Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-26 02:11:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
09b61c7e336390312fdae1c1412cd7b7d03012bc
documentation/site/source/guides/device-guides/dg-linux/lan-linux.rst
kn0wmad 09b61c7e33 Big refactor, many minor fixes (#441) 
* Big refactor, many minor fixes

* Link fixes, icon edits

* Index and ToC fixes

* update icons in theme lib and add to device guides index

* WIP - refactor Initial setup, LAN, FF, others

* First draft ready, many fixes and edits

* Ooops - minor edits and changes on initial setup

* Add change password guide (try 2).

* Remove change password menu item from guides

* Fix display bug, think different

---------

Co-authored-by: Lucy Cifferello <12953208+elvece@users.noreply.github.com>
Co-authored-by: gStart9 <george@start9labs.com>
2023-07-28 12:02:43 -06:00

84 lines
4.0 KiB
ReStructuredText
Raw Blame History

.. _lan-linux:
================================
Trusting Your Start9 CA on Linux
================================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Windows). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The self-signed certificate was created by your server when you perfomed the initial setup, and applies to your server's main UI connection, as well as all service connections.
.. caution:: If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so.
Download Root CA
----------------
First, download your Start9 server's Root CA, if you have not already.
- Navigate to *System > LAN*, then click "Download Certificate".
.. figure:: /_static/images/ssl/lan_setup.png
:width: 40%
:alt: LAN setup menu item
Alternatively, you can download to another machine, then transfer the file to your device.
Trust Root CA
-------------
.. tabs::
.. group-tab:: Debian/Ubuntu
These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc.
#. Perform the following commands in the Terminal:
.. code-block:: bash
sudo apt update
sudo apt install -y ca-certificates p11-kit
#. Move into the folder where you downloaded your Start9 server's Root CA (usually ``~/Downloads``), and run the following commands to add your Start9 server's CA certificate to the OS trust store:
.. caution:: BE CERTAIN to replace ``adjective-noun`` with your server's unique hostname in the 3rd and 4th commands below!
.. code-block:: bash
cd ~/Downloads
sudo mkdir -p /usr/share/ca-certificates/start9
sudo cp "adjective-noun.local.crt" /usr/share/ca-certificates/start9/
sudo bash -c "echo 'start9/adjective-noun.local.crt' >> /etc/ca-certificates.conf"
sudo update-ca-certificates
In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``. We highly recommend continuing on to our :ref:`Configuring Firefox <ff-linux>` guide.
.. group-tab:: Arch/Garuda
From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here):
.. code-block:: bash
sudo pacman -S ca-certificates
sudo cp "<custom-address>.crt" /etc/ca-certificates/trust-source/anchors/
sudo update-ca-trust
Despite no output from the last command, you can test your app right away.
.. group-tab:: CentOS/Fedora
First, ensure mDNS resolution is turned on so you can reach your server:
Ensure ``MulticastDNS=Yes`` is set in /etc/systemd/resolved.conf and then restart systemd-resolved:
.. code-block:: bash
sudo systemctl restart systemd-resolved
Trust your server's CA certificate:
From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here):
.. code-block:: bash
sudo yum install ca-certificates
sudo cp "<custom-address>.crt" /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <lan-ff>` guide, which we highly recommend.
Reference in New Issue View Git Blame Copy Permalink