Commit e8adad89 authored by segfault's avatar segfault
Browse files

Add more documentation

parent b235d0a2
- [[!traillink Tails Server|tails_server]]
- [[!traillink Collaborative text-editing with Gobby|tails_server/gobby]]
- [[!traillink Voice-chatting with Mumble|tails_server/mumble]]
- [[!traillink Sharing files with SFTP|tails_server/sftp]]
- [[!traillink Serving a web site with lighttpd|tails_server/lighttpd]]
\ No newline at end of file
[[!meta title="Tails Server"]]
<span class="application">Tails Server</span> allows hosting various online services, to which others can securely connect through Tor.
<span class="application">Tails Server</span> allows hosting various online services, to which others can securely connect through Tor.
To start <span class="application">Tails Server</span>, choose
<span class="menuchoice">
......@@ -13,17 +13,60 @@ To start <span class="application">Tails Server</span>, choose
Available Services
==================
- [[Gobby|tails_server/gobby]] - a collaborative text editor
- [[Mumble|tails_server/mumble]] - a voice chat server
- [[Mumble Server|tails_server/mumble]] - a voice chat server
- [[Gobby Server|tails_server/gobby]] - a collaborative text editor service
- [[SFTP|tails_server/sftp]] - a file sharing service
- [[lighttpd|tails_server/lighttpd]] - a lightweight web server
Installing a service
====================
When starting Tails Server for the first time, you can add a service with the **Add a Service** button. Then choose the service from the list and click **Install**. Tails Server will automatically install the required packages and configure the service. You can install additional services using the **+** button on the bottom left. You can uninstall the current service using the **-** button on the bottom left.
<div class="tip">
<p>The first time you install a service, the APT package lists need to be updated. This happens automatically in the background, but it causes the installation of the service to take up to 10 minutes longer.</p>
</div>
Configuring a service
=====================
Depending on the service, Tails Server provides some configuration options. Click the **Edit** button on the bottom right to edit the options, then click **Apply**.
Enabling a service
==================
To enable or disable a service, click the on/off swich on the top right. This will automatically start the service and create a Tor onion service for connecting to it.
<div class="tip">
<p>Due to limitations in Tor, the announcement of the onion address currently takes 30 seconds.</p>
</div>
Providing connection information to clients
===========================================
For a client to connect to the service, they need to know the onion address and port, and, depending on the service, maybe some other connection information like a password. You have to transfer these to the client through a secure channel, for example [[Pidgin with OTR|anonymous_internet/pidgin]] or [[PGP-encrypted email|anonymous_internet/icedove]]. Once the service was enabled, all the required connection information can be conveniently copied to the clipboard with the **Copy to Clipboard** button on the right.
Connecting to a service
=======================
To connect to the service remotely, see [[connect to Tails Server|tails_server/connect_to_tails_server]].
You can connect to the service locally if you enabled the **Allow localhost** option in Tails Server. You have to use the corresponding client application to the service and use *localhost* as the address.
You can connect to the service from your local area network (LAN) if you enabled the **Allow LAN** option in Tails Server. You will have to find out which IP address your computer is assigned to on your local network. You can look this up in the <span class="application">Network</span> application. To start <span class="application">Network</span>, open <span class="menuchoice">
<span class="guimenu">Applications</span>&nbsp;▸
<span class="guisubmenu">System Tools</span>&nbsp;▸
<span class="guimenuitem">Settings</span>
</span>, and then choose <span class="guimenuitem">Network</span>.
</p></div>
You will **not** be able to use the <span class="application">Connect to Tails Server</span> application for connecting to localhost or from LAN.
Currently, Tails Server enforces the use of Tor's [client authentication](https://www.torproject.org/docs/tor-manual.html.en#HiddenServiceAuthorizeClient). This allows only clients with a so called client cookie to connect to the onion service. This cookie has to be [added to the client's Tor configuration](https://www.torproject.org/docs/tor-manual.html.en#HidServAuth). To make this more user friendly, Tails includes an [[application to connect to Tails Server|tails_server/client_app]], which takes care of the client cookie, and for some services it also takes care of some other things.
Store service configuration and data persistently
=================================================
If you enabled the Tails [[persistent partition|first_steps/persistence]], you can store the service's configuration and data on the persistent partition by enabling the **Persistence** option in Tails Server. In contrast to other applications, this is **not** configured in the <span class="application">Configure persistent volume</span> application.
Client Authentication Background
----------
The client authentication protects from deanonymization attacks against onion services, which are easier to perform against Tails, because [Tails doesn't use stable guard nodes](https://labs.riseup.net/code/issues/11732). We plan to make the client authentication optional once the stable guard nodes issue is fixed.
\ No newline at end of file
If you additionally enable the **Autostart** option in Tails Server, the service will be started automatically after the system startup of Tails.
\ No newline at end of file
[[!meta title="Connect to Tails Server"]]
To connect to Tails Server, you need to know the onion address and port, and, depending on the service, maybe some other connection information like a password. You have to obtain these from the Tails Server administrator through a secure channel, for example [[Pidgin with OTR|anonymous_internet/pidgin]] or [[PGP-encrypted email|anonymous_internet/icedove]].
You can connect to the service with the correct client application, which depends on the service. If you are using Tails, you can use the <span class="application">Connect to Tails Server</span> application for convenience. Open
<span class="menuchoice">
<span class="guimenu">Applications</span>&nbsp;▸
<span class="guisubmenu">Internet</span>&nbsp;▸
<span class="guimenuitem">Connect to Tails Server</span>
</span>.
The <span class="application">Connect to Tails Server</span> application automatically parses the clipboard for Tails Server connection information. It then allows to connect to the service by automatically starting the client application with the provided information. Depending on the service, the application also deals with some other inconveniences (for example when used with Mumble, it automatically adds the specified TLS fingerprint to the known fingerprints, so you don't get prompted about the TLS certificate and you don't have to compare the fingerprints by hand).
\ No newline at end of file
[[!meta title="Serving a web site with lighttpd"]]
Sorry, this is not documented yet.
[[!meta title="Voice chatting with Mumble"]]
For voice chatting, <span class="application">Tails Server</span> includes <span
class="application">Mumble-Server</span>.
class="application">Mumble-Server</span>.
For more detailed documentation, refer to the [official
<span class="application">Mumble</span>
documentation](http://wiki.mumble.info/wiki/FAQ).
Configure the Service
=====================
The <span class="application">Mumble-Server</span> is preconfigured in <span class="application">Tails Server</span>, so you are able to start it without additional configuration. You might still want to configure some of the service's options:
The <span class="application">Mumble-Server</span> is preconfigured in <span class="application">Tails Server</span>, so you are able to start it without additional configuration. You can edit the configuration options by clicking the **Edit** button on the bottom right.
Mumble specific options:
1. Password: The password required to connect to the service. This is preset to a 20 character random string.
2. TLS Fingerprint: This is the SHA-1 digest of the TLS certificate used by the Mumble server. You should provide this to the clients so they can verify the certificate when they connect. This option can't be modified.
3. Welcome Message: This message will be displayed to clients when they connect to the service.
1. Persistence: Stores the service's configuration persistently (i.e. it will not be reset after rebooting Tails). This is only available if you enabled [[Tails' persistence feature|first_steps/persistence]].
1. Autostart: Starts this service automatically after boot.
1. Allow LAN: Allows connection from your local area network (LAN) to the service.
<div class="tip">
<p>To connect locally, you will have to find out which IP address your computer is assigned to on your local network. You can look this up in the <span class="application">Network</span> application. To start <span class="application">Network</span>, open <span class="menuchoice">
<span class="guimenu">Applications</span>&nbsp;▸
<span class="guisubmenu">System Tools</span>&nbsp;▸
<span class="guimenuitem">Settings</span>
</span>, and then choose <span class="guimenuitem">Network</span>.
</div>
The other options are explained in the [[Tails Server main documentation|tails_server/tails_server]].
Connect to the Service
======================
You can connect to the <span class="application">Mumble-Server</span> service using the <span class="application">Mumble</span> client. To start <span class="application">Mumble</span>, open
<span class="menuchoice">
If you are using Tails, you can use the <span class="application">Connect to Tails Server</span> application. Open <span class="menuchoice">
<span class="guimenu">Applications</span>&nbsp;▸
<span class="guisubmenu">Internet</span>&nbsp;▸
<span class="guimenuitem">Mumble</span>
<span class="guimenuitem">Connect to Tails Server</span>
</span>.
In order to connect to the service, you will need the onion address, the port, and the password. This information can be easily distributed by the service administrator by copying the <em>Connection Info</em> displayed in <span class="application">Tails Server</span>.
To connect to the service, choose <span class="menuchoice">
You can also connect by using the <span class="application">Mumble</span> client and entering the address, port and password manually. To connect to the service, start <span class="application">Mumble</span> and choose <span class="menuchoice">
<span class="guimenu">Server</span>&nbsp;▸
<span class="guimenuitem">Connect</span>
</span>, and then click <span class="guimenuitem">Add New</span>. Now you need to enter the onion address and the port (defaults to 64738). You will also need to choose a label for the service and a username. When you click OK, the client will try to connect to the service and will ask you to enter the service's password.
Verify Certificate
==================
When connecting to the service for the first time, there will be a prompt informing you that there are errors with the certificate (it's host name doesn't match and it is self-signed) and asking you if you want to accept the certificate. You should compare the displayed certificate fingerprint with the fingerprint in the <em>Connection Info</em> in <span class="application">Tails Server</span> and only accept the certificate if they match. If you do not have this <em>Connection Info</em>, ask the <span class="application">Tails Server</span> administrator for it.
When connecting to the service manually, there will be a prompt informing you that there are errors with the TLS certificate (it's host name doesn't match and it is self-signed) and asking you if you want to accept the certificate. You should compare the displayed certificate fingerprint with the fingerprint in the in <span class="application">Tails Server</span> and only accept the certificate if they match. If you do not have the TLS fingerprint, ask the <span class="application">Tails Server</span> administrator for it.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment