Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-26 02:11:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Docs updates (#25)

Browse Source 
Restructure Tor and LAN setup, add to FAQ.

Co-authored-by: Matt Hill <matthewonthemoon@gmail.com>
This commit is contained in:
kn0wmad
2021-04-15 08:53:28 -06:00
committed by GitHub
parent 68f76796d6
commit e2f97bc1c3
17 changed files with 363 additions and 394 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/misc-guides/tor-firefox/android.rst
View File

@@ -43,4 +43,4 @@ Once Tor is setup on your system, you can proceed to setup Firefox:
:width: 50%
:alt: Firefox whitelist onions screenshot
8. Restart Firefox, and youre all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Password Manager <https://play.google.com/store/apps/details?id=com.x8bit.bitwarden&hl=en_US&gl=US>`_ native application.
8. Restart Firefox, and youre all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Password Manager <https://play.google.com/store/apps/details?id=com.x8bit.bitwarden&hl=en_US&gl=US>`_ native application.

96
source/misc-guides/tor-firefox/desktop.rst Normal file
View File

@@ -0,0 +1,96 @@
.. _firefox-tor-desktop:
**************************************
Setting up Firefox with Tor on Desktop
**************************************
.. warning::
This guide assumes you have completed :ref:`setting up Tor<running-tor>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
1. Open Firefox.
2. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
3. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
.. figure:: /_static/images/tor/firefox_whitelist.png
:width: 80%
:alt: Firefox whitelist onions screenshot
4. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file by following the OS-specific instructions below:
Windows:
Click `here <https://registry.start9labs.com/sys/proxy.pac>`_ to get the file and save the file somewhere you wont delete it. For this example:
.. code-block::
C:\Program Files\Tor Browser\proxy.pac
Mac:
Open the `Terminal` App on your Mac. You can find it in your list of Applications. In the terminal, enter:
.. code-block::
brew install wget
And then:
.. code-block::
wget -P /usr/local/etc/tor https://registry.start9labs.com/sys/proxy.pac
Linux:
From a terminal, enter:
.. code-block::
sudo wget -P /etc/tor https://registry.start9labs.com/sys/proxy.pac
5. Now open your Firefox web browser, and select options (Windows), or preferences (Mac/Linux):
.. figure:: /_static/images/tor/firefox_options_windows.png
:width: 80%
:alt: Firefox options screenshot
Select :menuselection:`Settings --> Options`
6. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`:
.. figure:: /_static/images/tor/firefox_search.png
:width: 80%
:alt: Firefox search screenshot
7. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
Windows:
.. code-block::
file://C:/Program Files/Tor Browser/proxy.pac
Mac:
.. code-block::
file:///usr/local/etc/tor/proxy.pac
Linux:
.. code-block::
file:///etc/tor/proxy.pac
8. Then, check the box labeled `Proxy DNS when using SOCKS v5`:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 80%
:alt: Firefox proxy settings screenshot
9. Click ``OK`` and then restart Firefox for the changes to take effect.
10. Youre all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_.

8
source/misc-guides/tor-firefox/index.rst
View File

@@ -10,9 +10,7 @@ Configuring Firefox for Tor
Once you have completed the above guide, select your device's operating system below:
.. toctree::
:maxdepth: 1
:maxdepth: 2
MacOS <mac>
Windows <windows>
Linux <linux>
Android <android>
Desktop<desktop>
Mobile<mobile>

9
source/misc-guides/tor-firefox/ios.rst Normal file
View File

@@ -0,0 +1,9 @@
.. _firefox-tor-ios:
**********************************
Setting up Firefox with Tor on iOS
**********************************
Unfortunately, Apple does not allow tor to be run natively on iOS. This means that Firefox cannot be configured to use tor. This leaves the following options for iOS users:
You can use Start9 Labs' own Consulate Browser, which is available `here <https://apps.apple.com/us/app/start9-consulate-browser/id1528124570>`_, or you can select another Tor Browser by searching the `App Store <https://www.apple.com/us/search/onion-browser?src=serp>`_.

54
source/misc-guides/tor-firefox/linux.rst
View File

@@ -1,54 +0,0 @@
.. _firefox-tor-linux:
************************************
Setting up Firefox with Tor on Linux
************************************
.. warning::
This guide assumes you have completed :ref:`setting up Tor for Linux<tor-linux>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox.
#. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
.. figure:: /_static/images/tor/firefox_whitelist.png
:width: 80%
:alt: Firefox whitelist onions screenshot
#. Create a `Proxy Auto Config` file (advanced) or use our standard one (recommended):
.. code-block::
sudo wget -P /etc/tor https://registry.start9labs.com/sys/proxy.pac
#. Now open your Firefox web browser, and select preferences.
.. figure:: /_static/images/tor/firefox_preferences.png
:width: 80%
:alt: Firefox preferences screenshot
Select :menuselection:`Settings --> Preferences`
#. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`.
.. figure:: /_static/images/tor/firefox_search.png
:width: 80%
:alt: Firefox search screenshot
#. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in:
.. code-block::
file:///etc/tor/proxy.pac
#. Check the box labeled `Proxy DNS when using SOCKS v5`.
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 80%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and then restart Firefox for the changes to take effect.
You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_.

64
source/misc-guides/tor-firefox/mac.rst
View File

@@ -1,64 +0,0 @@
.. _firefox-tor-mac:
************************************
Setting up Firefox with Tor on MacOS
************************************
.. warning::
This guide assumes you have completed :ref:`setting up Tor for MacOS<tor-mac>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox.
#. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
.. figure:: /_static/images/tor/firefox_whitelist.png
:width: 80%
:alt: Firefox whitelist onions screenshot
#. Next, download the `Proxy Auto Config` file. This file tells Firefox which URLs to use for Tor.
#. Open the `Terminal` App on your Mac. You can find it in your list of Applications.
#. Enter into the terminal:
.. code-block::
brew install wget
#. And then:
.. code-block::
wget -P /usr/local/etc/tor https://registry.start9labs.com/sys/proxy.pac
#. Open your Firefox web browser, and select preferences:
.. figure:: /_static/images/tor/firefox_preferences.png
:width: 80%
:alt: Firefox preferences screenshot
Select :menuselection:`Settings --> Preferences`
#. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`:
.. figure:: /_static/images/tor/firefox_search.png
:width: 80%
:alt: Firefox search screenshot
#. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in:
.. code-block::
file:///usr/local/etc/tor/proxy.pac
#. Then, check the box labeled `Proxy DNS when using SOCKS v5`:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 80%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and then restart Firefox for the changes to take effect.
#. Youre all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_.

13
source/misc-guides/tor-firefox/mobile.rst Normal file
View File

@@ -0,0 +1,13 @@
.. _firefox-tor-mobile:
**************************************
Setting up Firefox with Tor on Mobile
**************************************
If you are on Android, you can continue after setting up Tor on your device. If you are on iOS, click below for your options.
.. toctree::
:maxdepth: 1
Android<android>
iOS<ios>

54
source/misc-guides/tor-firefox/windows.rst
View File

@@ -1,54 +0,0 @@
.. _firefox-tor-windows:
**************************************
Setting up Firefox with Tor on Windows
**************************************
.. warning::
This guide assumes you have completed :ref:`setting up Tor for Windows<tor-windows>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox.
#. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
.. figure:: /_static/images/tor/firefox_whitelist.png
:width: 80%
:alt: Firefox whitelist onions screenshot
#. Download a `Proxy Auto Config` file that will use the Tor service to resolve .onion urls. We have one hosted `here <https://registry.start9labs.com/sys/proxy.pac>`_. Save it somewhere you wont delete it. For this example:
.. code-block::
C:\Program Files\Tor Browser\proxy.pac
#. Now open your Firefox web browser, and select options:
.. figure:: /_static/images/tor/firefox_options_windows.png
:width: 80%
:alt: Firefox options screenshot
Select :menuselection:`Settings --> Options`
#. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`:
.. figure:: /_static/images/tor/firefox_search.png
:width: 80%
:alt: Firefox search screenshot
#. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file://C:/Program Files/Tor Browser/proxy.pac
#. Check the box labeled `Proxy DNS when using SOCKS v5`:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 80%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and then restart Firefox for the changes to take effect.
#. Youre all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_.

3
source/misc-guides/tor-os/index.rst
View File

@@ -14,4 +14,5 @@ Select your operating system to get started:
MacOS<mac>
Windows<windows>
Linux<linux>
Android<android>
Android<android>
iOS<ios>

9
source/misc-guides/tor-os/ios.rst Normal file
View File

@@ -0,0 +1,9 @@
.. _tor-ios:
*********************
Setting up Tor on iOS
*********************
Unfortunately, Apple does not allow tor to be run natively on iOS. This leaves 2 options for iOS users:
You can use Start9 Labs' own Consulate Browser, which is available `here <https://apps.apple.com/us/app/start9-consulate-browser/id1528124570>`_, or you can select another Tor Browser by searching the `App Store <https://www.apple.com/us/search/onion-browser?src=serp>`_.

8
source/misc-guides/tor-os/windows.rst
View File

@@ -12,7 +12,7 @@ Running Tor on Windows
Download Tor for Windows
#. Once it is downloaded, go ahead and run the installer. If you want to install the program outside of your user directory, you will have to right click and select `Run as Administrator`.
#. Once it is downloaded, go ahead and run the installer. If you want to install the program outside of your user directory, you will have to right click and select `Run as Administrator`.
#. Once you have selected a language, you should see a menu like this:
@@ -28,11 +28,11 @@ Running Tor on Windows
* In Windows 10, you can simply type ``cmd`` in the Windows search bar, right click on the first result, and select `Run as Administrator`.
#. Once it opens, you can run the following commands, inserting your destination folder in place of ``<PATH TO>``:
#. Once it opens, you can run the following commands, inserting your destination folder (from above) in place of ``<PATH TO>``:
.. code-block::
sc create tor start=auto binPath="<PATH TO>\Tor Browser\Browser\TorBrowser\Tor\tor.exe -nt-service"
sc create tor start=auto binPath="<PATH TO>\Browser\TorBrowser\Tor\tor.exe -nt-service"
sc start tor
#. When you run this, it should look something like this:
@@ -43,4 +43,4 @@ Running Tor on Windows
Replace highlighted section with noted destination folder
#. That's it! Your Windows computer is now setup to natively use Tor.
#. That's it! Your Windows computer is now setup to natively use Tor.

4
source/support/FAQ/setup-faq.rst
View File

@@ -28,6 +28,10 @@ This is most likely a transient networking issue that will correct itself in a f
3. Restart your router.
Do I need to take any additional security precautions with my device, for example with my router/modem?
-------------------------------------------------------------------------------------------------------
Nothing special is required, however, it is best practice to use good passwords, i.e. for your WiFi and your Embassy. Here's a `comic <https://xkcd.com/936/>`_ explaining how to make strong passwords, simply.
What if I have an unique network issue, for example, with a firewall?
---------------------------------------------------------------------
The Embassy is designed to work as simply as possible, for as many as possible, while providing the ability to self-host in a private manner. If you have an agressive or custom firewall, or other custom network settings, there is a good chance that addtional configuration may be necessary. We will continue to learn about custom networking issues, update our docs with resources, and help in the community :ref:`channels <contact>` to the best of our ability.

6
source/support/FAQ/usage-faq.rst
View File

@@ -52,6 +52,12 @@ Do I need to delete existing backups before doing a new backup? Or does a new ba
-------------------------------------------------------------------------------------------------------------
No, you dont need to delete the old backups. The technology we use updates the existing backup.
Can I clone my Embassy SD card for backup purposes?
---------------------------------------------------
Warning: **DO NOT do this if you are running LND or c-lightning**. If you clone the SD card, then go back to running LND or c-lightning, and you *ever* try to restore the SD card, there is a good chance you will lose *all your channel funds*. Also, if you try to use the SD card for a 2nd Embassy, that will also result in loss of funds. This has nothing to do with Start9 or the Embassy; it is inherent to the architecture of Lightning.
If you are not running LND or c-lightning, then *yes*, it is possible to do a deep clone of the SD card as a backup. But even here, there are some considerations: Start9 does not test/support this officially, which means it is untested. Also, it may take a while to do a deep clone of the card since the ones we ship are 128GB and there isn't a really effective way to clone the Embassy card that isn't a byte-for-byte copy. However, if you do a byte for byte copy (128GB), and run `PiShrink <https://github.com/Drewsif/PiShrink>`_ you could flash that image file onto a new card and restore all of your data.
Why would I even buy this when I can just build it for free??
-------------------------------------------------------------
(1) White glove support. Because each Embassy comes with a unique product key engraved on it, and we have a record of all product keys ever, we can ask the user to verify their product key in order to receive a higher tier of support, such as phone calls.

31
source/user-manual/general/lan-setup/browser.rst → source/user-manual/general/lan-setup/browser-setup.rst
View File

@@ -1,15 +1,26 @@
.. _browsers:
.. _browser-setup:
*******
Browser
*******
Browser Setup
=============
.. warning:: Make sure you have completed setup on your :ref:`device <ssl-setup>` before continuing!
.. warning:: Make sure you have completed your :ref:`computer setup <computer-setup>` before continuing!
Select the browser you would like to configure to import the certificate from your desktop:
.. .. toctree::
.. :hidden:
.. browser
- :ref:`Brave <brave>`
- :ref:`Chrome <chrome>`
- :ref:`Firefox <firefox>`
- :ref:`Safari <safari>`
.. _brave:
Brave
=====
-----
#. Navigate to your Brave Settings in a new tab.
@@ -38,7 +49,7 @@ Brave
.. _chrome:
Chrome
======
------
#. Once you have followed the steps to setup your device, open a new tab to apply the certificate. If this does not work, quit and restart Chrome.
@@ -49,7 +60,7 @@ Chrome
.. _firefox:
Firefox
========
-------
#. Navigate to your Firefox Settings in a new tab.
@@ -88,6 +99,6 @@ Firefox
.. _safari:
Safari
======
------
Once you have completed the steps to install a SSL certificate on your device, simply open a new tab to apply the changes. If this does not work, quit and restart Safari. You can now securely navigate to the LAN address for your Embassy!
Once you have completed the steps to install a SSL certificate on your device, simply open a new tab to apply the changes. If this does not work, quit and restart Safari. You can now securely navigate to the LAN address for your Embassy!

187
source/user-manual/general/lan-setup/computer-setup.rst Normal file
View File

@@ -0,0 +1,187 @@
.. _computer-setup:
Computer Setup
==============
MacOS
-----
#. Visit your Embassy at its Tor Address.
#. Navigate to --> Embassy --> Connect Over LAN
.. figure:: /_static/images/embassy_lan_setup.png
:width: 90%
:alt: LAN setup menu item
Select the "Connect over LAN" menu item
#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine.
.. figure:: /_static/images/secure_lan_setup_page.png
:width: 90%
:alt: LAN setup page
Select the "Root Certificate Authority" sub menu
#. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded.
.. figure:: /_static/images/secure_lan_setup_prompt.png
:width: 90%
:alt: LAN setup prompt
Open with "Keychain Access" and select "OK"
#. Enter your computer password when prompted. It will be imported into your computers keychain.
.. figure:: /_static/images/ssl/macos/certificate_untrusted.png
:width: 90%
:alt: Keychain access import menu
Keychain access import menu
#. If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it.
#. Navigate to the "System" tab and find the certificate entitled “Embassy Local Root CA”.
#. Double click on this certificate. A second window will pop up.
#. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “when using this certificate”.
.. figure:: /_static/images/ssl/macos/always_trust.png
:width: 90%
:alt: Keychain submenu
Select "Always trust" under SSL dropdown for Embassy Local CA
#. Close this window and enter your password to apply the settings.
#. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access.
.. figure:: /_static/images/ssl/macos/certificate_trusted.png
:width: 90%
:alt: Keychain menu trusted certificate
Trusted Embassy Local CA certificate
#. Open your favorite browser to import this certificate and follow the steps for :ref:`browser setup <browser-setup>`.
Windows
-------
#. Install `Bonjour Print Services <https://support.apple.com/kb/DL999>`_ on your Windows machine. This is necessary in order to visit .local addresses on Windows.
#. If you are having issues running Bonjour after installing, you might have had Bonjour previously installed. To fix:
#. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ
#. Uninstall Bonjour completely via ``system settings -> remove programs``
#. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US)
#. Restart Windows
#. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings.
#. Visit your Embassy at its Tor Address.
#. Navigate to --> Embassy --> Connect Over LAN
.. figure:: /_static/images/embassy_lan_setup.png
:width: 90%
:alt: LAN setup menu item
Select the "Connect over LAN" menu item
#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine.
.. figure:: /_static/images/secure_lan_setup_page.png
:width: 90%
:alt: LAN setup page
Select the "Root Certificate Authority" sub menu download icon
#. Select the option to save the *Embassy Local CA.crt* file.
.. figure:: /_static/images/ssl/windows/windows_download_cert.png
:width: 90%
:alt: LAN setup prompt
"Save file" when Opening Embassy Local CA.crt
#. On your computer, right-click the “Start” menu and select “Run”.
#. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run.
.. figure:: /_static/images/ssl/windows/1_windows_mmc.png
:width: 90%
:alt: Windows MMC
Access the Windows Management Console
#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*.
.. figure:: /_static/images/ssl/windows/2_windows_console_root.png
:width: 90%
:alt: Windows Console Root
Add Snap-in from Console Root
#. Select “Certificates” in the left side menu, then “Add”. This will open another window.
.. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png
:width: 90%
:alt: Add Certificates
Add Certificates to selected snap-ins
#. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”.
#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”.
.. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png
:width: 90%
:alt: Snap-in Selected
Certificates (Local Computer) is selected as snap-in
#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
.. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png
:width: 90%
:alt: Certificates in Management Console
Access Certificates in Management Console
#. Right click on “Certificates”, then navigate to *All Tasks > Import*.
.. figure:: /_static/images/ssl/windows/6_windows_import_cert.png
:width: 90%
:alt: Import certificate
Select "Import" from Certificates sub-menu
#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”.
.. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png
:width: 90%
:alt: Import cert wizard
Add downloaded certificate int he Certificate Import Wizard
#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”.
#. Select “OK” when the import is successful.
#. Verify the Embassy Local Root CA certificate is in the “Certificates” folder.
.. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png
:width: 90%
:alt: Successful cert install
Embassy Local Root CA imported into Certificate folder
#. You can save the settings to the console if desired or cancel.
#. Open your favorite browser to import this certificate and follow the steps for :ref:`browser setup <browser-setup>`.
Linux
-----
Nothing specific needs to be configured for this environment. Open your favorite browser to import this certificate and follow the steps for :ref:`browser setup <browser-setup>`.

205
source/user-manual/general/lan-setup/desktop.rst
View File

@@ -1,204 +1,11 @@
********
*******
Desktop
********
*******
Operating Systems
=================
MacOS
-----
#. Visit your Embassy at its Tor Address.
#. Navigate to --> Embassy --> Connect Over LAN
.. figure:: /_static/images/embassy_lan_setup.png
:width: 90%
:alt: LAN setup menu item
Select the "Connect over LAN" menu item
#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine.
.. figure:: /_static/images/secure_lan_setup_page.png
:width: 90%
:alt: LAN setup page
Select the "Root Certificate Authority" sub menu
#. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded.
.. figure:: /_static/images/secure_lan_setup_prompt.png
:width: 90%
:alt: LAN setup prompt
Open with "Keychain Access" and select "OK"
#. Enter your computer password when prompted. It will be imported into your computers keychain.
.. figure:: /_static/images/ssl/macos/certificate_untrusted.png
:width: 90%
:alt: Keychain access import menu
Keychain access import menu
#. If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it.
#. Navigate to the "System" tab and find the certificate entitled “Embassy Local Root CA”.
#. Double click on this certificate. A second window will pop up.
#. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “when using this certificate”.
.. figure:: /_static/images/ssl/macos/always_trust.png
:width: 90%
:alt: Keychain submenu
Select "Always trust" under SSL dropdown for Embassy Local CA
#. Close this window and enter your password to apply the settings.
#. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access.
.. figure:: /_static/images/ssl/macos/certificate_trusted.png
:width: 90%
:alt: Keychain menu trusted certificate
Trusted Embassy Local CA certificate
#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers <browsers>`.
Windows
-------
#. Install `Bonjour Print Services <https://support.apple.com/kb/DL999>`_ on your Windows machine. This is necessary in order to visit .local addresses on Windows.
#. If you are having issues running Bonjour after installing, you might have had Bonjour previously installed. To fix:
#. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ
#. UNinstall Bonjour completely via ``system settings -> remove programs``
#. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US)
#. Restart Windows
#. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings.
#. Visit your Embassy at its Tor Address.
#. Navigate to --> Embassy --> Connect Over LAN
.. figure:: /_static/images/embassy_lan_setup.png
:width: 90%
:alt: LAN setup menu item
Select the "Connect over LAN" menu item
#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine.
.. figure:: /_static/images/secure_lan_setup_page.png
:width: 90%
:alt: LAN setup page
Select the "Root Certificate Authority" sub menu download icon
#. Select the option to save the *Embassy Local CA.crt* file.
.. figure:: /_static/images/ssl/windows/windows_download_cert.png
:width: 90%
:alt: LAN setup prompt
"Save file" when Opening Embassy Local CA.crt
#. On your computer, right-click the “Start” menu and select “Run”.
#. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run.
.. figure:: /_static/images/ssl/windows/1_windows_mmc.png
:width: 90%
:alt: Windows MMC
Access the Windows Management Console
#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*.
.. figure:: /_static/images/ssl/windows/2_windows_console_root.png
:width: 90%
:alt: Windows Console Root
Add Snap-in from Console Root
#. Select “Certificates” in the left side menu, then “Add”. This will open another window.
.. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png
:width: 90%
:alt: Add Certificates
Add Certificates to selected snap-ins
#. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”.
#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”.
.. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png
:width: 90%
:alt: Snap-in Selected
Certificates (Local Computer) is selected as snap-in
#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
.. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png
:width: 90%
:alt: Certificates in Management Console
Access Certificates in Management Console
#. Right click on “Certificates”, then navigate to *All Tasks > Import*.
.. figure:: /_static/images/ssl/windows/6_windows_import_cert.png
:width: 90%
:alt: Import certificate
Select "Import" from Certificates sub-menu
#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”.
.. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png
:width: 90%
:alt: Import cert wizard
Add downloaded certificate int he Certificate Import Wizard
#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”.
#. Select “OK” when the import is successful.
#. Verify the Embassy Local Root CA certificate is in the “Certificates” folder.
.. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png
:width: 90%
:alt: Successful cert install
Embassy Local Root CA imported into Certificate folder
#. You can save the settings to the console if desired or cancel.
#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers <browsers>`.
Linux
-----
Nothing specific needs to be configured for this environment. Follow the guides below to import the certificate into your desired browser.
Browsers
========
Select the browser you would like to configure to import the certificate from your desktop:
Enabling LAN connectivity for desktop involves configuring both your computer and your browser.
.. toctree::
:hidden:
:maxdepth: 1
browser
- :ref:`Brave <brave>`
- :ref:`Chrome <chrome>`
- :ref:`Firefox <firefox>`
- :ref:`Safari <safari>`
Computer Setup<computer-setup>
Browser Setup<browser-setup>

4
source/user-manual/general/lan-setup/index.rst
View File

@@ -11,5 +11,5 @@ The guides below will walk you through the steps to install and trust your Embas
.. toctree::
:maxdepth: 2
desktop
mobile
Desktop<desktop>
Mobile<mobile>