Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-26 10:21:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

lots of updates

Browse Source
This commit is contained in:
Lucy Cifferello
2021-03-08 17:45:02 -07:00
parent 2554000d85
commit ec86d22ccf
27 changed files with 376 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/user-manual/general/index.rst
View File

@@ -13,5 +13,5 @@ An overview of EmbassyOS general capabilities.
developer-options/index
power
notifications
secure-lan/index
lan-setup/index
forgot-password

8
source/user-manual/general/secure-lan/browser.rst → source/user-manual/general/lan-setup/browser.rst
View File

@@ -6,6 +6,8 @@ Browser
.. warning:: Make sure you have completed setup on your :ref:`device <ssl-setup>` before continuing!
.. _brave:
Brave
=====
@@ -33,6 +35,8 @@ Brave
8. Additionally, you can start a Brave private window with Tor to visit the Tor address over HTTPS (unnecessary in principle, but will circumvent annoying browser warnings).
.. _chrome:
Chrome
======
@@ -42,6 +46,8 @@ Chrome
3. You can now securely navigate to your Embassy over HTTPS!
.. _firefox:
Firefox
========
@@ -79,6 +85,8 @@ Firefox
11. You can now securely navigate to your Embassy over HTTPS!
.. _safari:
Safari
======

58
source/user-manual/general/secure-lan/desktop.rst → source/user-manual/general/lan-setup/desktop.rst
View File

@@ -2,8 +2,11 @@
Desktop
********
Operating Systems
=================
MacOS
=====
-----
1. In the Setup App, select your claimed Embassy to view the setup results. Navigate to the "Tor" menu item and copy the Tor address. It is safe to message this address to yourself so that you can paste it in a browser.
@@ -17,27 +20,27 @@ MacOS
6. Navigate to the “Embassy” tab in the menu.
7. Find the section entitled “Secure LAN Setup”.
7. Find the section entitled “Connect over LAN”.
.. figure:: /_static/images/embassy_lan_setup.png
:width: 90%
:alt: Secure LAN setup menu item
:alt: LAN setup menu item
Select the "Secure LAN Setup" menu item
Select the "Connect over LAN" menu item
8. Select the "SSL Certificate" sub menu. This will prompt a download to save the certificate file to your machine.
8. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine.
.. figure:: /_static/images/secure_lan_setup_page.png
:width: 90%
:alt: Secure LAN setup page
:alt: LAN setup page
Select the "SSL Certificate" sub menu
Select the "Root Certificate Authority" sub menu
9. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded.
.. figure:: /_static/images/secure_lan_setup_prompt.png
:width: 90%
:alt: Secure LAN setup prompt
:alt: LAN setup prompt
Open with "Keychain Access" and select "OK"
@@ -76,7 +79,7 @@ If the keychain console did not open, press "Command + spacebar" and type “Key
16. Navigate to your desired browser to import this certificate and follow the steps for :ref:`supported browsers <browsers>`.
Windows
=======
-------
1. In the Setup App, select your claimed Embassy to view the setup results. Navigate to the "Tor" menu item and copy the Tor address. It is safe to message this address to yourself so that you can paste it in a browser.
@@ -90,27 +93,27 @@ Windows
6. Navigate to the “Embassy” tab in the menu.
7. Find the section entitled “Secure LAN Setup”.
7. Find the section entitled “Connect over LAN”.
.. figure:: /_static/images/ssl/windows/windows_embassy_menu.png
.. figure:: /_static/images/embassy_lan_setup.png
:width: 90%
:alt: Secure LAN setup menu item
:alt: LAN setup menu item
Select the "Secure LAN Setup" menu item
Select the "Connect over LAN" menu item
8. Select the "SSL Certificate" sub menu. This will prompt a download to save the certificate file to your machine.
8. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine.
.. figure:: /_static/images/ssl/windows/windows_lan_page.png
.. figure:: /_static/images/secure_lan_setup_page.png
:width: 90%
:alt: Secure LAN setup page
:alt: LAN setup page
Select the "SSL Certificate" sub menu download icon
Select the "Root Certificate Authority" sub menu download icon
9. Select the option to save the *Embassy Local CA.crt* file.
.. figure:: /_static/images/ssl/windows/windows_download_cert.png
:width: 90%
:alt: Secure LAN setup prompt
:alt: LAN setup prompt
"Save file" when Opening Embassy Local CA.crt
@@ -191,6 +194,21 @@ Windows
23. Navigate to your desired browser to import this certificate and follow the steps for :ref:`supported browsers <browsers>`.
Linux
=====
-----
Please reach out to `@ProofOfKeags <http://twitter.com/ProofOfKeags>`_ on `Telegram <https://t.me/start9_labs>`_ if you would like assistance setting up SSL Certificates in this environment.
Nothing specific needs to be configured for this environment. Follow the guides below to import the certificate into your desired browser.
Browsers
========
Select the browser you would like to configure to import the certificate from your desktop:
.. toctree::
:hidden:
browser
- :ref:`Brave <brave>`
- :ref:`Chrome <chrome>`
- :ref:`Firefox <firefox>`
- :ref:`Safari <safari>`

19
source/user-manual/general/lan-setup/index.rst Normal file
View File

@@ -0,0 +1,19 @@
.. _ssl-setup:
*********
LAN Setup
*********
EmbassyOS has ability to securely access your Embassy over HTTPS from any browser in addition to the already secure option of communicating over Tor. This method of connecting is faster when on the same Local Area Network (LAN). This is accomplished by HTTPS using the OpenSSL protocol. Your Embassy becomes a Certificate Authority and uses its root certificate to generate a self-signed cert for you to import on your devices.
The following guides will take you through the steps to install and trust the SSL certificate generated from your Embassy.
#. For security, Secure LAN Setup is only available over the Embassy's Tor address. Ensure you are setup with a :ref:`Tor enabled browser <connecting>`.
#. Complete the setup for your device operating system:
.. toctree::
:maxdepth: 2
desktop
mobile

86
source/user-manual/general/lan-setup/mobile.rst Normal file
View File

@@ -0,0 +1,86 @@
******
Mobile
******
Android
=======
Unfortunately, LAN addresses (URLs ending in `.local`) are not supported on Android devices. This is because Android does not yet natively support mDNS, which is used to access LAN addresses on mobile device browsers. As a result, you cannot access your Embassy's or service's LAN address from the browser on Android. We are tracking this issue `here <https://issuetracker.google.com/issues/140786115>`_, please star it to get more attention from the development team!
iOS
====
#. Navigate back to the `Start9 Setup App <https://apps.apple.com/us/app/start9-setup-app/id1528125889>`_.
#. Select your claimed Embassy to view the setup results.
#. Find the "LAN (advanced)" menu item at the bottom of the Setup App screen.
.. figure:: /_static/images/ssl/mobile/ssl_setup_app_complete.png
:width: 70%
:alt: Setup app complete
Completed Setup App screen
#. Select the "Embassy Local Root CA" menu item. Clicking this will prompt you to “Save to device”.
.. figure:: /_static/images/ssl/mobile/ssl_setup_app_advanced.png
:width: 70%
:alt: Setup app advanced menu
Setup App advanced menu
#. You will be directed to a page in your default browser indicating next steps and that the profile has been successfully downloaded.
.. note::
If you have changed the default browser from Safari to Brave, the following auto save certificate to device flow will *not* work. Safari, Firefox, and Chrome work as expected. We recommend you temporarily use one of these browsers to complete this action.
#. Be sure to complete all steps in this process! These steps are also outlined below.
.. figure:: /_static/images/ssl/mobile/ssl_certificate_install_page.png
:width: 70%
:alt: Certificate install page
Select "Allow" on the certificate install page
#. Go to Settings on your iOS device.
.. figure:: /_static/images/ssl/mobile/ssl_ipad_general_settings.png
:width: 70%
:alt: General settings
General settings
#. Navigate to *General > Profile(s) > Downloaded Profile > Install*.
.. figure:: /_static/images/ssl/mobile/ssl_ipad_profiles.png
:width: 70%
:alt: Profiles
Profiles view
.. figure:: /_static/images/ssl/mobile/ssl_ipad_install_profile.png
:width: 70%
:alt: Install profile
Select "Install" for Embassy Local Root CA
#. Select “yes” to any warning prompts.
#. Next, navigate to *General > About > Certificate Trust Settings*.
.. figure:: /_static/images/ssl/mobile/ssl_ipad_cert_trust_settings.png
:width: 70%
:alt: Certificate trust settings
Select Certificate Trust Settings (scroll all the way down)
#. Enable full trust for root certificates.
.. figure:: /_static/images/ssl/mobile/ssl_ipad_cert_trust.png
:width: 70%
:alt: Enable full trust
Toggle to enable full trust for root certificates. "Continue" when warning prompts.
#. Test that this process worked successfully by navigating to the LAN address provided in the Setup App. You should no longer see warnings about the security of this site in your browser. We recommend using Start9s own `Consulate browser <https://apps.apple.com/us/app/consulate/id1528124570>`_ for a faster and better experience.

40
source/user-manual/general/secure-lan/index.rst
View File

@@ -1,40 +0,0 @@
.. _ssl-setup:
****************
Secure LAN Setup
****************
EmbassyOS has ability to securely access your Embassy over HTTPS from any browser in addition to the already secure option of communicating over Tor. This method of connecting is faster when on the same Local Area Network (LAN). This is accomplished by HTTPS using the OpenSSL protocol. Your Embassy becomes a Certificate Authority and uses its root certificate to generate a self-signed cert for you to import on your devices.
The following guides will take you through the steps to install and trust the SSL certificate generated from your Embassy.
First, determine your current version of EmbassyOS, found in *Embassy > About > EmbassyOS Version*.
.. figure:: /_static/images/embassy_version.png
:width: 90%
:alt: EmbassyOS version view
How to view EmbassyOS version
.. warning::
For EmbassyOS versions <0.2.5, please follow the setup instructions on this `blog post <https://medium.com/@start9labs/embassy-https-certificate-setup-8cd873d7075c>`_.
For EmbassyOS versions >=0.2.5, continue completing the setup for your device operating system:
.. toctree::
:maxdepth: 2
desktop
mobile
Next, complete the setup for your desired browser. This guide currently covers:
.. toctree::
:maxdepth: 2
browser
.. note::
For security, Secure LAN Setup is only available over the Embassy's Tor address. Ensure you are setup with a :ref:`Tor enabled browser <connecting>`.

87
source/user-manual/general/secure-lan/mobile.rst
View File

@@ -1,87 +0,0 @@
******
Mobile
******
iOS
====
1. Navigate back to the `Start9 Setup App <https://apps.apple.com/us/app/start9-setup-app/id1528125889>`_.
2. Select your claimed Embassy to view the setup results.
3. Find the "LAN (advanced)" menu item at the bottom of the Setup App screen.
.. figure:: /_static/images/ssl/mobile/ssl_setup_app_complete.png
:width: 90%
:alt: Setup app complete
Completed Setup App screen
4. Select the "Embassy Local Root CA" menu item. Clicking this will prompt you to “Save to device”.
.. figure:: /_static/images/ssl/mobile/ssl_setup_app_advanced.png
:width: 90%
:alt: Setup app advanced menu
Setup App advanced menu
.. note:: At this point, you may see a yellow messaging indicating you need to reclaim your Embassy to activate this feature. Proceed with the recommendation.
5. You will be directed to a page in Safari indicating next steps and that the profile has been successfully downloaded. Be sure to complete all steps in this process. These steps are also outlined below.
.. figure:: /_static/images/ssl/mobile/ssl_certificate_install_page.png
:width: 90%
:alt: Certificate install page
Select "Allow" on the certificate install page
6. Go to Settings on your iOS device.
.. figure:: /_static/images/ssl/mobile/ssl_ipad_general_settings.png
:width: 90%
:alt: General settings
General settings
7. Navigate to *General > Profile(s) > Downloaded Profile > Install*.
.. figure:: /_static/images/ssl/mobile/ssl_ipad_profiles.png
:width: 90%
:alt: Profiles
Profiles view
.. figure:: /_static/images/ssl/mobile/ssl_ipad_install_profile.png
:width: 90%
:alt: Install profile
Select "Install" for Embassy Local Root CA
8. Select “yes” to any warning prompts.
9. Next, navigate to *General > About > Certificate Trust Settings*.
.. figure:: /_static/images/ssl/mobile/ssl_ipad_cert_trust_settings.png
:width: 90%
:alt: Certificate trust settings
Select Certificate Trust Settings (scroll all the way down)
10. Enable full trust for root certificates.
.. figure:: /_static/images/ssl/mobile/ssl_ipad_cert_trust.png
:width: 90%
:alt: Enable full trust
Toggle to enable full trust for root certificates. "Continue" when warning prompts.
11. Test that this process worked successfully by navigating to the LAN address provided in the Setup App. You should no longer see warnings about the security of this site in your browser. We recommend using Start9s own `Consulate browser <https://apps.apple.com/us/app/consulate/id1528124570>`_ for a faster and better experience.
Android
=======
Unfortunately, Android devices do not yet natively support mDNS, which is used to access LAN addresses on a mobile device browser. As a result, you cannot yet access your LAN address from the browser on Android. We are tracking this issue `here <https://issuetracker.google.com/issues/140786115>`_, please star it to get more attention from the development team!
We are also working on the `Consulate <https://medium.com/@start9labs/announcing-the-consulate-browser-76d94a8599cb>`_ for Android, which will enable this feature by default and allow you to bookmark your LAN address for efficient access to your Embassy over HTTPS.
In the meantime, you can access your Embassy on Android using the `Tor Browser <https://www.torproject.org/download/>`_.