Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-26 10:21:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

restructure docs

Browse Source
This commit is contained in:
Matt Hill
2023-11-06 12:34:37 -07:00
parent 80651a6609
commit fe79d71e7c
150 changed files with 404 additions and 1866 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
site/source/device-guides/android/ca-android.rst Normal file
View File

@@ -0,0 +1,16 @@
.. _ca-android:
=========================================
Trusting Your Server's Root CA on Android
=========================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Android.
.. note:: This guide only applies to Android phones running Android v13+, as well as phones running CalyxOS, GrapheneOS, or LineageOS (v19+).
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
#. Tap **Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA Certificate > Install Anyway** and select your custom-named ``adjective-noun.local.crt`` certificate.
.. figure:: /_static/images/ssl/android/droidLAN2.png
:width: 15%
:alt: Install certificate

81
site/source/device-guides/android/ff-android.rst Normal file
View File

@@ -0,0 +1,81 @@
.. _ff-android:
==============================
Configuring Firefox on Android
==============================
Download `Firefox Beta <https://play.google.com/store/apps/details?id=org.mozilla.firefox_beta>`_ from the Play Store, or `Fennec <https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/>`_ from F-Droid.
.. caution:: You must use **Firefox Beta** on Android. Regular Firefox does not permit advanced configuration.
Local
-----
#. Ensure you have already :ref:`trusted your Root CA<ca-android>` on your Android device
#. Tap ``Kebab Menu > Settings > About Firefox`` and tap the Firefox icon 5 times to enable "developer mode"
#. Go back to ``Kebab Menu > Settings > Secret Settings`` (at the bottom), and tap ``Use third party CA certificates``
Tor
---
#. Ensure you are already :ref:`running Tor<tor-android>` on your Android device
#. Download the `Proxy Auto Config` file that will use Orbot to resolve `.onion` URLs. We have one hosted `here <https://start9.com/assets/proxy.pac>`_
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``network.proxy.autoconfig_url``, and set the value to ``file:///storage/emulated/0/Download/proxy.pac``. This is the default location of a the proxy.pac file downloaded in step 2, although your path may vary:
.. figure:: /_static/images/tor/autoconfig_url.png
:width: 30%
:alt: Firefox autoconfig url setting screenshot
#. Navigate to ``about:config`` in the Firefox URL bar:
.. figure:: /_static/images/tor/about_config.png
:width: 30%
:alt: Firefox about config
#. Search for ``network.proxy.type`` into the search bar, and set the value to ``2``:
.. figure:: /_static/images/tor/network_proxy_type.png
:width: 30%
:alt: Firefox network proxy type setting screenshot
#. Search for ``network.proxy.socks_remote_dns``, and set the value to ``true``:
.. figure:: /_static/images/tor/socks_remote_dns.png
:width: 30%
:alt: Firefox socks remote dns setting screenshot
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist_mobile.png
:width: 30%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets_droid.png
:width: 30%
:alt: Firefox allow insecure websockets over https
#. Search for ``network.http.referer.hideOnionsSource`` and set the value to ``true``
#. (**GrapheneOS users only**): Head to ``Settings -> Apps -> Firefox Beta -> Permissions -> Photos and videos -> Configure Storage Scopes -> ADD FILE``, then navigate to where you placed the proxy.pac file:
.. figure:: /_static/images/tor/storage-scopes-proxy.jpg
:width: 15%
#. Restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services
Install StartOS as a PWA
------------------------
Depending on your version of Firefox, you may be prompted to "Add to Home screen", when visiting your main UI. If you do this, you can access your UI as a Progressive Web App (PWA), meaining that all browser context is removed, and StartOS will behave as a native Android app!
If you are not prompted, or skipped that screen, simply go to the **Kebab (Settings) Menu > Install** while visiting your server's UI to complete the action.

15
site/source/device-guides/android/index.rst Normal file
View File

@@ -0,0 +1,15 @@
.. _android:
=======
Android
=======
Recommended Guides
------------------
.. toctree::
:maxdepth: 1
ca-android
tor-android
ff-android

78
site/source/device-guides/android/tor-android.rst Normal file
View File

@@ -0,0 +1,78 @@
.. _tor-android:
======================
Running Tor on Android
======================
Some apps, such as the official Tor Browser, have Tor built in. They do not require additional software or configurations to utilize Tor. Most apps, however, do not have Tor built in. They require an app called Orbot to be installed in order to utilize the Tor Network.
Running Orbot
-------------
Orbot is a system-wide proxy for your Android device that enables communications over Tor.
#. Download and install Orbot from the `Play Store <https://play.google.com/store/apps/details?id=org.torproject.android>`_, or from `F-Droid <https://f-droid.org/packages/org.torproject.android>`_ (must open with F-Droid app). Then launch the app.
.. note:: When using F-Droid, you will need to activate the Guardian Project repository by visiting the ``Settings`` menu (bottom right) -> ``Repositories`` -> ``Guardian Project Official Releases``
.. figure:: /_static/images/tor/orbot0.png
:width: 20 %
:alt: Orbot
#. Tap "Start VPN".
.. figure:: /_static/images/tor/orbot1.png
:width: 20 %
:alt: Orbot starting
#. Orbot will start up the Tor service. Once complete, you will see:
.. figure:: /_static/images/tor/orbot2.png
:width: 20 %
:alt: Orbot running
#. Open the kebab menu in the bottom right hand corner and select `Settings`:
.. figure:: /_static/images/tor/orbot_menu.png
:width: 20 %
:alt: Orbot settings
#. Make sure the options for `Start Orbot on Boot` and `Allow Background Starts` are checked:
.. figure:: /_static/images/tor/orbot_settings.png
:width: 20 %
:alt: Orbot menu
#. That's it, you're now running a Tor client on your Android device! Certain apps, such as Firefox, Fennec, and DuckDuckGo will now work after you configure them to use Tor's local proxy. Other apps do not have sophisticated proxy configurations and require that Orbot be running in VPN mode.
Orbot VPN mode
--------------
To utilize Tor, some apps require that Orbot be running in VPN mode. This means that you are sending your application's traffic across the Tor network via Orbot.
#. Disable Private DNS on your device. Navigate to: ``Settings > Network & Internet > Advanced > Private DNS > Off`` and toggle Private DNS to "off".
.. figure:: /_static/images/tor/private_dns_off.png
:width: 20%
:alt: Private DNS off
#. Tap `Select Apps`, and add the apps you want to utilize Tor.
.. figure:: /_static/images/tor/orbot_apps.png
:width: 20%
:alt: Orbot apps
Examples of applications that need this feature for remote access are:
- Bitwarden
- Element (Matrix client)
- Nextcloud
.. figure:: /_static/images/tor/orbot2.png
:width: 20%
:alt: Orbot running
You can also add the following browsers to the Tor-Enabled Apps list to easily access Tor addresses (`.onion` URLs):
- Chrome
- Vanadium
.. caution:: Pushing apps through Orbot's VPN mode will allow you to access .onion URLs, however, all other traffic will also go through Tor. This means connections to some sites may be blocked by site operators' fraud prevention measures, especially e-commerce sites where credit cards are used. Proceed with caution especially for Web Browsers.

87
site/source/device-guides/index.rst Normal file
View File

@@ -0,0 +1,87 @@
.. _device-guides:
=============
Device Guides
=============
Guides for integrating your client devices with your StartOS server.
.. raw:: html
<div class="topics-grid grid-container full">
<div class="grid-x grid-margin-x">
.. topic-box::
:title: Linux
:link: linux
:icon: scylla-icon scylla-icon--linux
:class: large-4
:anchor: View
Guides for Linux
.. topic-box::
:title: Mac
:link: mac
:icon: scylla-icon scylla-icon--apple
:class: large-4
:anchor: View
Guides for Mac
.. topic-box::
:title: Windows
:link: windows
:icon: scylla-icon scylla-icon--windows
:class: large-4
:anchor: View
Guides for Windows
.. topic-box::
:title: Android
:link: android
:icon: scylla-icon scylla-icon--android
:class: large-4
:anchor: View
Guides for Android
.. topic-box::
:title: iOS
:icon: scylla-icon scylla-icon--ios
:link: ios
:class: large-4
:anchor: View
Guides for iOS
.. topic-box::
:title: Synology
:icon: scylla-icon scylla-icon--cloud
:link: synology
:class: large-4
:anchor: View
Guides for Synology
.. topic-box::
:title: Truenas
:icon: scylla-icon scylla-icon--cloud
:link: truenas
:class: large-4
:anchor: View
Guides for Truenas
.. toctree::
:maxdepth: 1
:hidden:
linux/index
mac/index
windows/index
android/index
ios/index
synology/index
truenas/index

77
site/source/device-guides/ios/ca-ios.rst Normal file
View File

@@ -0,0 +1,77 @@
.. _ca-ios:
=====================================
Trusting Your Server's Root CA on iOS
=====================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on iOS.
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
#. Open your iCloud Downloads folder and click on the certificate. It will display a dialog box that says "Profile Downloaded." Click `Close`.
.. figure:: /_static/images/ssl/ios/import_cert.png
:width: 20%
:alt: Profiles
#. Head to *Settings > General > VPN & Device Management*
.. figure:: /_static/images/ssl/ios/settings_general_vpn.png
:width: 20%
:alt: Profiles
#. Locate the profile under "DOWNLOADED PROFILE" and tap on it
.. figure:: /_static/images/ssl/ios/install_1.png
:width: 20%
:alt: Profiles
#. Tap *Install*
.. figure:: /_static/images/ssl/ios/install_2.png
:width: 20%
:alt: Profiles
#. Tap *Install* again
.. figure:: /_static/images/ssl/ios/install_3.png
:width: 20%
:alt: Profiles
#. Tap *Install* yet again
.. figure:: /_static/images/ssl/ios/install_4.png
:width: 20%
:alt: Profiles
#. You should see green text with a check-mark saying "Verified" under the Profile Installed dialog.
.. figure:: /_static/images/ssl/ios/install_5.png
:width: 20%
:alt: Profiles
#. Tap *Done* near the top right.
#. Next, navigate to *General > About > Certificate Trust Settings*.
.. figure:: /_static/images/ssl/ios/trust_1.png
:width: 20%
:alt: Certificate trust settings
#. Under "Enable full trust for root certificates", enable your "<custom-address> Local Root CA".
.. figure:: /_static/images/ssl/ios/trust_2.png
:width: 20%
:alt: Enable full trust
#. Tap *Continue*
.. figure:: /_static/images/ssl/ios/trust_3.png
:width: 20%
:alt: Profiles
#. Your certificate should now be installed and trusted:
.. figure:: /_static/images/ssl/ios/trust_4.png
:width: 20%
:alt: Profiles

14
site/source/device-guides/ios/index.rst Normal file
View File

@@ -0,0 +1,14 @@
.. _ios:
===
iOS
===
Recommended Guides
------------------
.. toctree::
:maxdepth: 1
ca-ios
tor-ios

29
site/source/device-guides/ios/tor-ios.rst Normal file
View File

@@ -0,0 +1,29 @@
.. _tor-ios:
==================
Running Tor on iOS
==================
Running Orbot
-------------
Orbot is a system-wide proxy for your Android device that enables communications over Tor.
#. Download and install `Orbot from the Apple appstore <https://apps.apple.com/us/app/orbot/id1609461599>`_.
#. Open Orbot and tap on "Settings".
#. Activate the "Disable Orbot for non-onion traffic" setting:
.. figure:: /_static/images/tor/ios-orbot-settings-oniononlymode.png
:width: 25%
:alt: iOS Orbot -> Settings -> Onion-Only Mode
#. Go back to the main screen and click "Start" and you will see Tor connect:
.. figure:: /_static/images/tor/ios-orbot-connecting-full.png
:width: 35%
:alt: iOS Orbot Connecting to Tor
#. Apps will now work transparently when requesting onion urls!
Access Onionsites
-----------------
Once Orbot is setup on your system as you've just done, you don't need any browser configuration. All browsers in iOS are Safari under the hood, and this Orbot configuration enables access to ``.onion`` URLs. Regular clearnet requests will not use tor.

187
site/source/device-guides/linux/backup-linux.rst Normal file
View File

@@ -0,0 +1,187 @@
.. _backup-linux:
====================
Linux Network Folder
====================
.. contents::
:depth: 2
:local:
Setup Network Folder
--------------------
.. note:: This guide is for Ubuntu only. For Linux Mint, select "Mint", or for different distros such as Arch, Debian, Pop-OS, PureOS, etc, select "Other Linux" below.
.. tabs::
.. group-tab:: Ubuntu
Check out the video below, and follow along with the steps in this guide to setup a Network Folder on your Linux machine, such that you may create encrypted, private backups of all your StartOS data.
.. youtube:: LLIMC5P3NdY
:width: 100%
.. raw:: html
<br/><br/>
#. Install Samba if you have not already:
.. code-block::
sudo apt install samba && sudo systemctl enable smbd
#. Add your user to samba, replacing ``$USER`` with your Linux username.
.. code-block:: bash
sudo smbpasswd -a $USER
First you will be prompted for your linux password, then you will be asked to create a new SMB password for the user with permission to write to your new backup share. Keep it somewhere safe, such as Vaultwarden.
#. Right-click the folder that you want to backup to (or create a new one) and click "Properties"
.. figure:: /_static/images/cifs/cifs-lin0.png
:width: 60%
#. Select the "Local Network Share" tab
.. figure:: /_static/images/cifs/cifs-lin1.png
:width: 60%
#. Click "Share this folder"
.. figure:: /_static/images/cifs/cifs-lin2.png
:width: 60%
- You may rename the "Share", if you prefer - **remember this name**, you will need it later in the StartOS dashboard
- (Optional) Create a description in the "Comment" section
#. In case your installation of Ubuntu is running a firewall by default or due to your own custom configuration, enter this command to allow connections to Samba. If it generates an error, you can safely ignore it:
.. code-block:: bash
sudo ufw allow Samba
.. group-tab:: Mint
#. Install Samba if you have not already:
.. code-block::
sudo apt install samba && sudo systemctl enable smbd
#. Add your user to samba, replacing ``$USER`` with your Linux username.
.. code-block:: bash
sudo usermod -a -G sambashare $USER
sudo smbpasswd -a $USER
First you will be prompted for your linux password, then you will be asked to create a new SMB password for the user with permission to write to your new backup share. Keep it somewhere safe, such as Vaultwarden.
#. Right-click the folder that you want to backup to (or create a new one, eg. ``start9-backup``) and click "Sharing Options"
.. figure:: /_static/images/cifs/cifs-mint0.png
:width: 60%
#. Enter a Share name consisting of 12 or fewer characters and click "Create Share"
.. figure:: /_static/images/cifs/cifs-mint1.png
:width: 60%
- You may rename the "Share", if you prefer - **remember this name**, you will need it later in the StartOS dashboard. In this example, we call it ``backup-share``
- (Optional) Create a description in the "Comment" section
#. In case your installation of Mint is running a firewall by default or due to your own custom configuration, enter this command to allow connections to Samba. If it generates an error, you can safely ignore it:
.. code-block:: bash
sudo ufw allow Samba
.. group-tab:: Other Linux
1. Install Samba if it is not already installed.
* ``sudo pacman -S samba`` For Arch
* ``sudo apt install samba`` For Debian-based distros (Pop-OS, PureOS, etc)
* ``sudo yum install samba`` For CentOS/Redhat
* ``sudo dnf install samba`` For Fedora
2. Create a directory to share or choose an existing one and make note of its location (path). For this example, we will call the share ``backup-share`` and its corresponding shared directory will be located at ``/home/$USER/start9-backup``. Replace ``$USER`` with your Linux username below.
.. code-block:: bash
mkdir -p /home/$USER/start9-backup
.. note:: If you are on Fedora 38+, you need to do an extra step to allow the Samba share in SELinux:
.. code-block:: bash
sudo semanage fcontext --add --type "samba_share_t" "/home/$USER/start9-backup(/.*)?"
sudo restorecon -R /home/$USER/start9-backup
3. Configure Samba by adding the following to the end of the ``/etc/samba/smb.conf`` file:
.. code-block::
[backup-share]
path = "/home/$USER/start9-backup"
create mask = 0600
directory mask = 0700
read only = no
guest ok = no
Where:
- ``[backup-share]`` is the *Share Name* inside brakets, and can be called anything you'd like. We used ``backup-share`` in this example.
- ``path`` should be the path to the directory you created earlier
Copy the remainder of the entry exactly as it is
4. Open a terminal and enter the following command, replacing ``$USER`` with your Linux username:
.. code-block:: bash
sudo smbpasswd -a $USER
This creates a password for the Local Network Share. Keep it somewhere safe, such as Vaultwarden.
5. In case your installation of Linux (Pop-OS users take special note!) is running a firewall by default or due to your own custom configuration, enter this command to allow connections to Samba. If it generates an error, you can safely ignore it:
.. code-block:: bash
sudo ufw allow Samba
Connect StartOS
---------------
#. Go to *System > Create Backup*.
.. figure:: /_static/images/config/backup.png
:width: 60%
#. Click "Open".
.. figure:: /_static/images/config/backup0.png
:width: 60%
#. Fill in the following fields:
* Hostname - This is the hostname of the machine that your shared folder is located on
* Path - This is the "Share Name" (name of the share in your samba config) and **not** the full directory path. In this guide we use ``backup-share``.
* Username - This is your Linux username on the remote machine that you used to create the shared directory
* Password - This is the password you set above using ``smbpasswd``
.. figure:: /_static/images/config/backup1.png
:width: 60%
#. Click "Save".
That's it! You can now :ref:`Create<backup-create>` encrypted, private backups of all your StartOS data to your Linux machine or external drive!!

70
site/source/device-guides/linux/ca-linux.rst Normal file
View File

@@ -0,0 +1,70 @@
.. _ca-linux:
=======================================
Trusting Your Server's Root CA on Linux
=======================================
.. caution:: If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so.
.. tabs::
.. group-tab:: Debian/Ubuntu
These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc.
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
#. Perform the following commands in the Terminal:
.. code-block:: bash
sudo apt update
sudo apt install -y ca-certificates p11-kit
#. Move into the folder where you downloaded your Start9 server's Root CA (usually ``~/Downloads``), and run the following commands to add your Start9 server's CA certificate to the OS trust store:
.. caution:: BE CERTAIN to replace ``adjective-noun`` with your server's unique hostname in the 3rd and 4th commands below!
.. code-block:: bash
cd ~/Downloads
sudo mkdir -p /usr/share/ca-certificates/start9
sudo cp "adjective-noun.local.crt" /usr/share/ca-certificates/start9/
sudo bash -c "echo 'start9/adjective-noun.local.crt' >> /etc/ca-certificates.conf"
sudo update-ca-certificates
In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``. We highly recommend continuing on to our :ref:`Configuring Firefox <ff-linux>` guide.
.. group-tab:: Arch/Garuda
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
#. From the folder you have downloaded your Start9 server's Root CA, run the following commands. Take care to replace `adjective-noun` with your server's unique adjective-noun combination in the command below. If you have changed the certificate's filename, be sure to change it here.
.. code-block:: bash
sudo pacman -S ca-certificates
sudo cp "adjective-noun.local.crt" /etc/ca-certificates/trust-source/anchors/
sudo update-ca-trust
Despite no output from the last command, you can test your app right away.
.. group-tab:: CentOS/Fedora
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
#. In `/etc/systemd/resolved.conf`, ensure you have ``MulticastDNS=Yes``
#. Restart systemd-resolved
.. code-block:: bash
sudo systemctl restart systemd-resolved
#. From the folder you have downloaded your Start9 server's Root CA, run the following commands. Take care to replace `adjective-noun`` with your server's unique adjective-noun combination in the command below. If you have changed the certificate's filename, be sure to change it here.
.. code-block:: bash
sudo yum install ca-certificates
sudo cp "adjective-noun.local.crt" /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust

126
site/source/device-guides/linux/ff-linux.rst Normal file
View File

@@ -0,0 +1,126 @@
.. _ff-linux:
============================
Configuring Firefox on Linux
============================
Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services.
Local
-----
This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their `blog post <https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/>`_ on the topic (TLDR: for security purposes).
#. Ensure you have already :ref:`trusted your server's Root CA<ca-linux>`
#. Select your distribution below and follow instructions:
.. tabs::
.. group-tab:: Debian/Ubuntu
#. Select the hamburger menu -> ``Settings``. Search for ``security devices`` and select ``Security Devices...``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-1.png
:width: 60%
:alt: Mozilla application p11kit trust #1
#. When the Device Manager dialog window opens, select ``Load``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-2.png
:width: 60%
:alt: Mozilla application p11kit trust #2
#. Give the Module Name a title such as "System CA Trust Module". For the Module filename, paste in ``/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so`` and hit ``OK``
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-3.png
:width: 60%
:alt: Mozilla application p11kit trust #3
.. tip:: The path to p11-kit-trust.so will be slightly different if your processor's architecture is not x86_64.
#. Verify that the new module shows up on the left hand side and select ``OK`` at the bottom right:
.. figure:: /_static/images/ssl/linux/cert-trust-linux-firefox-p11kit-4.png
:width: 60%
:alt: Mozilla application p11kit trust #4
.. group-tab:: Arch/Garuda/CentOS/Fedora
No special steps are needed for Arch/Garuda/CentOS/Fedora. Continue below.
#. Restart Firefox
#. When you visit your server URL using ``https``, you should see this symbol indicating a secure connection:
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
:width: 80%
:alt: Firefox security settings
#. If you see an exclamation point inside a triangle by the lock, it means you previously made a security exception in the browser. You will need to remove the exception by clicking the lock -> Connection not secure -> Remove Exception.
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
:width: 80%
:alt: Firefox - Remove security exception (Part 1)
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
:width: 80%
:alt: Firefox - Remove security exception (Part 2)
Tor
---
#. Ensure you have already :ref:`set up Tor<tor-linux>`
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file from a terminal, by using:
.. code-block::
sudo wget -P ~/ https://start9.com/assets/proxy.pac
#. Determine the full path of `proxy.pac`, which we will use in step 9, by executing the following command in the terminal, and copying its output to your clipboard:
.. code-block::
echo file://$HOME/proxy.pac
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Select ``Automatic proxy configuration URL`` and paste the output from the command you performed in step 6. Be aware, the triple ``///`` is intentional, and your path *will* be different from the one below - namely, YOUR_LINUX_USERNAME will be your actual linux username:
.. code-block::
file:///home/YOUR_LINUX_USERNAME/proxy.pac
.. figure:: /_static/images/tor/firefox_proxy_linux.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Check the box labeled ``Proxy DNS when using SOCKS v5`` in the image above
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services

23
site/source/device-guides/linux/index.rst Normal file
View File

@@ -0,0 +1,23 @@
.. _linux:
=====
Linux
=====
Recommended Guides
------------------
.. toctree::
:maxdepth: 1
ca-linux
tor-linux
ff-linux
Other Useful Guides
-------------------
.. toctree::
:maxdepth: 1
backup-linux

95
site/source/device-guides/linux/tor-linux.rst Normal file
View File

@@ -0,0 +1,95 @@
.. _tor-linux:
====================
Running Tor on Linux
====================
.. tabs::
.. group-tab:: Debian / Ubuntu
For Debian and Debian-based systems, such as Mint, PopOS etc.
.. note:: The following install is for the LTS (Long Term Support) version of Tor from Debian. If you would like the latest stable release, The Tor Project maintain their own Debian repository. The instructions to connect to this can be found `here <https://support.torproject.org/apt/tor-deb-repo/>`_.
Install the Tor proxy service to your system. To do so, open your terminal and run the following command:
.. code-block:: bash
sudo apt update && sudo apt install tor
.. tip:: You can check that Tor is running with:
.. code-block:: bash
systemctl status tor
In the rare event that Tor is having connectivity issues, you can reset your connection with:
.. code-block:: bash
sudo systemctl restart tor
.. group-tab:: Arch / Garuda / Manjaro
Simply install Tor with:
.. code-block:: bash
sudo pacman -S tor
.. tip:: You can check that Tor is running with:
.. code-block:: bash
systemctl status tor
In the rare event that Tor is having connectivity issues, you can reset your connection with:
.. code-block:: bash
sudo systemctl restart tor
.. group-tab:: CentOS / Fedora / RHEL
#. Configure the Tor Package repository. Add the following to ``/etc/yum.repos.d/tor.repo``:
- CentOS / RHEL:
.. code-block:: bash
[Tor]
name=Tor for Enterprise Linux $releasever - $basearch
baseurl=https://rpm.torproject.org/centos/$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=https://rpm.torproject.org/centos/public_gpg.key
cost=100
- Fedora:
.. tip:: Latest Fedora versions have Tor package available for installation:
.. code-block:: bash
[Tor]
name=Tor for Fedora $releasever - $basearch
baseurl=https://rpm.torproject.org/fedora/$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=https://rpm.torproject.org/fedora/public_gpg.key
cost=100
#. Install the Tor package:
.. code-block:: bash
sudo dnf install tor
#. Then enable tor service:
.. code-block:: bash
sudo systemctl enable --now tor

159
site/source/device-guides/mac/backup-mac.rst Normal file
View File

@@ -0,0 +1,159 @@
.. _backup-mac:
==================
Mac Network Folder
==================
.. contents::
:depth: 2
:local:
Setup a Network Folder
----------------------
Please select what version of MacOS you are using from the two tabs below:
.. tabs::
.. group-tab:: Ventura
#. Identify or create a folder you would like to use to store your Start9 server's backups.
.. tip:: You can select an external drive or folder within an external drive connected to your Mac if you'd like.
#. Go to **System Settings**:
.. figure:: /_static/images/tor/systemSettings.png
:width: 40%
:alt: System settings
#. Click on **General** then **Sharing**:
.. figure:: /_static/images/cifs/ventura-general-sharing.png
:width: 40%
:alt: general-sharing
#. Click the toggle to enable file sharing and then click info icon:
.. figure:: /_static/images/cifs/ventura-enable-file-sharing.png
:width: 40%
:alt: enable-cifs
#. Click on the **"+"** icon and select the folder you would like to make backups to:
.. figure:: /_static/images/cifs/ventura-click-plus.png
:width: 40%
:alt: click-plus
#. Once added, click **Options**:
.. figure:: /_static/images/cifs/ventura-folder-added.png
:width: 40%
:alt: ventura-folder-added
#. Enable SMB sharing for the user you want to use and then click **Done**:
.. figure:: /_static/images/cifs/ventura-smb.png
:width: 40%
:alt: ventura-smb
#. Click **Done** to close this window. You can now move on to connecting your server.
.. tip:: You can find the hostname at the bottom of sharing window. You will need this in the next step.
.. group-tab:: Pre-Ventura
#. Identify or create a folder you would like to use to store your Start9 server's backups.
.. tip:: You can select an external drive or folder within an external drive connected to your Mac if you'd like.
#. Go to **System Preferences** and click **Sharing**:
.. figure:: /_static/images/cifs/cifs-mac0.png
:width: 40%
:alt: sharing
#. Click **File Sharing**:
.. figure:: /_static/images/cifs/cifs-mac1.png
:width: 40%
:alt: file-sharing
#. Click the **"+"** icon under **Shared Folders** and add the folder you would like to back up to:
.. figure:: /_static/images/cifs/cifs-mac2.png
:width: 40%
:alt: click-plus
#. After selecting your folder, click **Options**:
.. figure:: /_static/images/cifs/cifs-mac3.png
:width: 40%
:alt: options
#. Enable **Share files and folders using SMB** and turn it on for the user you would like to use to authenticate and then click **Done**:
.. figure:: /_static/images/cifs/cifs-mac4.png
:width: 40%
:alt: SMB
#. Make a note of your computer's **Hostname** which can be found here:
.. figure:: /_static/images/cifs/cifs-mac-hostname.png
:width: 40%
:alt: hostname
#. You will also need the name of the "Shared Folder" you chose or created, as well as your Mac's username and password.
Connect Your Server
-------------------
#. Go to the **System** tab and click **Create Backup**:
.. figure:: /_static/images/config/backup.png
:width: 60%
:alt: system-create-backup
#. Click **Open New**:
.. figure:: /_static/images/config/backup0.png
:width: 60%
:alt: open-new
#. You will now see the following:
.. figure:: /_static/images/config/backup1.png
:width: 50%
:alt: cifs-blank
Enter the credentials as follows:
* **Hostname** - This is the name of your computer.
.. tip:: Sometimes it can be unclear what your Mac's hostname is. Check the tip in Step 8 of the section above to find it. On some versions of Mac, you may need to open up Terminal and type `hostname` as below:
.. figure:: /_static/images/cifs/hostname-terminal-mac.png
:width: 35%
:alt: hostname-terminal-mac
* **Path** - This is the *name of the shared folder* you are using and **not** the full directory path.
.. tip:: If you copied the share name from the Mac computer and it contained a space, macOS will have replaced the space with the string "%20". Please re-replace `%20` with a space in this `Path` field.
* **Username** - This is the user on the remote machine that you used to create the shared directory.
* **Password** - This is the password to the above user.
.. figure:: /_static/images/cifs/cifs-mac5.png
:width: 60%
.. note:: If you are on MacOS Catalina (version 10.15.7), and the backup fails, please `see this Apple support thread <https://discussions.apple.com/thread/253970425>`_. If the provided solution still doesn't work, SMB file sharing probably will not work for this old Mac. Consider backing up to a USB thumb drive instead.
.. note:: If you recently updated to MacOS Ventura (version 13.2), and you cannot get the share to connect:
#. Turn off file sharing switch in **General > Sharing**
#. Restart macOS
#. Turn on file sharing switch in **General > Sharing**
#. Click **Connect**.
That's it! You can now :ref:`create encrypted, private backups<backup-create>` of all your Start9 server's data to your Mac.

52
site/source/device-guides/mac/ca-mac.rst Normal file
View File

@@ -0,0 +1,52 @@
.. _ca-mac:
=====================================
Trusting Your Server's Root CA on Mac
=====================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Mac.
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
#. Locate your downloaded Root CA. Right click it and select *Show in Folder*:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-3-show_in_folder.png
:width: 60%
:alt: Show certificate file in Downloads folder
#. Finder will open. Locate your unique `adjective-noun.local.crt` file in your *Downloads* folder and double click it to import it into the *Keychain Access* program. You will be prompted for your macOS username and password, or thumbprint. Then select *Modify Keychain*:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-4-modify_keychain.png
:width: 60%
#. Press Command + Spacebar to launch a program, type in *Keychain Access* and select the resulting *Keychain Access* program to open it.
.. figure:: /_static/images/ssl/macos/trust-cert-macos-4.5-keychain_access.png
:width: 60%
#. Your server's CA certificate will be displayed among the imported certificates in Keychain Access. Right-click on the imported CA cert and select *Get Info*:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-5-cert-get_info.png
:width: 60%
:alt: Keychain Access - Get Info of CA Certificate
#. The details of your CA certificate will be displayed in a new dialog window. Expand the **Trust** heading, then select "**Always Trust**" on **Secure Sockets Layer (SSL)** and **X.509 Basic Policy**.
.. figure:: /_static/images/ssl/macos/trust-cert-macos-6-ssl_tls-always_trust.png
:width: 60%
:alt: Trust CA Certificate
Click the red (x) button at the top left of the Local Root CA dialog window.
#. You will then be prompted again for your username and password, or thumbprint. Enter those and click **Update Settings**:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-7-password-update_settings.png
:width: 60%
:alt: Authenticate to change the settings
#. You will see your server's CA certificate as trusted now, signified by a blue (+) sign and the CA cert information will now say "This certificate is marked as trusted for all users" in Keychain Access:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-8-cert_trusted.png
:width: 60%
:alt: Keychain submenu
.. tip:: If the keychain console did not show the certificate as trusted, press "Command + spacebar" and type “Keychain Access”, and hit enter to re-open it.

79
site/source/device-guides/mac/ff-mac.rst Normal file
View File

@@ -0,0 +1,79 @@
.. _ff-mac:
==========================
Configuring Firefox on Mac
==========================
Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services.
Local
-----
#. Ensure you have already :ref:`trusted your server's Root CA<ca-mac>`
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
#. Restart Firefox
#. When you visit your server URL using ``https``, you should see this symbol indicating a secure connection:
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
:width: 80%
:alt: Firefox security settings
#. If you see an exclamation point inside a triangle by the lock, it means you previously made a security exception in the browser. You will need to remove the exception by clicking the lock -> Connection not secure -> Remove Exception.
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
:width: 80%
:alt: Firefox - Remove security exception (Part 1)
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
:width: 80%
:alt: Firefox - Remove security exception (Part 2)
Tor
---
#. Ensure you have already :ref:`set up Tor<tor-mac>`
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Check the option labeled ``Use System Proxy Settings`` *and* the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services

24
site/source/device-guides/mac/index.rst Normal file
View File

@@ -0,0 +1,24 @@
.. _dg-mac:
===
Mac
===
Recommended Guides
------------------
.. toctree::
:maxdepth: 1
ca-mac
tor-mac
ff-mac
Other Useful Guides
-------------------
.. toctree::
:maxdepth: 1
backup-mac
screenshare-mac

65
site/source/device-guides/mac/screenshare-mac.rst Normal file
View File

@@ -0,0 +1,65 @@
.. _screenshare-mac:
=============
Screensharing
=============
.. warning:: BE CERTAIN you are communicating with an official Start9 team member. Do not be fooled by impostors. If you are unsure, please `contact us <https://start9.com/contact>`_.
You may run into an issue and want to have a support call where we ask you to share your screen with us. While we understand if you'd rather not do this, it can make troubleshooting issues a lot easier. We will direct you on how you can share your screen. If it doesn't work, please see the following instructions:
.. tabs::
.. group-tab:: Pre-Ventura:
#. Head to System Preferences:
.. figure:: /_static/images/mac-stuff/system-prefs.png
:width: 20%
#. Click Security & Privacy:
.. figure:: /_static/images/mac-stuff/priv-security.png
:width: 20%
#. Click the lock to make changes and select "Privacy":
.. figure:: /_static/images/mac-stuff/click-lock.png
:width: 20%
#. Click "Screen Recording" and click the + icon:
.. figure:: /_static/images/mac-stuff/screen-rec-plus.png
:width: 20%
#. Find your browser within the applications folder and click "Open":
.. figure:: /_static/images/mac-stuff/add-browser-screen-rec.png
:width: 20%
#. Restart your browser and you should now be able to share your screen by clicking on this button within the Jitsi call:
.. figure:: /_static/images/mac-stuff/jitsi-screenshare.png
:width: 20%
.. group-tab:: Ventura:
#. Head to System Settings and scroll down to "Privacy & Security":
.. figure:: /_static/images/mac-stuff/system-settings-priv-sec.png
:width: 20%
#. Scroll down and click "Screen Recording":
.. figure:: /_static/images/mac-stuff/screen-rec-vent.png
:width: 20%
#. You can then click the + icon and add your browser - you may need to restart your browser after this:
.. figure:: /_static/images/mac-stuff/screen-rec-plus-vent.png
:width: 20%
#. You should now be able to share your screen by clicking on this button within the Jitsi call:
.. figure:: /_static/images/mac-stuff/jitsi-screenshare.png
:width: 20%

179
site/source/device-guides/mac/tor-mac.rst Normal file
View File

@@ -0,0 +1,179 @@
.. _tor-mac:
==================
Running Tor on Mac
==================
Install Homebrew
----------------
#. If you do not have Homebrew installed, follow the installation instructions `here <https://brew.sh/>`_. TLDR: Open the Terminal and paste the following line:
.. code-block:: bash
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
#. You will be prompted for your system password before installation; proceed with entering your password. You may be asked more than once.
.. figure:: /_static/images/tor/install_homebrew.png
:width: 80%
:alt: Homebrew installation
#. You will be notified which directories Homebrew is going to create, hit :code:`RETURN`:
.. figure:: /_static/images/tor/install_homebrew1.png
:width: 80%
:alt: Homebrew installation
Homebrew creates the directories and downloads any other files it needs e.g. “Command Line Tool for Xcode” and “Homebrew”.
Wait a few minutes while it downloads and installs what it needs.
Once installation is complete, close the Terminal.
.. warning:: Surprisingly, Homebrew uses Google Analytics to collect anonymous usage data. You can deselect the option to share usage data by `opting out <https://docs.brew.sh/Analytics#opting-out>`_.
Install Tor
-----------
.. caution:: If you have the Tor Browser open, close it and quit the application.
.. note:: If you are on a very old version of macOS, such as High Sierra (10.13) or below, first execute this command in a Terminal window:
.. code-block::
echo 'export PATH="/usr/local/bin:$PATH"' >> ~/.bash_profile
Then close the Terminal.
#. Open a new Terminal and install Tor using the following command:
.. code-block:: bash
brew install tor
#. Then run Tor with:
.. code-block:: bash
brew services start tor
This will start Tor and ensure that it is always running, even after a restart. See the `Tor Project docs <https://2019.www.torproject.org/docs/tor-doc-osx.html.en>`_ for more details.
Enable Tor System-wide
----------------------
.. tabs::
.. group-tab:: Ventura
#. Enable proxy autoconfig file (This will download the Start9 standard proxy config file. You can use your own if you prefer):
.. code-block:: bash
sudo curl https://start9.com/assets/proxy.pac --output /Library/WebServer/Documents/proxy.pac
#. Now enable apache service:
.. code-block:: bash
sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist
#. Go to System Settings:
.. figure:: /_static/images/tor/systemSettings.png
:width: 40%
:alt: System Preferences
#. Click on *Network* and then select the interface on which you wish to enable Tor system-wide (both Ethernet and WiFi advised - do one then the other):
.. figure:: /_static/images/tor/ventura-settings.png
:width: 80%
:alt: Select Network
#. Click *Details*:
.. figure:: /_static/images/tor/ventura-network-advanced.png
:width: 80%
:alt: Click Advanced
#. Click "Proxies," then select "Automatic Proxy Configuration," add this URL: ``http://localhost/proxy.pac``, then click "OK":
.. figure:: /_static/images/tor/ventura-proxies-corrected.png
:width: 80%
:alt: Select Proxys
Done! You have now enabled system-wide Tor potential.
We advise going back to step 4 and repeating this for Wifi/Ethernet depending on which interface you haven't done yet.
If you ever need to view the status of the tor service, enter the following into a Terminal:
.. code-block:: bash
cat /usr/local/var/log/tor.log || sudo cat /opt/homebrew/var/log/tor.log
If you'd like to setup Firefox to use Tor you can follow :ref:`this guide<ff-mac>`.
.. group-tab:: Pre-Ventura
#. Enable proxy autoconfig file (This will download the Start9 standard proxy config file. You can use your own if you prefer):
.. code-block:: bash
sudo curl https://start9.com/assets/proxy.pac --output /Library/WebServer/Documents/proxy.pac
#. Now enable apache service:
.. code-block:: bash
sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist
#. Go to System Preferences:
.. figure:: /_static/images/tor/systemprefs.png
:width: 40%
:alt: System Preferences
#. Click on Network:
.. figure:: /_static/images/tor/network.png
:width: 80%
:alt: Select Network
#. In this example, we'll select WiFi on the left panel. If you're using Ethernet, click that instead. Next click "Advanced" (We suggest returning to this step in order to do both Ethernet AND WiFi):
.. figure:: /_static/images/tor/wifi_click_advanced.png
:width: 80%
:alt: Click Advanced
#. Select "Proxies":
.. figure:: /_static/images/tor/proxys.png
:width: 80%
:alt: Select Proxys
#. Select "Automatic Proxy Configuration", add this URL: **http://localhost/proxy.pac** then click "OK"
.. figure:: /_static/images/tor/entertorproxyURL-pre-ventura.png
:width: 80%
:alt: Select Automatic proxy config and enter URL
#. Finally, click "Apply"
.. figure:: /_static/images/tor/applyproxy.png
:width: 80%
:alt: Apply proxy
Done! You have now enabled system-wide Tor potential.
We suggest heading back to step 5 and enabling Tor system-wide on Ethernet/WiFi now - whichever you did not do already.
If you ever need to view the status of the tor service, enter the following into a Terminal:
.. code-block:: bash
cat /usr/local/var/log/tor.log || sudo cat /opt/homebrew/var/log/tor.log
If you'd like to setup Firefox to use Tor you can follow :ref:`this guide<ff-mac>`.

52
site/source/device-guides/synology/backup-synology.rst Normal file
View File

@@ -0,0 +1,52 @@
.. _backup-synology:
=======================
Synology Network Folder
=======================
.. contents::
:depth: 2
:local:
.. note:: This guide was created by a Start9 community member. This is not yet officially supported. Please report any feedback that may help improve the process.
#. In the Synology UI, go to *Control Panel > Shared Folder* and choose the folder you want to use as the destination for the backup.
.. note:: Do not select an encrypted folder. Encrypted folders on Synology enforce a character limit of 143 characters. At this time, StartOS backups use folder/file names that are longer than 143 characters. The backup process will fail if you try to backup to an encrypted folder.
#. Still in the Synology UI, go to *Control Panel > File Services > SMB* and click the SMB tab if it isn't already selected. Ensure that "Enable SMB service" is checked.
#. Under Advanced Settings on the same tab, set "Min SMB protocol" to SMB2 and "Max SMB protocol" to SMB3
#. Also on the SMB tab, take note of your device name. Just under "Note" in a pale blue box, you will see "PC (Windows Explorer): " and "Mac (Finder):". These both provide network addresses that contain your device's name. This device name is the "Hostname" you will need to provide within the StartOS "New Network Folder" dialog in step 3 of the "Connect StartOS" section below.
#. Still in File Services, click on the rsync tab. Click the checkbox to enable the rsync service.
#. Back in the Synonogy UI, click "File Station" and locate the the desired destination folder. Right click the folder, then *Properties > General*. Next to "Location" will be a folder location. The portion of the location *without the volume label* is the value you will use for the "Path" within the StartOS New Network Folder dialog. For example, if the Location is `/volume1/Backups`, the value you care about is `Backups`.
Connect StartOS
---------------
#. Go to *System > Create Backup*.
.. figure:: /_static/images/config/backup.png
:width: 60%
#. Click "Open".
.. figure:: /_static/images/config/backup0.png
:width: 60%
#. Fill in the following fields:
* Hostname - This is the hostname of the destination machine
* Path - This is the name of the destination folder (e.g. `Backups` from the example above)
* Username - This is the user on the remote machine that you used to create the shared directory
* Password - This is your user (from above) password
.. figure:: /_static/images/config/backup1.png
:width: 60%
#. Click "Save".
That's it! You can now :ref:`Create<backup-create>` encrypted, private backups of all your Start9 server's data to your Synology NAS!

13
site/source/device-guides/synology/index.rst Normal file
View File

@@ -0,0 +1,13 @@
.. _dg-synology:
========
Synology
========
Recommended Guides
------------------
.. toctree::
:maxdepth: 1
backup-synology

101
site/source/device-guides/truenas/backup-truenas.rst Normal file
View File

@@ -0,0 +1,101 @@
.. _backup-truenas:
======================
TrueNAS Network Folder
======================
.. contents::
:depth: 2
:local:
.. note:: This guide was created by a Start9 community member. This is not yet officially supported. Please report any feedback that may help improve the process.
Setup Network Folder
--------------------
.. note:: This guide assumes you have already created a ZFS disk pool in *Storage > Pool* as a place to store your backups. If you need help with this step, see the `TrueNAS documentation <https://www.truenas.com/docs/scale/scaletutorials/storage/pools/createpoolscale/#creating-a-pool>`_.
#. In the TrueNAS UI, to add a user who will write the backups from the Start9 server to the NAS, go to **Accounts > Users > ADD**:
.. figure:: /_static/images/backups/truenas-1-users.png
:width: 60%
#. Fill in a human-readable **Full Name**, **Username**, and **Password** for the new user:
.. figure:: /_static/images/backups/truenas-2-newuser.png
:width: 60%
Near the bottom, select **Shell: nologin**, and enable **Samba Authentication**.
Click **SUBMIT**
#. Enable the SMB service via **Services > SMB**:
.. figure:: /_static/images/backups/truenas-3-services-enable_smb.png
:width: 60%
Also ensure the **Start Automatically** box is checked.
#. Open a shell and create your backups directory:
.. figure:: /_static/images/backups/truenas-4-shell-mkdir.png
:width: 60%
In this example, we will create a directory called *start9backupshare* on the root of our storage pool:
.. code-block:: bash
mkdir /mnt/zpooldisk1/start9backupshare
This is the example path we will use in this guide. You may choose a different name or path.
#. Under **Sharing > Windows Shares (SMB)**, drill down into the path until you find the directory to be shared:
.. figure:: /_static/images/backups/truenas-5-sharing-smb-create_share.png
:width: 60%
We give the share the **Name** *nasshare*
Click **SUBMIT** to create the share.
#. A **Configure ACL** dialog will emerge. Click **CONFIGURE NOW**:
.. figure:: /_static/images/backups/truenas-6-sharing-smb-config_acl.png
:width: 60%
#. You will be brought to an **Edit ACL** screen.
Under **User** check "Apply User" and select or type the username we created in Step 2:
.. figure:: /_static/images/backups/truenas-7-acl.png
:width: 60%
Off to the right-hand side, *Permissions Type* should be set to "Basic" and *Permissions* should be set to "Full Control".
Click **SAVE**
Connect StartOS
---------------
#. Go to *System > Create Backup*.
.. figure:: /_static/images/config/backup.png
:width: 60%
#. Click "Open".
.. figure:: /_static/images/config/backup0.png
:width: 60%
#. Fill in the following fields:
* Hostname - Enter your truenas hostname: `truenas.local`
* Path - This is the "Name" of the share that we set in step 5: *nasshare*
* Username - This is the Username of the user we created in Step 2: *s9backup*
* Password - This is the Password of that user, also set in Step 2
.. figure:: /_static/images/backups/truenas-9-start9server-create_backup.png
:width: 60%
#. Click "Save".
That's it! You can now :ref:`Create<backup-create>` encrypted, private backups of all your Start9 server's data to your TrueNAS!

13
site/source/device-guides/truenas/index.rst Normal file
View File

@@ -0,0 +1,13 @@
.. _dg-truenas:
=======
TrueNas
=======
Recommended Guides
------------------
.. toctree::
:maxdepth: 1
backup-truenas

85
site/source/device-guides/windows/backup-windows.rst Normal file
View File

@@ -0,0 +1,85 @@
.. _backup-windows:
======================
Windows Network Folder
======================
.. contents::
:depth: 2
:local:
Setup Network Folder
--------------------
#. Create a folder, or select an existing one. Right-click the folder and select "Properties"
.. figure:: /_static/images/cifs/cifs-win0.png
:width: 60%
#. Click the "Sharing" tab...
.. figure:: /_static/images/cifs/cifs-win1.png
:width: 60%
then click "Share"
.. figure:: /_static/images/cifs/cifs-win2.png
:width: 60%
#. Select a user you want to use for login and click "Share"
.. figure:: /_static/images/cifs/cifs-win3.png
:width: 60%
.. note::
If you get the following dialog box, you have designated your network "Public." You may wish to change to "Private" if this is your home network. Otherwise you may turn on network sharing for public networks.
.. figure:: /_static/images/cifs/cifs-win4.png
:width: 60%
#. Note the Windows directory path in grey text, highlighted in blue, beginning at the first single slash (``\``). We will take that share path and enter it as the "Path" in the final step below.
.. figure:: /_static/images/cifs/cifs-win5.png
:width: 60%
Connect StartOS
---------------
#. Return to your StartOS UI, and go to *System > Create Backup*
.. figure:: /_static/images/config/backup.png
:width: 60%
#. Click "Open" to set up a new connection to your Shared Folder
.. figure:: /_static/images/config/backup0.png
:width: 60%
#. Fill out the following fields as shown below:
.. figure:: /_static/images/config/backup1.png
:width: 60%
- For "Hostname" - Enter your Windows computer name (this is shown after a ``\\`` in Windows)
- For "Path" - Enter the full path followed by the share name displayed in the Windows sharing dialog shown in Step 4 above. In our example this would be, literally, ``/Users/win/Desktop/SharedFolder``. When entering the path, make sure replace the backshashes ``\`` shown by Windows with forward slashes ``/``.
- Enter your Windows username and password in the "User" and "Password" fields
.. caution::
If you use a "PIN" to log in to Windows, keep in mind that your password needs to be the user's full password, NOT the PIN! Office365 accounts also may **not** work, try a regular user in this case.
.. tip::
If you receive the following error:
**Filesystem I/O Error mount error(13): Permission denied**
Ensure your username and password are correct. Also ensure your windows password meets any length and complexity requirements set by your local Windows policy.
If you receive the following error:
**Filesystem I/O Error mount error(115): Operation now in progress**
Click Start > Settings > Network & Internet > Ethernet (or WiFi) and select the "Private" profile to treat your LAN as a trusted network that allows file sharing.
That's it! You can now :ref:`Create<backup-create>` encrypted, private backups of all your server data to your Windows machine or external drive!!

84
site/source/device-guides/windows/ca-windows.rst Normal file
View File

@@ -0,0 +1,84 @@
.. _ca-windows:
=========================================
Trusting Your Server's Root CA on Windows
=========================================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Windows.
#. Ensure you have already `downloaded your server's Root CA </getting-started/trust-ca/#download-root-ca>`_
#. Ensure you have already `installed bonjour </getting-started/connecting-lan/#windows-only>`_
#. Click the “Start” menu, type “mmc”, and select "Run as administrator" to access the Windows Management Console.
.. figure:: /_static/images/ssl/windows/0_windows_mmc.png
:width: 50%
:alt: Windows MMC
When prompted with the “User Account Control” window, select “Yes” to allow this program to run.
#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*.
.. figure:: /_static/images/ssl/windows/1_windows_console_root.png
:width: 50%
:alt: Windows Console Root
#. Select “Certificates” in the left side menu, then “Add”. This will open another window.
.. figure:: /_static/images/ssl/windows/2_windows_add_certificates.png
:width: 50%
:alt: Add Certificates
#. Select “Computer account” and click “Next". Leave defaulted options on the next screen and click “Finish”.
.. figure:: /_static/images/ssl/windows/3_snap_in_wizard.png
:width: 50%
:alt: Add Snap-in
#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”.
.. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png
:width: 50%
:alt: Snap-in Selected
#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
.. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png
:width: 50%
:alt: Certificates in Management Console
#. Right click on the “Certificates” directory, then navigate to *All Tasks > Import*.
.. figure:: /_static/images/ssl/windows/6_windows_import_cert.png
:width: 50%
:alt: Import certificate
#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and open it. Then click "Next".
.. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png
:width: 50%
:alt: Import cert wizard
#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. Then click "Finish" on the final screen.
.. figure:: /_static/images/ssl/windows/8_windows_import_cert_wizard.png
:width: 50%
:alt: Import cert wizard
#. Select “OK” when the import is successful.
.. figure:: /_static/images/ssl/windows/9_success.png
:width: 20%
:alt: Import success!
#. Verify your server's unique `<adjective-noun> Local Root CA` certificate is in the “Certificates” folder:
.. figure:: /_static/images/ssl/windows/10_successful_cert_install.png
:width: 50%
:alt: Successful cert install
#. You can save the console settings (where we added a snap-in), if desired. The CA certificate will remain imported to the CA certificate store either way, and you will likely use this guide if you need to import a new certificate.
.. figure:: /_static/images/ssl/windows/11_console_settings.png
:width: 20%
:alt: Console settings

91
site/source/device-guides/windows/ff-windows.rst Normal file
View File

@@ -0,0 +1,91 @@
.. _ff-windows:
==============================
Configuring Firefox on Windows
==============================
Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services.
Local
-----
#. Ensure you have already :ref:`trusted your server's Root CA<ca-mac>`
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
.. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
:width: 80%
:alt: Firefox security settings
#. Restart Firefox
#. When you visit your server URL using ``https``, you should see this symbol indicating a secure connection:
.. figure:: /_static/images/ssl/browser/firefox-https-good.png
:width: 80%
:alt: Firefox security settings
#. If you see an exclamation point inside a triangle by the lock, it means you previously made a security exception in the browser. You will need to remove the exception by clicking the lock -> Connection not secure -> Remove Exception.
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
:width: 80%
:alt: Firefox - Remove security exception (Part 1)
.. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
:width: 80%
:alt: Firefox - Remove security exception (Part 2)
Tor
---
#. Ensure you have already :ref:`set up Tor<tor-mac>`
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_allowlist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
.. figure:: /_static/images/tor/firefox_insecure_websockets.png
:width: 60%
:alt: Firefox allow insecure websockets over https
#. Download a ``Proxy Auto Config`` file to inform Firefox how to use the Tor daemon running on your computer. Click `here <https://start9.com/assets/proxy.pac>`_ to get the one offered by Start9 and save it somewhere you will not delete it. Remember where you save the file. For this example:
.. code-block::
C:\Program Files\Tor Browser\proxy.pac
#. Go to the right-hand hamburger menu and select ``Settings``:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file://C:/Program Files/Tor Browser/proxy.pac
#. Check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and restart Firefox
#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
#. You can now use the `.onion` URLs of your server and installed services

23
site/source/device-guides/windows/index.rst Normal file
View File

@@ -0,0 +1,23 @@
.. _windows:
=======
Windows
=======
Recommended Guides
------------------
.. toctree::
:maxdepth: 1
ca-windows
tor-windows
ff-windows
Other Useful Guides
-------------------
.. toctree::
:maxdepth: 1
backup-windows

60
site/source/device-guides/windows/tor-windows.rst Normal file
View File

@@ -0,0 +1,60 @@
.. _tor-windows:
======================
Running Tor on Windows
======================
.. youtube:: j_ldDT2zPsg
:width: 100%
#. Unfortunately, `The Tor Project <https://torproject.org>`_ no longer publishes a standalone Tor binary for Windows, so the recommended way to get it is with the Tor Browser Bundle. You can download it `here <https://www.torproject.org/download/>`_.
.. figure:: /_static/images/tor/tor_download_windows.png
:width: 80%
:alt: Tor download
Download Tor for Windows
#. Once it is downloaded, run the installer by right clicking on it and selecting `Run as Administrator`.
#. Once you have selected a language, you should see a menu like this:
.. figure:: /_static/images/tor/tor_windows_install.png
:width: 80%
:alt: Tor install wizard
We will install it to ``C:\Program Files\Tor Browser``. If you choose a different folder, it needs to *not* be anywhere under ``C:\Users\``. Note the path you use here for the step after next.
#. Now you want to set up Tor to run as a service: to run in the background and keep itself running so you don't have to worry about it again. To do so, you need to open your Command Prompt as an administrator.
* In Windows 10, you can simply type ``cmd`` in the Windows search bar, right click on the first result, and select `Run as Administrator`.
#. Once it opens, you can run the following commands, inserting your destination folder (from above) between `binPath="` and the `Browser` subfolder, like this:
.. code-block::
sc create tor start= auto binPath="C:\Program Files\Tor Browser\Browser\TorBrowser\Tor\tor.exe -nt-service"
.. tip:: If you get the error "Access denied," please ensure you are running the command prompt in Administrator mode. You can tell because the prompt will show C:\\Users\\YOUR-USERNAME> if you are NOT in admin mode, and it will show C:\\WINDOWS\\system32 if you ARE in admin mode.
.. code-block::
sc start tor
#. When you run this, it should look something like this:
.. figure:: /_static/images/tor/tor_windows_terminal.png
:width: 80%
:alt: Tor windows terminal
.. note:: If you get the error "The specified service already exists," complete the following steps:
1. Run the command:
.. code-block::
sc delete tor
2. Uninstall the Tor Browser, following `these steps <https://tb-manual.torproject.org/uninstalling/>`_.
3. Begin this guide again from the beginning.
#. That's it! Your Windows computer is now setup to natively use Tor.