diff --git a/doc/freedombox-manual.xml b/doc/freedombox-manual.xml index d1060ce38..32ef3bbff 100644 --- a/doc/freedombox-manual.xml +++ b/doc/freedombox-manual.xml @@ -7,10 +7,10 @@
FreedomBox: take your online privacy back - FreedomBox is a ready made personal server designed with privacy and data ownership in mind. Made of free software only, it is a subset of Debian universal operating system. It can be installed as a full system on a small board dedicated for that use from home. It can also be installed on your computer as an additional program although it is not recommended. - In order to replace communication services proposed by private companies mining your entire life, you will be able to activate independent services and access them from the Internet or from home only. These applications are communication services accessible from clients or browsers on your phones like chat and voice calls, calendar, address book, file or news feed sharing and synchronization, webmail... To setup and use a spy free chat service for instance, activate the service from your administration interface and create some new users. You will then be able to offer XMPP addresses to your friends. They will instant use XMPP clients (Conversations or Xabber on Android, Pidgin on Windows and Linux, Messages on Mac OS) for encrypted communications. - FreedomBox is also optionally a Wi-Fi router for more advanced users. - You need a bit of technical expertise or help from the community to set up FreedomBox at home on a specific inexpensive and power-efficient hardware or on your computer running Debian. But once installed , its use is similar to that of a smart phone. + FreedomBox is a ready made personal server designed with privacy and data ownership in mind. It is a subset of the Debian universal operating system, and includes free software only. You can run it on a small, inexpensive, and power-efficient computer box in your home, dedicated for that use. It can also be installed on any computer running Debian, or in a virtual machine. + In order to replace third-party communication services data mining your entire life, you will be able to host services yourself, and use them at home or over the Internet through a browser or specialized apps. These services include chat and voice calls, calendar, webmail, file sharing, address book and news feed synchronization. For example, to start using a private chat service, activate the service from your administration interface, and add your friends as authorized users of the service. They will be able to connect to the service hosted on your FreedomBox, using XMPP chat clients such as Conversations on Android, Pidgin on Windows and Linux, or Messages on Mac OS, for encrypted communications. + FreedomBox can also host a Wi-Fi access point, ad blocking proxy, and VPN. More advanced users can replace their router with a FreedomBox. + To set up FreedomBox at home on a specific hardware, or on your computer running Debian, may required a bit of technical expertise or help from the community. Once installed, the interface is easy to use, similar to a smart phone. Related documentation: @@ -41,11 +41,11 @@
Easy: Private Cloud - FreedomBox provides services: to your computers and mobile devices in your home and to computers and mobile devices of other people who are your friends. FreedomBox brings file sharing like Dropbox, shared calendaring like Google or Yahoo and photo sharing. FreedomBox supplies instant messaging and truly secure voice conference calling that works on low bandwidth providing high quality. FreedomBox has a blog and wiki to let you publish your content and collaborate with the rest of the world. Coming soon, a personal email server and federated social networking using GNU Social and Diaspora, providing privacy-respecting alternatives to Gmail and Facebook. + FreedomBox provides services: to your computers and mobile devices in your home, and to your friends. This includes secure instant messaging and low-bandwidth, high-quality voice conference calling. FreedomBox lets you publish your content in a blog and wiki to collaborate with the rest of the world. Coming soon, a personal email server and federated social networking using GNU Social and Diaspora, providing privacy-respecting alternatives to Gmail and Facebook.
Advanced: Smart Home Router - FreedomBox runs in a physical computer and can route your traffic. It can sit between various devices at home such as mobiles, laptops and TVs and the Internet replacing a home wireless router. By routing traffic, FreedomBox can remove tracking advertisements and malicious web bugs before they ever reach your devices. FreedomBox can cloak your location and protect your anonymity by "onion routing" your traffic over Tor. FreedomBox provides a VPN server that you can use while you are away from home to keep your traffic secret on untrusted public wireless networks and to securely access various devices at home. It can also be carried along with your laptop and used to connect to public networks at work, school, or office to avail its services. It could be used in a village to make avaible digital communications throughout the village. In future, FreedomBox intends to deliver support for alternative ways of connecting to the Internet such as Mesh networks. + FreedomBox runs in a physical computer and can route your traffic. It can sit between various devices at home such as mobiles, laptops and TVs and the Internet, replacing a home wireless router. By routing traffic, FreedomBox can remove tracking advertisements and malicious web bugs before they ever reach your devices. FreedomBox can cloak your location and protect your anonymity by "onion routing" your traffic over Tor. FreedomBox provides a VPN server that you can use while you are away from home to keep your traffic secret on untrusted public wireless networks and to securely access various devices at home. It can also be carried along with your laptop and used to connect to public networks at work, school, or office to avail its services. It could be used in a village to make available digital communications throughout the village. In future, FreedomBox intends to deliver support for alternative ways of connecting to the Internet such as Mesh networks.
FreedomBox Interface @@ -54,10 +54,10 @@ - + - freedombox2.png + plinth_frontpage.png @@ -73,69 +73,223 @@
Quick Start - - - If you have not already done so, download and install a FreedomBox image by following the instructions on the Download page. - - - Plug one end of your ethernet cord into your FreedomBox's ethernet port, and plug the other end into your router. - - - On the Dreamplug, the eth0 port (the one toward the middle of the box) should be connected to your router. - - - - - If your device has a 2nd ethernet port, you can connect your computer to it directly, using an ethernet cable. - - - Power on your your FreedomBox. - - - On first boot, the FreedomBox will perform initial setup and then reboot. This may take several minutes. - - - After the FreedomBox has rebooted, you can access its web interface (called Plinth) through your web browser. - - - If your computer is connected directly to the FreedomBox through a second (LAN) ethernet port, you can browse to: or . - - - If your computer supports mDNS (GNU/Linux, Mac OSX and Windows with mDNS software installed), you can browse to: (or ) - - - If neither of these methods are available, then you will need to figure out the IP address of your FreedomBox. You can use the "nmap" program from your computer to find its IP address: - nmap -p 80 --open -sV 192.168.0.0/24 - Your FreedomBox will show up as an IP address with an open tcp port 80 using Apache httpd service on Debian, such as the example below which would make it accessible at : - Nmap scan report for 192.168.0.165 +
+ What you need to get started + + + A supported device (including any device that can run Debian) + + + A power cable for your device + + + An ethernet cable + + + A microSD card (or equivalent storage media for your device), prepared according to the instructions on the Download page + + +
+
+ How to get started + + + Plug one end of your ethernet cord into your FreedomBox's ethernet port, and plug the other end into your router. + + + Power on your your FreedomBox. + + + On first boot, the FreedomBox will perform initial setup and then reboot. This may take several minutes. + + + After the FreedomBox has rebooted, you can access its web interface (called Plinth) through your web browser. + + + If your computer is connected directly to the FreedomBox through a second (LAN) ethernet port, you can browse to: or . + + + If your computer supports mDNS (GNU/Linux, Mac OSX and Windows with mDNS software installed), you can browse to: (or ) + + + If neither of these methods are available, then you will need to figure out the IP address of your FreedomBox. You can use the "nmap" program from your computer to find its IP address: + nmap -p 80 --open -sV 192.168.0.0/24 + Your FreedomBox will show up as an IP address with an open tcp port 80 using Apache httpd service on Debian, such as the example below which would make it accessible at : + Nmap scan report for 192.168.0.165 Host is up (0.00088s latency). PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.17 ((Debian)) - If nmap does not find anything with the above command, you can try replacing 192.168.0.0/24 with 10.42.0.255/24. - nmap -n -sP 10.42.0.255/24 - The scan report will show something similar to the following: - Nmap scan report for 10.42.0.1 + If nmap does not find anything with the above command, you can try replacing 192.168.0.0/24 with 10.42.0.255/24. + nmap -n -sP 10.42.0.255/24 + The scan report will show something similar to the following: + Nmap scan report for 10.42.0.1 Host is up (0.00027s latency). Nmap scan report for 10.42.0.50 Host is up (0.00044s latency). - In this example, the FreedomBox is accessible at . (10.42.0.1 is my laptop.) - - - - - On accessing Plinth your browser will warn you that it communicates securely but that it regards the security certificate for doing so as invalid. This is a fact you need to accept because the certificate is auto generated on the box and therefore "self-signed" (the browser might also use words such as "untrusted", "not private", "privacy error" or "unknown issuer/authority"). Telling your browser that you are aware of this might involve pressing buttons such as "I understand the Risks", "proceed to ... (unsafe)" or "Add exception". - - - On the intial access you will see a welcome page that asks you to provide some basic information for setting up your FreedomBox. - - - After completing the form, you will be logged in to Plinth and able to access apps and configuration through the interface. Note that this first user has Admin privileges and can also log in using ssh. - - - If your computer is connected directly to the FreedomBox, your FreedomBox can act as a router, allowing you to access the Internet. - - - Now, you can try any of the Apps that are available on FreedomBox. + In this example, the FreedomBox is accessible at . (10.42.0.1 is my laptop.) + + + + + On accessing Plinth your browser will warn you that it communicates securely but that it regards the security certificate for doing so as invalid. This is a fact you need to accept because the certificate is auto generated on the box and therefore "self-signed" (the browser might also use words such as "untrusted", "not private", "privacy error" or "unknown issuer/authority"). Telling your browser that you are aware of this might involve pressing buttons such as "I understand the Risks", "proceed to ... (unsafe)" or "Add exception". + + + + + + + + + Self-signed certificate warning + + + + + + + + + + + + Add Security Exception + + + + + + + + The first time you access the FreedomBox web interface, you will see a welcome page. Click the "Start Setup" button to continue. + + + + + + + + + Welcome + + + + + + + + The next page asks you to provide a user name and password. Fill in the form, and then click "Create Account." + + + Note: The user that you create here has Admin privileges and can also log in using ssh. + + + + + + + + + Account + + + + + + + + After completing the form, you will be logged in to Plinth and able to access apps and configuration through the interface. + + + + + + + + + Complete + + + + + + + + Now, you can try any of the Apps that are available on FreedomBox. +
+
+ Finding your way around +
+ Front page + The front page is the page that you will see when accessing the web root of your FreedomBox. You can also access it by clicking the FreedomBox logo in the top-left corner of the Plinth web interface. + The front page includes shortcuts to apps that have been installed and are enabled. For web apps, clicking the shortcut will take you directly to the app's web page. For other services, clicking the shortcut will show more information about the service. + + + + + + + Front page + + + +
+
+ Apps menu + The Apps menu can be accessed by clicking the grid icon, next to the FreedomBox logo. This page lists all of the apps that are available for installing on FreedomBox. Click the name of an app to visit its page, where you can install and configure it. + + + + + + + Apps + + + +
+
+ Help menu + The Help menu can be accessed by clicking the question mark icon in the top-right corner. It includes helpful links and the FreedomBox manual. + + + + + + + Help + + + +
+
+ System menu + The System menu can be accessed by clicking the gear icon in the top-right corner. It includes a number of pages related to the system configuration. + + + + + + + System + + + +
+
+ User menu + In the top-right corner, the name of the currently logged-in user is shown. A drop-down menu includes options for editing the current user or logging out of the user interface. + + + + + + + User + + + +
+
Getting Help @@ -161,486 +315,9 @@
-
- Release Notes - The following are the release notes for each FreedomBox version. -
- Plinth v0.12.0 (2016-12-08) - - - Open up RTP ports in the firewall for repro (SIP server). - - - Front page shortcuts for services show a Configure button in the details box for logged-in users. - - - Add mods packages to be installed with Minetest server. - - - Fix issue with reading Dynamic DNS status as non-root user. - - - After the hostname is changed, ensure the domain name is still set correctly. - - - Allow the domain name to be cleared, and properly set the configuration in this case. - - - On the Certificates (Let's Encrypt) page, show a more informative message when no domains are configured. - - - On the Chat Server (XMPP) page, show more clearly if domain is not set. - - - Apps that require login will not be shown on the front page, unless the user is logged in. - - - Show status block for News Feed Reader (Tiny Tiny RSS). - - - Change appearance of front page with larger icons and repositioned text. - - - Firewall page only lists services that have been setup. The port lists are collapsible under each service. - - - Support configuring IPv6 networks. - - - Make it less likely to accidentally delete the only Plinth user. - - - Updated to work with JSXC 3.0.0 (XMPP web client). - - -
-
- Plinth v0.11.0 (2016-09-29) - - - Added loading icon for additional busy operations. - - - Added basic front page with shortcuts to web apps, and information about enabled services. - - - networks: Add batctl as dependency, required for batman-adv mesh networking. - - - users: - - - Fixed checking restricted usernames. - - - Display error message if unable to set SSH keys. - - - Flush nscd cache after user operations to avoid some types of errors. - - - - - monkeysphere: - - - Adopted to using SHA256 fingerprints. - - - Sort items for consistent display. - - - Handle new uid format of gpg2. - - - Fixed handling of unavailable imported domains. - - - - - minetest: Fixed showing status block and diagnostics. - - - Fixed stretched favicon. - - - Switched base template from container-fluid to container. This will narrow the content area for larger displays. - - - Plinth is now able to run as "plinth" user instead of root user. - - - xmpp: Replaced jwchat with jsxc. - - - ikiwiki: Allow only alphanumerics in wiki/blog name to avoid invalid paths. - - -
-
- Plinth v0.10.0 (2016-08-21) - - - Updated Plinth to support Django 1.10. - - - Added a page to display recent status log from Plinth. It is accessible from the 500 error page. - - - Tor: Added options to toggle relay and bridge relay modes. - - - Radicale: Added access rights control. - - - Ikiwiki: Updated suggested packages. - - - Users and Groups: Fixed editing users without SSH keys. - - - Networks: Added basic support for configuring batman-adv mesh networking. - - - Networks: Fixed incorrect access for retrieving DNS entries. - - - New languages: - - - Persian (50% translated) - - - Indonesian (not started, contributions needed) - - - - - New modules added to Plinth: - - - Disks: Shows free space of mounted partitions, and allows expanding the root partition. - - - Security: Controls login restrictions. - - - Snapshots: Manages Btrfs snapshots. - - - - -
-
- Version 0.9.4 (2016-06-24) - - - Added Polish translation. - - - Fixed issue preventing access to Plinth on a non-standard port. - - - Dealt with ownCloud removal from Debian. The ownCloud page in Plinth will be hidden if it has not been setup. Otherwise, a warning is shown. - - - Fixed issue in Privoxy configuration. Two overlapping listen-addresses were configured, which prevented privoxy service from starting. - - - Fixed issue that could allow someone to start a module setup process without being logged in to Plinth. - - - Fixed issues with some diagnostic tests that would show false positive results. - - - Added check to Diagnostics to skip tests for modules that have not been setup. - - - Fixed some username checks that could cause errors when editing the user. - - - Added sorting of menu items per locale. - - - Moved Dynamic DNS and Pagekite from Applications to System Configuration. - - - Allowed setting IP for shared network connections. - - - Switched Dreamplug image from "non-free" to "free". This means that we no longer include the non-free firmware for the built-in wifi on Dreamplug. - - - Added the "userdir" module for the Apache web server. This allows users in the "admin" group to create a folder called "public_html" under their home folder, and to publicly share files placed in this folder. - - - New wiki and manual content licence: Creative Commons Attribution-ShareAlike 4.0 International (from June 13rd 2016). - - - Switched to using apt-get for module setup in Plinth. This fixes several issues that were seen during package installs. - - -
-
- Version 0.9 (2016-04-24) - - - Fixed Wi-Fi AP setup. - - - Prevent lockout of users in 'sudo' group after setup is complete. - - - Improved setup mechanism for Plinth modules. Allows users to see what a module is useful for, before doing the setup and package install. Also allows essential modules to be setup by default during FreedomBox install. - - - Added HTTPS certificates to Monkeysphere page. Reorganized so that multiple domains can be added to a key. - - - Added Radicale, a CalDAV and CardDAV server. - - - Added Minetest Server, a multiplayer infinite-world block sandbox. - - - Added Tiny Tiny RSS, a news feed reader. - - -
-
- Version 0.8 (2016-02-20) - - - Added Quassel, an IRC client that stays connected to IRC networks and can synchronize multiple frontends. - - - Improved first boot user interface. - - - Fixed Transmission RPC whitelist issue. - - - Added translations for Turkish, Chinese, and Russian. Fixed and updated translations in other languages. - - - Added Monkeysphere, which uses PGP web of trust for SSH host key verification. - - - Added Let's Encrypt, to obtain certificates for domains, so that browser certificate warnings can be avoided. - - - Added repro, a SIP server for audio and video calls. - - - Allow users to set their SSH public keys, so they can login over SSH without a password. - - -
-
- Version 0.7 (2015-12-13) - - - Translations! Full translations of the interface in Danish, Dutch, French, German and Norwegian Bokmål, and partial Telugu. - - - Support for OLinuXino A20 MICRO and LIME2 - - - New Plinth applications: OpenVPN, reStore - - - Improved first-boot experience - - - Many bugfixes and cleanups - - -
-
- Version 0.6 (2015-10-31) - - - New supported hardware target: Raspberry Pi 2 - - - New modules in Plinth: - - - Shaarli: Web application to manage and share bookmarks - - - Date & Time: Configure time zone and NTP service - - - Service Discovery: Configure Avahi service - - - - - Documentation revamp including new user manual and developer guide - - - Improved diagnostic tests, available in Plinth - - - Avoid unnecessary changes when installing on existing Debian system - - - Network configuration supports PPPoE connections - - - Debian packages can be download over Tor - - -
-
- Version 0.5 (2015-08-07) - - - New targets: CubieTruck, i386, amd64 - - - New apps in Plinth: Transmission, Dynamic DNS, Mumble, ikiwiki, Deluge, Roundcube, Privoxy - - - NetworkManager handles network configuration and can be manipulated through Plinth. - - - Software Upgrades (unattended-upgrades) module can upgrade the system, and enable automatic upgrades. - - - Plinth is now capable of installing ejabberd, jwchat, and privoxy, so they are not included in image but can be installed when needed. - - - User authentication through LDAP for SSH, XMPP (ejabberd), and ikiwiki. - - - Unit test suite is automatically run on Plinth upstream. This helps us catch at least some code errors before they are discovered by users! - - - New, simpler look for Plinth. - - - Performance improvements for Plinth. - - -
-
- Version 0.3 (2015-01-20) - - - Tor Bridges: All boxes now act as non-exit Tor bridges, routing traffic for the Tor network. - - - Firewall: firewall is on by default and is automatically managed. - - - Add BeagleBone support. We now have images for BeagleBone, RaspberryPi, VirtualBox i386/amd64, and DreamPlug. - - - Ability to enable and use Tor Hidden Services. Works with Ejabberd/JWChat and ownCloud services. - - - Enable Tor obfsproxy with scramblesuit. - - - Drop well-known root password (an account with sudo capabilities still exists for now but will be removed soon). - - - Switch to unstable as suite of choice for easier development. - - - Newer images are built with systemd by default (due to Debian change). - - - Install and operate firewall automatically (uses firewalld). - - - Major restructuring of Plinth UI using Python3, Django web development framework and Bootstrap3. Code quality is much better and UI is more polished. - - - Introduced packaging framework in Plinth UI for on-demand application installation. - - -
-
- Version 0.2 (2014-03-16) - - - Support for Raspberry Pi and VirtualBox (x86) in addition to the DreamPlug. - - - New Services: - - - Configuration Management UI. - - - Instant Messaging. - - - OwnCloud. - - - dnsmasq. - - - Low-Level Configuration Management. - - - Service Announcement. - - - LDAP Server. - - - LXC Support. - - - Source Packages. - - - - - The privoxy setup is now the default from Debian. - - -
-
- Version 0.1 (2013-02-26) - - - First FreedomBox software release (0.1 image, developer release). - - - Full hardware support in Debian - - - Support for DreamPlug. - - - Basic software tools selected as common working environment: - - - User interface system "plinth" - - - Cryptography tools: gpg or "monkeysphere" - - - Box-to-box communication design: Freedom-buddy (uses TOR network) - - - Web cleaning: "privoxy-freedombox". - - - - -
-
Download and Install - Wellcome to the FreedomBox download page. You may either install FreedomBox on one of the supported inexpensive hardware, on a Linux Debian operating system, or deploy on a virtual machine. + Welcome to the FreedomBox download page. You may either install FreedomBox on one of the supported inexpensive hardware, on a Linux Debian operating system, or deploy on a virtual machine. Installing on a machine running a Debian system is easy because FreedomBox is available as a package. We recommend to install FreedomBox on a supported single board computer though. The board will be dedicated for FreedomBox use from home. What we are requiring is to buy a device and plug in an SD card. In case of trouble when choosing the appropriate board or during install, please use Live Help or read and interact with the Questions and Answers page based on Freedombox-discuss mailing list archives.
Downloading on Debian @@ -756,8 +433,7 @@ sub 2048R/2A624357 2015-12-22 When picking a device, use the drive-letter destination, like /dev/sdf, not a numbered destination, like /dev/sdf1. The device without a number refers to the entire device, while the device with a number refers to a specific partition. We want to use the whole device. Downloaded images contain complete information about how many partitions there should be, their sizes and types. You don't have to format your SD card or create partitions. All the data on the SD card will be wiped off during the write process. - Use the image by inserting the SD card or USB disk into the target - device and booting from it. Your device should also be prepared (see the Hardware section). + Use the image by inserting the SD card or USB disk into the target device and booting from it. Your device should also be prepared (see the Hardware section). Read (the rest of) the Manual for instructions on how to use applications in FreedomBox. @@ -772,7 +448,7 @@ sub 2048R/2A624357 2015-12-22 Anonymity Network (Tor)
What is Tor? - Tor is a network of server operated by volunteers. It allows users of these servers to improve their privacy and security while surfing on the Internet. You and your friends are able to access to your FreedomBox via Tor network without revealing its IP address. Activating Tor application on your FreedomBox, you will be able to offer remote services (chat, wiki, file sharing, etc...) without showing your location. This application will give you a better protection than a public web server because you will be less exposed to intrusive people on the web. + Tor is a network of servers operated by volunteers. It allows users of these servers to improve their privacy and security while surfing on the Internet. You and your friends are able to access to your FreedomBox via Tor network without revealing its IP address. Activating Tor application on your FreedomBox, you will be able to offer remote services (chat, wiki, file sharing, etc...) without showing your location. This application will give you a better protection than a public web server because you will be less exposed to intrusive people on the web.
Using Tor to browse anonymously @@ -783,7 +459,22 @@ sub 2048R/2A624357 2015-12-22 Tor Hidden Service provides a way to access your FreedomBox, even if it's behind a router or firewall. To enable Tor Hidden Service, first navigate to the Anonymity Network (Tor) page. (If you don't see it, click on the FreedomBox logo at the top-left of the page, to go to the main Apps page.) On the Anonymity Network (Tor) page, under Configuration, check "Enable Tor Hidden Service", then press the Update setup button. Tor will be reconfigured and restarted. After a while, the page will refresh and under Status, you will see a table listing the Hidden Service .onion address. Copy the entire address (ending in .onion) and paste it into the Tor Browser's address field, and you should be able to access your FreedomBox. (You may see a certificate warning because FreedomBox has a self-signed certificate.) - Currently only HTTP (port 80) and HTTPS (port 443) are accessible through the Tor Hidden Service configured on the FreedomBox. + + + + + + + Tor Browser - Plinth + + + + Currently only HTTP (port 80), HTTPS (port 443), and SSH (port 22) are accessible through the Tor Hidden Service configured on the FreedomBox. +
+
+ Running a Tor relay + When Tor is installed, it is configured by default to run as a bridge relay. The relay or bridge option can be disabled through the Tor configuration page in Plinth. + At the bottom of the Tor page in Plinth, there is a list of ports used by the Tor relay. If your FreedomBox is behind a router, you will need to configure port forwarding on your router so that these ports can be reached from the public Internet.
Using Tor SOCKS port (advanced) @@ -791,38 +482,108 @@ sub 2048R/2A624357 2015-12-22
- Bit Torrent (Transmission) + BitTorrent (Transmission)
What is Transmission ? - In addition to Deluge Bit Torrent, your FreedomBox provides a Transmission application to enable. Transmission is a lightweight Bit Torrent client allowing end-user machine to share files (documents, pictures, sounds, videos and programs). Transmission is well known for its simplicity and a default configuration that "Just Works". + BitTorrent is a communications protocol using peer-to-peer (P2P) file sharing. It is not anonymous; you should assume that others can see what files you are sharing. There are two BitTorrent web clients available in FreedomBox: Transmission and Deluge. They have similar features, but you may prefer one over the other. + Transmission is a lightweight BitTorrent client that is well known for its simplicity and a default configuration that "Just Works". +
+
+ Screenshot + + + + + + + Transmission Web Interface + + + +
+
+ Using Transmission + After installing Transmission, it can be accessed at https://<your freedombox>/transmission. When you try to access this page, you will be required to login with a username and password. The default for both is "transmission". You can change the username and password using the configuration form in Plinth. +
+
+ Known Issues + + + The initial password is shown in the Plinth configuration form in a hashed format. This prevents it from being read or copied. However, after the password is changed, it is shown directly, without hashing. + +
- Bit Torrent (Deluge) + BitTorrent (Deluge)
What is Deluge? - Your FreedomBox provides a Deluge application to enable. Deluge is a lightweight Bit Torrent client. Bit Torrent is a communications protocol using peer-to-peer (P2P) file sharing. P2P is a system that aims to interconnect end-user machines. Highly configurable, Deluge offers functionalities in the form of plugins. + BitTorrent is a communications protocol using peer-to-peer (P2P) file sharing. It is not anonymous; you should assume that others can see what files you are sharing. There are two BitTorrent web clients available in FreedomBox: Transmission and Deluge. They have similar features, but you may prefer one over the other. + Deluge is a lightweight BitTorrent client that is highly configurable. Additional functionality can be added by installing plugins. +
+
+ Screenshot + + + + + + + Deluge Web UI + + + +
+
+ Initial Setup + After installing Deluge, it can be accessed by pointing your browser to https://<your freedombox>/deluge. You will need to enter a password to login: + + + + + + + Deluge Login + + + + The initial password is "deluge". The first time that you login, Deluge will ask if you wish to change the password. You should change it to something that is harder to guess. + Next you will be shown the connection manager. Click on the first entry (Offline - 127.0.0.1:58846). Then click "Start Daemon" to start the Deluge service that will run in the background. + + + + + + + Deluge Connection Manager (Offline) + + + + Now it should say "Online". Click "Connect" to complete the setup. + + + + + + + Deluge Connection Manager (Online) + + + + At this point, you are ready to begin using Deluge. You can make further changes in the Preferences, or add a torrent file or URL.
Block Sandbox (Minetest) Minetest is a multiplayer infinite-world block sandbox. This module enables the Minetest server to be run on this FreedomBox, on the default port (30000). To connect to the server, a Minetest client is needed. -
-
- GnuSocial - - - GnuSocial is currently not available - - GnuSocial is currently not available in the FreedomBox -
- What is GNU social? - GNU social is a continuation of the StatusNet project. It is social communication software for both public and private communications. It is widely supported and has a large userbase. It is already used by the Free Software Foundation, and Richard Stallman himself. Think of GNU Social as twitter and beyond. -
-
- Status of package - GNU Social is still getting packaged for debian and will be available soon for everyone to use. check the progress by tracking the bug #782812. + Port Forwarding + If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for Minetest: + + + UDP 30000 + +
@@ -840,10 +601,10 @@ sub 2048R/2A624357 2015-12-22
Calendar and Addressbook (Radicale) - With Radicale you can synchronize your personal Calendars, ToDo-Lists and Addressbooks with your various computers, tables, smartphones etc. and share them with friends without letting third parties know your personal Schedule or Contacts. + With Radicale, you can synchronize your personal calendars, ToDo lists, and addressbooks with your various computers, tablets, and smartphones, and share them with friends, without letting third parties know your personal schedule or contacts.
- Why running Radicale? - Using Radicale, you can get rid of centralized services like Google Calendar or Apple Calendar (iCloud) mining your events and social connections. + Why should I run Radicale? + Using Radicale, you can get rid of centralized services like Google Calendar or Apple Calendar (iCloud) data mining your events and social connections.
How to setup Radicale? @@ -859,7 +620,7 @@ sub 2048R/2A624357 2015-12-22 go to Calendar and Addressbook (Radicale) and - install the application. After the installation is complete, make sure the application is marked "enabled" in the FreedomBox interface. Enabling the application launches the Radicale server CalDAV. + install the application. After the installation is complete, make sure the application is marked "enabled" in the FreedomBox interface. Enabling the application launches the Radicale CalDAV/CardDAV server. define the access rights: @@ -960,19 +721,19 @@ sub 2048R/2A624357 2015-12-22 Install DAVdroid - Create an accound DAVdroid with the same settings as described for Evolution + Create an account in DAVdroid with the same settings as described for Evolution Click the newly created account and synchronize. - The settings, such as periodicity of synchronizsation, can be adjusted. + The settings, such as periodicity of synchronization, can be adjusted. A contact or calendar file, that was created before appears. - Enable it. + Enable it. It may take some minutes before e.g. the calendar is visible in your calendar app. @@ -984,7 +745,7 @@ sub 2048R/2A624357 2015-12-22
Advanced Users
- Sharing ressources + Sharing resources Above was shown an easy way to create a resource for a group of people by creating a dedicated account for all. Here will be described an alternative method where two users User1 and User2 are granted access to a calendar. This requires SSH-access to the FreedomBox. @@ -1035,24 +796,62 @@ file = /etc/radicale/rights Chat Server (XMPP)
What is XMPP? - XMPP is a federated protocol for Instant Messaging. This means that users who have accounts on one server, can talk to users that are on another server. + XMPP is a federated protocol for Instant Messaging. This means that users who have accounts on one server, can talk to users that are on another server. XMPP can also be used for voice and video calls, if supported by the clients. + With XMPP, there are two ways that conversations can be secured: + + + TLS: This secures the connection between the client and server, or between two servers. This should be supported by all clients and is highly recommended. + + + End-to-end: This secures the messages sent from one client to another, so that even the server cannot see the contents. The latest and most convenient protocol is called OMEMO, but it is only supported by a few clients. There is another protocol called OTR that may be supported by some clients that lack OMEMO support. Both clients must support the same protocol for it to work. + +
Setting the Domain Name For XMPP to work, your FreedomBox needs to have a Domain Name that can be accessed over the public Internet. You can read more about obtaining a Domain Name in the Dynamic DNS section of this manual. Once you have a Domain Name, you can tell your FreedomBox to use it by setting the Domain Name in the System Configuration. + + + Note: After changing your Domain Name, the Chat Server (XMPP) page may show that the service is not running. After a minute or so, it should be up and running again. + + Please note that Pagekite does not support the XMPP protocol at this time.
Registering XMPP users through SSO Currently, all users created through Plinth will be able to login to the XMPP server. You can add new users through the System Users and Groups module. It does not matter which Groups are selected for the new user.
+
+ Using the web client + After the XMPP module install completes, the JSXC web client for XMPP can be accessed at https://<your freedombox>/plinth/apps/xmpp/jsxc/. It will automatically check the BOSH server connection to the configured domain name. +
+
+ Using a desktop or mobile client + XMPP clients are available for various desktop and mobile platforms. +
+
+ Port Forwarding + If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for XMPP: + + + TCP 5222 (client-to-server) + + + TCP 5269 (server-to-server) + + +
Email Client (Roundcube)
What is Roundcube? - RoundCube is a browser-based multilingual email client with an application-like user interface. RoundCube is using the Internet Message Access Protocol (IMAP) to access e-mail on a remote mail server. It supports MIME to send files, and provides particularly address book, folder management, message searching and spell checking. + Roundcube is a browser-based multilingual email client with an application-like user interface. Roundcube is using the Internet Message Access Protocol (IMAP) to access e-mail on a remote mail server. It supports MIME to send files, and provides particularly address book, folder management, message searching and spell checking. +
+
+ Using Roundcube + After Roundcube is installed, it can be accessed at https://<your freedombox>/roundcube.
@@ -1170,65 +969,84 @@ file = /etc/radicale/rights
News Feed Reader (Tiny Tiny RSS) Tiny Tiny RSS is a news feed (RSS/Atom) reader and aggregator, designed to allow reading news from any location, while feeling as close to a real desktop application as possible. - When enabled, Tiny Tiny RSS will be available from /tt-rss path on the web server. -
-
- ownCloud - + When enabled, Tiny Tiny RSS will be available from /tt-rss path on the web server. Any user created through Plinth will be able to login and use this app. +
+ Screenshot - ownCloud was removed from Debian + + + + + + Tiny Tiny RSS + + - ownCloud was removed from Debian, so it is not available in the FreedomBox any more. Existing installations however are still working for time being. We are working on finding an adequate alternative. - Migrate to the official owncloud repository can be done in following this post - -
- What is ownCloud? - ownCloud is a self-hosted file sync and share server. It provides access to your data through a platform to view, sync and share across devices. Calendars and Contacts feature will help you keeping google at a nice distance. ownCloud's functionalities are native or available via plugins (Collaborative Editing, Play Music, Watch Movies, Store Passwords, Dashboard, Mozilla Sync...) via -
-
- Installation - Clicking on the ownCloud application in Plinth will show an installation prompt. Proceed to install. After the installation, visit the /owncloud link provided in the ownCloud page. First time installation wizard will show up asking for administrator username and password to setup (no additional details such as database configuration are requested). After providing the details, you will be logged. You will be able to start using the ownCloud and create more users. -
- External Storage - ownCloud's external storage plugin allows you to expose the contents of a hard drive or those of an online storage account as a folder. Following are the steps required to setup such storage. - - - Mount your hard drive or external storage to any fixed directory on the system. - - - Install two packages needed via the 'apt-get' on the SSH command line shell (this step will not be needed in future): - - - $ sudo apt-get install php-google-api-php-client php-dropbox - - - - - Goto ownCloud Apps section and enable 'External Storage Support' plugin. - - - Goto 'Admin' section and add your hard drive mount path in the external storage section. This folder will now show up in your folders list to access and sync across devices. - - -
SIP Server (repro) + repro is a server for SIP, a standard that enables Voice-over-IP calls. A desktop or mobile SIP client is required to use repro.
How to set up the SIP server Configure the domain at /repro/domains.html on the FreedomBox. + + + + + + + + + Repro Domains + + + + + Add users at /repro/addUser.html. + + + + + + + + + Repro Users + + + + + Disable and re-enable the repro application in Plinth.
+
+ Port Forwarding + If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for repro: + + + TCP 5060 + + + TCP 5061 + + + UDP 5060 + + + UDP 5061 + + +
Virtual Private Network (OpenVPN) @@ -1240,7 +1058,10 @@ file = /etc/radicale/rights Setting up - In Plinth install Virtual Private Network (OpenVPN) + In Plinth apps menu, select Virtual Private Network (OpenVPN) and click Install. + + + After the module is installed, there is an additional setup step that may take a long time to complete. Click "Start setup" to begin. @@ -1253,13 +1074,13 @@ file = /etc/radicale/rights - Wait for the installation to finish. This could take a while. + Wait for the setup to finish. This could take a while. - Once the installation of the OpenVPN server is done you can download your profile. This will download a file called <USER>.ovpn, where <USER> is the name of a freedombox user. Each freedombox user will be able to download a different profile. + Once the setup of the OpenVPN server is complete, you can download your profile. This will download a file called <USER>.ovpn, where <USER> is the name of a FreedomBox user. Each FreedomBox user will be able to download a different profile. - The ovpn file contains all the information a vpn client needs to connect to the server. + The ovpn file contains all the information a vpn client needs to connect to the server. If you are behind a modem, you may have to change the ip address (if not, you can skip this step). Open the ovpn file in any text editor. The second line shows the IP address or hostname the client will try to connect to. This should be your WAN IP address or your hostname. This line also contains the port number, 1194 being the default. You may have to open this port on your modem and enable port forwarding. @@ -1276,7 +1097,7 @@ proto udp Open the ovpn file with the OpenVPN client. - Try to ping the freedombox or other devices on the local network. + Try to ping the FreedomBox or other devices on the local network.
@@ -1293,6 +1114,22 @@ proto udp What is Mumble? Mumble is a voice chat software. Primarily intended for use while gaming, it is suitable for simple talking with high audio quality, noise suppression, encrypted communication, public/private-key authentication by default, and "wizards" to configure your microphone for instance. A user can be marked as a "priority speaker" within a channel.
+
+ Using Mumble + FreedomBox includes the Mumble server. Clients are available for desktop and mobile platforms. Users can download one of these clients and connect to the server. +
+
+ Port Forwarding + If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for Mumble: + + + TCP 64738 + + + UDP 64738 + + +
Web Proxy (Privoxy) @@ -1395,10 +1232,30 @@ proto udp Creating a wiki or blog You can create a wiki or blog to be hosted on your FreedomBox through the Wiki & Blog (Ikiwiki) page in Plinth. The first time you visit this page, it will ask to install packages required by Ikiwiki. After the package install has completed, select the Create tab. You can select the type to be Wiki or Blog. Also type in a name for the wiki or blog, and the username and password for the wiki's/blog's admin account. Then click Update setup and you will see the wiki/blog added to your list. Note that each wiki/blog has its own admin account. + + + + + + + ikiwiki: Create + + +
Accessing your wiki or blog From the Wiki & Blog (Ikiwiki) page, select the Manage tab and you will see a list of your wikis and blogs. Click a name to navigate to that wiki or blog. + + + + + + + ikiwiki: Manage + + + From here, if you click Edit or Preferences, you will be taken to a login page. To log in with the admin account that you created before, select the Other tab, enter the username and password, and click Login.
@@ -1434,65 +1291,6 @@ proto udp
-
- Unhosted Storage -
- What is Unhosted? - Unhosted is a way to uncouple web applications from data. No matter where a web application is served from, the data can be stored on an Unhosted storage server of user's choice. Unhosted web apps do not send your user data to their server and are hence known as "serverless", "client-side", or "static" web apps. Either you connect your own server at runtime, or your data stays within the browser. Your FreedomBox can become your Unhosted storage server using a remoteStorage server know as reStore. - - This module is currently disabled in FreedomBox as the package required for reStore server is not available in Debian yet. The package is available for testing via - -
-
- Setup - Your FreedomBox contains a remoteStorage server called reStore, that can serve as your personal storage server for Unhosted web apps. To setup reStore, simply install and enable in FreedomBox web UI. After the setup, create an account by visiting the link provided on the Unhosted app page https://<yourdomain>/restore/. - - User accounts are currently not integrated with Plinth user management, and public sign-up is enabled! - -
-
- Try Unhosted apps - Once Unhosted is setup on FreedomBox and when FreedomBox is accessible by a domain name (such by using PageKite, Dynamic DNS or Tor Hidden Service), try one of the following Unhosted web apps (more are listed at ): - - - (a note taking application) - - - (list your favorite drinks) - - - (a simple todo list) - - - To connect the Unhosted app to your FreedomBox's Unhosted storage, click on the remoteStorage icon and type your address <user>@<yourdomain>, e.g.: - - - - - - - remotestorage.png - - - - If this doesn't work, make sure that - - - FreedomBox has a domain name using PageKite, Dynamic DNS or Tor Hidden Service. - - - The reStore server is running. - - - You have created the account specified in the reStore server. - - - Your FreedomBox SSL certificate is trusted in your current browser session (important when using private browsing). - - - Finish the OAuth flow by authenticating with your password and authorizing access, then you should get redirected back to the Unhosted app, and be able to use it. All data of the Unhosted web app is now stored on your FreedomBox. -
-
System @@ -1501,15 +1299,28 @@ proto udp Configure covers a couple of general topics: - Hostname - Hostname is the local name by which other devices on the local network can reach your FreedomBox. Default is freedombox. + Hostname + + + Hostname is the local name by which other devices on the local network can reach your FreedomBox. Default is freedombox. + + Domain Name - Domain name is the global name by which other devices on the Internet can reach your FreedomBox. + + + Domain name is the global name by which other devices on the Internet can reach your FreedomBox. The value set here is used by the Chat Server (XMPP), Certificates (Let's Encrypt), and Monkeysphere. + + - Language Language for the web administration interface Plinth + Language + + + Language for the web administration interface Plinth + +
@@ -1729,10 +1540,10 @@ proto udp - SSH + Minetest - 22/tcp + 30000/udp @@ -1746,30 +1557,6 @@ proto udp - - - - - - - - (./) - - - - - - - - - - - - (./) - - - - @@ -1782,13 +1569,37 @@ proto udp + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + - JWChat + XMPP Client - 80/tcp + 5222/tcp @@ -1802,30 +1613,6 @@ proto udp - - - - - - - - (./) - - - - - - - - - - - - (./) - - - - @@ -1838,13 +1625,37 @@ proto udp + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + - JWChat + XMPP Server - 443/tcp + 5269/tcp @@ -1858,30 +1669,6 @@ proto udp - - - - - - - - (./) - - - - - - - - - - - - (./) - - - - @@ -1894,13 +1681,37 @@ proto udp + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + - OwnCloud + XMPP Bosh - 80/tcp + 5280/tcp @@ -1918,10 +1729,10 @@ proto udp - + - (./) + {X} @@ -1953,19 +1764,19 @@ proto udp - OwnCloud + NTP - 443/tcp + 123/udp - + - {*} + {o} @@ -2012,7 +1823,7 @@ proto udp Plinth - 443/tcp + 443/tcp @@ -2065,19 +1876,31 @@ proto udp - Tor (Socks) + Quassel - 9050/tcp + 4242/tcp - + - {o} + {*} + + + + + + + + + + + + {X} @@ -2098,22 +1921,10 @@ proto udp - + - {X} - - - - - - - - - - - - {X} + (./) @@ -2121,19 +1932,31 @@ proto udp - NTP + SIP - 123/udp + 5060/tcp - + - {o} + {*} + + + + + + + + + + + + {X} @@ -2154,22 +1977,10 @@ proto udp - + - {X} - - - - - - - - - - - - {X} + (./) @@ -2177,19 +1988,31 @@ proto udp - DNS + SIP - 53/tcp + 5060/udp - + - {o} + {*} + + + + + + + + + + + + {X} @@ -2210,22 +2033,10 @@ proto udp - + - {X} - - - - - - - - - - - - {X} + (./) @@ -2233,19 +2044,31 @@ proto udp - DNS + SIP-TLS - 53/tdp + 5061/tcp - + - {o} + {*} + + + + + + + + + + + + {X} @@ -2262,6 +2085,38 @@ proto udp + + + + + + + + (./) + + + + + + + + SIP-TLS + + + 5061/udp + + + + + + + + + {*} + + + + @@ -2274,6 +2129,130 @@ proto udp + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + RTP + + + 1024-65535/udp + + + + + + + + + {*} + + + + + + + + + + + + {X} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + SSH + + + 22/tcp + + + + + + + + + {*} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + @@ -2292,7 +2271,7 @@ proto udp mDNS - 5353/udp + 5353/udp @@ -2318,6 +2297,566 @@ proto udp + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + Tor (Socks) + + + 9050/tcp + + + + + + + + + {o} + + + + + + + + + + + + {X} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + Obfsproxy + + + <random>/tcp + + + + + + + + + {*} + + + + + + + + + + + + {X} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + OpenVPN + + + 1194/udp + + + + + + + + + {*} + + + + + + + + + + + + {X} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + Mumble + + + 64378/tcp + + + + + + + + + {*} + + + + + + + + + + + + {X} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + Mumble + + + 64378/udp + + + + + + + + + {*} + + + + + + + + + + + + {X} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + Privoxy + + + 8118/tcp + + + + + + + + + {o} + + + + + + + + + + + + {X} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + JSXC + + + 80/tcp + + + + + + + + + {*} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + JSXC + + + 443/tcp + + + + + + + + + {*} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + DNS + + + 53/tcp + + + + + + + + + {o} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + DNS + + + 53/tdp + + + + + + + + + {o} + + + + + + + + + + + + {X} + + + + @@ -2348,7 +2887,7 @@ proto udp DHCP - 67/udp + 67/udp @@ -2404,7 +2943,7 @@ proto udp Bootp - 67/tcp + 67/tcp @@ -2460,7 +2999,7 @@ proto udp Bootp - 67/udp + 67/udp @@ -2516,7 +3055,7 @@ proto udp Bootp - 68/tcp + 68/tcp @@ -2572,7 +3111,7 @@ proto udp Bootp - 68/udp + 68/udp @@ -2628,7 +3167,7 @@ proto udp LDAP - 389/tcp + 389/tcp @@ -2684,7 +3223,7 @@ proto udp LDAPS - 636/tcp + 636/tcp @@ -2735,342 +3274,6 @@ proto udp - - - OpenVPN - - - 1194/udp - - - - - - - - - {*} - - - - - - - - - - - - {X} - - - - - - - - - - - - {X} - - - - - - - - - - - - {X} - - - - - - - - Privoxy - - - 8118/tcp - - - - - - - - - {o} - - - - - - - - - - - - (./) - - - - - - - - - - - - {X} - - - - - - - - - - - - {X} - - - - - - - - XMPP Server - - - 5269/tcp - - - - - - - - - {*} - - - - - - - - - - - - (./) - - - - - - - - - - - - (./) - - - - - - - - - - - - {X} - - - - - - - - XMPP Client - - - 5222/tcp - - - - - - - - - {*} - - - - - - - - - - - - (./) - - - - - - - - - - - - (./) - - - - - - - - - - - - {X} - - - - - - - - XMPP Bosh - - - 5280/tcp - - - - - - - - - {*} - - - - - - - - - - - - (./) - - - - - - - - - - - - (./) - - - - - - - - - - - - {X} - - - - - - - - Obfsproxy - - - <random>/tcp - - - - - - - - - {*} - - - - - - - - - - - - {X} - - - - - - - - - - - - {X} - - - - - - - - - - - - {X} - - - - - @@ -3145,6 +3348,88 @@ firewall-cmd --permanent --zone=internal --add-interface=eth0
+
+ Certificates (Let's Encrypt) + A digital certficate allows users of a web service to verify the identity of the service and to securely communicate with it. FreedomBox can automatically obtain and setup digital certificates for each available domain. It does so by proving itself to be the owner of a domain to Let's Encrypt, a certificate authority (CA). + Let's Encrypt is a free, automated, and open certificate authority, run for the public's benefit by the Internet Security Research Group (ISRG). Please read and agree with the Let's Encrypt Subscriber Agreement before using this service. +
+ Why using Certificates + The communication with your FreedomBox can be secured so that it is not possible to intercept the content of the web pages viewed and about the content exchanged. +
+
+ How to setup + + + If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports: + + + TCP 80 (http) + + + TCP 443 (https) + + + + + Make the domain name known: + + + In Configure insert your domain name, e.g. MyWebName.com LetsEncrypt-Configure.png + + + + + Verify the domain name was accepted + + + Check that it is enabled in Name Services LetsEncrypt-NameServices.png + + + + + Go to the Certificates (Let's Encrypt) page, and complete the module install if needed. Then click the "Obtain" button for your domain name. + + + After some minutes a valid certificate is available + + + + + + + LetsEncrypt.png + + + + + + + + Verify in your browser by checking https://MyWebName.com + + + + + + + + + LetsEncrypt-Certificate.png + + + + + + + + Screencast: Let's Encrypt.webm +
+
+ Using + The certificate is valid for 3 months. It is renewed automatically and can also be re-obtained or revoked manually. + With running diagnostics the certificate can also be verified. +
+
Monkeysphere With Monkeysphere, an OpenPGP key can be generated for each configured domain serving SSH. The OpenPGP public key can then be uploaded to the OpenPGP keyservers. Users connecting to this machine through SSH can verify that they are connecting to the correct host. For users to trust the key, at least one person (usually the machine owner) must sign the key using the regular OpenPGP key signing process. See the Monkeysphere SSH documentation for more details. @@ -3152,7 +3437,7 @@ firewall-cmd --permanent --zone=internal --add-interface=eth0
Name Services - Name Services provides an overview of the enabled and disabled services for the domain name, tor hidden services and Pagekite. + Name Services provides an overview of ways the box can be reached from the public Internet: domain name, Tor hidden service, and Pagekite. For each type of name, it is shown whether the HTTP, HTTPS, and SSH services are enabled or disabled for incoming connections through the given name.
Networks @@ -3526,17 +3811,42 @@ nmcli con modify "<connection_name>" connection.zone internal
Power - Power provides an easy way to restart or shut down FreedomBox. + Power provides an easy way to restart or shut down FreedomBox. After you select "Restart" or "Shut Down", you will be asked to confirm.
Public Visibility (PageKite)
What is PageKite? - PageKite makes local websites and services publicly accessible immediately without creating yourself a public IP address. PageKite provides "Kites" and "Services". Kites aims to make accessible in a second a web page (for instance foo.pagekite.me). Services can expose a file or a folder. Technically speaking, PageKite is free Software solution for tunneling HTTP, HTTPS and SSH servers through firewalls and NAT. + PageKite makes local websites and services publicly accessible immediately without creating yourself a public IP address. It does this by tunneling protocols such as HTTPS or SSH through firewalls and NAT. Using PageKite requires an account on a PageKite relay service. One such service is . + A PageKite relay service will allow you to create kites. Kites are similar to domain names, but with different advantages and drawbacks. A kite can have a number of configured services. PageKite is known to work with HTTP, HTTPS, and SSH, and may work with some other services, but not all.
- Use PageKite - See PageKite website. + Using PageKite + + + Create an account on a PageKite relay service. + + + Add a kite to your account. Note your kite name and kite secret. + + + In Plinth, go to the "Configure PageKite" tab on the Public Visibility (PageKite) page. + + + Check the "Enable PageKite" box, then enter your kite name and kite secret. Click "Save settings". + + + On the "Standard Services" tab, you can enable HTTP and HTTPS (recommended) and SSH (optional). + + + HTTP is needed to obtain the Let's Encrypt certificate. You can disable it later. + + + + + On the Certificates (Let's Encrypt) page, you can obtain a Let's Encrypt certificate for your kite name. + +
@@ -3625,7 +3935,7 @@ nmcli con modify "<connection_name>" connection.zone internal
Service Discovery - Service discovery allows other devices on the network to discover your FreedomBox and services running on it. + Service discovery allows other devices on the network to discover your FreedomBox and services running on it. If a client on the local network supports mDNS, it can find your FreedomBox at <hostname>.local (for example: freedombox.local). It also allows FreedomBox to discover other devices and services running on your local network. Service discovery is not essential and works only on internal networks. It may be disabled to improve security especially when connecting to a hostile local network.
@@ -3662,7 +3972,15 @@ Password: Users in the admin group will be able to log in to all services. They can also log in to the system through SSH and have administrative privileges (sudo). These characteristics can also be changed later-on. It is also possible to set an SSH public key which will allow this user to securely log in to the system without using a password. You may enter multiple keys, one on each line. Blank lines and lines starting with # will be ignored. - To temporarily disable user, he can be deactivated. + A user's account can be deactivated, which will temporarily disable the account. +
+ Known Issues + + + Currently, Plinth does not distinguish between users and administrators. Every user added through Plinth will have full access to the Plinth interface. + + +
@@ -5004,10 +5322,10 @@ $ sudo umount /tmp/vbox-root1 Install freedombox-setup package. - $ sudo apt-get install freedombox-setup + $ sudo DEBIAN_FRONTEND=noninteractive apt-get install freedombox-setup - When asked to specify whether Macchanger should be set up to run automatically, please choose "No". + The "DEBIAN_FRONTEND=noninteractive" will avoid several configuration prompts that would otherwise appear during the install. @@ -5065,6 +5383,10 @@ iface lo inet loopback FreedomBox SD card images for this hardware are available. Follow the instructions on the download page to create a FreedomBox SD card and boot into FreedomBox. See also instructions for using an internal micro-SD with DreamPlug. An alternative to downloading these images is to install Debian on DreamPlug and then install FreedomBox on it.
+
+ Networking + The network port towards the middle of the box, is configured by FreedomBox to be an upstream Internet link. The remaining port is configured for a local computer to connect to. +
Firmware Note that the factory firmware configurations may vary between revisions of the hardware, and render some images incompatible. See the DreamPlug firmware page for information on what images are compatible and how to update your DreamPlug firmware. @@ -5365,15 +5687,514 @@ wget https://www.thinkpenguin.com/files/ath9k_firmware_free-version/htc_7010.fw<
- Advanced Topics - - - + Release Notes + The following are the release notes for each FreedomBox version.
- Adding Additional Features - There are a number of incomplete projects that you might find useful, for setting up a wiki, an IM server, and so forth. To check these out, download the repository: - $ hg clone https://bitbucket.org/nickdaly/plugserver ~/plugserver - Then, read the README. It's pretty detailed. Also, if you can, it may be best to wait until these tools are fully integrated into the FreedomBox image. Otherwise, migrating from these custom tools to the officially supported FreedomBox tools may be difficult. Ultimately, that decision is up to you. + Plinth v0.13.0 (2017-01-18) + + + Two new apps were added: + + + Gobby Server (infinoted) for collaborative editing of text documents + + + Domain Name Server (BIND), in system menu + + + + + Added JavaScript license web labels to provide partial support for LibreJS. + + + Added basic configuration form for Minetest server. + + + Added indicator to Help->About page if new Plinth version is available. + + + Show app logos on front page instead of generic icons. + + + Prevent anonymous users from accessing setup pages. + + + Split Chat Server (XMPP) app into Chat Server (ejabberd) and Chat Client (jsxc). + + +
+
+ Plinth v0.12.0 (2016-12-08) + + + Open up RTP ports in the firewall for repro (SIP server). + + + Front page shortcuts for services show a Configure button in the details box for logged-in users. + + + Add mods packages to be installed with Minetest server. + + + Fix issue with reading Dynamic DNS status as non-root user. + + + After the hostname is changed, ensure the domain name is still set correctly. + + + Allow the domain name to be cleared, and properly set the configuration in this case. + + + On the Certificates (Let's Encrypt) page, show a more informative message when no domains are configured. + + + On the Chat Server (XMPP) page, show more clearly if domain is not set. + + + Apps that require login will not be shown on the front page, unless the user is logged in. + + + Show status block for News Feed Reader (Tiny Tiny RSS). + + + Change appearance of front page with larger icons and repositioned text. + + + Firewall page only lists services that have been setup. The port lists are collapsible under each service. + + + Support configuring IPv6 networks. + + + Make it less likely to accidentally delete the only Plinth user. + + + Updated to work with JSXC 3.0.0 (XMPP web client). + + +
+
+ Plinth v0.11.0 (2016-09-29) + + + Added loading icon for additional busy operations. + + + Added basic front page with shortcuts to web apps, and information about enabled services. + + + networks: Add batctl as dependency, required for batman-adv mesh networking. + + + users: + + + Fixed checking restricted usernames. + + + Display error message if unable to set SSH keys. + + + Flush nscd cache after user operations to avoid some types of errors. + + + + + monkeysphere: + + + Adopted to using SHA256 fingerprints. + + + Sort items for consistent display. + + + Handle new uid format of gpg2. + + + Fixed handling of unavailable imported domains. + + + + + minetest: Fixed showing status block and diagnostics. + + + Fixed stretched favicon. + + + Switched base template from container-fluid to container. This will narrow the content area for larger displays. + + + Plinth is now able to run as "plinth" user instead of root user. + + + xmpp: Replaced jwchat with jsxc. + + + ikiwiki: Allow only alphanumerics in wiki/blog name to avoid invalid paths. + + +
+
+ Plinth v0.10.0 (2016-08-21) + + + Updated Plinth to support Django 1.10. + + + Added a page to display recent status log from Plinth. It is accessible from the 500 error page. + + + Tor: Added options to toggle relay and bridge relay modes. + + + Radicale: Added access rights control. + + + Ikiwiki: Updated suggested packages. + + + Users and Groups: Fixed editing users without SSH keys. + + + Networks: Added basic support for configuring batman-adv mesh networking. + + + Networks: Fixed incorrect access for retrieving DNS entries. + + + New languages: + + + Persian (50% translated) + + + Indonesian (not started, contributions needed) + + + + + New modules added to Plinth: + + + Disks: Shows free space of mounted partitions, and allows expanding the root partition. + + + Security: Controls login restrictions. + + + Snapshots: Manages Btrfs snapshots. + + + + +
+
+ Version 0.9.4 (2016-06-24) + + + Added Polish translation. + + + Fixed issue preventing access to Plinth on a non-standard port. + + + Dealt with ownCloud removal from Debian. The ownCloud page in Plinth will be hidden if it has not been setup. Otherwise, a warning is shown. + + + Fixed issue in Privoxy configuration. Two overlapping listen-addresses were configured, which prevented privoxy service from starting. + + + Fixed issue that could allow someone to start a module setup process without being logged in to Plinth. + + + Fixed issues with some diagnostic tests that would show false positive results. + + + Added check to Diagnostics to skip tests for modules that have not been setup. + + + Fixed some username checks that could cause errors when editing the user. + + + Added sorting of menu items per locale. + + + Moved Dynamic DNS and Pagekite from Applications to System Configuration. + + + Allowed setting IP for shared network connections. + + + Switched Dreamplug image from "non-free" to "free". This means that we no longer include the non-free firmware for the built-in wifi on Dreamplug. + + + Added the "userdir" module for the Apache web server. This allows users in the "admin" group to create a folder called "public_html" under their home folder, and to publicly share files placed in this folder. + + + New wiki and manual content licence: Creative Commons Attribution-ShareAlike 4.0 International (from June 13rd 2016). + + + Switched to using apt-get for module setup in Plinth. This fixes several issues that were seen during package installs. + + +
+
+ Version 0.9 (2016-04-24) + + + Fixed Wi-Fi AP setup. + + + Prevent lockout of users in 'sudo' group after setup is complete. + + + Improved setup mechanism for Plinth modules. Allows users to see what a module is useful for, before doing the setup and package install. Also allows essential modules to be setup by default during FreedomBox install. + + + Added HTTPS certificates to Monkeysphere page. Reorganized so that multiple domains can be added to a key. + + + Added Radicale, a CalDAV and CardDAV server. + + + Added Minetest Server, a multiplayer infinite-world block sandbox. + + + Added Tiny Tiny RSS, a news feed reader. + + +
+
+ Version 0.8 (2016-02-20) + + + Added Quassel, an IRC client that stays connected to IRC networks and can synchronize multiple frontends. + + + Improved first boot user interface. + + + Fixed Transmission RPC whitelist issue. + + + Added translations for Turkish, Chinese, and Russian. Fixed and updated translations in other languages. + + + Added Monkeysphere, which uses PGP web of trust for SSH host key verification. + + + Added Let's Encrypt, to obtain certificates for domains, so that browser certificate warnings can be avoided. + + + Added repro, a SIP server for audio and video calls. + + + Allow users to set their SSH public keys, so they can login over SSH without a password. + + +
+
+ Version 0.7 (2015-12-13) + + + Translations! Full translations of the interface in Danish, Dutch, French, German and Norwegian Bokmål, and partial Telugu. + + + Support for OLinuXino A20 MICRO and LIME2 + + + New Plinth applications: OpenVPN, reStore + + + Improved first-boot experience + + + Many bugfixes and cleanups + + +
+
+ Version 0.6 (2015-10-31) + + + New supported hardware target: Raspberry Pi 2 + + + New modules in Plinth: + + + Shaarli: Web application to manage and share bookmarks + + + Date & Time: Configure time zone and NTP service + + + Service Discovery: Configure Avahi service + + + + + Documentation revamp including new user manual and developer guide + + + Improved diagnostic tests, available in Plinth + + + Avoid unnecessary changes when installing on existing Debian system + + + Network configuration supports PPPoE connections + + + Debian packages can be download over Tor + + +
+
+ Version 0.5 (2015-08-07) + + + New targets: CubieTruck, i386, amd64 + + + New apps in Plinth: Transmission, Dynamic DNS, Mumble, ikiwiki, Deluge, Roundcube, Privoxy + + + NetworkManager handles network configuration and can be manipulated through Plinth. + + + Software Upgrades (unattended-upgrades) module can upgrade the system, and enable automatic upgrades. + + + Plinth is now capable of installing ejabberd, jwchat, and privoxy, so they are not included in image but can be installed when needed. + + + User authentication through LDAP for SSH, XMPP (ejabberd), and ikiwiki. + + + Unit test suite is automatically run on Plinth upstream. This helps us catch at least some code errors before they are discovered by users! + + + New, simpler look for Plinth. + + + Performance improvements for Plinth. + + +
+
+ Version 0.3 (2015-01-20) + + + Tor Bridges: All boxes now act as non-exit Tor bridges, routing traffic for the Tor network. + + + Firewall: firewall is on by default and is automatically managed. + + + Add BeagleBone support. We now have images for BeagleBone, RaspberryPi, VirtualBox i386/amd64, and DreamPlug. + + + Ability to enable and use Tor Hidden Services. Works with Ejabberd/JWChat and ownCloud services. + + + Enable Tor obfsproxy with scramblesuit. + + + Drop well-known root password (an account with sudo capabilities still exists for now but will be removed soon). + + + Switch to unstable as suite of choice for easier development. + + + Newer images are built with systemd by default (due to Debian change). + + + Install and operate firewall automatically (uses firewalld). + + + Major restructuring of Plinth UI using Python3, Django web development framework and Bootstrap3. Code quality is much better and UI is more polished. + + + Introduced packaging framework in Plinth UI for on-demand application installation. + + +
+
+ Version 0.2 (2014-03-16) + + + Support for Raspberry Pi and VirtualBox (x86) in addition to the DreamPlug. + + + New Services: + + + Configuration Management UI. + + + Instant Messaging. + + + OwnCloud. + + + dnsmasq. + + + Low-Level Configuration Management. + + + Service Announcement. + + + LDAP Server. + + + LXC Support. + + + Source Packages. + + + + + The privoxy setup is now the default from Debian. + + +
+
+ Version 0.1 (2013-02-26) + + + First FreedomBox software release (0.1 image, developer release). + + + Full hardware support in Debian + + + Support for DreamPlug. + + + Basic software tools selected as common working environment: + + + User interface system "plinth" + + + Cryptography tools: gpg or "monkeysphere" + + + Box-to-box communication design: Freedom-buddy (uses TOR network) + + + Web cleaning: "privoxy-freedombox". + + + +
@@ -6220,6 +7041,36 @@ Plinth module to configure Tiny Tiny RSS. Freedom Maker is a script to build FreedomBox disk images for use on various hardware devices or virtual machines. Freedom Maker can currently build FreedomBox disk images for the following: + + + A20-OlinuXino-LIME + + + + + A20-OlinuXino-LIME2 + + + + + A20-OLinuXino-MICRO + + + + + BeagleBone + + + + + Cubietruck + + + + + Cubieboard2 + + DreamPlug @@ -6232,17 +7083,19 @@ Plinth module to configure Tiny Tiny RSS. - BeagleBone + Raspberry Pi 2 (also works on 3) - - Cubietruck (work in progress) - VirtualBox + + + QEMU + + Other virtual machines (using raw disk images) @@ -6302,26 +7155,6 @@ Plinth module to configure Tiny Tiny RSS. -
- Other Resources: Manual Older Versions - - - - 0.3 Manual - - - - - 0.2 Manual - - - - - Jessie Manual - - - -
Tell people around you diff --git a/doc/images/LetsEncrypt-Certificate.png b/doc/images/LetsEncrypt-Certificate.png new file mode 100644 index 000000000..55cb920ec Binary files /dev/null and b/doc/images/LetsEncrypt-Certificate.png differ diff --git a/doc/images/LetsEncrypt-Configure.png b/doc/images/LetsEncrypt-Configure.png new file mode 100644 index 000000000..dfb61026e Binary files /dev/null and b/doc/images/LetsEncrypt-Configure.png differ diff --git a/doc/images/LetsEncrypt-NameServices.png b/doc/images/LetsEncrypt-NameServices.png new file mode 100644 index 000000000..f0c5e6167 Binary files /dev/null and b/doc/images/LetsEncrypt-NameServices.png differ diff --git a/doc/images/LetsEncrypt.png b/doc/images/LetsEncrypt.png new file mode 100644 index 000000000..e5827299b Binary files /dev/null and b/doc/images/LetsEncrypt.png differ diff --git a/doc/images/add_security_exception.png b/doc/images/add_security_exception.png new file mode 100644 index 000000000..8b4414c1a Binary files /dev/null and b/doc/images/add_security_exception.png differ diff --git a/doc/images/apps.png b/doc/images/apps.png new file mode 100644 index 000000000..6fe3e50b3 Binary files /dev/null and b/doc/images/apps.png differ diff --git a/doc/images/deluge.png b/doc/images/deluge.png new file mode 100644 index 000000000..4c22edb37 Binary files /dev/null and b/doc/images/deluge.png differ diff --git a/doc/images/deluge_connection_manager.png b/doc/images/deluge_connection_manager.png new file mode 100644 index 000000000..c6005c9c2 Binary files /dev/null and b/doc/images/deluge_connection_manager.png differ diff --git a/doc/images/deluge_connection_manager_2.png b/doc/images/deluge_connection_manager_2.png new file mode 100644 index 000000000..39e1c2813 Binary files /dev/null and b/doc/images/deluge_connection_manager_2.png differ diff --git a/doc/images/deluge_login.png b/doc/images/deluge_login.png new file mode 100644 index 000000000..afe47ed78 Binary files /dev/null and b/doc/images/deluge_login.png differ diff --git a/doc/images/frontpage.png b/doc/images/frontpage.png new file mode 100644 index 000000000..878b78a1d Binary files /dev/null and b/doc/images/frontpage.png differ diff --git a/doc/images/help.png b/doc/images/help.png new file mode 100644 index 000000000..783944396 Binary files /dev/null and b/doc/images/help.png differ diff --git a/doc/images/ikiwiki_create.png b/doc/images/ikiwiki_create.png new file mode 100644 index 000000000..0a1513aa9 Binary files /dev/null and b/doc/images/ikiwiki_create.png differ diff --git a/doc/images/ikiwiki_manage.png b/doc/images/ikiwiki_manage.png new file mode 100644 index 000000000..e001961f9 Binary files /dev/null and b/doc/images/ikiwiki_manage.png differ diff --git a/doc/images/plinth_firstboot_account.png b/doc/images/plinth_firstboot_account.png new file mode 100644 index 000000000..0b6ff1fe4 Binary files /dev/null and b/doc/images/plinth_firstboot_account.png differ diff --git a/doc/images/plinth_firstboot_complete.png b/doc/images/plinth_firstboot_complete.png new file mode 100644 index 000000000..b1094d99d Binary files /dev/null and b/doc/images/plinth_firstboot_complete.png differ diff --git a/doc/images/plinth_firstboot_welcome.png b/doc/images/plinth_firstboot_welcome.png new file mode 100644 index 000000000..e8761bfa0 Binary files /dev/null and b/doc/images/plinth_firstboot_welcome.png differ diff --git a/doc/images/plinth_frontpage.png b/doc/images/plinth_frontpage.png new file mode 100644 index 000000000..9a2af8d18 Binary files /dev/null and b/doc/images/plinth_frontpage.png differ diff --git a/doc/images/plinth_insecure_connection.png b/doc/images/plinth_insecure_connection.png new file mode 100644 index 000000000..10dba4401 Binary files /dev/null and b/doc/images/plinth_insecure_connection.png differ diff --git a/doc/images/repro_domains.png b/doc/images/repro_domains.png new file mode 100644 index 000000000..c0924f83f Binary files /dev/null and b/doc/images/repro_domains.png differ diff --git a/doc/images/repro_users.png b/doc/images/repro_users.png new file mode 100644 index 000000000..acfa62ba9 Binary files /dev/null and b/doc/images/repro_users.png differ diff --git a/doc/images/system.png b/doc/images/system.png new file mode 100644 index 000000000..ed51ad4b2 Binary files /dev/null and b/doc/images/system.png differ diff --git a/doc/images/tor_browser_plinth.png b/doc/images/tor_browser_plinth.png new file mode 100644 index 000000000..d5ae5c855 Binary files /dev/null and b/doc/images/tor_browser_plinth.png differ diff --git a/doc/images/transmission.png b/doc/images/transmission.png new file mode 100644 index 000000000..089dc0b0f Binary files /dev/null and b/doc/images/transmission.png differ diff --git a/doc/images/ttrss.png b/doc/images/ttrss.png new file mode 100644 index 000000000..b7745cb9e Binary files /dev/null and b/doc/images/ttrss.png differ diff --git a/doc/images/user.png b/doc/images/user.png new file mode 100644 index 000000000..93fe668eb Binary files /dev/null and b/doc/images/user.png differ