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides. At minimum, you will want to set up your Root CA in the first guide.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-linux
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Backup Configuration
:link: backup-linux
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: Setup
Configure a Network Folder on your Linux machine (or attached external drive) to receive StartOS backups.
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-linux
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your Linux device. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. topic-box::
:title: Configure Firefox
:link: ff-linux
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: Config
Configure Firefox for an optimal experience with your server.
.. toctree::
:maxdepth: 4
:hidden:
lan-linux
backup-linux
tor-linux
ff-linux

83
site/source/guides/device-guides/dg-linux/lan-linux.rst
View File

@@ -1,83 +0,0 @@
.. _lan-linux:
================================
Trusting Your Start9 CA on Linux
================================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Windows). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server's main UI, as well as that of all services.
.. caution:: If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so.
Download Root CA
----------------
First, download your Start9 server's Root CA, if you have not already.
- Navigate to **System** -> **Root CA**, then click "Download Root CA".
.. figure:: /_static/images/ssl/lan_setup.png
:width: 40%
:alt: Navigate to System > Root CA
Alternatively, you can download to another machine, then transfer the file to your device.
Trust Root CA
-------------
.. tabs::
.. group-tab:: Debian/Ubuntu
These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc.
#. Perform the following commands in the Terminal:
.. code-block:: bash
sudo apt update
sudo apt install -y ca-certificates p11-kit
#. Move into the folder where you downloaded your Start9 server's Root CA (usually ``~/Downloads``), and run the following commands to add your Start9 server's CA certificate to the OS trust store:
.. caution:: BE CERTAIN to replace ``adjective-noun`` with your server's unique hostname in the 3rd and 4th commands below!
.. code-block:: bash
cd ~/Downloads
sudo mkdir -p /usr/share/ca-certificates/start9
sudo cp "adjective-noun.local.crt" /usr/share/ca-certificates/start9/
sudo bash -c "echo 'start9/adjective-noun.local.crt' >> /etc/ca-certificates.conf"
sudo update-ca-certificates
In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``. We highly recommend continuing on to our :ref:`Configuring Firefox <ff-linux>` guide.
.. group-tab:: Arch/Garuda
From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here):
.. code-block:: bash
sudo pacman -S ca-certificates
sudo cp "<custom-address>.crt" /etc/ca-certificates/trust-source/anchors/
sudo update-ca-trust
Despite no output from the last command, you can test your app right away.
.. group-tab:: CentOS/Fedora
First, ensure mDNS resolution is turned on so you can reach your server:
Ensure ``MulticastDNS=Yes`` is set in /etc/systemd/resolved.conf and then restart systemd-resolved:
.. code-block:: bash
sudo systemctl restart systemd-resolved
Trust your server's CA certificate:
From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here):
.. code-block:: bash
sudo yum install ca-certificates
sudo cp "<custom-address>.crt" /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <lan-ff>` guide, which we highly recommend.

81
site/source/guides/device-guides/dg-mac/ff-mac.rst
View File

@@ -1,81 +0,0 @@
.. _ff-mac:
==========================
Configuring Firefox on Mac
==========================
Here we will add your Start9 server's Root CA (Certificate Authority) to your system's certificate trust store to ensure that applications can verify connections to your services.
LAN Config
----------
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about changing advanced configuration preferences.
#. Search for *security.enterprise_roots.enabled* and double click on *false* so that it turns to *true*:
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
Now restart Firefox (or other Mozilla application), and log in to your server using ``https``. You should now see this symbol indicating a secure connection:
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
:width: 80%
:alt: Firefox security settings
.. tip:: If you see an exclamation point inside a triangle by the lock, you have made a security exception in the browser. You will need to remove it by clicking the lock and then "Connection not secure":
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
:width: 80%
:alt: Firefox - Remove security exception (Part 1)
Then click "Remove Exception":
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
:width: 80%
:alt: Firefox - Remove security exception (Part 2)
You should now see that the website is trusted as in the final step show above.
Tor Config
----------
.. caution::
This guide assumes you have completed :ref:`setting up Tor<tor-mac>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Next, search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Now go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Check the option labeled ``Use System Proxy Settings``
#. Check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and then restart Firefox for the changes to take effect.
#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`_.
If you still encounter issues, `contact support <https://start9.com/contact>`_.

69
site/source/guides/device-guides/dg-mac/index.rst
View File

@@ -1,69 +0,0 @@
.. _dg-mac:
===
Mac
===
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides. At minimum, you will want to set up your Root CA in the first guide.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-mac
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Backup Configuration
:link: backup-mac
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: Setup
Configure a Network Folder on your Mac (or attached external drive) to receive StartOS backups.
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-mac
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your Mac. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. topic-box::
:title: Configure Firefox
:link: ff-mac
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: Config
Configure Firefox for an optimal experience with your server.
.. topic-box::
:title: Screensharing
:link: screenshare-mac
:icon: scylla-icon scylla-icon--workshop
:class: large-4
:anchor: Share Screen
Guide to allow screensharing with a Start9 Support Tech.
.. toctree::
:maxdepth: 4
:hidden:
lan-mac
backup-mac
tor-mac
ff-mac
screenshare-mac

59
site/source/guides/device-guides/dg-windows/index.rst
View File

@@ -1,59 +0,0 @@
.. _dg-windows:
=======
Windows
=======
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides. At minimum, you will want to set up your Root CA in the first guide.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-windows
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Backup Configuration
:link: backup-windows
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: Setup
Configure a Network Folder on your Windows machine (or attached external drive) to receive StartOS backups.
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-windows
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your Windows device. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. topic-box::
:title: Configure Firefox
:link: ff-windows
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: Config
Configure Firefox for an optimal experience with your server.
.. toctree::
:maxdepth: 4
:hidden:
lan-windows
backup-windows
tor-windows
ff-windows

118
site/source/guides/device-guides/dg-windows/lan-windows.rst
View File

@@ -1,118 +0,0 @@
.. _lan-windows:
==================================
Trusting Your Start9 CA On Windows
==================================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Windows). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server's main UI, as well as that of all services.
Unfortunately, Windows does not have mDNS alias support built-in, which is necessary in order to visit .local addresses for any service you install on your Start9 server, so we recommend using the Bonjour service. Check out this :ref:`FAQ answer<why-bonjour>` for details.
.. note:: Some users who run through the following instructions have successfully connected to their LAN services only to have them stop working weeks or months later. We believe these issues to be due to changes in Windows. When this happens the fix is to simply reinstall Bonjour and Bonjour Print Services. A solution is being worked on and Bonjour will not be necessary to connect to your Start9 server for much longer.
Install Bonjour
---------------
#. Install `Bonjour Print Services <https://support.apple.com/kb/DL999>`_ on your Windows machine.
.. tip:: If you are still experiencing issues after installing Bonjour, you might have a faulty install.
In that case, run through the known fix:
#. Uninstall Bonjour and Bonjour Print Services completely via **System Settings > Remove Programs**
Note: Uninstalling Bonjour via the Bonjour Print Services setup package itself is not enough to solve the issue. Bonjour must be uninstalled via Windows' System Settings menu.
#. Install the Bonjour Print Services package from Apple:
https://support.apple.com/kb/DL999
#. Test to see if your .local name resolution issue is resolved. If not, restart Windows and then test again.
Download Root CA
----------------
Download your Start9 server's Root CA, if you have not already.
- Navigate to **System** -> **Root CA**, then click "Download Root CA".
.. figure:: /_static/images/ssl/lan_setup.png
:width: 40%
:alt: Navigate to System > Root CA
Alternatively, you can download the Root CA to another machine, then transfer the file to your client device.
Trust Root CA
-------------
#. Back in Windows, click the “Start” menu, type “mmc”, and select "Run as administrator" to access the Windows Management Console.
.. figure:: /_static/images/ssl/windows/0_windows_mmc.png
:width: 50%
:alt: Windows MMC
When prompted with the “User Account Control” window, select “Yes” to allow this program to run.
#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*.
.. figure:: /_static/images/ssl/windows/1_windows_console_root.png
:width: 50%
:alt: Windows Console Root
#. Select “Certificates” in the left side menu, then “Add”. This will open another window.
.. figure:: /_static/images/ssl/windows/2_windows_add_certificates.png
:width: 50%
:alt: Add Certificates
#. Select “Computer account” and click “Next". Leave defaulted options on the next screen and click “Finish”.
.. figure:: /_static/images/ssl/windows/3_snap_in_wizard.png
:width: 50%
:alt: Add Snap-in
#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”.
.. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png
:width: 50%
:alt: Snap-in Selected
#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
.. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png
:width: 50%
:alt: Certificates in Management Console
#. Right click on the “Certificates” directory, then navigate to *All Tasks > Import*.
.. figure:: /_static/images/ssl/windows/6_windows_import_cert.png
:width: 50%
:alt: Import certificate
#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and open it. Then click "Next".
.. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png
:width: 50%
:alt: Import cert wizard
#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. Then click "Finish" on the final screen.
.. figure:: /_static/images/ssl/windows/8_windows_import_cert_wizard.png
:width: 50%
:alt: Import cert wizard
#. Select “OK” when the import is successful.
.. figure:: /_static/images/ssl/windows/9_success.png
:width: 20%
:alt: Import success!
#. Verify your server's unique `<adjective-noun> Local Root CA` certificate is in the “Certificates” folder:
.. figure:: /_static/images/ssl/windows/10_successful_cert_install.png
:width: 50%
:alt: Successful cert install
#. You can save the console settings (where we added a snap-in), if desired. The CA certificate will remain imported to the CA certificate store either way, and you will likely use this guide if you need to import a new certificate.
.. figure:: /_static/images/ssl/windows/11_console_settings.png
:width: 20%
:alt: Console settings
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <lan-ff>` guide, which we highly recommend.

42
site/source/guides/device-guides/index.rst
View File

@@ -3,7 +3,7 @@
=============
Device Guides
=============
Guides for integrating your devices with your Start9 server.
Guides for integrating your client devices with your StartOS server.
.. raw:: html
@@ -13,55 +13,55 @@ Guides for integrating your devices with your Start9 server.
.. topic-box::
:title: Linux
:link: dg-linux
:link: linux
:icon: scylla-icon scylla-icon--linux
:class: large-4
:anchor: Connect
:anchor: View
Integrate Linux devices
Guides for Linux
.. topic-box::
:title: Mac
:link: dg-mac
:link: mac
:icon: scylla-icon scylla-icon--apple
:class: large-4
:anchor: Connect
:anchor: View
Integrate Mac devices
Guides for Mac
.. topic-box::
:title: Windows
:link: dg-windows
:link: windows
:icon: scylla-icon scylla-icon--windows
:class: large-4
:anchor: Connect
:anchor: View
Integrate Windows devices
Guides for Windows
.. topic-box::
:title: Android
:link: dg-android
:link: android
:icon: scylla-icon scylla-icon--android
:class: large-4
:anchor: Connect
:anchor: View
Integrate Android devices
Guides for Android
.. topic-box::
:title: iOS
:icon: scylla-icon scylla-icon--ios
:link: dg-ios
:link: ios
:class: large-4
:anchor: Connect
:anchor: View
Integrate iOS devices
Guides for iOS
.. toctree::
:maxdepth: 2
:hidden:
dg-linux/index
dg-mac/index
dg-windows/index
dg-android/index
dg-ios/index
linux/index
mac/index
windows/index
android/index
ios/index

23
site/source/guides/device-guides/dg-ios/lan-ios.rst → site/source/guides/device-guides/ios/ca-ios.rst
View File

@@ -1,22 +1,13 @@
.. _lan-ios:
.. _ca-ios:
=========================
Trust Your Root CA on iOS
=========================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (iOS). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server's main UI, as well as that of all services.
=====================================
Trusting Your Server's Root CA on iOS
=====================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on iOS.
This applies to iOS v15 and v16. For older versions, see the `v14 guide </0.3.1.x/user-manual/connecting/connecting-lan/lan-os/lan-ios>`_.
.. note:: This guide only applies to iOS v15+. For v14, see the `v14 guide </0.3.1.x/user-manual/connecting/connecting-lan/lan-os/lan-ios>`_.
#. Download the certificate to your Downloads folder
.. note::
In order to do this, open Safari and visit your Start9 server's .local URL while connected to WiFi, but make sure it is prefixed with ``http://`` and not ``https://``.
Log in using your password, then click the hamburger (3 lines) menu at the top right, select **System** > **Root CA** > **Download Root CA**. It may say `This website is trying to download a configuration profile. Do you want to allow this?` Click `Allow`.
Once this is done, you can skip to step 3, below.
If you downloaded the certificate from a browser such as Firefox, you will need to copy the file from that Downloads folder to your iCloud Downloads folder. Navigate there via `Files > iCloud Drive > Downloads`. Otherwise, the "Profile Download" dialog will not appear when you click on the file in the next step.
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
#. Open your iCloud Downloads folder and click on the certificate. It will display a dialog box that says "Profile Downloaded." Click `Close`.

37
site/source/guides/device-guides/ios/index.rst Normal file
View File

@@ -0,0 +1,37 @@
.. _ios:
===
iOS
===
It is recommended you complete all of the guides below.
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: ca-ios
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: View
Trust your server's Root Certificate Authority for fast, secure connections
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-ios
:class: large-4
:anchor: View
Run Tor natively for remote connectivity
.. toctree::
:maxdepth: 4
:hidden:
ca-ios
tor-ios

0
site/source/guides/device-guides/dg-ios/tor-ios.rst → site/source/guides/device-guides/ios/tor-ios.rst
View File

0
site/source/guides/device-guides/dg-linux/backup-linux.rst → site/source/guides/device-guides/linux/backup-linux.rst
View File

70
site/source/guides/device-guides/linux/ca-linux.rst Normal file
View File

@@ -0,0 +1,70 @@
.. _ca-linux:
=======================================
Trusting Your Server's Root CA on Linux
=======================================
.. caution:: If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so.
.. tabs::
.. group-tab:: Debian/Ubuntu
These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc.
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
#. Perform the following commands in the Terminal:
.. code-block:: bash
sudo apt update
sudo apt install -y ca-certificates p11-kit
#. Move into the folder where you downloaded your Start9 server's Root CA (usually ``~/Downloads``), and run the following commands to add your Start9 server's CA certificate to the OS trust store:
.. caution:: BE CERTAIN to replace ``adjective-noun`` with your server's unique hostname in the 3rd and 4th commands below!
.. code-block:: bash
cd ~/Downloads
sudo mkdir -p /usr/share/ca-certificates/start9
sudo cp "adjective-noun.local.crt" /usr/share/ca-certificates/start9/
sudo bash -c "echo 'start9/adjective-noun.local.crt' >> /etc/ca-certificates.conf"
sudo update-ca-certificates
In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``. We highly recommend continuing on to our :ref:`Configuring Firefox <ff-linux>` guide.
.. group-tab:: Arch/Garuda
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
#. From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here):
.. code-block:: bash
sudo pacman -S ca-certificates
sudo cp "<custom-address>.crt" /etc/ca-certificates/trust-source/anchors/
sudo update-ca-trust
Despite no output from the last command, you can test your app right away.
.. group-tab:: CentOS/Fedora
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
#. In `/etc/systemd/resolved.conf`, ensure you have ``MulticastDNS=Yes``
#. Restart systemd-resolved
.. code-block:: bash
sudo systemctl restart systemd-resolved
#. From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here)
.. code-block:: bash
sudo yum install ca-certificates
sudo cp "<custom-address>.crt" /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust

127
site/source/guides/device-guides/linux/ff-linux.rst Normal file
View File

@@ -0,0 +1,127 @@
.. _ff-linux:
============================
Configuring Firefox on Linux
============================
Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services.
Local
-----
This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their `blog post <https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/>`_ on the topic (TLDR: for security purposes).
#. Ensure you have already :ref:`trusted your server's Root CA<ca-linux>`
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``security.enterprise_roots.enabled`` and set it to ``true``:
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
#. Select your distribution below and follow instructions:
.. tabs::
.. group-tab:: Debian/Ubuntu
#. Select the hamburger menu -> ``Settings``. Search for ``security devices`` and select ``Security Devices...``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-1.png
:width: 60%
:alt: Mozilla application p11kit trust #1
#. When the Device Manager dialog window opens, select ``Load``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-2.png
:width: 60%
:alt: Mozilla application p11kit trust #2
#. Give the Module Name a title such as "System CA Trust Module". For the Module filename, paste in ``/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so`` and hit ``OK``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-3.png
:width: 60%
:alt: Mozilla application p11kit trust #3
#. Verify that the new module shows up on the left hand side and select ``OK`` at the bottom right:
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-4.png
:width: 60%
:alt: Mozilla application p11kit trust #4
.. group-tab:: Arch/Garuda/CentOS/Fedora
No special steps are needed for Arch/Garuda/CentOS/Fedora. Continue below.
#. Restart Firefox
#. When you visit your server URL using ``https``, you should see this symbol indicating a secure connection:
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
:width: 80%
:alt: Firefox security settings
#. If you see an exclamation point inside a triangle by the lock, it means you previously made a security exception in the browser. You will need to remove the exception by clicking the lock -> Connection not secure -> Remove Exception.
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
:width: 80%
:alt: Firefox - Remove security exception (Part 1)
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
:width: 80%
:alt: Firefox - Remove security exception (Part 2)
Tor
---
#. Ensure you have already :ref:`set up Tor<tor-mac>`
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Download a ``Proxy Auto Config`` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file from a terminal, by using:
.. code-block::
sudo wget -P /etc/tor https://start9.com/assets/proxy.pac
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. Your path may be different from the one below and the triple ``///`` is intentional
.. code-block::
file:///etc/tor/proxy.pac
#. Check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services

67
site/source/guides/device-guides/linux/index.rst Normal file
View File

@@ -0,0 +1,67 @@
.. _linux:
=====
Linux
=====
Recommended Guides
------------------
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: ca-linux
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: View
Trust your server's Root Certificate Authority for fast, secure connections
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-linux
:class: large-4
:anchor: View
Run Tor natively for remote connectivity
.. topic-box::
:title: Configure Firefox
:link: ff-linux
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: View
Configure Firefox for an optimal browser experience
Other Useful Guides
-------------------
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Backup Config
:link: backup-linux
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: View
Configure a Network Folder for storing StartOS backups
.. toctree::
:maxdepth: 4
:hidden:
ca-linux
tor-linux
ff-linux
backup-linux

0
site/source/guides/device-guides/dg-linux/tor-linux.rst → site/source/guides/device-guides/linux/tor-linux.rst
View File

0
site/source/guides/device-guides/dg-mac/backup-mac.rst → site/source/guides/device-guides/mac/backup-mac.rst
View File

26
site/source/guides/device-guides/dg-mac/lan-mac.rst → site/source/guides/device-guides/mac/ca-mac.rst
View File

@@ -1,23 +1,13 @@
.. _lan-mac:
.. _ca-mac:
================================
Trusting Your Start9 CA on macOS
================================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Mac). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server's main UI, as well as that of all services.
=====================================
Trusting Your Server's Root CA on Mac
=====================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Mac.
#. In your Start9 server's UI, navigate to **System** -> **LAN**
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
.. figure:: /_static/images/ssl/macos/trust-cert-macos-1-system-lan.png
:width: 60%
:alt: Navigate to System > Root CA
#. Click **Download Root CA** and your browser will either automatically save the certificate to your Downloads folder or ask you where to save it:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-2-download_cert.png
:width: 60%
:alt: Download Certificate
#. Among the browser's downloads, right click your certificate file and select *Show in Folder*:
#. Locate your downloaded Root CA. Right click it and select *Show in Folder*:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-3-show_in_folder.png
:width: 60%
@@ -60,5 +50,3 @@ Complete this guide to download your Start9 server's Root Certificate Authority
:alt: Keychain submenu
.. tip:: If the keychain console did not show the certificate as trusted, press "Command + spacebar" and type “Keychain Access”, and hit enter to re-open it.
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <lan-ff>` guide, which we highly recommend.

79
site/source/guides/device-guides/mac/ff-mac.rst Normal file
View File

@@ -0,0 +1,79 @@
.. _ff-mac:
==========================
Configuring Firefox on Mac
==========================
Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services.
Local
-----
#. Ensure you have already :ref:`trusted your server's Root CA<ca-mac>`
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
#. Restart Firefox
#. When you visit your server URL using ``https``, you should see this symbol indicating a secure connection:
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
:width: 80%
:alt: Firefox security settings
#. If you see an exclamation point inside a triangle by the lock, it means you previously made a security exception in the browser. You will need to remove the exception by clicking the lock -> Connection not secure -> Remove Exception.
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
:width: 80%
:alt: Firefox - Remove security exception (Part 1)
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
:width: 80%
:alt: Firefox - Remove security exception (Part 2)
Tor
---
#. Ensure you have already :ref:`set up Tor<tor-mac>`
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Check the option labeled ``Use System Proxy Settings`` *and* the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services

75
site/source/guides/device-guides/mac/index.rst Normal file
View File

@@ -0,0 +1,75 @@
.. _dg-mac:
===
Mac
===
Recommended Guides
------------------
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: ca-mac
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: View
Trust your server's Root Certificate Authority for fast, secure connections
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-mac
:class: large-4
:anchor: View
Run Tor natively for remote connectivity
.. topic-box::
:title: Configure Firefox
:link: ff-mac
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: View
Configure Firefox for an optimal browser experience
Other Useful Guides
-------------------
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Backup Config
:link: backup-mac
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: View
Configure a Network Folder for storing StartOS backups
.. topic-box::
:title: Screensharing
:link: screenshare-mac
:icon: scylla-icon scylla-icon--workshop
:class: large-4
:anchor: Share Screen
Guide to allow screensharing with a Start9 Support Tech.
.. toctree::
:maxdepth: 4
:hidden:
ca-mac
tor-mac
ff-mac
backup-mac
screenshare-mac

0
site/source/guides/device-guides/dg-mac/screenshare-mac.rst → site/source/guides/device-guides/mac/screenshare-mac.rst
View File

0
site/source/guides/device-guides/dg-mac/tor-mac.rst → site/source/guides/device-guides/mac/tor-mac.rst
View File

0
site/source/guides/device-guides/dg-windows/backup-windows.rst → site/source/guides/device-guides/windows/backup-windows.rst
View File

84
site/source/guides/device-guides/windows/ca-windows.rst Normal file
View File

@@ -0,0 +1,84 @@
.. _ca-windows:
=========================================
Trusting Your Server's Root CA on Windows
=========================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Windows.
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
#. Ensure you have already `installed bonjour </getting-started/connecting-lan/#windows-only>`_
#. Click the “Start” menu, type “mmc”, and select "Run as administrator" to access the Windows Management Console.
.. figure:: /_static/images/ssl/windows/0_windows_mmc.png
:width: 50%
:alt: Windows MMC
When prompted with the “User Account Control” window, select “Yes” to allow this program to run.
#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*.
.. figure:: /_static/images/ssl/windows/1_windows_console_root.png
:width: 50%
:alt: Windows Console Root
#. Select “Certificates” in the left side menu, then “Add”. This will open another window.
.. figure:: /_static/images/ssl/windows/2_windows_add_certificates.png
:width: 50%
:alt: Add Certificates
#. Select “Computer account” and click “Next". Leave defaulted options on the next screen and click “Finish”.
.. figure:: /_static/images/ssl/windows/3_snap_in_wizard.png
:width: 50%
:alt: Add Snap-in
#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”.
.. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png
:width: 50%
:alt: Snap-in Selected
#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
.. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png
:width: 50%
:alt: Certificates in Management Console
#. Right click on the “Certificates” directory, then navigate to *All Tasks > Import*.
.. figure:: /_static/images/ssl/windows/6_windows_import_cert.png
:width: 50%
:alt: Import certificate
#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and open it. Then click "Next".
.. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png
:width: 50%
:alt: Import cert wizard
#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. Then click "Finish" on the final screen.
.. figure:: /_static/images/ssl/windows/8_windows_import_cert_wizard.png
:width: 50%
:alt: Import cert wizard
#. Select “OK” when the import is successful.
.. figure:: /_static/images/ssl/windows/9_success.png
:width: 20%
:alt: Import success!
#. Verify your server's unique `<adjective-noun> Local Root CA` certificate is in the “Certificates” folder:
.. figure:: /_static/images/ssl/windows/10_successful_cert_install.png
:width: 50%
:alt: Successful cert install
#. You can save the console settings (where we added a snap-in), if desired. The CA certificate will remain imported to the CA certificate store either way, and you will likely use this guide if you need to import a new certificate.
.. figure:: /_static/images/ssl/windows/11_console_settings.png
:width: 20%
:alt: Console settings

0
site/source/guides/device-guides/dg-windows/ff-windows.rst → site/source/guides/device-guides/windows/ff-windows.rst
View File

67
site/source/guides/device-guides/windows/index.rst Normal file
View File

@@ -0,0 +1,67 @@
.. _windows:
=======
Windows
=======
Recommended Guides
------------------
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: ca-windows
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: View
Trust your server's Root Certificate Authority for fast, secure connections
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-windows
:class: large-4
:anchor: View
Run Tor natively for remote connectivity
.. topic-box::
:title: Configure Firefox
:link: ff-windows
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: View
Configure Firefox for an optimal browser experience
Other Useful Guides
-------------------
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Backup Config
:link: backup-windows
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: View
Configure a Network Folder for storing StartOS backups
.. toctree::
:maxdepth: 4
:hidden:
ca-windows
tor-windows
ff-windows
backup-windows

0
site/source/guides/device-guides/dg-windows/tor-windows.rst → site/source/guides/device-guides/windows/tor-windows.rst
View File

6
site/source/guides/service-guides/jellyfin/jellyfin-clients.rst
View File

@@ -25,7 +25,7 @@ Mobile Apps
Android
=======
Before proceeding, make sure your Android device has been setup to connect over :ref:`LAN <lan-android>`. If you are connecting over tor, you will need to :ref:`Setup Tor <tor-android>`.
Before proceeding, make sure your Android device has been setup to connect over :ref:`LAN <ca-android>`. If you are connecting over tor, you will need to :ref:`Setup Tor <tor-android>`.
1. Visit the app store of your choice and download the Jellyfin app.
@@ -34,7 +34,7 @@ Before proceeding, make sure your Android device has been setup to connect over
iOS
===
Before proceeding, make sure your Apple device has been setup to connect over :ref:`LAN <lan-ios>`. If you are connecting over tor, you will need to :ref:`Setup Tor <tor-ios>`.
Before proceeding, make sure your Apple device has been setup to connect over :ref:`LAN <ca-ios>`. If you are connecting over tor, you will need to :ref:`Setup Tor <tor-ios>`.
1. Open the Apple app store and download the Jellyfin app.
@@ -46,7 +46,7 @@ Desktop Apps
MacOS
=====
Before proceeding, make sure your Apple device has been setup to connect over :ref:`LAN <lan-mac>`.
Before proceeding, make sure your Apple device has been setup to connect over :ref:`LAN <ca-mac>`.
1. Download the .dmg file for `Jellyfin Media Player <https://github.com/jellyfin/jellyfin-media-player/releases>`_

4
site/source/guides/service-guides/nextcloud/nextcloud-setup/nextcloud-android.rst
View File

@@ -18,7 +18,7 @@ The latest version of the official Nextcloud client is available on their `downl
LAN Setup
=========
Make sure you have first set up :ref:`LAN access<lan-android>`.
Make sure you have first set up :ref:`LAN access<ca-android>`.
1. Open Nextcloud via your server's Services -> Nextcloud -> Launch UI
@@ -90,7 +90,7 @@ Make sure you have first set up :ref:`LAN access<lan-android>`.
:width: 30%
:alt: Nextcloud mobile app QR Code button
In this case, make sure you have :ref:`added your server's CA certificate to the Android trust store<lan-android>` as noted at the top of the `LAN Setup` section of this guide, close the Nextcloud mobile app and try again. Otherwise, proceed to the next step.
In this case, make sure you have :ref:`added your server's CA certificate to the Android trust store<ca-android>` as noted at the top of the `LAN Setup` section of this guide, close the Nextcloud mobile app and try again. Otherwise, proceed to the next step.
12. Android may ask you about Storage permissions. Grant "Full access":

2
site/source/guides/service-guides/nextcloud/nextcloud-setup/nextcloud-ios.rst
View File

@@ -18,7 +18,7 @@ The latest version of the official Nextcloud client is available on their `downl
LAN Setup
=========
Make sure you have first set up :ref:`LAN access<lan-ios>`.
Make sure you have first set up :ref:`LAN access<ca-ios>`.
1. Download the iOS Nextcloud client from `App Store <https://apps.apple.com/us/app/nextcloud/id1125420102>`_.
2. Open the client and tap "Log In".

6
site/source/guides/service-guides/nextcloud/nextcloud-setup/nextcloud-linux.rst
View File

@@ -16,7 +16,7 @@ Desktop Integrations
--------------------
Many Linux distributions ship with a Desktop Environment (DE) that supports Nextcloud account integration directly for use with their built-in calendars and other applications. It is recommended to try these first for the best possible experience with your particular flavor of Linux.
You will first need to :ref:`add your Root CA to your system<lan-linux>`.
You will first need to :ref:`add your Root CA to your system<ca-linux>`.
The following desktop environments support integrated account syncing, including Nextcloud:
@@ -37,7 +37,7 @@ This is Nextcloud's official client application for file syncing and account man
LAN Setup
.........
Make sure you have first set up :ref:`LAN access<lan-linux>`.
Make sure you have first set up :ref:`LAN access<ca-linux>`.
1. Open the client and click "Log In"
2. From your server's Nextcloud Service page, go to "Interfaces" and copy the LAN address
@@ -66,7 +66,7 @@ If you wish to use a standalone client for Calendar and Contacts, we recommend M
1. Install the Contacts and Calendar apps in Nextcloud.
2. Make sure you are on Thunderbird version 102.3.0 or greater and then import your LAN certificate:
- First, follow the :ref:`instructions for adding your Root CA to your system<lan-linux>` and then the :ref:`Thunderbird-specific instructions<lan-thunderbird>`.
- First, follow the :ref:`instructions for adding your Root CA to your system<ca-linux>` and then the :ref:`Thunderbird-specific instructions<lan-thunderbird>`.
3. Download the `TBSync` and `Provider for CalDAV & CardDAV` add-ons by searching for them in the "Tools -> Add-ons and Themes" menu.
4. Go back to "Tools -> Add-ons and Themes -> Extensions" and click the 'wrench' icon next to TBSync.

6
site/source/guides/service-guides/nextcloud/nextcloud-setup/nextcloud-mac.rst
View File

@@ -14,7 +14,7 @@ It is advised to setup your Nextcloud devices on LAN (if available) for the best
Native Desktop Integration
--------------------------
The smoothest experience will be using direct account integration with your Mac. First head into the top-righthand menu of your Nextcloud's WebUI and click "Apps," then search for and install the Calendar and/or Contacts Apps if you don't have them already (these are installed by default on the latest Nextcloud for StartOS). The steps below are adapted from the `Official Nextcloud guide <https://docs.nextcloud.com/server/24/user_manual/en/groupware/sync_osx.html>`_ and updated for the latest MacOS (Ventura). Make sure you have first set up :ref:`LAN access<lan-mac>`.
The smoothest experience will be using direct account integration with your Mac. First head into the top-righthand menu of your Nextcloud's WebUI and click "Apps," then search for and install the Calendar and/or Contacts Apps if you don't have them already (these are installed by default on the latest Nextcloud for StartOS). The steps below are adapted from the `Official Nextcloud guide <https://docs.nextcloud.com/server/24/user_manual/en/groupware/sync_osx.html>`_ and updated for the latest MacOS (Ventura). Make sure you have first set up :ref:`LAN access<ca-mac>`.
.. tabs::
@@ -107,7 +107,7 @@ This is Nextcloud's official client application for file syncing and account man
LAN Setup
.........
Make sure you have first set up :ref:`LAN access<lan-mac>`. Then do the following:
Make sure you have first set up :ref:`LAN access<ca-mac>`. Then do the following:
1. Download the appropriate desktop client from the `Nextcloud website <https://nextcloud.com/install/#install-clients>`_.
2. Open the client and click "Log In".
@@ -191,7 +191,7 @@ If you wish to use a standalone client for Calendar and Contacts, we recommend M
1. Install the Contacts and Calendar apps in Nextcloud.
2. Make sure you are on Thunderbird version 102.3.0 or greater and then import your LAN certificate:
- First, follow the :ref:`instructions for adding your Root CA to your system<lan-mac>` and then the :ref:`Thunderbird-specific instructions<lan-thunderbird>`.
- First, follow the :ref:`instructions for adding your Root CA to your system<ca-mac>` and then the :ref:`Thunderbird-specific instructions<lan-thunderbird>`.
3. Download the `TBSync` and `Provider for CalDAV & CardDAV` add-ons by searching for them in the "Tools -> Add-ons and Themes" menu.
4. Go back to "Tools -> Add-ons and Themes -> Extensions" and click the 'wrench' icon next to TBSync.

6
site/source/guides/service-guides/nextcloud/nextcloud-setup/nextcloud-windows.rst
View File

@@ -14,7 +14,7 @@ It is advised to setup your Nextcloud devices on LAN (if available) for the best
Native Desktop Integration
--------------------------
If you prefer to use Microsoft's integrated Calendar and Contacts apps with your Windows machine, you can integrate directly. First head into the top-righthand menu of your Nextcloud's WebUI and click "Apps," then search for and install the Calendar and/or Contacts Apps. The steps below are adapted from the `Official Nextcloud guide <https://docs.nextcloud.com/server/24/user_manual/en/groupware/sync_windows10.html>`_. Make sure you have first set up :ref:`LAN access<lan-windows>`.
If you prefer to use Microsoft's integrated Calendar and Contacts apps with your Windows machine, you can integrate directly. First head into the top-righthand menu of your Nextcloud's WebUI and click "Apps," then search for and install the Calendar and/or Contacts Apps. The steps below are adapted from the `Official Nextcloud guide <https://docs.nextcloud.com/server/24/user_manual/en/groupware/sync_windows10.html>`_. Make sure you have first set up :ref:`LAN access<ca-windows>`.
1. Launch the Windows Calendar app and click the gear icon (Settings), then select "Manage Accounts."
@@ -42,7 +42,7 @@ This is Nextcloud's official client application for file syncing and account man
LAN Setup
.........
Make sure you have first set up :ref:`LAN access<lan-windows>`. Then do the following:
Make sure you have first set up :ref:`LAN access<ca-windows>`. Then do the following:
1. Download the appropriate desktop client from https://nextcloud.com/install/#install-clients
2. Open the client and click "Log In"
@@ -72,7 +72,7 @@ If you wish to use a standalone client for Calendar and Contacts, we recommend M
1. Install the Contacts and Calendar apps in Nextcloud.
2. Make sure you are on Thunderbird version 102.3.0 or greater and then import your LAN certificate:
- First, follow the :ref:`instructions for adding your Root CA to your system<lan-windows>` and then the :ref:`Thunderbird-specific instructions<lan-thunderbird>`.
- First, follow the :ref:`instructions for adding your Root CA to your system<ca-windows>` and then the :ref:`Thunderbird-specific instructions<lan-thunderbird>`.
3. Download the `TBSync` and `Provider for CalDAV & CardDAV` add-ons by searching for them in the "Tools -> Add-ons and Themes" menu.
4. Go back to "Tools -> Add-ons and Themes -> Extensions" and click the 'wrench' icon next to TBSync.

10
site/source/guides/service-guides/vaultwarden/bitwarden-client-setup.rst
View File

@@ -116,7 +116,7 @@ Android
We suggest using Tor, however it is possible have a good experience with LAN. Once synced, your app and all your passwords will be cached and available when you are on the go and not connected to your Start9 Server, and you will only need to be on LAN to update any edits to your vault.
Begin by :ref:`setting up LAN <lan-android>` on your device.
Begin by :ref:`setting up LAN <ca-android>` on your device.
#. Visit your app store of choice and download the Bitwarden app. Once downloaded and installed, let's go into Orbot, and add the app to the VPN apps list. You may need to hit the refresh button in the top left to get it to populate.
@@ -149,7 +149,7 @@ iOS
Begin by :ref:`setting up Tor <tor-ios>` on your iPhone.
You will also need :ref:`LAN access <lan-ios>` setup on your iPhone.
You will also need :ref:`LAN access <ca-ios>` setup on your iPhone.
#. Visit the App Store and download the `Bitwarden app <https://apps.apple.com/us/app/bitwarden-password-manager/id1137397744>`_
@@ -193,7 +193,7 @@ iOS
We suggest using Tor, however it is possible have a good experience with LAN. Once synced, your app and all your passwords will be cached and available when you are on the go and not connected to your Start9 Server, and you will only need to be on LAN to update any edits to your vault.
Begin by :ref:`setting up LAN <lan-ios>` on your device.
Begin by :ref:`setting up LAN <ca-ios>` on your device.
#. Visit the App Store and download the `Bitwarden app <https://apps.apple.com/us/app/bitwarden-password-manager/id1137397744>`_
@@ -247,7 +247,7 @@ Desktop Clients
#. As with the other solutions above, click the 'Settings' icon, and enter your Vaultwarden Tor address. You can then log in to your vault.
Alternatively, you may be able to run using your LAN address, but this has proven finicky, especially on Debian/Ubuntu systems. You will have better luck if you have the Root CA installed at the OS level. First, be sure to :ref:`Setup LAN <lan-linux>` natively.
Alternatively, you may be able to run using your LAN address, but this has proven finicky, especially on Debian/Ubuntu systems. You will have better luck if you have the Root CA installed at the OS level. First, be sure to :ref:`Setup LAN <ca-linux>` natively.
.. collapse:: Mac
@@ -289,7 +289,7 @@ Desktop Clients
We suggest using Tor, however it is possible have a good experience with LAN. Once synced, your app and all your passwords will be cached and available when you are on the go and not connected to your Start9 Server, and you will only need to be on LAN to update any edits to your vault.
#. Begin by making sure that LAN is :ref:`steup on your Mac<lan-mac>`.
#. Begin by making sure that LAN is :ref:`steup on your Mac<ca-mac>`.
#. Download the `Bitwarden Desktop app <https://bitwarden.com/download/>`_.

48
site/source/guides/upgrade-hardware/index.rst
View File

@@ -1,10 +1,8 @@
.. _upgrade-hardware:
================
Upgrade Hardware
================
Guides for migrating or upgrading your server's hardware.
===============
Hardware Guides
===============
.. raw:: html
<div class="topics-grid grid-container full">
@@ -12,29 +10,29 @@ Guides for migrating or upgrading your server's hardware.
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Migrate LND from other nodes to StartOS
:title: Migrate an LND Node to StartOS
:link: lnd-migration
:icon: scylla-icon scylla-icon--home
:class: large-5
:anchor: Upgrade
:class: large-4
:anchor: View
This is for migrating LND from another node to StartOS without closing channels
Migrating an LND from another server to StartOS without closing channels
.. topic-box::
:title: Upgrade SSD
:title: Changing Your SSD
:link: drive-upgrade
:icon: scylla-icon scylla-icon--benchmarks
:class: large-5
:anchor: Upgrade
:class: large-4
:anchor: View
This is for replacing or upgrading your SSD
Replace or upgrade your SSD
.. topic-box::
:title: Upgrade SSD ('22 Server One)
:link: naspi-ssd-upgrade
:icon: scylla-icon scylla-icon--benchmarks
:class: large-5
:anchor: Upgrade
:class: large-4
:anchor: View
This is for replacing or upgrading your 2022 Server One SSD
@@ -42,8 +40,8 @@ Guides for migrating or upgrading your server's hardware.
:title: 2022 One to Pro Migration
:link: upgrade-pro
:icon: scylla-icon scylla-icon--enterprise
:class: large-5
:anchor: Upgrade
:class: large-4
:anchor: View
This is for migrating from a Server One (Raspberry Pi) to Server Pro
@@ -51,8 +49,8 @@ Guides for migrating or upgrading your server's hardware.
:title: Upgrade to all-in-one NASPi case
:link: naspi-upgrade
:icon: scylla-icon scylla-icon--home
:class: large-5
:anchor: Upgrade
:class: large-4
:anchor: View
This is for upgrading a Pi to an all-in-one NASPi case
@@ -61,10 +59,10 @@ Guides for migrating or upgrading your server's hardware.
</div></div>
.. toctree::
:maxdepth: 2
:maxdepth: 2
LND migration <lnd-migration>
SSD upgrade <drive-upgrade>
Pro upgrade <upgrade-pro>
NASPi upgrade <naspi-upgrade>
2022 Server One SSD upgrade <naspi-ssd-upgrade>
lnd-migration
drive-upgrade
upgrade-pro
naspi-upgrade
naspi-ssd-upgrade

36
site/source/index.rst
View File

@@ -5,9 +5,9 @@
<div class="landing landing--floating">
.. hero-box::
:title: Welcome
:title: Welcome to the Docs
Here you will find information on StartOS, including DIY guides, user manuals, and developer docs. Welcome to the era of sovereign computing. Anyone can do it. No one can stop it.
StartOS setup, user manual, devices guides, guides, developer documentation, FAQs and more.
.. raw:: html
@@ -20,20 +20,29 @@
<div class="grid-x grid-margin-x">
.. topic-box::
:title: User Manual
:link: user-manual
:icon: scylla-icon scylla-icon--knowledge-base
:title: Getting Started
:link: getting-started
:icon: scylla-icon scylla-icon--getting-started
:class: large-4
:anchor: View
Setup, understand, and utilize your personal server
Get started with your server
.. topic-box::
:title: User Manual
:link: user-manual
:icon: scylla-icon scylla-icon--glossary
:class: large-4
:anchor: View
Understand and use your server
.. topic-box::
:title: Guides
:link: guides
:icon: scylla-icon scylla-icon--circe
:class: large-4
:anchor: Connect
:anchor: View
Integrate your devices and tools
@@ -42,7 +51,7 @@
:link: support
:icon: scylla-icon scylla-icon--support
:class: large-4
:anchor: Get help
:anchor: View
Find answers to your questions
@@ -51,7 +60,7 @@
:link: diy
:icon: scylla-icon scylla-icon--memory-management
:class: large-4
:anchor: Build your own
:anchor: View
Recommendations for builders, hackers, and tinkerers
@@ -60,7 +69,7 @@
:link: developer-docs
:icon: scylla-icon scylla-icon--open-source
:class: large-4
:anchor: Hack
:anchor: View
Package a service for the Marketplace
@@ -69,19 +78,16 @@
:link: https://start9.com/contact
:icon: scylla-icon scylla-icon--contact-us
:class: large-4
:anchor: Reach Out
:anchor: View
Join us in our community channels or get support
.. raw:: html
</div></div>
.. This is for the side navigation display
.. toctree::
:maxdepth: 5
:hidden:
getting-started/index
user-manual/index
guides/index
support/index

0
site/source/user-manual/overview/alt-registries.rst → site/source/user-manual/alt-registries.rst
View File

0
site/source/user-manual/overview/backup-restore/backup-advanced.rst → site/source/user-manual/backup-restore/backup-advanced.rst
View File

0
site/source/user-manual/overview/backup-restore/backup-create.rst → site/source/user-manual/backup-restore/backup-create.rst
View File

0
site/source/user-manual/overview/backup-restore/backup-physical.rst → site/source/user-manual/backup-restore/backup-physical.rst
View File

0
site/source/user-manual/overview/backup-restore/backup-restore.rst → site/source/user-manual/backup-restore/backup-restore.rst
View File

0
site/source/user-manual/overview/backup-restore/backup-synology.rst → site/source/user-manual/backup-restore/backup-synology.rst
View File

0
site/source/user-manual/overview/backup-restore/backup-truenas.rst → site/source/user-manual/backup-restore/backup-truenas.rst
View File

0
site/source/user-manual/overview/backup-restore/index.rst → site/source/user-manual/backup-restore/index.rst
View File

0
site/source/user-manual/overview/change-password.rst → site/source/user-manual/change-password.rst
View File

0
site/source/user-manual/overview/customize.rst → site/source/user-manual/customize.rst
View File

0
site/source/user-manual/overview/dashboard-overview.rst → site/source/user-manual/dashboard-overview.rst
View File

37
site/source/user-manual/getting-started/index.rst
View File

@@ -1,37 +0,0 @@
.. _getting-started:
===============
Getting Started
===============
Welcome to Sovereign Computing! Follow the 2 guides below to get up and running with your personal server.
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Initial Setup
:link: initial-setup
:icon: scylla-icon scylla-icon--home
:class: large-4
:anchor: Start
Plug in, turn on, opt out
.. topic-box::
:title: Trust Root CA
:link: trust-ca
:icon: scylla-icon scylla-icon--testing
:class: large-4
:anchor: Setup
Securely integrate your clients
.. toctree::
:hidden:
:maxdepth: 2
initial-setup
trust-ca

97
site/source/user-manual/getting-started/initial-setup.rst
View File

@@ -1,97 +0,0 @@
.. _initial-setup:
=============
Initial Setup
=============
.. contents::
:depth: 2
:local:
Power On
--------
#. Connect your server to power and Ethernet.
.. caution:: If you built StartOS from `source <https://github.com/start9labs/start-os>`_, it may take up to 20 minutes to first initialize.
#. Power the device on and select which mode you would like to continue in on the tab below:
You can either boot your server as-is (headless mode) or add a monitor, mouse, and keyboard (kiosk mode). Server Lite (Raspberry Pi) is currently headless **only**. Headless is the default and recommended option. All control of your server can be done from your computer or mobile device.
.. tabs::
.. group-tab:: Headless Mode
Ensure the device you are using (desktop/laptop or mobile) is connected to the same network as your server.
.. caution:: Sometimes a router will have a "guest WiFi network," which might be different than the network your server is placed on via ethernet.
Visit ``http://start.local`` from your web browser.
.. group-tab:: Kiosk Mode
Once your server boots, if you've attached a monitor, keyboard and mouse, you can set it up using the graphical kiosk mode. A familiar browser interface will display the StartOS setup page.
#. Select "Start Fresh."
.. figure:: /_static/images/setup/screen0-startfresh_or_recover.jpg
:width: 50%
:alt: Fresh Setup
.. note:: The "Recover" button is used for :ref:`hardware upgrades <upgrade-hardware>`, :ref:`restoring from backup <backup-restore>`, data migration, or disaster recovery.
#. Select your storage drive
.. figure:: /_static/images/setup/screen4-select_storage.jpg
:width: 50%
:alt: Select Drive
#. Create a master password for your server and click "Finish."
.. warning:: Choose a strong master password. Write it down. Store it somewhere safe. DO NOT LOSE IT.
.. figure:: /_static/images/setup/screen5-set_password.jpg
:width: 50%
:alt: Create New Password
#. StartOS will initialize. This can take up to a few minutes.
.. figure:: /_static/images/setup/screen6-storage_initialize.jpg
:width: 50%
:alt: SSD Initialization
#. You are now hosting your own private server!
.. tip:: If you are in headless mode, click "Download This Page" to save your server address and certificate info to your computer.
.. figure:: /_static/images/setup/screen7-startfresh_complete.jpg
:width: 50%
:alt: Setup Complete
#. Next, you will need to :ref:`Trust Your Root CA<trust-ca>` on the device you are connecting from. This is required and your server will not work properly with another device until complete.
.. figure:: /_static/images/setup/screen9-startfresh_complete-savedfile-go_to_start_login.jpg
:width: 50%
:alt: Setup Complete
.. _setup-troubleshooting:
Troubleshooting
---------------
If you are experiencing issues with setup, try the following:
#. Confirm that the server is plugged into both power and Ethernet
#. Confirm your phone/computer is **not** connected to a "Guest" network
#. Confirm your phone/computer is not using a VPN, or that if you are, that it allows LAN connections, such as the examples below:
- Mullvad - Go to "Settings -> VPN Settings -> Local Network Sharing"
- ProtonVPN - Go to "Preferences -> Connection -> Allow LAN Connections"
#. Visit or refresh (ctrl+shift+R - Linux/Windows, cmd+shift+R - Mac) the start.local page in a web browser
#. To avoid networking issues, it is recommended to use your `primary` router, not an extender or mesh router.
#. Very rarely, your firewall settings may block mDNS. In this case:
- From your browser, navigate to your router configuration settings. This is usually an IP address such as 192.168.1.1. A simple web search will usually reveal how to access the router configuration settings for a particular brand.
- Once in the router config settings, find the section that lists the devices on your network. You should see a device labeled ``start``. Take note of the associated IP address and enter it into your browser's URL field to enter the setup.
You can always to `reach out to support <https://start9.com/contact>`_ if you need a hand.

18
site/source/user-manual/getting-started/trust-ca.rst
View File

@@ -1,18 +0,0 @@
.. _trust-ca:
=============
Trust Root CA
=============
Trust your server's Root CA to achieve encrypted communications on LAN, access services on LAN, and enhance connection speeds over Tor. Select the OS of the device you are accessing your server with:
.. caution:: This is a required step, and you server will not work properly until it is complete
:ref:`Integrate Linux devices<lan-linux>`
:ref:`Integrate Mac devices <lan-mac>`
:ref:`Integrate Windows devices <lan-windows>`
:ref:`Integrate Android devices <lan-android>`
:ref:`Integrate iOS devices <lan-ios>`

41
site/source/user-manual/index.rst
View File

@@ -3,35 +3,18 @@
===========
User Manual
===========
Welcome to the StartOS user manual. Here you will discover all that your server can do!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Getting Started
:link: getting-started
:icon: scylla-icon scylla-icon--getting-started
:class: large-4
:anchor: Begin
Get started with your Start9 server
.. topic-box::
:title: StartOS Overview
:link: overview
:icon: scylla-icon scylla-icon--roadmap
:class: large-4
:anchor: Explore
Get the lay of the sovereign land
.. toctree::
:hidden:
:maxdepth: 2
:includehidden:
:maxdepth: 1
getting-started/index
overview/index
dashboard-overview
change-password
managing-services
backup-restore/index
customize
updating
sessions
ssh
wifi
alt-registries

0
site/source/user-manual/overview/managing-services.rst → site/source/user-manual/managing-services.rst
View File

11
site/source/user-manual/overview/connecting/connecting-ff.rst
View File

@@ -1,11 +0,0 @@
.. _connecting-ff:
=====================
Firefox Configuration
=====================
Select your OS below to configure Firefox for encrypted sessions and Tor compatability. See our :ref:`Device Guides<device-guides>` section for all your client's setup guides.
:ref:`Linux<ff-linux>`
:ref:`Mac<ff-mac>`
:ref:`Windows<ff-windows>`
:ref:`Android<ff-android>`

60
site/source/user-manual/overview/connecting/connecting-lan.rst
View File

@@ -1,60 +0,0 @@
.. _connecting-lan:
===============
LAN Connections
===============
Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and do not even require Internet access!
Select your OS below to connect via LAN. See our :ref:`Device Guides<device-guides>` section for all your client's setup guides.
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Linux
:link: ../../../../guides/device-guides/dg-linux/lan-linux
:icon: scylla-icon scylla-icon--linux
:class: large-4
:anchor: Connect
Integrate Linux devices
.. topic-box::
:title: Mac
:link: ../../../../guides/device-guides/dg-mac/lan-mac
:icon: scylla-icon scylla-icon--apple
:class: large-4
:anchor: Connect
Integrate Mac devices
.. topic-box::
:title: Windows
:link: ../../../../guides/device-guides/dg-windows/lan-windows
:icon: scylla-icon scylla-icon--windows
:class: large-4
:anchor: Connect
Integrate Windows devices
.. topic-box::
:title: Android
:link: ../../../../guides/device-guides/dg-android/lan-android
:icon: scylla-icon scylla-icon--android
:class: large-4
:anchor: Connect
Integrate Android devices
.. topic-box::
:title: iOS
:link: ../../../../guides/device-guides/dg-ios/lan-ios
:icon: scylla-icon scylla-icon--ios
:class: large-4
:anchor: Connect
Integrate iOS devices

32
site/source/user-manual/overview/connecting/connecting-tor.rst
View File

@@ -1,32 +0,0 @@
.. _connecting-tor:
===============
Tor Connections
===============
You can connect to your Start9 server from anywhere in the world, privately and anonymously, by using its unique Tor Address (``.onion`` URL).
.. note:: Tor connections can sometimes be unreliable and have higher latency than normal internet connections.
Select your OS below to connect via Tor. See our :ref:`Device Guides<device-guides>` section for all your client's setup guides.
:ref:`Linux<tor-linux>`
:ref:`Mac<tor-mac>`
:ref:`Windows<tor-windows>`
:ref:`Android<tor-android>`
:ref:`iOS<tor-ios>`
Using TorBrowser
-------------------
.. caution:: Tor Browser will allow you to use your Start9 server's ``.onion`` URL without any manual configuration, however *all* connections are proxied via Tor, so you will not be able to access your Start9 server's ``.local`` LAN address with it. `Using Firefox <#using-firefox>`_ is recommended over TorBrowser.
* Linux, Mac, Windows, Android
* `Tor Browser <https://torproject.org/download/>`_
* iOS
* iOS lacks a well-functioning Tor Browser. Use :ref:`Firefox<tor-ios>`.

41
site/source/user-manual/overview/connecting/index.rst
View File

@@ -1,41 +0,0 @@
.. _connecting:
===================
Network Connections
===================
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Connecting Over LAN
:link: connecting-lan
:icon: scylla-icon scylla-icon--home
:class: large-5
:anchor: Setup
Local Area Network connections are fast and secure and do not even require Internet access.
.. topic-box::
:title: Connecting Over Tor
:link: connecting-tor
:icon: scylla-icon scylla-icon--networking
:class: large-5
:anchor: Setup
Leverage Tor to connect to your Start9 server privately and anonymously from anywhere in the world.
.. raw:: html
</div></div>
.. toctree::
:maxdepth: 2
:hidden:
connecting-lan
connecting-tor
connecting-ff

22
site/source/user-manual/overview/index.rst
View File

@@ -1,22 +0,0 @@
.. _overview:
================
StartOS Overview
================
Welcome to StartOS! Get familiar with your server by discovering all the available features.
.. toctree::
:includehidden:
:maxdepth: 1
dashboard-overview
change-password
managing-services
backup-restore/index
customize
updating
connecting/index
sessions
ssh
wifi
alt-registries

0
site/source/user-manual/overview/sessions.rst → site/source/user-manual/sessions.rst
View File

0
site/source/user-manual/overview/ssh.rst → site/source/user-manual/ssh.rst
View File

0
site/source/user-manual/overview/updating.rst → site/source/user-manual/updating.rst
View File

0
site/source/user-manual/overview/wifi.rst → site/source/user-manual/wifi.rst
View File