nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-04-22 10:01:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

doc: Fetch latest manual

Browse Source 
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
James Valleroy 2024-09-23 20:42:18 -04:00
parent 058a363d5a
commit c3e9dda748
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
4 changed files with 120 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
doc/manual/en/NameServices.raw.wiki
View File

@ -10,7 +10,44 @@
== Name Services ==
Name Services provides an overview of ways the box can be reached from the public Internet: domain name, Tor Onion Service, and Pagekite. For each type of name, it is shown whether the HTTP, HTTPS, and SSH services are enabled or disabled for incoming connections through the given name.
Name Services provides an overview of ways the box can be reached from the public Internet: domain name, Tor Onion Service, and Pagekite. For each type of name, it is shown whether the HTTP, HTTPS, and SSH services are enabled or disabled for incoming connections through the given name. It also shows and allows configuring how !FreedomBox performs domain name resolutions.
=== systemd-resolved ===
From release 24.19, !FreedomBox uses systemd-resolved as caching DNS resolver and replaces resolvconf for managing DNS server configuration. This improves privacy and security. Newer installations will come with systemd-resolved and older machines will automatically switch after an upgrade to this new release.
systemd-resolved automatically acquires DNS servers from Network Manager, the default and recommended way to configure networks on !FreedomBox. However, if you are manually managing network configuration by editing /etc/network/interfaces, you will need to ensure that the DNS servers acquired are passed on to systemd-resolved. Otherwise, Fallback DNS servers will be used. See below.
=== Support for DNS-over-TLS and DNSSEC ===
systemd-resolved supports DNS-over-TLS. This protocol allows encrypting DNS
communication between !FreedomBox and the DNS server if your DNS server
(typically provided by your ISP, sometimes a separate service) has support for
it. This improves both privacy and security as it makes it harder for
intermediaries to see the communication or manipulate it. New settings for
enabling DNS-over-TLS are available at the global level (for all network interfaces) in Name Services app and at the per-connection level in the Networks app's connection settings.
systemd-resolved supports DNSSEC. This standard allows website owners to sign
their DNS records allowing clients to authenticate them. This improves security
by making it harder to manipulate DNS responses. If your DNS server supports
this feature, it can be turned on. New setting for enabling DNSSEC is available
in the Name Services app.
You can detect whether your current DNS supports DNS-over-TLS and DNSSEC by turning them on in the settings one at a time and running the diagnostics for the Names app. There is a diagnostic check which detects whether you can successfully resolve the domain name deb.debian.org.
=== Setting a custom DNS server ===
If your current DNS server provided by your ISP does not support DNS-over-TLS or DNSSEC
features, is censoring some domains names, or if you don't trust them enough,
you can instead use one of the publicly available DNS servers. This can be done by
editing network connections in the Networks app and adding DNS servers manually.
You will need to deactivate and re-activate the network connection (or restart
!FreedomBox) for the settings to become active. After this, Names app will show you the
currently configured DNS servers.
=== Fallback DNS servers ===
In some cases, when internet connection is available to the system by no DNS servers are known to systemd-resolved, the fallback DNS servers are used. This may happen, for example, due to misconfiguration when manually managing network configuration instead of using !FreedomBox's default, the Network Manager. These fallback DNS servers, as defaulted by the upstream systemd project, include servers from Cloudflare and Google DNS servers. This has privacy implications but we felt that it was important to avoid !FreedomBox from becoming unreachable due to misconfiguration. It was a difficult decision. Once you have proper DNS configuration and you know that it works, you can turn off fallback DNS servers using a new setting in the Privacy app. There is also a renewed notification in the web interface that will attract your attention towards this. You may also edit the list of Fallback DNS servers by creating a configuration file for systemd-resolved. See [[https://www.freedesktop.org/software/systemd/man/latest/systemd-resolved.html|systemd-resolved documentation]].
## END_INCLUDE

23
doc/manual/en/ReleaseNotes.raw.wiki
View File

@ -8,6 +8,29 @@ For more technical details, see the [[https://salsa.debian.org/freedombox-team/f
The following are the release notes for each !FreedomBox version.
== FreedomBox 24.20 (2024-09-23) ==
=== Highlights ===
* nextcloud: Fix issue with upgrading to next version
=== Other Changes ===
* action_utils: Add a method to reset services in 'failed' state
* action_utils: Update outdated docstrings
* apache: Don't restart daemon when changing certificates
* config, names: Move domain name configuration to names app
* config, names: Move setting hostname from config to names
* debian: tests: Wait for systemd-resolved to be started
* letsencrypt: Allow reloading daemons after cert changes
* locale: Update translations for Albanian, Bulgarian, Chinese (Simplified Han script), Czech, Dutch, Spanish, Turkish
* miniflux: Workaround a packaging bug with DB connection
* service: Add privileged utility for 'try-reload-or-restart' action
* tests: functional: Don't timeout when web server restarts
* upgrades: Treat n/a release as testing
* users: Don't cache NSS user indentity information
* users: Invalidate nscd cache after nslcd service startup
== FreedomBox 24.19 (2024-09-09) ==
=== Highlights ===

37
doc/manual/es/NameServices.raw.wiki
View File

@ -9,7 +9,42 @@
== Servicios de Nombre ==
Los Servicios de Nombre proporcionan una vista general a las formas de acceder desde la Internet pública a tu !Freedombox: nombre de dominio, servicio ''Tor Onion'' y cometa (''Pagekite''). Para cada tipo de nombre se indica si los servicios HTTP, HTTPS, y SSH están habilitados o deshabilitados para conexiones entrantes.
Los Servicios de Nombre proporcionan una vista general a las formas de acceder desde la Internet pública a tu !Freedombox: nombre de dominio, servicio ''Tor Onion'' y cometa (''Pagekite''). Para cada tipo de nombre se indica si los servicios HTTP, HTTPS, y SSH están habilitados o deshabilitados para conexiones entrantes.También muestra y permite configurar como !FreedomBox resuelve los nombres de dominio.
=== systemd-resolved ===
Desde la versión 24.19, !FreedomBox emplea `systemd-resolved` como resolutor DNS con memoria y reemplaza a `resolvconf` para administrar la configuración del servidor DNS. Esto mejora la privacidad y la seguridad. Las instalaciones nuevas vendrán con `systemd-resolved` de serie y las anteriores cambiarán automáticamente tras una actualización a esta nueava versión.
`systemd-resolved` obtiene servidores DNS automáticamente de `Network Manager`, la forma recomendada y por omisión de configurar redes en !FreedomBox. No obstante, si administras la configuración de tu red editando a mano `/etc/network/interfaces`, tendrás que asegurar que los servidores DNS le lleguen a `systemd-resolved`. Si no, se usarán los servidores DNS de último recurso. Ver más abajo.
=== Soporte para DNS-sobre-TLS y DNSSEC ===
`systemd-resolved` soporta DNS-sobre-TLS. Este protocolo permite cifrar la comunicación entre !FreedomBox y el servidor de DNS server (habitualmente proporcionado por su proveedor de internet), si este lo soporta.
Esto mejora la privacidad y la seguridad porque complica a posibles intermediarios ver o maniplar la comunicación.
Los ajustes para habilitar DNS-sobre-TLS están disponibles a nivel global (para todas las interfaces de red) en la aplicación _Servicios de Nombre_ y a nivel de conexión en los ajusted de conexion de la aplicación _Redes_.
`systemd-resolved` soporta `DNSSEC`. Este estándar permite a los dueños de sitios web firmar sus registros DNS, permitiendo así a los clientes autenticarlos. Esto mejora la seguridad al complicar la manipulación de respuestas DNS.
Si tu servidor DNS soporta esta funcionalidad se puede habilitar. Hay un nuevo ajuste para activar `DNSSEC` disponible en la aplicación _Servicios de Nombre_.
Puedes detectar si tu DNS actual soporta `DNS-over-TLS` y `DNSSEC` si habilitas ambos de uno en uno y ejecutas los diagnósticos de la aplicación de _Nombres_. Hay un diagnostico que detecta si puedes resolver con éxito el nombre de dominio `deb.debian.org`.
=== Configurar un servidor DNS personalizado ===
Si el proveedor de servidor DNS que te pone actualmente tu proveedor de internet no soporta las funcionalidades `DNS-sobre-TLS` o `DNSSEC`, censura algunos nombres de domino, o no confías en él lo suficiente,
puedes usar un servidor DNS de los públicamente disponibles. Esto se hace editando las conexiones de red en la aplicación de _Redes_ y añadiendo los servidores DNS a mano.
Para que los ajustes tengan efecto necesitarás reiniciar tu conexión de red desactivándola y activándola a continuación (o reiniciando !FreedomBox).
Después de esto la aplicación _Nombres_ te mostrará los servidores DNS configurados.
=== Servidores DNS de último recurso ===
En algunos casos, cuando la conexón a internet está disponoble pero `systemd-resolved` no conoce los servidores DNS, se usan los de último recurso.
Esto podría pasar, por ejemplo, debido a una configuración errónea o con configuraciones de red administradas manualmente.
Los servidores DNS de último recurso que configura por omisión el proyecto `systemd` incluyen servidores de Cloudflare y de Google.
Esto fué una decisión difícil porque conlleva riesgos de privacidad pero pensamos que era importante evitar que !FreedomBox quede inaccesible por un fallo de configuración.
Una vez que tienes una configuración DNS funcional puedes esactivar los servidores DNS de último recurso usando el nuevo ajusta de la aplicación de _Privacidad_.
En el interfaz web hay también una nueva notificación que atraerá tu atención a este asunto.
También puedes editar la lista de servidores DNS de último recurso creando un archivo de configuración para `systemd-resolved`.
Mira [[https://www.freedesktop.org/software/systemd/man/latest/systemd-resolved.html|la documentación de systemd-resolved]].
## END_INCLUDE

23
doc/manual/es/ReleaseNotes.raw.wiki
View File

@ -8,6 +8,29 @@ For more technical details, see the [[https://salsa.debian.org/freedombox-team/f
The following are the release notes for each !FreedomBox version.
== FreedomBox 24.20 (2024-09-23) ==
=== Highlights ===
* nextcloud: Fix issue with upgrading to next version
=== Other Changes ===
* action_utils: Add a method to reset services in 'failed' state
* action_utils: Update outdated docstrings
* apache: Don't restart daemon when changing certificates
* config, names: Move domain name configuration to names app
* config, names: Move setting hostname from config to names
* debian: tests: Wait for systemd-resolved to be started
* letsencrypt: Allow reloading daemons after cert changes
* locale: Update translations for Albanian, Bulgarian, Chinese (Simplified Han script), Czech, Dutch, Spanish, Turkish
* miniflux: Workaround a packaging bug with DB connection
* service: Add privileged utility for 'try-reload-or-restart' action
* tests: functional: Don't timeout when web server restarts
* upgrades: Treat n/a release as testing
* users: Don't cache NSS user indentity information
* users: Invalidate nscd cache after nslcd service startup
== FreedomBox 24.19 (2024-09-09) ==
=== Highlights ===