Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-30 12:11:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Feat/re arrange (#475)

Browse Source 
* move things around a lot

* move up a layer

* some edits

* rename some paths
This commit is contained in:
Matt Hill
2023-08-15 13:31:05 -06:00
committed by GitHub
parent 3f8d6b8c02
commit adcff208ac
76 changed files with 1223 additions and 1278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
site/source/guides/device-guides/android/ca-android.rst Normal file
View File

@@ -0,0 +1,16 @@
.. _ca-android:
=========================================
Trusting Your Server's Root CA on Android
=========================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Android.
.. note:: This guide only applies to Android phones running Android v13+, as well as phones running CalyxOS, GrapheneOS, or LineageOS (v19+).
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
#. Tap **Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA Certificate > Install Anyway** and select your custom-named ``adjective-noun.local.crt`` certificate.
.. figure:: /_static/images/ssl/android/droidLAN2.png
:width: 15%
:alt: Install certificate

81
site/source/guides/device-guides/android/ff-android.rst Normal file
View File

@@ -0,0 +1,81 @@
.. _ff-android:
==============================
Configuring Firefox on Android
==============================
Download `Firefox Beta <https://play.google.com/store/apps/details?id=org.mozilla.firefox_beta>`_ from the Play Store, or `Fennec <https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/>`_ from F-Droid.
.. caution:: You must use **Firefox Beta** on Android. Regular Firefox does not permit advanced configuration.
Local
-----
#. Ensure you have already :ref:`trusted your Root CA<ca-android>` on your Android device
#. Tap ``Kebab Menu > Settings > About Firefox`` and tap the Firefox icon 5 times to enable "developer mode"
#. Go back to ``Kebab Menu > Settings > Secret Settings`` (at the bottom), and tap ``Use third party CA certificates``
Tor
---
#. Ensure you are already :ref:`running Tor<tor-android>` on your Android device
#. Download the `Proxy Auto Config` file that will use Orbot to resolve `.onion` URLs. We have one hosted `here <https://start9.com/assets/proxy.pac>`_
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``network.proxy.autoconfig_url``, and set the value to ``file:///storage/emulated/0/Download/proxy.pac``. This is the default location of a the proxy.pac file downloaded in step 2, although your path may vary:
.. figure:: /_static/images/tor/autoconfig_url.png
:width: 30%
:alt: Firefox autoconfig url setting screenshot
#. Navigate to ``about:config`` in the Firefox URL bar:
.. figure:: /_static/images/tor/about_config.png
:width: 30%
:alt: Firefox about config
#. Search for ``network.proxy.type`` into the search bar, and set the value to ``2``:
.. figure:: /_static/images/tor/network_proxy_type.png
:width: 30%
:alt: Firefox network proxy type setting screenshot
#. Search for ``network.proxy.socks_remote_dns``, and set the value to ``true``:
.. figure:: /_static/images/tor/socks_remote_dns.png
:width: 30%
:alt: Firefox socks remote dns setting screenshot
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist_mobile.png
:width: 30%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets_droid.png
:width: 30%
:alt: Firefox allow insecure websockets over https
#. Search for ``network.http.referer.hideOnionsSource`` and set the value to ``true``
#. (**GrapheneOS users only**): Head to ``Settings -> Apps -> Firefox Beta -> Permissions -> Photos and videos -> Configure Storage Scopes -> ADD FILE``, then navigate to where you placed the proxy.pac file:
.. figure:: /_static/images/tor/storage-scopes-proxy.jpg
:width: 15%
#. Restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services
Install StartOS as a PWA
------------------------
Depending on your version of Firefox, you may be prompted to "Add to Home screen", when visiting your main UI. If you do this, you can access your UI as a Progressive Web App (PWA), meaining that all browser context is removed, and StartOS will behave as a native Android app!
If you are not prompted, or skipped that screen, simply go to the **Kebab (Settings) Menu > Install** while visiting your server's UI to complete the action.

47
site/source/guides/device-guides/android/index.rst Normal file
View File

@@ -0,0 +1,47 @@
.. _android:
=======
Android
=======
It is recommended you complete all of the guides below.
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: ca-android
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: View
Trust your server's Root Certificate Authority for fast, secure connections
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-android
:class: large-4
:anchor: View
Run Tor natively for remote connectivity
.. topic-box::
:title: Configure Firefox
:link: ff-android
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: View
Configure Firefox for an optimal browser experience
.. toctree::
:maxdepth: 4
:hidden:
ca-android
tor-android
ff-android

0
site/source/guides/device-guides/dg-android/tor-android.rst → site/source/guides/device-guides/android/tor-android.rst
View File

74
site/source/guides/device-guides/dg-android/ff-android.rst
View File

@@ -1,74 +0,0 @@
.. _ff-android:
===============================
Configuring Firefox for Android
===============================
Mozilla provides some of the most flexible, secure, and freedom-principled applications for using the web. We highly recommend completing all configuration below.
.. caution:: Setups may strongly vary across different Android forks
LAN Config
----------
Configure Tor
-------------
Once you have :ref:`setup your Root CA<lan-android>` and :ref:`Tor is running on your device<tor-android>`, you can proceed to configure Firefox:
#. Download `Firefox Beta <https://play.google.com/store/apps/details?id=org.mozilla.firefox_beta>`_ from the Play Store, or `Fennec <https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/>`_ from F-Droid.
.. caution:: Regular Firefox offered in the Play Store will not allow this configuration - be sure to use Firefox Beta.
#. Next, download the `Proxy Auto Config` file that will use Orbot to resolve `.onion` URLs. We have one hosted `here <https://start9.com/assets/proxy.pac>`_.
#. Navigate to ``about:config`` in the Firefox URL bar.
.. figure:: /_static/images/tor/about_config.png
:width: 30%
:alt: Firefox about config
#. You are going to have to change a few options in here. First, type ``network.proxy.type`` into the search bar, and set the value to ``2``.
.. figure:: /_static/images/tor/network_proxy_type.png
:width: 30%
:alt: Firefox network proxy type setting screenshot
#. (This step is for GrapheneOS users **only**): Head to *Settings -> Apps -> Firefox Beta -> Permissions -> Photos and videos -> Configure Storage Scopes -> ADD FILE* then navigate to where you placed the proxy.pac file.
.. figure:: /_static/images/tor/storage-scopes-proxy.jpg
:width: 15%
#. (All users): Search for ``network.proxy.autoconfig_url``, and set the value to ``file:///storage/emulated/0/Download/proxy.pac``. This is the default location of a the proxy.pac file downloaded in step 2, although your path may vary.
.. figure:: /_static/images/tor/autoconfig_url.png
:width: 30%
:alt: Firefox autoconfig url setting screenshot
#. Search for ``network.proxy.socks_remote_dns``, and set the value to ``true``.
.. figure:: /_static/images/tor/socks_remote_dns.png
:width: 30%
:alt: Firefox socks remote dns setting screenshot
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``.
.. figure:: /_static/images/tor/firefox_allowlist_mobile.png
:width: 30%
:alt: Firefox whitelist onions screenshot
#. Finally, search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets_droid.png
:width: 30%
:alt: Firefox allow insecure websockets over https
#. Optional but recommended: search for ``network.http.referer.hideOnionsSource`` and set the value to ``true``.
#. Restart Firefox, and you're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can bookmark your Start9 services' ``.onion`` addresses, as well as use integrations, such as the :ref:`Bitwarden<vaultwarden-service>` browser extension.
Install StartOS as a PWA
------------------------
Depending on your version of Firefox, you may be prompted to "Add to Home screen", when visiting your main UI. If you do this, you can access your UI as a Progressive Web App (PWA), meaining that all browser context is removed, and StartOS will behave as a native Android app!
If you are not prompted, or skipped that screen, simply go to the **Kebab (Settings) Menu > Install** while visiting your server's UI to complete the action.

49
site/source/guides/device-guides/dg-android/index.rst
View File

@@ -1,49 +0,0 @@
.. _dg-android:
=======
Android
=======
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides. At minimum, you will want to set up your Root CA in the first guide.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-android
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Setup Orbot
:icon: scylla-icon scylla-icon--networking
:link: tor-android
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your Android device. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. topic-box::
:title: Configure Firefox
:link: ff-android
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: Config
Configure Firefox for an optimal experience with your server.
.. toctree::
:maxdepth: 4
:hidden:
lan-android
tor-android
ff-android

54
site/source/guides/device-guides/dg-android/lan-android.rst
View File

@@ -1,54 +0,0 @@
.. _lan-android:
=============================
Trust Your Root CA on Android
=============================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Android). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server's main UI, as well as that of all services.
.. note:: This guide applies to most Android phones running Android v13+, as well as phones running CalyxOS, GrapheneOS, or LineageOS (v19+).
Download Root CA
----------------
First, download your Start9 server's Root CA, if you have not already.
- Navigate to **System** -> **Root CA**, then click "Download Root CA".
.. figure:: /_static/images/ssl/lan_setup.png
:width: 40%
:alt: Navigate to System > Root CA
Alternatively, you can download to another machine, then transfer the file to your device.
Trust Root CA
-------------
.. tabs::
.. group-tab:: Android v13+
Tap **Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA Certificate > Install Anyway** and select your custom-named ``adjective-noun.local.crt`` certificate.
.. figure:: /_static/images/ssl/android/droidLAN2.png
:width: 15%
:alt: Install certificate
.. group-tab:: Android v12
.. caution:: Some phones running Android v12 will work, others won't. It depends on the vendor. Most Androids running v12 that we have tested do work with the exception of the Samsung Galaxy S10 which does not.
Tap **Settings > Security > Advanced > Encryption and Credentials > Install from Storage** and select your unique ``adjective-noun.local.crt`` certificate.
.. figure:: /_static/images/ssl/android/droidLAN0.png
:width: 15%
:alt: Install certificate
.. _lan-ff-android:
Configure Firefox
-----------------
On some devices, it may be necessary to also activate this setting in Firefox / Fennec:
#. Tap **Kebab Menu > Settings > About Firefox** and tap the Firefox icon 5 times to enable "developer mode."
#. Go back to **Kebab Menu > Settings > Secret Settings** (at the bottom), and tap "Use third party CA certificates" to enable the use of your system-wide Root CA.
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <ff-android>` guide, which we highly recommend.

39
site/source/guides/device-guides/dg-ios/index.rst
View File

@@ -1,39 +0,0 @@
.. _dg-ios:
===
iOS
===
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-ios
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Setup Orbot
:icon: scylla-icon scylla-icon--networking
:link: tor-ios
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your iOS device. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. toctree::
:maxdepth: 4
:hidden:
lan-ios
tor-ios

129
site/source/guides/device-guides/dg-linux/ff-linux.rst
View File

@@ -1,129 +0,0 @@
.. _ff-linux:
============================
Configuring Firefox on Linux
============================
Mozilla provides some of the most flexible, secure, and freedom-principled applications for using the web. We highly recommend completing all configuration below.
LAN Config
----------
This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their `blog post <https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/>`_ on the topic (TLDR: for security purposes).
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about changing advanced configuration preferences.
#. Search for *security.enterprise_roots.enabled* and double click on *false* so that it turns to *true*:
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
.. tabs::
.. group-tab:: Debian/Ubuntu
For each Mozilla-based application (Firefox, Firefox ESR, LibreWolf, Thunderbird, etc) you plan on using, you will need to complete the following guide. This is in order for them to trust your Start9 server's CA certificate directly from your Linux distribution's certificate trust store.
#. Select the hamgurger menu, then *Settings*, then search for "*security devices*", then select "*Security Devices...*"
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-1.png
:width: 60%
:alt: Mozilla application p11kit trust #1
#. When the Device Manager dialog window opens, select "*Load*"
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-2.png
:width: 60%
:alt: Mozilla application p11kit trust #2
#. Give the Module Name a title such as "*System CA Trust Module*" and for the Module filename, paste in ``/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so`` and hit *OK*:
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-3.png
:width: 60%
:alt: Mozilla application p11kit trust #3
#. Verify that the new module shows up on the left hand side and select *OK* at the bottom right:
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-4.png
:width: 60%
:alt: Mozilla application p11kit trust #4
.. group-tab:: Arch/Garuda
.. group-tab:: CentOS/Fedora
Now restart Firefox (or other Mozilla application), and log in to your server using ``https``. You should now see this symbol indicating a secure connection:
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
:width: 80%
:alt: Firefox security settings
.. tip:: If you see an exclamation point inside a triangle by the lock, you have made a security exception in the browser. You will need to remove it by clicking the lock and then "Connection not secure":
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
:width: 80%
:alt: Firefox - Remove security exception (Part 1)
Then click "Remove Exception":
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
:width: 80%
:alt: Firefox - Remove security exception (Part 2)
You should now see that the website is trusted as in the final step show above.
Tor Config
----------
.. caution::
This guide assumes you have completed :ref:`setting up Tor<tor-linux>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Next, search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file from a terminal, by using:
.. code-block::
sudo wget -P /etc/tor https://start9.com/assets/proxy.pac
#. Now, back in your Firefox web browser, select ``Settings`` from the right-hand hamburger menu:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. This should open a menu that will allow you to configure your proxy settings. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file:///etc/tor/proxy.pac
#. Then, check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and then restart Firefox for the changes to take effect.
#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can access tor service :ref:`WebUIs <web-ui>`, and use client integrations such as :ref:`Vaultwarden<vaultwarden-service>` apps and extensions. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`_.
If you still encounter issues, `contact support <https://start9.com/contact>`_.

59
site/source/guides/device-guides/dg-linux/index.rst
View File

@@ -1,59 +0,0 @@
.. _dg-linux:
=====
Linux
=====
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides. At minimum, you will want to set up your Root CA in the first guide.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-linux
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Backup Configuration
:link: backup-linux
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: Setup
Configure a Network Folder on your Linux machine (or attached external drive) to receive StartOS backups.
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-linux
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your Linux device. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. topic-box::
:title: Configure Firefox
:link: ff-linux
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: Config
Configure Firefox for an optimal experience with your server.
.. toctree::
:maxdepth: 4
:hidden:
lan-linux
backup-linux
tor-linux
ff-linux

83
site/source/guides/device-guides/dg-linux/lan-linux.rst
View File

@@ -1,83 +0,0 @@
.. _lan-linux:
================================
Trusting Your Start9 CA on Linux
================================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Windows). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server's main UI, as well as that of all services.
.. caution:: If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so.
Download Root CA
----------------
First, download your Start9 server's Root CA, if you have not already.
- Navigate to **System** -> **Root CA**, then click "Download Root CA".
.. figure:: /_static/images/ssl/lan_setup.png
:width: 40%
:alt: Navigate to System > Root CA
Alternatively, you can download to another machine, then transfer the file to your device.
Trust Root CA
-------------
.. tabs::
.. group-tab:: Debian/Ubuntu
These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc.
#. Perform the following commands in the Terminal:
.. code-block:: bash
sudo apt update
sudo apt install -y ca-certificates p11-kit
#. Move into the folder where you downloaded your Start9 server's Root CA (usually ``~/Downloads``), and run the following commands to add your Start9 server's CA certificate to the OS trust store:
.. caution:: BE CERTAIN to replace ``adjective-noun`` with your server's unique hostname in the 3rd and 4th commands below!
.. code-block:: bash
cd ~/Downloads
sudo mkdir -p /usr/share/ca-certificates/start9
sudo cp "adjective-noun.local.crt" /usr/share/ca-certificates/start9/
sudo bash -c "echo 'start9/adjective-noun.local.crt' >> /etc/ca-certificates.conf"
sudo update-ca-certificates
In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``. We highly recommend continuing on to our :ref:`Configuring Firefox <ff-linux>` guide.
.. group-tab:: Arch/Garuda
From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here):
.. code-block:: bash
sudo pacman -S ca-certificates
sudo cp "<custom-address>.crt" /etc/ca-certificates/trust-source/anchors/
sudo update-ca-trust
Despite no output from the last command, you can test your app right away.
.. group-tab:: CentOS/Fedora
First, ensure mDNS resolution is turned on so you can reach your server:
Ensure ``MulticastDNS=Yes`` is set in /etc/systemd/resolved.conf and then restart systemd-resolved:
.. code-block:: bash
sudo systemctl restart systemd-resolved
Trust your server's CA certificate:
From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here):
.. code-block:: bash
sudo yum install ca-certificates
sudo cp "<custom-address>.crt" /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <lan-ff>` guide, which we highly recommend.

81
site/source/guides/device-guides/dg-mac/ff-mac.rst
View File

@@ -1,81 +0,0 @@
.. _ff-mac:
==========================
Configuring Firefox on Mac
==========================
Here we will add your Start9 server's Root CA (Certificate Authority) to your system's certificate trust store to ensure that applications can verify connections to your services.
LAN Config
----------
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about changing advanced configuration preferences.
#. Search for *security.enterprise_roots.enabled* and double click on *false* so that it turns to *true*:
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
Now restart Firefox (or other Mozilla application), and log in to your server using ``https``. You should now see this symbol indicating a secure connection:
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
:width: 80%
:alt: Firefox security settings
.. tip:: If you see an exclamation point inside a triangle by the lock, you have made a security exception in the browser. You will need to remove it by clicking the lock and then "Connection not secure":
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
:width: 80%
:alt: Firefox - Remove security exception (Part 1)
Then click "Remove Exception":
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
:width: 80%
:alt: Firefox - Remove security exception (Part 2)
You should now see that the website is trusted as in the final step show above.
Tor Config
----------
.. caution::
This guide assumes you have completed :ref:`setting up Tor<tor-mac>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Next, search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Now go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Check the option labeled ``Use System Proxy Settings``
#. Check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and then restart Firefox for the changes to take effect.
#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`_.
If you still encounter issues, `contact support <https://start9.com/contact>`_.

69
site/source/guides/device-guides/dg-mac/index.rst
View File

@@ -1,69 +0,0 @@
.. _dg-mac:
===
Mac
===
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides. At minimum, you will want to set up your Root CA in the first guide.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-mac
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Backup Configuration
:link: backup-mac
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: Setup
Configure a Network Folder on your Mac (or attached external drive) to receive StartOS backups.
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-mac
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your Mac. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. topic-box::
:title: Configure Firefox
:link: ff-mac
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: Config
Configure Firefox for an optimal experience with your server.
.. topic-box::
:title: Screensharing
:link: screenshare-mac
:icon: scylla-icon scylla-icon--workshop
:class: large-4
:anchor: Share Screen
Guide to allow screensharing with a Start9 Support Tech.
.. toctree::
:maxdepth: 4
:hidden:
lan-mac
backup-mac
tor-mac
ff-mac
screenshare-mac

59
site/source/guides/device-guides/dg-windows/index.rst
View File

@@ -1,59 +0,0 @@
.. _dg-windows:
=======
Windows
=======
To optimize your device for use with your Start9 server, it is recommended to complete all of the following guides. At minimum, you will want to set up your Root CA in the first guide.
.. tip:: Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and are available even with no Internet access!
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: lan-windows
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: Connect
Trust your Start9 server's Root Certificate Authority in order to create encrypted connections.
.. topic-box::
:title: Backup Configuration
:link: backup-windows
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: Setup
Configure a Network Folder on your Windows machine (or attached external drive) to receive StartOS backups.
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-windows
:class: large-4
:anchor: Run Tor
Run Tor natively (in the background) on your Windows device. This will enable apps to communicate with your Start9 server via the Tor Network, remotely.
.. topic-box::
:title: Configure Firefox
:link: ff-windows
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: Config
Configure Firefox for an optimal experience with your server.
.. toctree::
:maxdepth: 4
:hidden:
lan-windows
backup-windows
tor-windows
ff-windows

118
site/source/guides/device-guides/dg-windows/lan-windows.rst
View File

@@ -1,118 +0,0 @@
.. _lan-windows:
==================================
Trusting Your Start9 CA On Windows
==================================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Windows). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server's main UI, as well as that of all services.
Unfortunately, Windows does not have mDNS alias support built-in, which is necessary in order to visit .local addresses for any service you install on your Start9 server, so we recommend using the Bonjour service. Check out this :ref:`FAQ answer<why-bonjour>` for details.
.. note:: Some users who run through the following instructions have successfully connected to their LAN services only to have them stop working weeks or months later. We believe these issues to be due to changes in Windows. When this happens the fix is to simply reinstall Bonjour and Bonjour Print Services. A solution is being worked on and Bonjour will not be necessary to connect to your Start9 server for much longer.
Install Bonjour
---------------
#. Install `Bonjour Print Services <https://support.apple.com/kb/DL999>`_ on your Windows machine.
.. tip:: If you are still experiencing issues after installing Bonjour, you might have a faulty install.
In that case, run through the known fix:
#. Uninstall Bonjour and Bonjour Print Services completely via **System Settings > Remove Programs**
Note: Uninstalling Bonjour via the Bonjour Print Services setup package itself is not enough to solve the issue. Bonjour must be uninstalled via Windows' System Settings menu.
#. Install the Bonjour Print Services package from Apple:
https://support.apple.com/kb/DL999
#. Test to see if your .local name resolution issue is resolved. If not, restart Windows and then test again.
Download Root CA
----------------
Download your Start9 server's Root CA, if you have not already.
- Navigate to **System** -> **Root CA**, then click "Download Root CA".
.. figure:: /_static/images/ssl/lan_setup.png
:width: 40%
:alt: Navigate to System > Root CA
Alternatively, you can download the Root CA to another machine, then transfer the file to your client device.
Trust Root CA
-------------
#. Back in Windows, click the “Start” menu, type “mmc”, and select "Run as administrator" to access the Windows Management Console.
.. figure:: /_static/images/ssl/windows/0_windows_mmc.png
:width: 50%
:alt: Windows MMC
When prompted with the “User Account Control” window, select “Yes” to allow this program to run.
#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*.
.. figure:: /_static/images/ssl/windows/1_windows_console_root.png
:width: 50%
:alt: Windows Console Root
#. Select “Certificates” in the left side menu, then “Add”. This will open another window.
.. figure:: /_static/images/ssl/windows/2_windows_add_certificates.png
:width: 50%
:alt: Add Certificates
#. Select “Computer account” and click “Next". Leave defaulted options on the next screen and click “Finish”.
.. figure:: /_static/images/ssl/windows/3_snap_in_wizard.png
:width: 50%
:alt: Add Snap-in
#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”.
.. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png
:width: 50%
:alt: Snap-in Selected
#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
.. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png
:width: 50%
:alt: Certificates in Management Console
#. Right click on the “Certificates” directory, then navigate to *All Tasks > Import*.
.. figure:: /_static/images/ssl/windows/6_windows_import_cert.png
:width: 50%
:alt: Import certificate
#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and open it. Then click "Next".
.. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png
:width: 50%
:alt: Import cert wizard
#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. Then click "Finish" on the final screen.
.. figure:: /_static/images/ssl/windows/8_windows_import_cert_wizard.png
:width: 50%
:alt: Import cert wizard
#. Select “OK” when the import is successful.
.. figure:: /_static/images/ssl/windows/9_success.png
:width: 20%
:alt: Import success!
#. Verify your server's unique `<adjective-noun> Local Root CA` certificate is in the “Certificates” folder:
.. figure:: /_static/images/ssl/windows/10_successful_cert_install.png
:width: 50%
:alt: Successful cert install
#. You can save the console settings (where we added a snap-in), if desired. The CA certificate will remain imported to the CA certificate store either way, and you will likely use this guide if you need to import a new certificate.
.. figure:: /_static/images/ssl/windows/11_console_settings.png
:width: 20%
:alt: Console settings
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <lan-ff>` guide, which we highly recommend.

42
site/source/guides/device-guides/index.rst
View File

@@ -3,7 +3,7 @@
=============
Device Guides
=============
Guides for integrating your devices with your Start9 server.
Guides for integrating your client devices with your StartOS server.
.. raw:: html
@@ -13,55 +13,55 @@ Guides for integrating your devices with your Start9 server.
.. topic-box::
:title: Linux
:link: dg-linux
:link: linux
:icon: scylla-icon scylla-icon--linux
:class: large-4
:anchor: Connect
:anchor: View
Integrate Linux devices
Guides for Linux
.. topic-box::
:title: Mac
:link: dg-mac
:link: mac
:icon: scylla-icon scylla-icon--apple
:class: large-4
:anchor: Connect
:anchor: View
Integrate Mac devices
Guides for Mac
.. topic-box::
:title: Windows
:link: dg-windows
:link: windows
:icon: scylla-icon scylla-icon--windows
:class: large-4
:anchor: Connect
:anchor: View
Integrate Windows devices
Guides for Windows
.. topic-box::
:title: Android
:link: dg-android
:link: android
:icon: scylla-icon scylla-icon--android
:class: large-4
:anchor: Connect
:anchor: View
Integrate Android devices
Guides for Android
.. topic-box::
:title: iOS
:icon: scylla-icon scylla-icon--ios
:link: dg-ios
:link: ios
:class: large-4
:anchor: Connect
:anchor: View
Integrate iOS devices
Guides for iOS
.. toctree::
:maxdepth: 2
:hidden:
dg-linux/index
dg-mac/index
dg-windows/index
dg-android/index
dg-ios/index
linux/index
mac/index
windows/index
android/index
ios/index

23
site/source/guides/device-guides/dg-ios/lan-ios.rst → site/source/guides/device-guides/ios/ca-ios.rst
View File

@@ -1,22 +1,13 @@
.. _lan-ios:
.. _ca-ios:
=========================
Trust Your Root CA on iOS
=========================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (iOS). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server's main UI, as well as that of all services.
=====================================
Trusting Your Server's Root CA on iOS
=====================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on iOS.
This applies to iOS v15 and v16. For older versions, see the `v14 guide </0.3.1.x/user-manual/connecting/connecting-lan/lan-os/lan-ios>`_.
.. note:: This guide only applies to iOS v15+. For v14, see the `v14 guide </0.3.1.x/user-manual/connecting/connecting-lan/lan-os/lan-ios>`_.
#. Download the certificate to your Downloads folder
.. note::
In order to do this, open Safari and visit your Start9 server's .local URL while connected to WiFi, but make sure it is prefixed with ``http://`` and not ``https://``.
Log in using your password, then click the hamburger (3 lines) menu at the top right, select **System** > **Root CA** > **Download Root CA**. It may say `This website is trying to download a configuration profile. Do you want to allow this?` Click `Allow`.
Once this is done, you can skip to step 3, below.
If you downloaded the certificate from a browser such as Firefox, you will need to copy the file from that Downloads folder to your iCloud Downloads folder. Navigate there via `Files > iCloud Drive > Downloads`. Otherwise, the "Profile Download" dialog will not appear when you click on the file in the next step.
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
#. Open your iCloud Downloads folder and click on the certificate. It will display a dialog box that says "Profile Downloaded." Click `Close`.

37
site/source/guides/device-guides/ios/index.rst Normal file
View File

@@ -0,0 +1,37 @@
.. _ios:
===
iOS
===
It is recommended you complete all of the guides below.
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: ca-ios
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: View
Trust your server's Root Certificate Authority for fast, secure connections
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-ios
:class: large-4
:anchor: View
Run Tor natively for remote connectivity
.. toctree::
:maxdepth: 4
:hidden:
ca-ios
tor-ios

0
site/source/guides/device-guides/dg-ios/tor-ios.rst → site/source/guides/device-guides/ios/tor-ios.rst
View File

0
site/source/guides/device-guides/dg-linux/backup-linux.rst → site/source/guides/device-guides/linux/backup-linux.rst
View File

70
site/source/guides/device-guides/linux/ca-linux.rst Normal file
View File

@@ -0,0 +1,70 @@
.. _ca-linux:
=======================================
Trusting Your Server's Root CA on Linux
=======================================
.. caution:: If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so.
.. tabs::
.. group-tab:: Debian/Ubuntu
These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc.
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
#. Perform the following commands in the Terminal:
.. code-block:: bash
sudo apt update
sudo apt install -y ca-certificates p11-kit
#. Move into the folder where you downloaded your Start9 server's Root CA (usually ``~/Downloads``), and run the following commands to add your Start9 server's CA certificate to the OS trust store:
.. caution:: BE CERTAIN to replace ``adjective-noun`` with your server's unique hostname in the 3rd and 4th commands below!
.. code-block:: bash
cd ~/Downloads
sudo mkdir -p /usr/share/ca-certificates/start9
sudo cp "adjective-noun.local.crt" /usr/share/ca-certificates/start9/
sudo bash -c "echo 'start9/adjective-noun.local.crt' >> /etc/ca-certificates.conf"
sudo update-ca-certificates
In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``. We highly recommend continuing on to our :ref:`Configuring Firefox <ff-linux>` guide.
.. group-tab:: Arch/Garuda
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
#. From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here):
.. code-block:: bash
sudo pacman -S ca-certificates
sudo cp "<custom-address>.crt" /etc/ca-certificates/trust-source/anchors/
sudo update-ca-trust
Despite no output from the last command, you can test your app right away.
.. group-tab:: CentOS/Fedora
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
#. In `/etc/systemd/resolved.conf`, ensure you have ``MulticastDNS=Yes``
#. Restart systemd-resolved
.. code-block:: bash
sudo systemctl restart systemd-resolved
#. From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here)
.. code-block:: bash
sudo yum install ca-certificates
sudo cp "<custom-address>.crt" /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust

127
site/source/guides/device-guides/linux/ff-linux.rst Normal file
View File

@@ -0,0 +1,127 @@
.. _ff-linux:
============================
Configuring Firefox on Linux
============================
Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services.
Local
-----
This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their `blog post <https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/>`_ on the topic (TLDR: for security purposes).
#. Ensure you have already :ref:`trusted your server's Root CA<ca-linux>`
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``security.enterprise_roots.enabled`` and set it to ``true``:
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
#. Select your distribution below and follow instructions:
.. tabs::
.. group-tab:: Debian/Ubuntu
#. Select the hamburger menu -> ``Settings``. Search for ``security devices`` and select ``Security Devices...``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-1.png
:width: 60%
:alt: Mozilla application p11kit trust #1
#. When the Device Manager dialog window opens, select ``Load``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-2.png
:width: 60%
:alt: Mozilla application p11kit trust #2
#. Give the Module Name a title such as "System CA Trust Module". For the Module filename, paste in ``/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so`` and hit ``OK``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-3.png
:width: 60%
:alt: Mozilla application p11kit trust #3
#. Verify that the new module shows up on the left hand side and select ``OK`` at the bottom right:
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-4.png
:width: 60%
:alt: Mozilla application p11kit trust #4
.. group-tab:: Arch/Garuda/CentOS/Fedora
No special steps are needed for Arch/Garuda/CentOS/Fedora. Continue below.
#. Restart Firefox
#. When you visit your server URL using ``https``, you should see this symbol indicating a secure connection:
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
:width: 80%
:alt: Firefox security settings
#. If you see an exclamation point inside a triangle by the lock, it means you previously made a security exception in the browser. You will need to remove the exception by clicking the lock -> Connection not secure -> Remove Exception.
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
:width: 80%
:alt: Firefox - Remove security exception (Part 1)
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
:width: 80%
:alt: Firefox - Remove security exception (Part 2)
Tor
---
#. Ensure you have already :ref:`set up Tor<tor-mac>`
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Download a ``Proxy Auto Config`` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file from a terminal, by using:
.. code-block::
sudo wget -P /etc/tor https://start9.com/assets/proxy.pac
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. Your path may be different from the one below and the triple ``///`` is intentional
.. code-block::
file:///etc/tor/proxy.pac
#. Check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services

67
site/source/guides/device-guides/linux/index.rst Normal file
View File

@@ -0,0 +1,67 @@
.. _linux:
=====
Linux
=====
Recommended Guides
------------------
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: ca-linux
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: View
Trust your server's Root Certificate Authority for fast, secure connections
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-linux
:class: large-4
:anchor: View
Run Tor natively for remote connectivity
.. topic-box::
:title: Configure Firefox
:link: ff-linux
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: View
Configure Firefox for an optimal browser experience
Other Useful Guides
-------------------
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Backup Config
:link: backup-linux
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: View
Configure a Network Folder for storing StartOS backups
.. toctree::
:maxdepth: 4
:hidden:
ca-linux
tor-linux
ff-linux
backup-linux

0
site/source/guides/device-guides/dg-linux/tor-linux.rst → site/source/guides/device-guides/linux/tor-linux.rst
View File

0
site/source/guides/device-guides/dg-mac/backup-mac.rst → site/source/guides/device-guides/mac/backup-mac.rst
View File

26
site/source/guides/device-guides/dg-mac/lan-mac.rst → site/source/guides/device-guides/mac/ca-mac.rst
View File

@@ -1,23 +1,13 @@
.. _lan-mac:
.. _ca-mac:
================================
Trusting Your Start9 CA on macOS
================================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Mac). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server's main UI, as well as that of all services.
=====================================
Trusting Your Server's Root CA on Mac
=====================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Mac.
#. In your Start9 server's UI, navigate to **System** -> **LAN**
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
.. figure:: /_static/images/ssl/macos/trust-cert-macos-1-system-lan.png
:width: 60%
:alt: Navigate to System > Root CA
#. Click **Download Root CA** and your browser will either automatically save the certificate to your Downloads folder or ask you where to save it:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-2-download_cert.png
:width: 60%
:alt: Download Certificate
#. Among the browser's downloads, right click your certificate file and select *Show in Folder*:
#. Locate your downloaded Root CA. Right click it and select *Show in Folder*:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-3-show_in_folder.png
:width: 60%
@@ -60,5 +50,3 @@ Complete this guide to download your Start9 server's Root Certificate Authority
:alt: Keychain submenu
.. tip:: If the keychain console did not show the certificate as trusted, press "Command + spacebar" and type “Keychain Access”, and hit enter to re-open it.
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <lan-ff>` guide, which we highly recommend.

79
site/source/guides/device-guides/mac/ff-mac.rst Normal file
View File

@@ -0,0 +1,79 @@
.. _ff-mac:
==========================
Configuring Firefox on Mac
==========================
Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services.
Local
-----
#. Ensure you have already :ref:`trusted your server's Root CA<ca-mac>`
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
#. Restart Firefox
#. When you visit your server URL using ``https``, you should see this symbol indicating a secure connection:
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
:width: 80%
:alt: Firefox security settings
#. If you see an exclamation point inside a triangle by the lock, it means you previously made a security exception in the browser. You will need to remove the exception by clicking the lock -> Connection not secure -> Remove Exception.
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
:width: 80%
:alt: Firefox - Remove security exception (Part 1)
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
:width: 80%
:alt: Firefox - Remove security exception (Part 2)
Tor
---
#. Ensure you have already :ref:`set up Tor<tor-mac>`
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Check the option labeled ``Use System Proxy Settings`` *and* the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services

75
site/source/guides/device-guides/mac/index.rst Normal file
View File

@@ -0,0 +1,75 @@
.. _dg-mac:
===
Mac
===
Recommended Guides
------------------
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: ca-mac
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: View
Trust your server's Root Certificate Authority for fast, secure connections
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-mac
:class: large-4
:anchor: View
Run Tor natively for remote connectivity
.. topic-box::
:title: Configure Firefox
:link: ff-mac
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: View
Configure Firefox for an optimal browser experience
Other Useful Guides
-------------------
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Backup Config
:link: backup-mac
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: View
Configure a Network Folder for storing StartOS backups
.. topic-box::
:title: Screensharing
:link: screenshare-mac
:icon: scylla-icon scylla-icon--workshop
:class: large-4
:anchor: Share Screen
Guide to allow screensharing with a Start9 Support Tech.
.. toctree::
:maxdepth: 4
:hidden:
ca-mac
tor-mac
ff-mac
backup-mac
screenshare-mac

0
site/source/guides/device-guides/dg-mac/screenshare-mac.rst → site/source/guides/device-guides/mac/screenshare-mac.rst
View File

0
site/source/guides/device-guides/dg-mac/tor-mac.rst → site/source/guides/device-guides/mac/tor-mac.rst
View File

0
site/source/guides/device-guides/dg-windows/backup-windows.rst → site/source/guides/device-guides/windows/backup-windows.rst
View File

84
site/source/guides/device-guides/windows/ca-windows.rst Normal file
View File

@@ -0,0 +1,84 @@
.. _ca-windows:
=========================================
Trusting Your Server's Root CA on Windows
=========================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Windows.
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-your-server-s-root-ca>`_
#. Ensure you have already `installed bonjour </getting-started/connecting-lan/#windows-only>`_
#. Click the “Start” menu, type “mmc”, and select "Run as administrator" to access the Windows Management Console.
.. figure:: /_static/images/ssl/windows/0_windows_mmc.png
:width: 50%
:alt: Windows MMC
When prompted with the “User Account Control” window, select “Yes” to allow this program to run.
#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*.
.. figure:: /_static/images/ssl/windows/1_windows_console_root.png
:width: 50%
:alt: Windows Console Root
#. Select “Certificates” in the left side menu, then “Add”. This will open another window.
.. figure:: /_static/images/ssl/windows/2_windows_add_certificates.png
:width: 50%
:alt: Add Certificates
#. Select “Computer account” and click “Next". Leave defaulted options on the next screen and click “Finish”.
.. figure:: /_static/images/ssl/windows/3_snap_in_wizard.png
:width: 50%
:alt: Add Snap-in
#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”.
.. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png
:width: 50%
:alt: Snap-in Selected
#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
.. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png
:width: 50%
:alt: Certificates in Management Console
#. Right click on the “Certificates” directory, then navigate to *All Tasks > Import*.
.. figure:: /_static/images/ssl/windows/6_windows_import_cert.png
:width: 50%
:alt: Import certificate
#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and open it. Then click "Next".
.. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png
:width: 50%
:alt: Import cert wizard
#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. Then click "Finish" on the final screen.
.. figure:: /_static/images/ssl/windows/8_windows_import_cert_wizard.png
:width: 50%
:alt: Import cert wizard
#. Select “OK” when the import is successful.
.. figure:: /_static/images/ssl/windows/9_success.png
:width: 20%
:alt: Import success!
#. Verify your server's unique `<adjective-noun> Local Root CA` certificate is in the “Certificates” folder:
.. figure:: /_static/images/ssl/windows/10_successful_cert_install.png
:width: 50%
:alt: Successful cert install
#. You can save the console settings (where we added a snap-in), if desired. The CA certificate will remain imported to the CA certificate store either way, and you will likely use this guide if you need to import a new certificate.
.. figure:: /_static/images/ssl/windows/11_console_settings.png
:width: 20%
:alt: Console settings

0
site/source/guides/device-guides/dg-windows/ff-windows.rst → site/source/guides/device-guides/windows/ff-windows.rst
View File

67
site/source/guides/device-guides/windows/index.rst Normal file
View File

@@ -0,0 +1,67 @@
.. _windows:
=======
Windows
=======
Recommended Guides
------------------
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Trust Root CA
:link: ca-windows
:icon: scylla-icon scylla-icon--partners
:class: large-4
:anchor: View
Trust your server's Root Certificate Authority for fast, secure connections
.. topic-box::
:title: Connect to Tor Network
:icon: scylla-icon scylla-icon--networking
:link: tor-windows
:class: large-4
:anchor: View
Run Tor natively for remote connectivity
.. topic-box::
:title: Configure Firefox
:link: ff-windows
:icon: scylla-icon scylla-icon--integrations
:class: large-4
:anchor: View
Configure Firefox for an optimal browser experience
Other Useful Guides
-------------------
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Backup Config
:link: backup-windows
:icon: scylla-icon scylla-icon--cloud
:class: large-4
:anchor: View
Configure a Network Folder for storing StartOS backups
.. toctree::
:maxdepth: 4
:hidden:
ca-windows
tor-windows
ff-windows
backup-windows

0
site/source/guides/device-guides/dg-windows/tor-windows.rst → site/source/guides/device-guides/windows/tor-windows.rst
View File