Contents

  1. Smart Router
  2. Private Cloud
  3. Diskussionsforum
  4. Matrix
  5. IRC #freedombox
  6. Email
  7. Hilfe wiedergeben
  8. Herunterladen für Debian
  9. Herunterladen für Hardware bzw. Virtuelle Maschinen
  10. Bepasty (Datei- und Ausschnittteilen)
  11. Calibre (E-Book-Bibliothek)
  12. Coturn (VoIP-Helfer)
  13. Deluge (Verteilte Dateifreigabe über BitTorrent)
  14. Ejabberd (Unterhaltungsserver)
  15. GitWeb (einfältiges Git-Hosting)
  16. I2P (Anonymitätnetzwerk)
  17. Ikiwiki (Wiki und Blog)
  18. Infinoted (Kollaborative Textbearbeitung mit Gobby)
  19. JSXC (Webbasiertes Untehaltungsclient)
  20. Matrix Synapse (Unterhaltungsserver)
  21. MediaWiki (Wiki)
  22. Minetest (Blockspielraum)
  23. MiniDLNA (Einfältiges Mediaserver)
  24. Mumble (Stimmunterhaltung) Server
  25. OpenVPN (Privates Virtualnetzwerk)
  26. Privoxy (Web Proxy)
  27. Quassel (Text Chat Client via IRC)
  28. Radicale (Calendar and Addressbook)
  29. Roundcube (Email Client)
  30. RSS Bridge (RSS Feed Generator)
  31. Samba (Network File Storage)
  32. Searx (Web Search)
  33. Shadowsocks (Bypass Censorship)
  34. Sharing (File Publishing)
  35. Syncthing (File Synchronization)
  36. Tiny Tiny RSS (News Feed Reader)
  37. Tor (Anonymitätnetzwerk)
  38. Transmission (Distributed File Sharing via BitTorrent)
  39. User Websites
  40. WireGuard (Virtual Private Network)
  41. Zoph (Foto-Manager)
  42. Backups
  43. BIND (Domain Name Server)
  44. Cockpit (Server Administration)
  45. Configure
  46. Date & Time
  47. Diagnostics
  48. Dynamic DNS Client
  49. Firewall
  50. Let's Encrypt (Certificates)
  51. Name Services
  52. Networks
  53. PageKite (Public Visibility)
  54. Performance (System Monitoring)
  55. Power
  56. Secure Shell (SSH) Server
  57. Security
  58. Service Discovery
  59. Storage
  60. Storage Snapshots
  61. Software Updates
  62. Users and Groups
  63. Unterstützte Hardware
  64. Ziel-Hardware
  65. Pioneer Edition FreedomBox
  66. A20 OLinuXino Lime2
  67. A20 OLinuXino MICRO
  68. APU
  69. Cubietruck
  70. Cubieboard 2
  71. Beagle Bone Black
  72. pcDuino3
  73. Debian
  74. VirtualBox
  75. Pine A64+
  76. Banana Pro
  77. Orange Pi Zero
  78. RockPro64
  79. Rock64
  80. Raspberry Pi 2 Model B
  81. Raspberry Pi 3 Model B
  82. Raspberry Pi 3 Model B+
  83. Raspberry Pi 4 Model B
  84. USB Wi-Fi
  85. FreedomBox 24.21 (2024-10-07)
  86. FreedomBox 24.20.1 (2024-09-25)
  87. FreedomBox 24.20 (2024-09-23)
  88. FreedomBox 24.19 (2024-09-09)
  89. FreedomBox 24.18 (2024-08-26)
  90. FreedomBox 24.17 (2024-08-12)
  91. FreedomBox 24.16 (2024-07-29)
  92. FreedomBox 24.15 (2024-07-16)
  93. FreedomBox 24.14 (2024-07-01)
  94. FreedomBox 24.13 (2024-06-17)
  95. FreedomBox 24.12 (2024-06-03)
  96. FreedomBox 24.11 (2024-05-20)
  97. FreedomBox 24.10 (2024-05-06)
  98. FreedomBox 24.9 (2024-04-22)
  99. FreedomBox 24.8 (2024-04-08)
  100. FreedomBox 24.7 (2024-03-25)
  101. FreedomBox 24.6 (2024-03-11)
  102. FreedomBox 24.5 (2024-02-26)
  103. FreedomBox 24.4 (2024-02-12)
  104. FreedomBox 24.3 (2024-01-29)
  105. FreedomBox 24.2 (2024-01-15)
  106. FreedomBox 24.1 (2024-01-01)
  107. FreedomBox 23.21 (2023-11-20)
  108. FreedomBox 23.20 (2023-11-06)
  109. FreedomBox 23.19 (2023-10-23)
  110. FreedomBox 23.18 (2023-09-25)
  111. FreedomBox 23.17 (2023-09-11)
  112. FreedomBox 23.16 (2023-08-28)
  113. FreedomBox 23.15 (2023-08-14)
  114. FreedomBox 23.14 (2023-07-31)
  115. FreedomBox 23.13 (2023-07-17)
  116. FreedomBox 23.12 (2023-06-19)
  117. FreedomBox 23.11 (2023-06-05)
  118. FreedomBox 23.10 (2023-05-22)
  119. FreedomBox 23.9 (2023-05-08)
  120. FreedomBox 23.6.2 (2023-05-01)
  121. FreedomBox 23.8 (2023-04-24)
  122. FreedomBox 23.6.1 (2023-04-10)
  123. FreedomBox 23.7 (2023-03-27)
  124. FreedomBox 23.6 (2023-03-13)
  125. FreedomBox 23.5 (2023-02-27)
  126. FreedomBox 23.4 (2023-02-13)
  127. FreedomBox 23.3 (2023-01-30)
  128. FreedomBox 23.2 (2023-01-16)
  129. FreedomBox 23.1 (2023-01-03)
  130. FreedomBox 22.27 (2022-12-19)
  131. FreedomBox 22.26 (2022-12-05)
  132. FreedomBox 22.25 (2022-11-21)
  133. FreedomBox 22.24 (2022-11-07)
  134. FreedomBox 22.23 (2022-10-24)
  135. FreedomBox 22.22.1 (2022-10-16)
  136. FreedomBox 22.22 (2022-10-10)
  137. FreedomBox 22.21.1 (2022-10-01)
  138. FreedomBox 22.21 (2022-09-26)
  139. FreedomBox 22.20 (2022-09-12)
  140. FreedomBox 22.19 (2022-08-29)
  141. FreedomBox 22.18 (2022-08-15)
  142. FreedomBox 22.17 (2022-08-01)
  143. FreedomBox 22.16 (2022-07-18)
  144. FreedomBox 22.15 (2022-07-04)
  145. FreedomBox 22.14.1 (2022-06-27)
  146. FreedomBox 22.14 (2022-06-20)
  147. FreedomBox 22.13 (2022-06-06)
  148. FreedomBox 22.12 (2022-05-23)
  149. FreedomBox 22.11 (2022-05-09)
  150. FreedomBox 22.10 (2022-04-25)
  151. FreedomBox 22.9 (2022-04-11)
  152. FreedomBox 22.8 (2022-03-28)
  153. FreedomBox 22.7 (2022-03-14)
  154. FreedomBox 22.6.1 (2022-03-06)
  155. FreedomBox 22.6 (2022-03-02)
  156. FreedomBox 22.5 (2022-02-14)
  157. FreedomBox 22.4 (2022-01-31)
  158. FreedomBox 22.3 (2022-01-17)
  159. FreedomBox 22.2 (2022-01-11)
  160. FreedomBox 22.1 (2022-01-03)
  161. FreedomBox 21.16 (2021-12-20)
  162. FreedomBox 21.15 (2021-12-06)
  163. FreedomBox 21.14.1 (2021-11-24)
  164. FreedomBox 21.14 (2021-11-22)
  165. FreedomBox 21.13 (2021-11-08)
  166. FreedomBox 21.12 (2021-10-25)
  167. FreedomBox 21.11 (2021-10-11)
  168. FreedomBox 21.10 (2021-09-27)
  169. FreedomBox 21.9 (2021-09-18)
  170. FreedomBox 21.8 (2021-08-30)
  171. FreedomBox 21.7 (2021-08-16)
  172. FreedomBox 21.6 (2021-05-31)
  173. FreedomBox 21.5 (2021-04-19)
  174. FreedomBox 21.4.2 (2021-03-28)
  175. FreedomBox 21.4.1 (2021-03-13)
  176. FreedomBox 21.4 (2021-02-28)
  177. FreedomBox 21.3 (2021-02-11)
  178. FreedomBox 21.2 (2021-02-05)
  179. FreedomBox 21.1 (2021-01-25)
  180. FreedomBox 21.0 (2021-01-11)
  181. FreedomBox 20.21 (2020-12-28)
  182. FreedomBox 20.20.1 (2020-12-19)
  183. FreedomBox 20.20 (2020-12-14)
  184. FreedomBox 20.19 (2020-11-30)
  185. FreedomBox 20.18.1 (2020-11-23)
  186. FreedomBox 20.18 (2020-11-16)
  187. FreedomBox 20.17.1 (2020-11-07)
  188. FreedomBox 20.17 (2020-11-02)
  189. FreedomBox 20.16 (2020-10-19)
  190. FreedomBox 20.15 (2020-10-05)
  191. FreedomBox 20.14.1 (2020-09-23)
  192. FreedomBox 20.14 (2020-09-15)
  193. FreedomBox 20.13 (2020-07-18)
  194. FreedomBox 20.12.1 (2020-07-05)
  195. FreedomBox 20.12 (2020-06-29)
  196. FreedomBox 20.11 (2020-06-15)
  197. FreedomBox 20.10 (2020-06-01)
  198. FreedomBox 20.9 (2020-05-18)
  199. FreedomBox 20.8 (2020-05-04)
  200. FreedomBox 20.7 (2020-04-20)
  201. FreedomBox 20.6.1 (2020-04-11)
  202. FreedomBox 20.6 (2020-04-06)
  203. FreedomBox 20.5.1 (2020-03-26)
  204. FreedomBox 20.5 (2020-03-23)
  205. FreedomBox 20.4 (2020-03-09)
  206. FreedomBox 20.3 (2020-02-24)
  207. FreedomBox 20.2 (2020-02-10)
  208. FreedomBox 20.1 (2020-01-27)
  209. FreedomBox 20.0 (2020-01-13)
  210. FreedomBox 19.24 (2019-12-30)
  211. FreedomBox 19.23 (2019-12-16)
  212. FreedomBox 19.22 (2019-12-02)
  213. FreedomBox 19.21 (2019-11-18)
  214. FreedomBox 19.20 (2019-11-04)
  215. FreedomBox 19.19 (2019-10-21)
  216. FreedomBox 19.18 (2019-10-07)
  217. FreedomBox 19.17 (2019-09-23)
  218. FreedomBox 19.16 (2019-09-09)
  219. FreedomBox 19.15 (2019-08-26)
  220. FreedomBox 19.14 (2019-08-12)
  221. FreedomBox 19.13 (2019-07-29)
  222. FreedomBox 19.12 (2019-07-22)
  223. FreedomBox 19.2.2 (2019-07-17)
  224. FreedomBox 19.2.1 (2019-07-09)
  225. FreedomBox 19.11 (2019-07-08)
  226. FreedomBox 19.10 (2019-06-24)
  227. FreedomBox 19.9 (2019-06-10)
  228. FreedomBox 19.8 (2019-05-27)
  229. FreedomBox 19.7 (2019-05-13)
  230. FreedomBox 19.6 (2019-04-29)
  231. FreedomBox 19.5 (2019-04-15)
  232. FreedomBox 19.4 (2019-04-01)
  233. FreedomBox 19.3 (2019-03-18)
  234. FreedomBox 19.2 (2019-03-02)
  235. FreedomBox 19.1 (2019-02-14)
  236. FreedomBox 19.0 (2019-02-09)
  237. Version 0.49.1 (2019-02-07)
  238. Version 0.49.0 (2019-02-05)
  239. Version 0.48.0 (2019-01-28)
  240. Version 0.47.0 (2019-01-14)
  241. Version 0.46.0 (2018-12-31)
  242. Version 0.45.0 (2018-12-17)
  243. Version 0.44.0 (2018-12-03)
  244. Version 0.43.0 (2018-11-19)
  245. Version 0.42.0 (2018-11-05)
  246. Version 0.41.0 (2018-10-22)
  247. Version 0.40.0 (2018-10-08)
  248. Version 0.39.0 (2018-09-24)
  249. Version 0.38.0 (2018-09-10)
  250. Version 0.37.0 (2018-08-27)
  251. Version 0.36.0 (2018-08-13)
  252. Version 0.35.0 (2018-07-30)
  253. Version 0.34.0 (2018-07-16)
  254. Version 0.33.1 (2018-07-04)
  255. Version 0.33.0 (2018-07-02)
  256. Version 0.32.0 (2018-06-18)
  257. Version 0.31.0 (2018-06-04)
  258. Version 0.30.0 (2018-05-21)
  259. Version 0.29.1 (2018-05-08)
  260. Version 0.29.0 (2018-05-07)
  261. Version 0.28.0 (2018-04-23)
  262. Version 0.27.0 (2018-04-09)
  263. Version 0.26.0 (2018-03-26)
  264. Version 0.25.0 (2018-03-12)
  265. Plinth v0.24.0 (2018-02-26)
  266. Plinth v0.23.0 (2018-02-12)
  267. Plinth v0.22.0 (2018-01-30)
  268. Plinth v0.21.0 (2018-01-15)
  269. Plinth v0.20.0 (2018-01-01)
  270. Plinth v0.19.0 (2017-12-18)
  271. Plinth v0.18.0 (2017-12-04)
  272. Plinth v0.17.0 (2017-11-20)
  273. Plinth v0.16.0 (2017-11-06)
  274. Plinth v0.15.3 (2017-10-20)
  275. Plinth v0.15.2 (2017-09-24)
  276. Plinth v0.15.0 (2017-07-01)
  277. Plinth v0.14.0 (2017-04)
  278. Plinth v0.13.1 (2017-01-22)
  279. Plinth v0.12.0 (2016-12-08)
  280. Plinth v0.11.0 (2016-09-29)
  281. Plinth v0.10.0 (2016-08-21)
  282. Version 0.9.4 (2016-06-24)
  283. Version 0.9 (2016-04-24)
  284. Version 0.8 (2016-02-20)
  285. Version 0.7 (2015-12-13)
  286. Version 0.6 (2015-10-31)
  287. Version 0.5 (2015-08-07)
  288. Version 0.3 (2015-01-20)
  289. Version 0.2 (2014-03-16)
  290. Version 0.1 (2013-02-26)
  291. Quick Links
  292. Welcome to newcomers
  293. Donate
  294. Spread the Word
  295. Feed Us Back (Comment)
  296. Request applications
  297. Translate
  298. Document: User Manual, Website and Wiki, HowTo/demo videos
  299. Assure Quality (Test and Check)
  300. Code
  301. Design
  302. Package Applications
  303. FreedomBox Service (Plinth)
  304. FreedomBox Setup
  305. Freedom Maker

FreedomBox Einführung

FreedomBox ist ein persönlicher Server, der Ihre Privatsphäre schützt. Es ist ein freier Software-Stack, ein Teil des Debian universellen Betriebssystems, das auf vielen Varianten von günstiger und energieeffizienter Hardware installiert werden kann. Die Einfachheit der Installation und des Betriebs einer FreedomBox ist ähnlich der von einem Smartphone.

1. Smart Router

FreedomBox läuft auf einem physischen Computer und kann Ihren Datenverkehr lenken. Es kann zwischen verschiedenen Geräten zu Hause sitzen, wie beispielsweise Mobiltelefone, Laptops, Fernseher und das Internet und ersetzt einen Wireless-Router. Durch das Routen des Datenverkehrs kann FreedomBox Tracking-Anzeigen und bösartige Web-Bugs entfernen, bevor sie überhaupt Ihre Geräte erreichen. FreedomBox kann Ihren Standort verbergen und schützt Ihre Anonymität durch "Onion Routing" Ihres Datenverkehrs über Tor. FreedomBox bietet einen VPN-Server, den Sie verwenden können wenn Sie unterwegs sind, um Ihren Datenverkehr auf nicht vertrauenswürdigen öffentlichen Funknetzen zu verschiedenen Geräten zuhause sicher und geheim zu halten. Es kann auch zusammen mit Ihrem Laptop mitgeführt und dazu verwendet werden, um sich an öffentliche Netze bei der Arbeit, in der Schule oder Büro zu verbinden, um deren Dienste in Anspruch zu nehmen. Es könnte in einem Dorf verwendet werden, um die Kommunikation im ganzen Dorf zu ermöglich. Zukünftig beabsichtigt FreedomBox Unterstützung für alternative Verbindungsmöglichkeiten mit dem Internet zu ermöglichen, wie beispielsweise Mesh Netze.

2. Private Cloud

FreedomBox bietet Dienstleistungen: für Ihren Computer und mobile Geräte in Ihrem Haus und zu Computern und mobilen Geräten von anderen Menschen, die Ihre Freunde sind. FreedomBox bietet Filesharing wie Dropbox, gemeinsame Kalander wie Google oder Yahoo und Foto-Sharing. FreedomBox bietet Instant Messaging und wirklich sichere Sprachkonferenzen, die auf niedriger Bandbreite mit hoher Qualität arbeiten. FreedomBox hat einen Blog und Wiki und lässt Sie so Ihre Informationen veröffentlichen und gemeinsam mit dem Rest der Welt zusammenarbeiten. In Kürze wird ein persönlicher E-Mail-Server und verteiltes Social-Networking mit GNU Social und Diaspora realisiert, die beide Ihre Privatsphäre respektieren als Alternative zu Google Mail und Facebook.

Schnelleinstieg

  1. Die einfachste Methode um ein FreeedomBox zu haben, ist es zu kaufen. Sonst, laden Sie ein FreedomBox Image herunter und installieren Sie es indem Sie den Anweisungen auf Download folgen.

  2. Stecken Sie ein Ende des Ethernetkabels in den Ethernet-Port Ihrer FreedomBox und das andere Ende in Ihren Router.

    • Auf der Dreamplug sollte der eth0-Port (in der Mitte der Box) an den Router angeschlossen werden.
  3. Wenn Ihr Gerät einen zweiten Ethernet-Port hat, können Sie Ihren Computer mit einem weiteren Ethernetkabel direkt daran anschließen.
  4. Starten Sie Ihre FreedomBox.

  5. Beim ersten Booten wird die FreedomBox die Erstinstallation durchführen und dann neu zu starten. Dies kann mehrere Minuten dauern.

  6. Nachdem die FreedomBox neu gestartet wurde, können Sie auf dessen Web-Interface (genannt Plinth) über Ihren Webbrowser zugreifen.

    • Wenn der Computer direkt an die FreedomBox durch einen zweiten (LAN) Ethernet-Port angeschlossen ist, können Sie http://freedombox/ oder http://10.42.0.1/ verwenden.

    • Wenn Ihr Computer mDNS unterstützt (GNU/Linux, Mac OSX und Windows mit installierter mDNS-Software), können Sie http://freedombox.local/ (oder http://der-hostname-den-Sie-bei-der-Installation-verwendet-haben.local/) verwenden.

    • Wenn keine dieser Methoden zur Verfügung steht, müssen Sie die IP-Adresse Ihrer FreedomBox herausfinden. Sie können dazu das "nmap" Programm verwenden:

           nmap -p 80 --open -sV 192.168.0.0/24

      Ihre FreedomBox wird als eine IP-Adresse mit einer offenen TCP-Port 80 unter Verwendung vom Apache-Dienst http auf Debian erscheinen, wie das Beispiel hier zeigt, wo es über http://192.168.0.165 zugänglich ist:

           Nmap scan report for 192.168.0.165
           Host is up (0.00088s latency).
           PORT   STATE SERVICE VERSION
           80/tcp open  http    Apache httpd 2.4.17 ((Debian))
  7. Beim Zugriff auf Plinth wird Sie Ihr Browser warnen, dass er sicher kommuniziert aber dass er das Sicherheitszertifikat für ungültig hält. Dies ist eine Tatsache, die Sie zur Zeit akzeptieren müssen, weil das Zertifikat automatisch auf der Box erzeugt und daher "selbstsigniert" wird (der Browser könnte auch Worte wie "nicht vertrauenswürdig", "nicht privat", "Privatsphäre-Fehler" oder "unbekannter Emittent/Behörde" verwenden). Ihrem Browser mitzuteilen dass Sie dies wissen, wird durch Drücken der Tasten wie "Ich verstehe die Risiken" oder "Ausnahme hinzufügen" erreicht.
  8. Beim ersten Zugriff werden Sie eine Willkommensseite sehen die Sie bittet, einige grundlegende Informationen zum Einrichten der FreedomBox bereitzustellen.

  9. Nach dem Ausfüllen des Formulars werden Sie bei Plinth angemeldet und in der Lage sein, auf Anwendungen und Konfigurationen über diese Schnittstelle zuzugreifen.
  10. Wenn Ihr Computer direkt mit der FreedomBox verbunden ist kann Ihre FreedomBox als Router arbeiten, und Ihnen Zugriff auf das Internet ermöglichen.

Nun können Sie die Apps, die auf der FreedomBox verfügbar sind, ausprobieren.

Hilfe Erhalten

Die FreedomBox-Gesellschaft bietet Instanthilfe durch Forum, Chat und E-Mail. Fühlen Sie sich frei, mitzumachen und, was Sie möchten zu fragen. Wenn Sie erfolgreiche Hilfe erhalten, wägen Sie ab, Ihre Lösung auf der Seite "Fragen und Antworten" einzutragen, damit andere in der Zukunft davon profitieren können.

1. Diskussionsforum

Der einfachste Unterstützungsmittel, ist das Diskussionsforum. Sie können nach Lösungen für bekannte Probleme suchen, oder Hilfe von Gesellschaftsmitwirkenden anfordern, indem Sie Fragen stellen. Dies ist auch der beste Mittel, um Gesellschaftsmitwirkenden von Ihrer FreedomBox-Erfahrung zu informieren.

Um neue Informationen zu veröffentlichen, müssen Sie sich mit Name und E-Mail-Adresse eintragen (Sie dürfen jedoch ein Pseudonym und eine sekundäre E-Mail-Adresse angeben). Sie können sich Themen und Kategorien ansehen oder wenn Sie den Mailinglistenmodus in Ihren Kontoeinstellungen aktivieren, können Sie mit dem Forum durch e-Mail, wie bei einer Mailingliste, interagieren.

2. Matrix

Sie können unserem Matrixraum #freedombox:matrix.org beitreten. Der Raum ist mit dem IRC-Kanal verbunden und speichert den Chat-Verlauf. Wenn Sie noch keinen Client installiert haben, können Sie sich mit Ihrem Webbrowser anmelden. Weitere Optionen finden Sie auf dieser Matrix-Client-Übersichtsseite.

3. IRC #freedombox

Wenn Sie sind mit Internet Relay Chat (IRC) und IRC client vertraut sind, können Sie auch sofortige Online-Hilfe von der Gesellschaft auf dem Kanal #freedombox in irc.debian.org erhalten. Wahrscheinlich dauert es einige Zeit, bis ein Mitglied Ihnen antwortet. Seien Sie geduldig. Eine Reaktion wird eventuell eintreten.

4. Email

FreedomBox-Benutzer und Mitwirkende sind per E-Mail über eine Diskussionsliste erreichtbar. Um eine Frage zu stellen und eine Antwort von der Gesellschaft zu erhalten, registrieren Sie sich bitte auf der Mailinglistenseite, geben Sie Ihre E-Mail-Adresse an und erstellen Sie ein Passwort. Sie können auch Diskussionsarchive lesen . Diese Liste sammelt etwa 700 Leser an.

5. Hilfe wiedergeben

Wenn Sie erfolgreiche Hilfe erhalten, vergessen Sie nicht, Ihre Lösung auf der Seite Fragen und Antworten einzutragen, und erzählen Sie in der Seite Anwendungsfälle, welche Funktionen Sie verwenden. Es könnte anderen helfen, FreedomBox auf eine Weise zu verwenden, die sie sich noch nicht vorgestellt hätten.

Herunterladen und installieren

  • Notitz: Wenn Sie ein FreedomBox Kit gekauft haben, richtet sich dieser Abschnitt nicht an Sie, und Sie dürfen ihn ruhig überlesen. (Es sei denn, Sie wollen explizit ein alternatives Image bauen).

Sie können FreedomBox entweder auf einer der unterstützten Hardware, auf einem Debian System oder einer virtuellen Maschine verwenden.

1. Herunterladen für Debian

Wenn Sie auf Debian installieren, brauchen Sie diese Images nicht herunterladen. Stattdessen lesen Sie bitte die Anleitungen zum Einrichten der FreedomBox auf Debian.

2. Herunterladen für Hardware bzw. Virtuelle Maschinen

2.1. Gerät vorbereiten

Siehe die Hardware-spezifischen Anweisungen, wie Sie Ihr Gerät vorbereiten. Lesen Sie so viele Dokumentationen wie möglich, die Sie im Internet über das ersten Booten und Flashen von USB oder SD-Karten auf Ihrer Hardware finden können.

2.2. Images Herunterladen

Neueste Images für unterstützte Geräte finden Sie hier:

2.3. Heruntergeladene Images Überprüfen

Es ist wichtig die Images die Sie heruntergeladen haben zu überprüfen, um sicherzustellen, dass die Datei nicht während der Übertragung beschädigt wurde und dass es sich in der Tat um die durch FreedomBox Entwickler erstellte Images handelt.

  • Öffnen Sie zunächst ein Terminal und importieren Sie den öffentlichen Schlüssel des FreedomBox Entwicklers, der das Image erstellt hat:

    $ gpg --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 0x36C361440C9BC971
  • Als nächstes überprüfen Sie den Fingerabdruck des öffentlichen Schlüssels:
    $ gpg --fingerprint 0x36C361440C9BC971
    pub   4096R/0C9BC971 2011-11-12
          Key fingerprint = BCBE BD57 A11F 70B2 3782  BC57 36C3 6144 0C9B C971
    uid                  Sunil Mohan Adapa <sunil@medhas.org>
    sub   4096R/4C1D4B57 2011-11-12
  • Schließlich verifizieren Sie Ihr heruntergeladenes Image mit seiner Signatur-Datei .sig. Beispielsweise:

    $ gpg --verify freedombox-unstable-free_2015-12-13_cubietruck-armhf.img.xz.sig freedombox-unstable-free_2015-12-13_cubietruck-armhf.img.xz
    gpg: Signature made Thursday 15 January 2015 09:27:50 AM IST using RSA key ID 0C9BC971
    gpg: Good signature from "Sunil Mohan Adapa <sunil@medhas.org>"
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: BCBE BD57 A11F 70B2 3782  BC57 36C3 6144 0C9B C971

2.4. Installation

Nach dem Download können Sie das Image verwenden um die unterstützte Hardware (einschließlich virtuelle Maschinen) zu booten. Sie müssen das Image wie folgt auf die Speicherkarte oder den USB-Stick kopieren:

  1. Finden Sie heraus, welches Gerät Ihre Karte tatsächlich ist.
    1. Entnehmen Sie Ihre Karte.
    2. Starten Sie dmesg -w um die Kernel-Meldungen anzuzeigen.

    3. Stecken Sie Ihre Karte ein. Sie sehen Nachrichten wie:
    • [33299.023096] usb 4-6: new high-speed USB device number 12 using ehci-pci
      [33299.157160] usb 4-6: New USB device found, idVendor=058f, idProduct=6361
      [33299.157162] usb 4-6: New USB device strings: Mfr=1, Product=2, SerialNumber=3
      [33299.157164] usb 4-6: Product: Mass Storage Device
      [33299.157165] usb 4-6: Manufacturer: Generic
      [33299.157167] usb 4-6: SerialNumber: XXXXXXXXXXXX
      [33299.157452] usb-storage 4-6:1.0: USB Mass Storage device detected
      [33299.157683] scsi host13: usb-storage 4-6:1.0
      [33300.155626] scsi 13:0:0:0: Direct-Access     Generic- Compact Flash    1.01 PQ: 0 ANSI: 0
      [33300.156223] scsi 13:0:0:1: Direct-Access     Multiple Flash Reader     1.05 PQ: 0 ANSI: 0
      [33300.157059] sd 13:0:0:0: Attached scsi generic sg4 type 0
      [33300.157462] sd 13:0:0:1: Attached scsi generic sg5 type 0
      [33300.462115] sd 13:0:0:1: [sdg] 30367744 512-byte logical blocks: (15.5 GB/14.4 GiB)
      [33300.464144] sd 13:0:0:1: [sdg] Write Protect is off
      [33300.464159] sd 13:0:0:1: [sdg] Mode Sense: 03 00 00 00
      [33300.465896] sd 13:0:0:1: [sdg] No Caching mode page found
      [33300.465912] sd 13:0:0:1: [sdg] Assuming drive cache: write through
      [33300.470489] sd 13:0:0:0: [sdf] Attached SCSI removable disk
      [33300.479493]  sdg: sdg1
      [33300.483566] sd 13:0:0:1: [sdg] Attached SCSI removable disk
    • Im obigen Fall ist die Platte, die neu eingefügten wurde als /dev/sdg verfügbar. Notieren Sie dies sorgfältig und verwenden Sie es in dem Kopierschritt unten.

  2. Entpacken Sie das heruntergeladene Image:
    $ xz -d freedombox-unstable-free_2015-12-13_cubietruck-armhf.img.xz

    Der oben stehende Befehl ist ein Beispiel für das cubietruck Image vom 2015.12.13. Ihre heruntergeladene Datei wird einen anderen Namen haben.

  3. Kopieren Sie das Image auf Ihre Karte. Überprüfen sie dabei alle Schritte sehr genau um sicherzustellen, dass Sie nicht aus Versehen auf den Speicher des Computers (wie /dev/sda) schreiben. Stellen Sie auch sicher, dass Sie diesen Schritt nicht als root durchführen, um zu vermeiden versehentlich Daten auf Ihrer Festplatte durch einen Fehler bei der Identifizierung des Geräts oder einem Fehler während der Eingabe des Befehls zu löschen. USB Sticks und SD-Karten sollten in der Regel für normale Benutzer beschreibbar sein. Wenn Sie nicht über die Berechtigung verfügen, auf die SD-Karte als Benutzer zu schreiben, müssen Sie diesen Befehl als root ausführen. In diesem Fall überprüfen Sie alles dreifach, bevor Sie den Befehl ausführen. Eine weitere Sicherheitsmaßnahme ist, alle externen Festplatten mit Ausnahme der SD-Karte abzuziehen, bevor Sie den Befehl ausführen.

    For example, if your SD card is /dev/sdf as noted in the first step above, then to copy the image, run:

    Zum Beispiel, wenn die SD-Karte /dev/sdf heißt, wie im ersten Schritt oben festgestellt wurde, dann führen Sie folgendes aus, um das Image zu kopieren:

    $ cd build
    $ dd bs=1M if=freedombox-unstable-free_2015-12-13_cubietruck-armhf.img of=/dev/sdf conv=fdatasync

Andere moglichkeit zum kopieren zum SD card, when dd ist nicht for hande.

$ cat freedombox-unstable-free_2015-12-13_cubietruck-armhf.img > /dev/sdf ; sync

Fur MS Windows gibt das programm etcher.

  • Der oben stehende Befehl ist ein Beispiel für das cubietruck Image vom 2015.12.13. Ihre heruntergeladenen Dateinamen wird anders sein.

    Bei der Auswahl des Geräts, verwenden Sie den Laufwerkbuchstaben, wie /dev/sdf, nicht ein nummerisches Ziel, wie /dev/sdf1. Das Gerät ohne Nummer bezieht sich auf die gesamte Vorrichtung, während der Name mit Zahl auf eine bestimmte Partition verweist. Wir wollen das ganze Gerät verwenden. Heruntergeladene Images enthalten alle Informationen über wie viele Partitionen benötigt werden, ihre Größen und Typen. Sie müssen nicht die SD-Karte formatieren oder Partitionen erstellen. Alle Daten auf der SD-Karte werden während des Schreibprozesses gelöscht werden.

    1. Verwenden Sie das Image, indem Sie die SD-Karte oder USB-Platte in das Gerät einsetzen und von ihm starten. Ihr Gerät sollte ebenfalls vorbereitet worden sein (siehe den entsprechenden Abschnitt).

    2. Lesen Sie (den Rest) des Handbuchs für Anweisungen, wie Sie Anwendungen in FreedomBox verwenden.

Anwendungen (Apps)

1. Bepasty (Datei- und Ausschnittteilen)

bepasty-Ikon

Verfügbar seit: Version 20.14

1.1. Was ist Bepasty?

Bepasty ist eine Webanwendung, mit der man grosse Dateien laden und freigeben kann. Man kann auch Text- und Codeausschnitten kleben und freigeben. Benutzer können Vorblicke von Texte, Bilde, Audio, Video und PDF Dateien sich im Webbrowser vorschauen. Man kann ein Ablaufzeit für die Freigegebene Dateien einstellen.

1.2. Bilschirmfoto

Bilschirmfoto von Bepasty

1.3. Passwörter und Erlaubnisse

Bepasty verwendet nur Passwörter (keine Benutzernamen), um Zugriff zu steuern. Der Benutzer kriegt verschiebene Erlaubnisse, je nach Passwort. Man kann folgende Erlaubnisse kombinieren:

  • lesen: Kann eine Datei lesen, wenn man die URL kennt.

  • listen: Alle Dateien auflisten.

  • erschaffen: Eine neue Datei kleben, bzw. aufladen.

  • löschen: Eine Datei löschen.

  • verwalten: Dateie absperren, bzw. entsperren.

Nach der Installation Bepasty ist voreingestellt für folgende Rollen:

  • Schauer: Kann Dateien lesen und auflisten
  • Editor: Kann Dateien lesen, auflisten, erschaffen und löschen
  • Verwalter: Vollberechtigt

Diese Rollen unterstüttzen der Anwendungsfall einer Dateifreigabe unter bekannten, berechtigte Benutzern. Bei Bedarf kann man Bepasty für andere Rolle bzw. Anwendungsfälle wiedereinstellen.

1.4. Verteilung von Passwörte

Standardmässig ist der öffentlichen Zugriff auf None eingestellt, sodass eine Passwort für Zugriff auf Bepasty verlangt wird. Das heisst, dass Sie die Passwörte über andere vorhandene Kommunikationskanäle an die entschprechenden Benutzer vertilen müssen.

Beachten Sie btte, dass Sie wahrscheinlich mehrere verschiedene Passwörte mit dem selben Erlaubnissmenge erstellen möchten. Dies erlaubt jeder Benutzer (bzw Benutzergruppe) eine eigene Passwort zu kriegen. Wenn Sie dann einem bestimmten Benutzer den Zugriff entziehen möchten, können Sie dessen Passwork einfach löschen. Die andere Benutzer bleiben ungetroffen, denn jeder hat seine eigene Passwort.

1.5. Bepasty verwenden

Nach Anmeldung bei Bepasty, wenn Sie erlaubt zu "erschaffen" sind, wird ein grosses Textfeld angeboten in das Sie beliebigen Text kleben können. Sie dürfen auch Dateiname oder Content-Type für dem Inhalt angeben. Wenn Sie auf Senden klicken, wird die Datei erschafft.

Sie können auch Dateie ziehen in den unteren Bereich ablegen, und sie werden sofort aufgeladen. Sie können auch eine Liste erschaffen, um eine Sammlung hochgeladener Dateien zu verfolgen.

Sie können einen maximalen Lebensdauertwert festlegen. Nach Ablauf dieser Zeit wird die Datei gelösch.

Wenn Sie erlaubt zu "listen" sind, wird oben auf der Seite ein Link Alle Elemente Auflisten angezeigt. Dies zeigt alle Dateien an, die erschafft oder aufgeladen wurden.

Wenn Sie erlaubt zu "löschen" oder "verwalten" sind, werden auf der Listenseite neben jeder Datei weitere Aktionen angeboten.

Wenn Sie nur zu "lesen" erlaubt sind, brauchen Sie eine Passwort und eine oder mehrere URLs für vorhandene Dateien, um sie zu lesen,

1.6. Passwortverwaltung

Die Bepasty-Konfigurationseite im FreedomBox Interface erlaubt Sie neue Passwörter zu erstellen und verhandene zu löschen. When Sie eine Passwort erstellen, können Sie die oben beschriebene Berechtigungen kombinieren. Beachten Sie, dass ein Verwalter alle Berechtigungen haben sollte (nicht nur "Verwalter").

Sie können auch ein Kommentar angeben. Es ist empfohlen, sich damit der Zweck des Passwortes, bzw. wer sie es verwenden wird, zu merken.

Man kann auch öffentlichen Zugriff konfigurieren. Damit legt man Standarderlaubnisse, die auch ohne Anmeldung gelten, fest. So kann man festlegen, ob man Dateie über ihre URL lesen darf, oder ob man alle Dateie auflisten und lesen darf.

2. Calibre (E-Book-Bibliothek)

calibre app tile in FreedomBox web interface

Verfügbar seit: Version 20.15

Calibre ist eine E-Book-Verwaltung-Lösung. In Caliber Sie können ihre E-Books in Sammlungen oder "Bibliotheken" organisieren. Caliber kann unter den meisten gängigen E-Book-Formaten umstellen. Es kann auch Metadaten Ihrer E-Books wie Buchumschläge, Beschreibungen, Autoren- und Herausgeberinformationen usw. verwalten.

Ihre Caliberbibliothek von Ihrem Desktop auf Ihre FreedomBox zu verschieben bringt den Vorteil, daß Sie von jedem Gerät im lokalen Netzwerk oder über das Internet auf Ihre E-Books zugreifen können.

Nur Mitglieder der Gruppe calibre haben zugriff auf die Bibliotheken. Sie können Benuzten in dieser Gruppe mit der Systemanwendung Benutzer und Gruppe angliedern.

Möglicherweise kennen Sie schon den E-Book-Reader, der mit der Caliber Anwendung auf Ihrem Desktop geliefert wird. Die Serverversion Calibers, die auf Ihrer FreedomBox installiert ist, liefert einen webbasierten E-Book-Reader mit ähnlichem Erfahrbarkeit. So können Sie Ihre E-Books von jedem Gerät mit einem Webbrowser lesen.

Hinweis zu Kaliberversionen: Bitte beachten Sie, daß je nach der Debian-Version, auf der Ihre FreedomBox ausgeführt wird, möglicherweise eine andere Hauptversion Calibers ausgeführt wird. Debian Stable (Buster) liefert Caliber 3.x, Testing und Instable liefert Caliber 5.x. Das heißt, daß einige der experimentellen Funktionen wie der webbasierte E-Book-Reader möglicherweise nicht so gut funktionieren, wenn Sie auf Debian Stable arbeiten. Diese Situation wird sich verbessern, wenn Debian 11 (Bullseye) nächstes Jahr veröffentlicht wird. FreedomBox liefert keine rückportierten Caliberpakete.

2.1. Bibliothekenverwaltung

Nach der Installation des Kalibers wird eine Standardbibliothek namens "Library" zur Verfügung gestellt. Der FreedomBox-Administrator kann Bibliotheken, einschließlich der Standardbibliothek, in den App-Einstellungen der FreedomBox-Weboberfläche hinzufügen oder löschen.

2.2. Zugriff

Nach der Installierung kann man auf Caliber über den Webclient unter https://<Name_meines_Freedomboxes>/calibre zugreiffen.

3. Coturn (VoIP-Helfer)

Coturn Ikon

Verfügbar seit: Version 20.8

Coturn ist ein Server zur Erleichterung von Audio- bzw. Videoanrufen und Konferenzen durch die Implementierung von TURN- und STUN- Protokollen. WebRTC, SIP und andere Kommunikationsserver können damit einen Anruf zwischen Teilnehmern herstellen, die sonst keine Verbindung zueinander herstellen können.

Es ist nicht, um direkt von Benutzern verwendet zu werden entworfen. Server wie Matrix Synapse müßen mit den auf der Coturn-App-Seite angegebenen Details konfiguriert werden. Abgesehen von Matrix Synapse können Jitsi, Ejabberd, Nextcloud Talk usw. den Coturn-Server für Audio- bzw. Videoanrufe und Konferenzen verwenden. Man braucht nicht die Coturn-Serversoftware auf demselben Rechner wie FreedomBox ausgeführt werden, und externe Komunikationsserver können den von FreedomBox gelieferten Coturn verwenden.

Coturn ist in FreedomBox als fortgeschrittene Anwendung bezeichnet. Das heißt, daß um das Coturn-Ikon im Abteilung "Apps" zu sehen, Sie die Option "Fortgeschrittene Apps und Funktionen anzeigen" unter "Allgemeine Konfiguration" aktivieren müßen.

3.1. Wie funktioniert es

Bei einen Audio- bzw. Videoanruf soll man lieber die Medienströme direkt zwischen beide Seiten leiten. Dies bietet die bestmögliche Latenz (beßere Signalqualität) und vermeidet die Abhängigkeit von einem zentralen Server (Datenschutz). Es läßt sich gut skalieren, denn ein einfacher Chat-Server kann Tausende Anrufen hosten, bei dem der Server nirgends außer beim Anrufseinrichtung mitmacht. Dieser Ansatz funktioniert jedoch wegen der Netzwerkkonfiguration meistens nicht. Den meisten Netzwerkbetutzer ist keine eindeutige IP-Adreße zugewiesen. Sie arbeiten versteckt hinter einem Netzwerkgerät, das für sie Network Address Translation (NAT) ausführt. Das heißt, daß beide Seiten keine Möglichkeit haben, sich gegenseitig zu erreichen.

Als Lösung zu diesem Problem, wurde eine einfache Technik namens STUN eingeführt. Mithilfe eines drittseits STUN-Servers können die Seiten die NAT-Geräte austricksen, um den Datenverkehr zwischen beiden zu übertragen. Leider funktioniert dieser Trick nur in etwa 80% der Fälle. Wenn STUN fehlschlägt, haben die Seiten keine andere Wahl, als ihren Datenverkehr über einen Zwischenserver namens TURN-Server weiterzuleiten. Der ganze Mechanismus, STUN zuerst auszuprobieren und dann auf TURN zurückzugreifen, wird in einem Protokoll namens ICE beschrieben.

Auf FreedomBox bietet Coturn sowohl STUN- als auch TURN-Server. Beide Dienste werden sowohl über TCP als auch über UDP bereitgestellt. Sie werden sowohl auf unverschlüßelten als auch auf verschlüßelten Kanälen (die höhere Erfolgschancen haben) bereitgestellt. Da STUN-Server sehr kostengünstig sind und wenige Servermitteln verbrauchen, braucht man keine Authentifizierung, um sie zu verwenden. Dagegen, TURN-Server benötigen Authentifizierung. Diese Authentifizierung ist stark vereinfacht und erfordert keine Benutzerdatenbankpflege. Ein Server wie Matrix-Synapse, der einen Audio- bzw. Videoanruf zwischen 2 Seiten einrichten soll, generiert einen Benutzernamen und ein Kennwort durch eines gemeinsamen Geheimnis. Wenn die Seiten den TURN-Server verwenden, werden sie anhand dieser Anmeldeinformationen überprüft, da der TURN-Server dieses Geheimnis shon kennt.

Zusammenfaßend, ein Kommunikationsserver muß die URLs der STUN bzw. TURN-Server sowie ein gemeinsames Authentifizierungsgeheimnis für TURN kennen. Danach steuert er die korrekte Verwendung von STUN bzw. TURN-Servern während des Einrichtens von Audio- bzw. Videoanrufen zwischen beide Seiten. Die Coturn-App auf FreedomBox bietet genau diese Informationen, die dann beim Einstellung eines Kommunikationsservers verwendet werden können, unabhängig davon, ob er auf derselben FreedomBox oder auf einem anderen Server ausgeführt wird.

3.2. Einstellung von Matrix Synapse

Der Matrix Synapse-Server kann in FreedomBox für die Verwendung des Coturn TURN bzw. STUN-Servers eingestellt werden. In der Zukunft, wenn Sie Matrix Synapse installieren, wird FreedomBox automatisch Coturn installieren und seine Parameter in Matrix Synapse einstellen. Um Matrix Synapse einzustellen, bearbeiten Sie die Datei /etc/matrix-synapse/homeserver.yaml mit den folgenden Zeilen

turn_uris: [ "stun:myfreedombox.example.org:3478?transport=udp", "stun:myfreedombox.example.org:3478?transport=tcp", "turn:myfreedombox.example.org:3478?transport=udp", "turn:myfreedombox.example.org:3478?transport=tcp" ]
turn_shared_secret: "my-freedombox-provided-secret"
turn_user_lifetime: 86400000
turn_allow_guests: True

Der Wert für turn_shared_secret wird als static-auth-secret in der Datei /etc/coturn/freedombox.conf angegeben

Starten Sie anschließend den Matrix-Synapse-Server neu, indem Sie die Matrix-Synapse Anwendung deaktivieren und wieder aktivieren.

3.3. Portweiterleitung

Wenn sich Ihre FreedomBox hinter einem Router befindet, müßen Sie die Portweiterleitung auf Ihrem Router einrichten. Sie sollten die folgenden Ports für Coturn weiterleiten:

  • UDP 3478
  • TCP 3478
  • UDP 3479
  • TCP 3479
  • UDP 5349
  • TCP 5349
  • UDP 5350
  • TCP 5350
  • UDP 49152-50175
  • TCP 49152-50175

4. Deluge (Verteilte Dateifreigabe über BitTorrent)

Deluge Ikon

Verfügbar seit: Version 0.5

4.1. Was ist Deluge?

Deluge ist ein BitTorrent-Netzknoten (Client sowohl als Server, beide gleichzeitig).

BitTorrent ist ein Kommunikationsprotokoll für Peer-to-Peer (P2P) Freigabe von Dateien.

  • Es ist nicht anonym; Sie sollen davon ausgehen, daß andere sehen können, welche Dateien Sie freigeben.

  • Diese Technologie eignet sich am besten für große, beliebte Dateien

In FreedomBox sind zwei BitTorrent-Webknoten verfügbar: Transmission und Deluge. Sie haben ähnliche Funktionen, aber wahrscheinlich mögen Sie eine lieber als der anderen.

Deluge ist ein leichter BitTorrent-Client, der hochgradig konfigurierbar ist. Zusätzliche Funktionen können durch die Einrichtung von Erweiterungen (Plugins) hinzugefügt werden.

4.2. Bildschirmfoto

Deluge Web UI

4.3. Ersteinrichtung

Nach der Einstellung, setzen Sie Ihren Browser auf https://<Ihre Freedombox>/deluge, um auf Deluge zuzugreifen. Sie müssen ein Passwort eingeben, um sich anzumelden:

Deluge Login

Das ursprüngliche Passwort lautet "deluge". Bei erster Anmeldung, fragt Deluge, ob Sie das Passwort ändern möchten. Sie sollen es in etwas ändern, das schwerer zu erraten ist.

Dann, wird Ihnen der Verbindungsmanager angezeigt. Klicken Sie auf den ersten Eintrag (Offline - 127.0.0.1:58846). Klicken Sie dann auf "Daemon starten", um den Deluge-Dienst zu starten, der im Hintergrund ausgeführt wird.

Deluge Connection Manager (Offline)

Nun sollte es "Online" zeigen. Klicken Sie auf "Verbinden", um die Einrichtung zu vervollständigen.

Deluge Verbindungsmanager (Online)

An diesem Punkt können Sie Deluge verwenden. Sie können weitere Einstellungen verändern oder eine Torrent-Datei bzw. URL hinzufügen.

5. Ejabberd (Unterhaltungsserver)

ejabberd Ikon

Verfügbar seit: Version 0.3

5.1. Was ist XMPP?

XMPP ist ein Server-Client bundes, Unterhaltungsprotokoll. Das heißt, daß Benutzer eines Servers mit Benutzern anderer Servern miteinander reden können.

XMPP kann auch für Lautstimme- und Videoanrufe verwendet werden, sofern dies von den Clients unterstützt wird.

FreedomBox liefert derzeit über seine Weboberfläche sowohl einen Server (ejabberd) als auch einen Webclient (JSXC).

5.2. Privatsphäre

Mit XMPP kann man Unterhaltungen in zwei Weisen gesichert werden:

  1. Dies sichert die Verbindung zwischen Client und Server oder zwischen zwei Servern. Dies sollte von allen Clients unterstützt werden und wird dringend empfohlen.
  2. Ende-zu-Ende: Dadurch werden die übersendeten Nachrichten, so gesichert, daß selbst der Server ihre Inhalt nicht sehen kann. Das neueste und bequemste Protokoll, namens OMEMO, wird aber noch nur von wenigen Clients unterstützt. Es gibt ein anderes Protokoll namens OTR, das möglicherweise von einigen Clients, denen OMEMO-Unterstützung fehlt, unterstützt wird. Beide Clients müßen dasselbe Protokoll unterstützen, damit es funktioniert.

5.3. Festlegen des Domainnamens

Damit XMPP funktioniert, muß Ihre FreedomBox einen Domänennamen haben, durch den man über das Netzwerk auf sie zugreiffen kann.

Wenn Sie nur die Lokalnetzwerkbenutzer sich miteinander zu unterhalten laßen brauchen, können Sie Ihren Domainnamen erfinden. Wenn Sie jedoch möchten, daß Benutzer aus dem Internet Ihren Räumen beitreten, brauchen Sie einen öffentlichen Domainnamen. Weitere Informationen zum Abrufen eines Domänennamens finden Sie im Abteilung Dynamisches DNS dieses Handbuchs.

Sobald Sie einen Domainnamen haben, können Sie Ihre FreedomBox anweisen, ihn zu verwenden, indem Sie den Domainnamen in der Systemkonfiguration festlegen .

Hinweis: Nach dem Ändern Ihres Domainnamens vielleicht zeigt die Seite Chat Server (XMPP) an, daß der Dienst nicht ausgeführt wird. Nach etwa einer Minute sollte es wieder betriebsbereit sein.

Beachten Sie bitte, daß PageKite das XMPP-Protokoll derzeit nicht unterstützt.

5.4. Registrieren von FreedomBox-Benutzern zur Verwendung von XMPP

Derzeit können sich alle über FreedomBox erstellten Benutzer beim XMPP-Server anmelden. Sie können neue Benutzer über das Systemmodul Benutzern und Gruppen hinzufügen. Es ist egal, welche Gruppen für den neuen Benutzer ausgewählt werden.

5.5. Port-Weiterleitung

Wenn sich Ihre FreedomBox hinter einem Router befindet, müßen Sie die Portweiterleitung auf Ihrem Router einrichten. Sie sollten die folgenden Ports für XMPP weiterleiten:

  • TCP 5222 (Client-zu-Server)
  • TCP 5269 (Server-zu-Server)

5.6. Kompatible Clients

  • FreedomBox bietet einen Webclient: JSXC.

  • XMPP-Clients sind für verschiedene Desktop- und mobile Plattformen verfügbar. FreedomBox leitet Sie zu Herunterladungsquellen für manche davon weiter. Fühlen Sie sich Frei, hier unsere Liste zu ergänzen (freie Registrierung erforderlich). Wir werden es merken und vielleicht listen wir es in FreedomBox.

    XMPP-Clients

5.6.1. FreedomBox Webclient

Für maximale Schlichtheit FreedomBox bietet einen Webclient: JSXC. Ihre Benutzern brauchen keinen zusätzlichen Software an ihre Seite zu installieren. Sie können einfach ihren Browser benutzen. Dies ist die normale Option für neue und eventuelle Benutzern.

5.6.2. Mobile clients

Sie können einen der unten aufgeführten XMPP-Clients für Ihr Smartphone oder Tablet herunterladen.

5.6.2.1. Conversations (Android)

Conversations ist ein Android XMPP-Client mit Unterstützung für Videounterhaltungen, der auf F-Droid und Play Store erhältlich ist. Außer Textunterhaltungen, können Sie mit Conversations Bilder senden und Gruppenunterhaltungen führen.

Conversations - Begrüßungbildschirm Conversations - Anmeldebildschirm Conversations - Kontakthinzufügung

Von links nach rechts: (1) Begrüßungbildschirm - (2) Anmeldebildschirm - (3) Kontakthinzufügung.

Nach Herunterladung und Aufruf von Conversations, werden Sie gefragt, ob Sie ein neues Konto erstellen möchten oder ob Sie schon eins haben (1).

Wenn Sie bereits ein XMPP-Konto haben, müßen Sie es nur zusammen mit Ihrem XMPP-Kennwort eingeben (2).

Wenn Sie kein XMPP-Konto haben, können Sie mit Conversations entweder einen XMPP-Anbieter eingeben, den Sie bereits ausgewählt haben, oder auf einfache Weise ein Konto bei conversations.im erstellen (diese letzte Möglichkeit trägt einem Preis mit und Sie brauchen dem Dienstanbieter zu vertrauen) (3).

Mit Ihrem XMPP-Konto angemeldet, möchten Sie wahrscheinlich ein Geschpräch anfangen. Klicken Sie dazu auf + : Vershiedene Optionen erlauben Sie andere Personen zu kontaktieren (4).

5.6.2.2. Movim (Android)

Movim ist ein freier Software XMPP-Client mit Unterstützung für Videounterhaltungen, der auf F-Droid erhältlich ist.

5.6.2.3. ChatSecure (iOS)

ChatSecure ist ein freier Software XMPP-Client mit Unterstützung für Videounterhaltungen, der auf App Store erhältlich ist.

5.6.2.4. Monal (iOS)

Monal ist ein freier Software XMPP-Client mit Unterstützung für Videounterhaltungen, der auf App Store erhältlich ist.

5.6.2.5. Siskin (iOS)

Siskin ist ein freier Software XMPP-Client mit Unterstützung für Videounterhaltungen, der auf App Store erhältlich ist.

5.6.3. Desktop-Clients

5.6.3.1. Gajim (Windows, MacOS, Linux)

Gajim ist ein XMPP-freier Software-Desktop-Client für Windows, MacOS und Linux. Diese Anwendung ist für Debian verfügtbar und für andere Betriebsysteme kann man man sie von dieser Seite herunterladen und Installierungsanweisungen finden.

Gajim - Begrüßungbildschirm Gajim - Anmeldebildschirm Gajim - Hauptbildschirm

Von links nach rechts: (1) Begrüßungbildschirm - (2) Anmeldebildschirm - (3) Hauptbildschirm.

Am ersten start von Gajim (1) ein Dialogfeld wird mit einer Frage angezeigt, ob man nun mit Ihr XMPP-(FreedomBox)-Konto beitreten oder ein neues registrieren soll. Wenn Sie zu beitreten wählen, dachdem Sie auf "Forwärts" klicken, werden Sie um einem Jabber ID und Paßwort gefragt (2): Sie sollen hier Ihren FreedomBox-Konto und Paßwort hinzufügen.

Letztendlich, nach erfolgreicher Anmeldung der Gajim Hauptbildschirm wird angzeigt (3). Hier können Sie neue Anschprechpartner festlegen (Konto > Neuer Anschprechpartner...) und dann, neue Unterhaltungen starten (Gajim > Unterhaltung starten).

5.6.3.2. Dino (Linux)

Dino ist ein XMPP-freier Software-Client für den Desktop. Es ist für https://github.com/dino/dino/wiki/Distribution-Packages verfügbar.

Dino - Begrüßungbildschirm Dino - Anmeldebildschirm Dino - Geschprächanfang

Von links nach rechts: (1) Begrüßungbildschirm - (2) Anmeldebildschirm - (3) Geschprächanfang

Am ersten start von Dino nach der Installation, klicken Sie auf die Schaltfläche "Konto einrichten". Sie werden dann nach Ihrer JID gefragt : Dies ist Ihr FreedomBox-Konto. Geben Sie es ein und klicken Sie auf "Weiter" (2). Alternativ können Sie auf "Konto erstellen" klicken, wenn Sie kein FreedomBox-Konto haben.

Sobald Sie sich angemeldet haben, düfen Sie entweder ein Gespräch mit einem Ihrer XMPP-Kontakte beginnen oder einem Kanal beitreten (3).

5.6.3.3. Movim (Linux)

Movim ist ein freier Software XMPP-Client für Linux mit Unterstützung für Videounterhaltungen. Das Projekt liefert ein inoffizielles Debian-Paket.

5.6.3.4. Monal (MacOS)

Monal ist ein freier Software XMPP-Client mit Unterstützung für Videounterhaltungen, der auf Mac App Store erhältlich ist.

5.7.1. Ejabberd

5.7.2. Client-Anwendungen-Webseiten

5.7.3. XMPP Protokoll

6. GitWeb (einfältiges Git-Hosting)

Gitweb Ikon

Verfügbar seit: Version 19.19

Git ist ein verteiltes Versionskontrollsystem zur Verfolgung von Quellcodeänderungen während der Softwareentwicklung. GitWeb bietet eine Weboberfläche für Git-Quellcodebehälter. Sie können sowohl den Verlauf als den Inhalt des Quellcodes durchsuchen und mithilfe der Suche bestimmte Commits und Code finden. Sie können auch Quellcodebehälter klonen und Codeänderungen mit einem Befehlszeil-basierten oder mit mehreren verfügbaren grafischen Gitclients hochladen. Und Sie können Ihren Code mit Leute auf der ganzen Welt teilen.

Um mehr über die Verwendung von Git zu lernen, besuchen Sie das Git-Tutorial.

6.1. Verwaltung von Quellcodebehälter

Nach der Installation von GitWeb kann man einen neuen Codebehälter schaffen. Man kann es als privat markieren, um seinen Zugriff zu beschränken.

6.2. Zugriff

Auf GitWeb kann nach der Installation, z.B. vom Webclient, über https://<Name_meiner_Freedombox>/gitweb zugegriffen werden

6.3. HTTP-Basisauthentifizierung

Auf FreedomBox unterstützt GitWeb derzeit nur HTTP-Fernbedienungen. Vermeiden Sie das Kennwort jedes Mal Sie an ein Codebehälter ziehen bzw. verschieben eingeben zu müßen, indem Sie Ihre Fernbedienung, um die Anmeldeinformationen einzuschließen, bearbeiten.

Beispiel: https://username:password@my.freedombox.rocks/gitweb/myrepo

Ihr Benutzername und Ihr Passwort werden verschlüßelt. Jemand, der den Netzwerkverkehr überwacht, bemerkt nur den Domänennamen.
Hinweis: Mit dieser Methode wird Ihr Kennwort im Klartext in der Datei .git/config des lokalen Codebehälters gespeichert. Deswegen, sollten Sie einen FreedomBox-Benutzer shaffen, der Zugriff nur auf Gitweb hat und niemals ein Administratorkonto verwenden.

6.4. Spiegelnachbildung

Obwohl Ihre Quellcodebehälters hauptsächlich auf Ihrer eigenen FreedomBox gehostet werden, können Sie einen Behälter auf einem anderen Git-Hosting-System wie GitLab als Spiegel konfigurieren.

6.5. Funktionen (de)aktivieren

Manche Funktionen, die Gitweb standardmäßig bereit stellt, sind in FreedomBox anders konfiguriert:

  • Aktiv: Die Blame Funktion findet, welche Ausgabe and Verlasser jede Dateilinie verändert hat heraus.

  • Aktiv: Die Pickaxe Funktion listet die Commits die einen vorgegebenen Text eingefügt bzw. entfernt haben.

  • Aktiv: Die Markierung Funktion markiert die Syntaxis der Blobs.

  • Inaktiv: Die Snappschuss Funktion ladet eine komprimierte Tar-Datei herunter für eine vorgegebene Ausgabe (wegen höhen Ressourcenverbrauch).

Ein Verwalter kann diese Wähle ändern, indem er die Konfigurationsdatei jeder Aufbewahrungsort in FreedomBox bearbeitet. Weitere Informationen über Syntaxis und Funtionen erhalten Sie an der gitweb.conf(5) Man-Seite. Z.B, um die Snappschuss Funktion im mein-ort Repository wieder zu aktivieren, melden Sie sich als Verwalter an FreedomBox Terminal durch SSH oder durch der Webkonsole und bearbeiten Sie die /var/lib/git/mein-ort/config Datei so, daβ sie die folgende Abteil enhält:

  • [gitweb]
    snapshot = tgz

7. I2P (Anonymitätnetzwerk)

I2P icon

7.1. Über I2P

Das Invisible Internet Project ist eine anonyme Netzwerkschicht, die die Kommunikation vor Zensur und Überwachung zu schützen versucht. I2P bietet Anonymität, indem verschlüßelter Datenverkehr über ein Weltweit verteiltes, von Freiwilligen betriebenes Netzwerk geleitet wird.

7.2. Angebotene Dienste

FreedomBox bietet standardmäßig folgenden Dienste über I2P. Über die FreedomBox-Weboberfläche kann man die I2P-Routerkonsole starten, und daran zusätzliche Dienste aktiviert werden.

  • Anonymes Surfen im Internet: Mit I2P können Sie anonym im Internet surfen. Konfigurieren Sie dazu Ihren Browser (lieber einen Tor-Browser) so, daß er eine Verbindung zum I2P-Proxy herstellt. Setzen Sie dafür der HTTP-Proxy und der HTTPS-Proxy auf freedombox.local (oder die lokale IP-Adresse Ihrer FreedomBox ) und die Ports auf 4444 bwz. 4445. Dieser Dienst ist nur verfügbar, wenn Sie FreedomBox über ein lokales Netzwerk (Netzwerke in der internen Zone) erreichen, und nicht verfügbar, wenn man über das Internet eine Verbindung zu FreedomBox herstellt. Eine Ausnahme ist, wenn Sie über das Internet eine Verbindung zum VPN-Dienst von FreedomBox herstellen, können Sie diesen Dienst doch verwenden.

  • Eepsites erreichen Das I2P-Netzwerk kann Websites hosten, die anonym bleiben können. Diese werden als Eepsites bezeichnet und ihre Domainnamen enden in .i2p. Zum Beispiel http://i2p-projekt.i2p/ ist die Website für das I2P-Projekt im I2P-Netzwerk. Eepsites sind mit einem normalen Browser über eine normale Internetverbindung unerreichbar. Zum Durchsuchen von Eepsites muss Ihr Browser so konfiguriert sein, daß HTTP- und HTTPS-Proxys wie oben beschrieben verwendet werden. Dieser Dienst ist nur verfügbar, wenn Sie FreedomBox über ein lokales Netzwerk (Netzwerke in der internen Zone) erreichen, und nicht verfügbar, wenn man über das Internet eine Verbindung zu FreedomBox herstellt. Eine Ausnahme ist, wenn Sie über das Internet eine Verbindung zum VPN-Dienst von FreedomBox herstellen, können Sie diesen Dienst doch verwenden.

  • Anonyme Torrent-Downloads: I2PSnark, eine Anwendung zum anonymen Herunterladen und Dateifreigabe über das BitTorrent-Netzwerk, ist in I2P verfügbar und in FreedomBox standardmäßig aktiviert. Diese Anwendung wird über eine Weboberfläche gesteuert, die über den Abschnitt "Anonyme Torrents" der I2P-App in der FreedomBox-Weboberfläche oder über die I2P-Routerkonsolenoberfläche gestartet werden kann. Nur angemeldete Benutzer der Gruppe "I2P-Anwendung verwalten" dürfen diesen Dienst verwenden.

  • IRC Netzwerk: Das I2P-Netzwerk enthält ein IRC-Netzwerk namens Irc2P. Dieses Netzwerk hostet unter anderem den offiziellen IRC-Kanal des I2P-Projekts. Dieser Dienst ist in FreedomBox standardmäßig aktiviert. Öffnen Sie dafür Ihren LieblingsIRC-Client. Konfigurieren Sie es dann so, daß es eine Verbindung zum Host freedombox.local (oder zur lokalen IP-Adresse Ihrer FreedomBox ) mit der Portnummer 6668 herstellt. Dieser Dienst ist nur verfügbar, wenn Sie FreedomBox über ein lokales Netzwerk (Netzwerke in der internen Zone) erreichen, und nicht verfügbar, wenn man über das Internet eine Verbindung zu FreedomBox herstellt. Eine Ausnahme ist, wenn Sie über das Internet eine Verbindung zum VPN-Dienst von FreedomBox herstellen, können Sie diesen Dienst doch verwenden.

  • I2P Routerkonsole: Dies ist die Zentralverwaltungsoberfläche für I2P. Es zeigt den aktuellen Status von I2P, Bandbreitenstatistiken und ermöglicht das Ändern verschiedener Konfigurationseinstellungen. Sie können Ihre Teilnahme am I2P-Netzwerk anpaßen und eine Liste Ihrer LieblingsI2P-Sites (Eepsites) verwenden bzw. bearbeiten. Nur angemeldete Benutzer der Gruppe "I2P-Anwendung verwalten" dürfen diesen Dienst verwenden.

8. Ikiwiki (Wiki und Blog)

Ikiwiki Ikon

Verfügbar seit: Version 0.5

8.1. Was ist Ikiwiki?

Ikiwiki verwandelt Wiki-Seiten in HTML-Seiten, die zum Veröffentlichen auf einer Website geeignet sind. Es bietet insbesondere Blogging, Podcasting, Kalender und eine große Auswahl an Plugins.

8.2. Schnellstart

Nach der Installation des Apps auf der Verwaltungssoberfläche Ihrer FreedomBox:

  • Gehen Sie zum Abschnitt "Erstellen" und erstellen Sie ein Wiki oder ein Blog.
  • Gehen Sie zurück zum Abschnitt "Konfigurieren" und klicken Sie auf den Link /ikiwiki.

  • Klicken Sie unter "Übergeordnetes Verzeichnis" auf Ihren neuen Wiki- oder Blognamen.
  • Viel Spaß mit Ihrer neuen Veröffentlichungssseite.

8.3. Erstellen eines Wikis oder Blogs

Auf der "Wiki & Blog-Seite (Ikiwiki)" in FreedomBox können Sie ein Wiki oder Blog erstellen, das auf Ihrer FreedomBox gehostet werden soll. In Ihren ersten Besuch zu diesee Seite, wird sie Sie fördern, die für Ikiwiki erforderlichen Pakete zu installieren.

Wählen Sie nach Abschluß der Paketinstallation die Karte "Erstellen". Sie können den Typ Wiki oder Blog auswählen. Geben Sie außerdem einen Namen für das Wiki oder Blog sowie den Benutzernamen und das Paßwort für das Verwaltungskonto des Wikis bzw. Blogs ein. Klicken Sie dann auf "Setup aktualisieren" und Sie werden das Wiki bzw. Blog, das Ihrer Liste hinzugefügt wurde, sehen. Beachten Sie, dass jedes Wiki / Blog sein eigenes Verwaltungskonto hat.

[ATTACH]

8.4. Zugriff auf Ihr Wiki bzw. Blog

Wählen Sie auf der Seite "Wiki & Blog (Ikiwiki)" die Karte "Verwalten" aus, und Sie sehen eine Liste Ihrer Wikis und Blogs. Klicken Sie auf einen Namen, um diesem Wiki bzw. Blog zu erreichen.

[ATTACH]

Wenn Sie von hier aus auf "Bearbeiten" oder "Einstellungen" klicken, werden Sie zu einer Anmeldeseite weitergeleitet. Um sich mit dem zuvor erstellten Verwaltungskonto anzumelden, wählen Sie die Karte "Andere", geben Sie den Benutzernamen und das Paßwort ein und klicken Sie auf "Anmelden".

8.5. Benutzeranmeldung über Verinigte Anmeldung (SSO)

Sowie der Wiki / Blog-Verwalter können andere FreedomBox-Benutzer Zugriff auf die Anmeldung und Bearbeitung von Wikis und Blogs erhalten. Sie haben jedoch nicht alle Berechtigungen wie der Wiki-Verwalter. Sie dürfen zwar Seiten hinzufügen oder bearbeiten, aber die Konfiguration des Wikis dürfen sie nicht ändern.

Um einen Wiki-Benutzer hinzuzufügen, gehen Sie in FreedomBox zur Seite "Benutzer und Gruppen" (unter "Systemkonfiguration", das Zahnradsymbol in der oberrechten Seitenecke). Erstellen oder ändern Sie einen Benutzer und fügen Sie ihn der Wiki-Gruppe hinzu. (Benutzer in der Admin-Gruppe haben auch Wiki-Zugriff.)

Um sich als FreedomBox-Benutzer anzumelden, rufen Sie die Anmeldeseite des Wikis / Blogs auf und wählen Sie die Karte "Andere". Klicken Sie dann auf die Schaltfläche "Mit HTTP-Authentifizierung anmelden". Der Browser zeigt ein Popup-Dialogfeld an, in dem Sie den Benutzernamen und das Paßwort des FreedomBox-Benutzers eingeben können.

8.6. Hinzufügung von !FreedomBox-Benutzern als Wiki-Verwaltern

  1. Melden Sie sich im Wiki mit dem Verwalterkonto an, das bei der Erstellung des Wikis angegeben wurde.
  2. Klicken Sie auf "Einstellungen" und dann auf "Setup".
  3. Fügen Sie unter "main" unter "Benutzer, die Wiki-Verwalter sind" den Namen eines FreedomBox-Benutzers ein.

  4. (Optional) Deaktivieren Sie unter "auth plugin: passwordauth" im Kontrollkästchen "enable passwordauth?" diese Möglichkeit. (Hinweis: Dadurch wird die Anmeldung für das alte Verwalterkonto deaktiviert. Nur eine SSO-Anmeldung mit HTTP-Authentifizierung bleibt noch möglich.
  5. Klicken Sie auf "Einstellung speichern".
  6. Klicken Sie auf "Einstellungen" und dann auf "Abmelden".
  7. Melden Sie sich als neuer Verwalter mit "Anmelden mit HTTP-Authentifizierung" an.

9. Infinoted (Kollaborative Textbearbeitung mit Gobby)

Infinoted Ikon

Verfügbar seit: Version 0.5

infinoted ist ein Server für Gobby, einen kollaborativen Texteditor.

Um es zu verwenden, laden Sie Gobby, den Desktop-Client herunter und installieren Sie es. Starten Sie dann Gobby und wählen Sie "Mit Server verbinden" und geben Sie den Domainnamen Ihrer FreedomBox ein.

9.1. Port-Weiterleitung

Wenn sich Ihre FreedomBox hinter einem Router befindet, müßen Sie die Portweiterleitung auf Ihrem Router einrichten. Sie sollten die folgenden Ports für infinoted weiterleiten:

  • TCP 6523

10. JSXC (Webbasiertes Untehaltungsclient)

JSXC Ikon

Verfügbar seit: Version 0.11.0

JSXC webbasiertes Untehaltungsclient. Man kann damit kompatible Untehaltungsservern beitreten.

Über seine Weboberfläche bietet FreedomBox beide Seiten an: einen Server ([[FreedomBox/Manual/ejabberd|ejabberd]) und einen Webclient (JSXC).

10.1. Technische Leistungsbeschreibung

JSXC implementiert das XMPP über BOSH-Protokoll und ist mit HTML5 gebaut.

XMPP ist ein Verbundenes Server-Client-Protokoll für Instant Messaging. D.h, Benutzer, die sich auf verschiedenen Servern befinden, können sich miteinander unterhalten.

Man kann XMPP auch für Sprach- bzw. Videoanrufe verwenden, sofern die Clients dies unterstützten.

10.2. Installation

Man kann JSXC über seinem Ikon in der Abteilung Apps der FreedomBox-Weboberfläche installieren. Das Ikon für ejabberd (XMPP-Server) bietet auch die Möglichkeit, den Webclient zu starten (und JSXC zu installieren, falls es noch nicht installiert ist).

10.3. Verwendung

Nach Abschluß der Installation des JSXC-Moduls, kann man über der Ikon in der Abteilung Apps der FreedomBox-Weboberfläche auf ihn zugreiffen. Das Ikon für ejabberd (XMPP-Server) bietet auch die Möglichkeit, den Webclient zu starten. Beide leiten Sie zu https://<Ihre FreedomBox>/plinth/apps/xmpp/jsxc/ weiter.

Um es zu verwenden, müßen Sie den Domänennamen des Servers, den Sie einwählen wollen, eingeben. Während der Eingabe wird automatisch die BOSH-Serververbindung zum angegebenen Domänennamen überprüft.

JSXC- abgechsltet

JSXC - eingewählt

JSXC bietet Videokonferenz- und Dateiübertragungsfunktionen an, scheinen jedoch in FreedomBox noch nicht zu funktionieren.

10.4. Port-Weiterleitung

Wenn Ihre FreedomBox hinter einem Router steht und Sie einen anderen Server einwählen wollen, müßen Sie die Portweiterleitung auf Ihrem Router einrichten. Sie sollten die folgenden Ports für XMPP weiterleiten:

  • TCP 5222 (Client-zu-Server)

11. Matrix Synapse (Unterhaltungsserver)

Matrix Synapse Ikon

Verfügbar seit: Version 0.14.0

11.1. Was ist Matrix?

Matrix ist ein offenes Protokoll für interoperable, dezentrale Echtzeitkommunikation über IP. Synapse ist die Referenzimplementierung eines Matrix-Servers. Es kann zum Einrichten von Instant Messaging auf FreedomBox, um Unterhaltungsräume mit durchgängige verschlüßelte Kommunikation und Audio- / Videoanrufe zu hosten, verwendet werden. Matrix Synapse ist eine verbundete Anwendung, bei der Unterhaltungsräume auf jedem Server gehostet sein können und Benutzer von jedem Server im Verbundnetzwerk beitreten können. Lernen Sie mehr über Matrix.

11.2. Wie greif man auf Ihren Matrix Synapse-Server zu?

Wir empfehlen dem Client Element, um auf den Matrix Synapse-Server zuzugreifen. Sie können Element für Desktops herunterladen. Mobile Anwendungen für Android und iOS sind in den jeweiligen App Stores erhältlich.

11.3. Port-Weiterleitung

Wenn Ihre FreedomBox hinter einem Router steht, brauchen Sie die Portweiterleitung auf Ihrem Router einrichten. Sie sollten die folgenden Ports für Matrix weiterleiten:

  • TCP 8448

11.4. Einrichten von Matrix Synapse auf Ihrer FreedomBox

Um Matrix Synapse einzuschalten, navigieren Sie zuerst zur Seite "Matrix Synapse (Unterhaltungsserver)" und installieren Sie es. Matrix braucht einen gültigen Domainnamen, um konfiguriert zu werden. Nach der Installation werden Sie aufgefordert, sie zu gestalten. Sie können eine Domain aus einem Aufklappmenü mit der verfügbaren Domains auswählen. Domänen werden über die Seite System -> Gestalten festgelegt. Nach der Domaingestaltung sieht man, daß der Dienst ausgeführt wird. Der Dienst ist über der festgelegten FreedomBox-Domain zugreiffbar. Sobald festgelegt, können Sie die Domain derzeit nicht mehr ändern.

Alle registrierten FreedomBox-Benutzer haben ihre Matrix-IDs als @benutzername: domain. Nach die öffentliche Registrierung angeschaltet ist, kann man auch Ihrer liebling Client für Benutzerregistrierung verwenden.

Wenn Ihre FreedomBox hinter einem Router (NAT) befindet, brauchen Sie vielleicht Coturn für Stimmeanrufe über IP.

11.5. Einrichten von Audio-/Videoanrufen

Der Matrix-Synapse-Server ist nur für den Aufbau von Anrufen zwischen Teilnehmern in Räumen zuständig. Matrix-Clients wie Element sind für die Übertragung des Audio-/Video-Verkehrs zuständig. Element unterstützt sowohl Einzelgespräche als auch Gruppenanrufe.

Bei Einzelgesprächen versucht Element, eine Peer-to-Peer-Verbindung zwischen den beiden Teilnehmern herzustellen. Dies funktioniert, wenn beide Teilnehmer Element auf Computern mit einer öffentlichen IP-Adresse verwenden oder wenn sie sich im selben Netzwerk befinden. Wenn sich beide Teilnehmer hinter verschiedenen NAT-Geräten befinden, ist es nicht möglich, eine direkte Peer-to-Peer-Verbindung zwischen ihnen herzustellen. Dieses Problem kann durch die Konfiguration von Matrix Synapse mit einem STUN/TURN-Server gelöst werden. FreedomBox bietet zu diesem Zweck eine App namens Coturn. FreedomBox installiert Coturn nicht automatisch bei der Installation von Matrix Synapse. Sobald jedoch die Coturn-App installiert ist, konfiguriert FreedomBox automatisch Matrix Synapse so, daß es für Audio-/Videoanrufe verwendet wird. Es ist möglich in der Weboberfläche, diese Konfiguration mit einem anderen STUN/TURN-Server zu überschreiben.

Für Gruppenanrufe mit mehr als zwei Teilnehmern (d. h. keine Einzelgespräche) verwendet Element eine externe Jitsi Meet-Instanz. Element verwendet jitsi.riot.im als Standard-Jitsi Meet-Instanz. Wenn der Matrix Synapse-Server so konfiguriert ist, daß eine andere Jitsi Meet-Instanz als Standardinstanz verwendet wird, verwendet Element diese stattdessen für alle Benutzer auf diesem Server.

11.6. Verbung mit anderen Matrix-Instanzen

Sie werden mit jeder anderen Person, die eine andere Matrix-Instanz ausführt, interagieren können. Dazu starten Sie einfach ein Gespräch mit ihnen unter Verwendung ihrer Matrix-ID, daß im Format @ihr-Benutzername:ihre-Domain lautet. Sie können auch Räumen beitreten, die sich auf einem anderen Server befinden, sowie Audio- bzw. Videoanrufe mit Kontakten anderer Servern führen.

11.7. Speichernutzung

Der in Python implementierte Synapse-Referenzserver ist bekanntermaßen sehr RAM-hungrig, insbesondere beim Laden großer Räume mit Tausenden von Mitgliedern wie #matrix: matrix.org. Es wird empfohlen, solche Räume nicht zu betreten, wenn Ihr FreedomBox-Gerät nur 1 GB RAM oder weniger hat. Räume mit bis zu hundert Mitgliedern sollten sicher sein. Das Matrix-Team arbeitet an einer neuen in Go geschriebenen Implementierung des Matrix-Servers namens Dendrite, die in Speichermangelhafte Systeme möglicherweise beßer leisten.

Einige große öffentliche Räume im Matrix-Netzwerk sind auch als IRC-Kanäle verfügbar (z.B. #freedombox: matrix.org ist auch als #freedombox auf irc.debian.org verfügbar). Für solchgroße Räume ist es beßer, IRC anstatt Matrix zu verwenden. Sie können den IRC-Kanälen mit Quassel beitreten .

11.8. Fortgeschrittene Verwendung

  1. Wenn Sie eine große Benutzermenge auf Ihrem Matrix Synapse-Server erstellen möchten, verwenden Sie als Root-Benutzer die folgenden Befehle auf einer Remote-Shell:
    • cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 | sed "s+^+registration_shared_secret: +" > /etc/matrix-synapse/conf.d/registration_shared_secret.yaml
      chmod 600 /etc/matrix-synapse/conf.d/registration_shared_secret.yaml
      chown matrix-synapse:nogroup /etc/matrix-synapse/conf.d/registration_shared_secret.yaml
      systemctl restart matrix-synapse
      register_new_matrix_user -c /etc/matrix-synapse/conf.d/registration_shared_secret.yaml
  2. Wenn Sie die Liste der in Matrix Synapse registrierten Benutzer anzeigen möchten, geben Sie als Root-Benutzer Folgendes an:
    • apt install sqlite3
      echo 'select name from users' | sqlite3 /var/lib/matrix-synapse/homeserver.db  
  3. Wenn Sie in Matrix Synapse eine Gesellschaft erstellen wollen, brauchen Sie ein Matrix-Benutzer mit Serveraverwaltungsrechten. Um dem benutzernamen solche Berechtigungen zu erteilen, führen Sie die folgenden Befehle als Root-Benutzer aus:

    • sudo apt install sqlite3
      echo "UPDATE users SET admin=1 WHERE name='@benutzername:domainname'" | sudo sqlite3 /var/lib/matrix-synapse/homeserver.db  

12. MediaWiki (Wiki)

MediaWiki Ikon

Verfügbar seit: Version 0.20.0

12.1. Über MediaWiki

MediaWiki ist die Software, die die Wikimedia-Suite von Wikis unterstützt.

Lesen Sie mehr über MediaWiki auf der Wikipedia.

12.2. MediaWiki auf FreedomBox

MediaWiki ist auf FreedomBox als öffentlich lesbar und privat bearbeitbar gestalten. Nur angemeldete Benutzer dürfen Änderungen am Wiki vornehmen. Solche Gestaltung verhindert Spam und Vandalismus im Wiki.

12.2.1. Benutzerverwaltung

Benutzer können nur vom MediaWikiverwalter (Benutzer "admin") erstellt werden. Man kann den Benutzer "admin" auch für Zurücksetzung von Paßwörtern von MediaWiki-Benutzern verwenden. Wenn man das Verwaltungspaßwort vergißt, kann es jederzeit über die MediaWiki-Appseite in der Weboberfläche zurückgesetzt werden.

12.2.2. Anwendungsfälle

  • MediaWiki ist sehr vielseitig und man kann es für viele kreative Zwecke nützen. Es kommt auch mit vielen Erweiterungen (Plugins) und Schönheitthemen und ist sehr anpaßbar.

12.2.2.1. Persönliches Wißenslager
  • MediaWiki kann auf FreedomBox Ihr persönliches Wißenslager sein. Da MediaWiki eine gute Multimedia-Unterstützung bietet, können Sie auf organisierte Weise Notizen schreiben, Bilder speichern, Checklisten erstellen, Referenzen und Lesezeichen speichern usw. Sie können das Wißen Ihres Lebenszeites in Ihrer MediaWiki-Instanz speichern.

12.2.2.2. Gemeinschaftswiki
  • Eine Benutzergemeinschaft kann MediaWiki als gemeinsames Lager für Wißen und Referenzmaterial verwenden. Man kann es als Anschlagtafel für die Uni, Dokumentationsserver für ein kleines Unternehmen, gemeinsames Notizbuch für Lerngruppen oder als Fan-Wiki wie Wikia verwenden.

12.2.2.3. Persönliche Wikibasierte Website
  • Mehrere Websites im Internet sind nur MediaWiki-Instanzen. MediaWiki ist auf FreedomBox von Besucher schreibgeschützt. Deswegen kann man es angepaßen, um als Ihre persönliche Website bzw. Ihr Blog zu dienen. MediaWiki-Inhalte sind einfach zu exportieren und können später verschoben werden, um eine andere Blog-Engine zu verwenden.

12.2.3. Bearbeitung von Wiki-Inhalten

Die MediaWiki-Anlage auf FreedomBox wird mit einem Basiseditor mit einer Symbolleiste für allgemeine Optionen wie Fett, Kursiv usw. geliefert. Klicken Sie auf den Abschnitt "Fortgeschritten", um weitere Optionen wie Überschriften, Aufzählungszeichen usw. anzuzeigen.

FreedomBox/Manual/MediaWiki/mediawiki-toolbar.png

12.2.3.1. Visueller Editor
  • Der neue visuelle Editor von MediaWiki bietet eine WYSIWYG-Benutzeroberfläche für Erstellung von Wiki-Seiten. Dies ist immernoch eine Beta-Funktion und wird in MediaWiki nicht standardmäßig bereitgestellt. Als Problemumgehung können Sie Ihre Inhalte mit dem visuellen Editor bei der Wikipedia's Sandbox schreiben, zum Quellbearbeitungsmodus wechseln, und die Inhalte in Ihr Wiki kopieren.

12.2.3.2. Andere Formate
  • Sie brauchen nicht unbedingt die Formatierungssprache von MediaWiki zu lernen. Sie können in Ihrem Lieblingsformat (Markdown, Org-Modus, LaTeX usw.) schreiben und es mit Pandoc in das MediaWiki-Format verwandeln.

12.2.3.3. Bilder Hochladen
  • Das Hochladen von Bildern ist seit FreedomBox Version 0.36.0 aktiviert. Sie können auch Bilder aus Wikimedia Commons direkt mit einer Funktion namens Instant Commons verwenden.

12.2.4. Anpassung

12.2.4.1. Skins

Die Standard-Skin von MediaWiki ist normalerweise Vector. Der von FreedomBox festgelegte Standard-Skin ist Timeless.

Vector ist eine Skin, die sich am besten für die Anzeige auf dem Desktopbrowsern eignet. Für mobile Bildschirmgrößen ist es aber ungeeignet. Wikimedia-Websites hosten eine abgesonderte mobile Site. Eine abgesonderte mobile Website lohnt sich nicht für kleine MediaWiki-Anlagen wie die auf FreedomBox. Die Verwendung einer mobilfreundlicher Skin wie Timeless ist eine kostengünstigere Lösung.

Verwalter dürfen einen Standard-Skin bei der App "Einstellung" festlegen. Benutzer der Website behalten aber die Wahl, sie mit einem anderen Skin anzuzeigen.

13. Minetest (Blockspielraum)

Minetest Ikon

Verfügbar seit: Version 0.9

Minetest ist ein Blockspielraum für mehrere Spieler in einem unendlichen Welt. Dieses Modul führt der Minetest-Server auf dieser FreedomBox am Standardport (30000) aus. Man braucht ein Minetest client um eine Verbindung zum Server herzustellen.

13.1. Port-Weiterleitung

Wenn Ihre FreedomBox hinter einem Router steht, brauchen Sie die Portweiterleitung auf Ihrem Router einzurichten. Sie sollten die folgenden Ports für Minetest weiterleiten:

  • UDP 30000

14. MiniDLNA (Einfältiges Mediaserver)

MiniDLNA Ikon

Verfügbar seit: Version 19.23

MiniDLNA ist ein Medienserver mit dem Ziel, mit DLNA- und UPnP-Clients kompatibel zu sein.

Hinweis: Dieser Dienst ist nur in "interne" Zone konfigurierten Netzwerken verfügbar. Es ist für Verbindungen über OpenVPN nicht verfügbar.

14.1. Was ist UPnP/DLNA?

Universal Plug & Play ist eine Reihe von Netzwerkprotokollen, die Geräte innerhalb ein Netzwerk wie PCs, Fernseher, Drucker usw., sich nahtlos zu entdecken und Kommunikation für den Datenaustausch herzustellen ermöglichen. Es ist Nullkonfigurationsprotokoll und erfordert nur einen Medienserver und einen Mediaplayer, die mit dem Protokoll kompatibel sind.

DLNA wird von UPnP als eine Form von Medieninteroperabilitätstandardisierung abgeleitet. Es bildet einen Standard bzw. eine Zertifizierung, der viele Unterhaltungselektronikprodukte befolgen.

14.2. MiniDLNA-Einrichtung auf Ihrer FreedomBox

Man aktiviert den Medienserver auf der MiniDLNA-Seite. Die Anwendung soll im internen (Heim-) Netzwerk zu Verfügung gestellt werden und deswegen erfordert sie eine für internen Datenverkehr konfigurierte Netzwerkschnittstelle.

Nach der Installation wird eine Webseite unter https://<Ihre-Freedombox>/_minidlna verfügbar. Es enthält Informationen darüber, wieviele Dateien der Server erkennt, wieviele Verbindungen vorhanden sind, usw. Dies ist sehr nützlich, wenn externe Festplatten, zum überprüfen ob die neuen Mediendateien richtig erkannt werden, angeschloßen werden. Wenn dies nicht klappt, das Problem wird durch deaktivieren und wieder-aktivieren des Servers behoben.

14.3. MiniDLNA-Verwendung für Medienabspiel auf Ihren Geräten

Jedes DLNA-kompatible Gerät oder Mediaplayer sollte fähig sein, MiniDLNA-Medien auf FreedomBox automatisch zu erkennen, zu durchsuchen und abzuspielen. Folgende Geräte und Mediaplayer wurden getestet:

  • GNOME Videos: Videos ist der Standard-Mediaplayer in der beliebten GNU/Linux-Desktopumgebung GNOME. Öffnen Sie Videos und schalten Sie zu "Kanäle" ab. Sie sollten einen Kanal namens "freedombox: minidlna" sehen. Sie können Medien darin durchsuchen und abspielen.

  • VLC media player: VLC ist ein sehr beliebter Mediaplayer für GNU/Linux, Android, Windows und MacOS. Öffnen Sie VLC und klicken Sie auf "Ansicht -> Wiedergabeliste". Wählen Sie in der angezeigten Seitenleiste der Wiedergabeliste "Universal Plug'n'Play". Sie sollten ein Element namens "freedombox: minidlna" sehen. Sie sollten Medien darin durchsuchen und abspielen können.

  • Kodi: Kodi ist eine beliebte Media Center-Software mit einer für Fernseher entworfenen Benutzeroberfläche. Öffnen Sie Kodi, gehen Sie zu 'System -> Diensteinstellungen -> UPnP / DLNA' und 'UPnP-Unterstützung aktivieren'. Besuchen Sie dann 'Home -> Videos -> Dateien -> Videos hinzufügen ... -> Durchsuchen -> UPnP-Geräte'. Sie sollten "freedombox: minidlna" sehen. Wählen Sie es aus und wählen Sie "OK". Wählen Sie dann im Dialogfeld "Videoquelle hinzufügen" die Option "OK". Von nun an sollte "freedombox: minidlna" im Abteilung "Videos -> Dateien" angezeigt werden. Sie sollten Medien darin durchsuchen und abspielen könen. Weitere Informationen finden Sie in der Kodi Dokumentation.

  • Roku: You should be able to browse and play media from it.

Roku ist einen Fernseher-anschließbar Gerät, um Internet-Streaming-Dienste abzuspielen. Viele Fernseher haben auch Roku eingebaut. Suchen Sie in der Roku-Oberfläche einen Kanal namens "Roku Media Player" und öffnen Sie ihn. Sie sollten einen Element namens "freedombox: minidlna" sehen. Sie sollten Medien darin durchsuchen und abzuspielen könen.

  • Rhythmbox: Rhythmbox ist der Standard-Audioplayer in der beliebten GNU/Linux-Desktopumgebung GNOME. Öffnen Sie Rhythmbox und stellen Sie fest, daß der Seitenbereich geöffnet ist, indem Sie auf "Anwendungsmenü -> Ansicht -> Seitenbereich" klicken. Im Seitenbereich sollte "freedombox: minidlna" unter "Shared" angezeigt werden. Sie sollten Audiodateien darin durchsuchen und abspielen können. Videodateien werden nicht angezeigt.

14.4. Unterstützte Medienformate

MiniDLNA unterstützt eine Auswahl von Video- und Audiodateiformaten.

  • Video: Dateien, die in .avi, .mp4, .mkv, .mpg, .mpeg, .wmv, .m4v, .flv, .mov, .3gp usw. enden.

  • Audio: Dateien, die in .mp3, .ogg, .flac, .wav, .pcm, .wma, .fla, .aac usw. enden.

  • Bild: Dateien, die in .jpg, .jpeg enden.

  • Wiedergabeliste: Dateien, die mit .m3u, .pls enden.

  • Bildunterschriften: Dateien, die in .srt, .smi enden

Insbesondere werden die folgenden Dateiendungen nicht unterstützt. Dateiumbenennungen in eine bekannte Endung scheint in meisten Fällen zu funktionieren.

  • Video: Dateien, die in .webm enden.

Zusätzlich zum MiniDLNA-Dateiformats muß Ihr Mediaplayer oder Gerät auch die Audio- bzw. Video-Codecs mit denen das Medium codiert wurde, unterstützen. MiniDLNA kann nicht, Dateien in einen vom Player verstandenen Codec übersetzen. Wenn Sie Probleme mit der Medienwiedergabe haben, suchen Sie mit dem VLC-Player nach den in den Medien verwendeten Codecs und überprüfen Sie in der Dokumentation Ihres Geräts oder Mediaplayers, ob die Codecs unterstützt werden.

14.5. Dateisysteme für externe Laufwerke

Bei Verwendung eines externen Laufwerks, das auch von einem Windows-System verwendet wird, das bevorzugtes Dateisystem sollte NTFS sein. NTFS behält die Linux-Dateiberechtigungen und UTF8-Codierung der Dateinamen. Dies ist nützlich, wenn Dateinamen in Ihre Sprache vorhanden sind.

15. Mumble (Stimmunterhaltung) Server

Mumble Ikon

Verfügbar seit: Version 0.5

15.1. Was ist Mumble?

Mumble ist eine Stimmunterhaltungssoftware. Es ist hauptsächlich für die Verwendung während des Spielens gedacht und eignet sich für einfache Gespräche, mit hoher Audioqualität, Rauschunterdrückung, verschlüßelter Kommunikation, Standardauthentifizierung mit Öffentlich-/Privatschlüßel und Assistenten, um Ihr Mikrofon beispielsweise zu konfigurieren. Ein Benutzer kann innerhalb eines Kanals als "Prioritätslautsprecher" markiert werden.

15.2. Mumble-Verwendung

FreedomBox liefert den Mumble-Server. Es gibt Clients für Desktop- und mobile Plattformen verfügbar. Benutzer können einen dieser Clients herunterladen und eine Verbindung zum Server herstellen.

15.3. Portweiterleitung

Wenn Ihre FreedomBox hinter einem Router steht, brauchen Sie die Portweiterleitung auf Ihrem Router einzurichten. Für Mumble sollten sie folgende Ports weiterzuleiten:

  • TCP 64738
  • UDP 64738

15.4. Berechtigungenverwaltung

Ein Superbenutzer in Mumble kann Verwaltungskonten erstellen, die wiederum Gruppen und Kanalberechtigungen verwalten dürfen. Dies kann erfolgen, nach Anmeldung von "SuperUser" mit dem Superbenutzer-Paßwort. Siehe Mumble-Anleitung für Informationen darüber, wie dies zu tun. FreedomBox bieten derzeit keine Benutzeroberfläche, um das Superbenutzer-Paßwort für Mumble einzustellen oder zu erhalten. Während der Mumble-Installierung wird automatisch ein Superbenutzer-Paßwort generiert. Um das Kennwort zu erhalten, melden Sie sich als Administrator mit Cockpit, Secure Shell oder der Konsole am Terminal an. Führen Sie dann den folgenden Befehl aus, um das Superbenutzer-Paßwort zu lesen, das während der Mumble-Installierung automatisch generiert wurde:

sudo grep SuperUser /var/log/mumble-server/mumble-server.log

Sie sollten folgende Ausgaben sehen:

<W>2019-11-06 02:47:41.313 1 => Password for 'SuperUser' set to 'noo8Dahwiesh'

Sie können auch ein neues Paßwort so festlegen::

sudo su -
echo "neuesPaßwort" | su mumble-server -s /bin/sh -c "/usr/sbin/murmurd -ini /etc/mumble-server.ini --readsupw"

16. OpenVPN (Privates Virtualnetzwerk)

OpenVPN Ikon

Verfügbar seit: Version 0.7

16.1. Was ist OpenVPN?

OpenVPN bietet Ihrer FreedomBox ein privates Virtuellnetzwerk. Sie können diese Software für Remotezugriff, Site-zu-Site-VPNs und Wi-Fi-Sicherheit verwenden. OpenVPN unterstützt dynamische IP-Adreßen und NAT.

16.2. Port-Weiterleitung

Wenn Ihre FreedomBox hinter einem Router steht, brauchen Sie die Portweiterleitung auf Ihrem Router einzurichten. Für OpenVPN sollten Sie folgende Ports weiterleiten:

  • UDP 1194

16.3. Einrichtung

  1. In FreedomBox apps menu, select Virtual Private Network (OpenVPN) and click Install. Wählen Sie im Apps-Menü in FreedomBox die Option "Privates Virtualnetzwerk (OpenVPN)" aus und klicken Sie auf Installieren.

  2. Nach der Installation des Moduls gibt es einen zusätzlichen Einrichtungsschritt, dessen Abschluß noch lange dauern kann. Klicken Sie auf "Setup starten", um zu beginnen.

    Seite des OpenVPN Diestes

  3. Warten Sie, bis das Setup abgeschloßen ist. Dies kann eine Weile dauern.
  4. Sobald die Einrichtung des OpenVPN-Servers abgeschloßen ist, können Sie Ihr Profil herunterladen. Dadurch wird eine Datei mit dem Namen <USER>.ovpn heruntergeladen, wobei <USER> der Name eines FreedomBox-Benutzers ist. Jeder FreedomBox-Benutzer wird ein anderes Profil herunterladen können. Benutzer, die nicht Verwalter sind, können nach Anmeldung, das Profil von der Startseite herunterladen.

  5. Die ovpn-Datei enthält alle Informationen, die ein VPN-Client braucht, um eine Verbindung zum Server herzustellen.
  6. Das heruntergeladene Profil enthält den Domänennamen der FreedomBox, zu der der Client verbinden soll. Dies wird von der Domain, die in der App "Konfiguration" der Seite "System" festgelegt wurde, übernommen. Falls Ihre Domain nicht richtig festgelegt ist, brauchen Sie diesen Wert möglicherweise nach der Herunterladung des Profils zu ändern. Wenn Ihr OpenVPN-Client dies zuläßt, können Sie dies nach der Importierung des OpenVPN-Profils tun. Andernfalls können Sie die .ovpn-Profildatei in einem Texteditor bearbeiten und die 'remote'-Zeile so ändern, daß sie die WAN-IP-Adreße oder den Hostnamen Ihrer FreedomBox enthält.

    client
    remote meinBox.freedombox.rocks 1194
    proto udp

16.4. Problemlösung

Wenn Ihr Netzwerk IPv6 nicht unterstützt, müßen Sie möglicherweise die folgende Zeile aus Ihrer OpenVPN-Clientkonfiguration entfernen. Dies ist insbesondere in Fällen der Fall, in denen Ihr Server IPv6 unterstützt aber der Client nicht, und dabei den OpenVPN-Client daran verwirrt, welchem ​​Protokoll zu verwenden.

proto udp6

To connect via IPv4, ensure that the following line is present. Um über IPv4 zu verbinden, stellen Sie sicher, daß die folgende Zeile vorhanden ist.

proto udp

16.5. Internet-Surfen nach VPN-Verbindung

Nach VPN-Verbindung kann das Clientgerät ohne weitere Konfiguration im Internet surfen. Voraussetzung dafür ist jedoch, daß es mindestens eine Internet-verbundene Netzwerkschnittstelle in der Firewall-Zone "Extern" gibt. Benutzen Sie die Netzwerkkonfigurationsseite, um die Firewallzone der Netzwerkschnittstellen des Geräts zu bearbeiten.

16.6. Verwendung

16.6.1. Auf Android/LineageOS

  1. Besuchen Sie die FreedomBox-Homepage. Melden Sie sich mit Ihrem Benutzerkonto an. Laden Sie von der Startseite das OpenVPN-Profil herunter. Die Datei heißt Benutzername.ovpn.

    • OpenVPN Profil Herunterladen

  2. Laden Sie einen OpenVPN-Client wie OpenVPN for Android herunter . F-Droid-Repository wird empfohlen. Wählen Sie in der App "Profil Importieren" aus.

    • OpenVPN App

  3. Im Dialogfeld "Profil auswählen", wählen Sie die gerade heruntergeladene Benutzername.ovpn-Datei aus. Geben Sie einen Namen für die Verbindung ein und speichern Sie das Profil.

    • OpenVPN Profil Importieren

  4. Neu erstelltes Profil wird angezeigt. Bearbeiten Sie gegebenenfalls das Profil und legen Sie den Domainnamen Ihrer FreedomBox als Serveradreße fest.

    • OpenVPN Profil erstellt

      OpenVPN Domainname bearbeiten

  5. Stellen Sie eine Verbindung her, indem Sie auf das Profil tippen.
    • OpenVPN verbinden

      OpenVPN verbunden

  6. Wenn Sie fertig sind, trennen Sie die Verbindung, indem Sie auf das Profil tippen.
    • OpenVPN trennen

16.6.2. On Debian

Install an OpenVPN client for your system

$ sudo apt install openvpn

Open the ovpn file with the OpenVPN client.

$ sudo openvpn --config /path/to/<USER>.ovpn

If you use Network Manager, you can create a new connection by importing the file:

$ sudo apt install network-manager-openvpn-gnome
$ sudo nmcli connection import type openvpn file /path/to/<USER>.ovpn

If you get an error such as configuration error: invalid 1th argument to “proto” (line 5) then edit the .ovpn file and remove the line proto udp6.

16.7. Überprüfung, ob Sie verbunden sind

16.7.1. Auf Debian

  1. Versuchen Sie, die FreedomBox oder andere Geräte im lokalen Netzwerk zu pingen.

  2. Wenn Sie den Befehl ip addr ausführen, sollte eine tun0-Verbindung angezeigt werden.

  3. Der Befehl traceroute freedombox.org sollte Ihnen als ersten Hop die IP-Adresse des VPN-Servers anzeigen.

16.8. Zugriff auf interne Dienste

Nach Verbindung zu OpenVPN können Sie auf FreedomBox-Dienste zugreifen, die nur vom internen Netzwerk zugreifbar sein sollen. Dies ist zusätzlich zu dem Zugriff auf externe Dienste möglich. Dies kann durch Verwendung der IP-Adresse 10.91.0.1 als Hostname für diese Dienste erfolgen. (Benutzen Sie z.B smb://10.91.0.1  anstatt smb://freedombox.local` für Zugriff an die Samba Shares)

Folgenden Dienste funktionieren bekanntermaßen:

Folgenden Dienste funktionieren bekanntermaßen derzeit nicht:

17. Privoxy (Web Proxy)

Privoxy icon

Available since: version 0.1

A web proxy acts as a filter for incoming and outgoing web traffic. Thus, you can instruct any computer in your network to pass internet traffic through the proxy to remove unwanted ads and tracking mechanisms.

Privoxy is a software for security, privacy, and accurate control over the web. It provides a much more powerful web proxy (and anonymity on the web) than what your browser can offer. Privoxy "is a proxy that is primarily focused on privacy enhancement, ad and junk elimination and freeing the user from restrictions placed on his activities" (source: Privoxy FAQ).

17.1. Screencast

Watch the screencast on how to setup and use Privoxy in FreedomBox.

17.2. Setting up

  1. In FreedomBox, install Web Proxy (Privoxy)

    Privoxy Installation

  2. Adapt your browser proxy settings to your FreedomBox hostname (or IP address) with port 8118. Please note that Privoxy can only proxy HTTP and HTTPS traffic. It will not work with FTP or other protocols.

    Privoxy Browser Settings

  3. Go to page http://config.privoxy.org/ or http://p.p. If Privoxy is installed properly, you will be able to configure it in detail; if not you will see an error message.

  4. If you are using a laptop that occasionally has to connect through other routers than yours with the FreedomBox and Privoxy, you may want to install a proxy switch add-on that allows you to easily turn the proxy on or off.

17.3. Advanced Users

The default installation should provide a reasonable starting point for most. There will undoubtedly be occasions where you will want to adjust the configuration, that can be dealt with as the need arises.

  1. Plan first:
    • While using Privoxy, you can see its configuration details and documentation at http://config.privoxy.org/ or http://p.p.

    • The Quickstart is a good starting point to read on how to define own blocking and filtering rules.

    • Read carefully the manual, especially this security warning:

      • Access to the editor can not be controlled separately by "ACLs" or HTTP authentication, so that everybody who can access Privoxy can modify its configuration for all users. This option is not recommended for environments with untrusted users. Note that malicious client side code (e.g Java) is also capable of using the actions editor and you shouldn't enable this options unless you understand the consequences and are sure your browser is configured correctly.

  2. Only when you are ready, perform the changes:
    1. To enable changing these configurations, you first have to change the value of enable-edit-actions in /etc/privoxy/config to 1.

    2. Now you find an EDIT button on the configuration screen in http://config.privoxy.org/.

18. Quassel (Text Chat Client via IRC)

Quassel icon

Available since: version 0.8

Quassel is an IRC application that is split into two parts, a "core" and a "client". This allows the core to remain connected to IRC servers, and to continue receiving messages, even when the client is disconnected. FreedomBox can run the Quassel core service keeping you always online and one or more Quassel clients from a desktop or a mobile device can be used to connect and disconnect from it.

18.1. Why run Quassel?

Many discussions about FreedomBox are being done on the IRC-Channel irc://irc.debian.org/freedombox. If your FreedomBox is running Quassel, it will collect all discussions while you are away, such as responses to your questions. Remember, the FreedomBox project is a worldwide project with people from nearly every time zone. You use your client to connect to the Quassel core to read and respond whenever you have time and are available.

18.2. How to setup Quassel?

  • Within FreedomBox's web interface

    1. select Applications

    2. go to IRC Client (Quassel) and

    3. install the application and make sure it is enabled

      Quassel Installation

    4. now your Quassel core is running

18.3. Port Forwarding

If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for Quassel:

  • TCP 4242
  • Example configuration in router:
    • Quassel_PortForwarding_en_v01.png

18.4. Clients

Clients to connect to Quassel from your desktop and mobile devices are available.

18.4.1. Desktop

In a Debian system, you can e.g. use quassel-client. The following steps describe how to connect Quassel Client with Quassel Core running on a FreedomBox. The first time you do this connection, Quassel Core will be initialized too.

  1. Launch Quassel Client. You will be greeted with a wizard to Connect to Core.

    • Connect to Core

  2. Click the Add button to launch Add Core Account dialog.

    • Add Core Account

  3. Fill any value in the Account Name field. Fill proper DNS hostname of your FreedomBox in Hostname filed. Port field must have the value 4242. Provide the username and password of the account you wish to create to connect to the Quassel Core in the User and Password fields. Choose Remember if don't wish to be prompted for a password every time you launch Quassel client.

  4. After pressing OK in the Add Core Account dialog, you should see the core account in the Connect to Core dialog.

    • Connect to Core

  5. Select the newly created core account and select OK to connect to it.

  6. If this is the first time you are connecting to this core. You will see an Untrusted Security Certificate warning and need to accept the server certificate.

    • Untrusted Security Certificate

  7. Select Continue. Then you will be asked if you wish to accept the certificate permanently. Select Forever.

    • Untrusted Security Certificate

  8. If this Quassel Core has not been connected to before, you will then see a Core Configuration Wizard. Select Next.

    • Core Configuration Wizard

  9. In the Create Admin User page, enter the username and password you have used earlier to create the core connection. Select Remember password to remember this password for future sessions. Click Next.

    • Create Admin User Page

  10. In the Select Storage Backend page, select SQLite and click Commit.

    • Select Storage Backend

  11. The core configuration is then complete and you will see a Quassel IRC wizard to configure your IRC connections. Click Next.

    • Welcome Wizard

  12. In Setup Identity page next, provide a name and multiple nicknames. This is how you present yourself to other users on IRC. It is not necessary to give your real world name. Multiple nicknames are useful as fallback nicknames when the first nickname can't be used for some reason. After providing the information click Next.

    • Setup Identity

  13. In Setup Network Connection page next, provide a network name of your choice. Next provide a list of servers to which Quassel Core should connect to in order to join this IRC network (such as irc.debian.org:6667).

    • Setup Network Connection

  14. Select the server in the servers list and click Edit. In the Server Info dialog, set the port 6697 (consult your network's documentation for actual list of servers and their secure ports) and click Use SSL. Click OK. This is to ensure that communication between your FreedomBox and the IRC network server is encrypted.

    • Server Info Server Info SSL

  15. Back in the Setup Network Connection dialog, provide a list of IRC channels (such as #freedombox) to join upon connecting to the network. Click Save & Connect.

    • Setup Network Connection

  16. You should connect to the network and see the list of channels you have joined on the All Chats pane on the left of the Quassel Client main window.

    • Quassel Main Window

  17. Select a channel and start seeing messages from others in the channel and send your own messages.

18.4.2. Android

For Android devices you may use e.g. Quasseldroid from F-Droid

  • enter core, username etc. as above
    • Quasseldroid.png

By the way, the German verb quasseln means talking a lot, to jabber.

19. Radicale (Calendar and Addressbook)

Radicale icon

Available since: version 0.9

With Radicale, you can synchronize your personal calendars, ToDo lists, and addressbooks with your various computers, tablets, and smartphones, and share them with friends, without letting third parties know your personal schedule or contacts.

19.1. Why should I run Radicale?

Using Radicale, you can get rid of centralized services like Google Calendar or Apple Calendar (iCloud) data mining your events and social connections.

19.2. How to setup Radicale?

First, the Radicale server needs to be activated on your box.

  • Within FreedomBox Service:

    1. select Apps

    2. go to Radicale (Calendar and Addressbook) and

    3. install the application. After the installation is complete, make sure the application is marked "enabled" in the FreedomBox interface. Enabling the application launches the Radicale CalDAV/CardDAV server.

    4. define the access rights:
      • Only the owner of a calendar/addressbook can view or make changes
      • Any user can view any calendar/addressbook, but only the owner can make changes
      • Any user can view or make changes to any calendar/addressbook

Note, that only users with a FreedomBox login can access Radicale.

Radicale-Plinth.png

If you want to share a calendar with only some users, the simplest approach is to create an additional user-name for these users and to share that user-name and password with them.

Radicale provides a basic web interface, which only supports creating new calendars and addressbooks. To add events or contacts, an external supported client application is needed.

radicale_web.png

  • Creating addressbook/calendar using the web interface
    • Visit https://IP-address-or-domain-for-your-server/radicale/

    • Log in with your FreedomBox account

    • Select "Create new addressbook or calendar"
    • Provide a title and select the type
    • Optionally, provide a description or select a color
    • Click "Create"
    • The page will show the URL for your newly created addressbook or calendar

Now open your client application to create new calendar and address books that will use your FreedomBox and Radicale server. The Radicale website provides an overview of supported clients, but do not use the URLs described there; FreedomBox uses another setup, follow this manual. Below are the steps for two examples:

  • Example of setup with Evolution client:
    • Calendar
      1. Create a new calendar
      2. For "Type," select "CalDAV"
      3. When "CalDAV" is selected, additional options will appear in the dialogue window.
      4. URL: https://IP-address-or-domain-for-your-server. Items in italics need to be changed to match your settings.

      5. Enable "Use a secure connection."
      6. User: USERNAME. Your Freedombox user-name.

      7. Click on "Find Calendars"
      8. Enter your password and select a calendar

        Evolution-new-calendar.png

    • TODO/Tasks list: Adding a TODO/Tasks list is basically the same as a calendar.
    • Contacts
      • Follow the same steps described above and replace CalDAV with WebDAV.

19.3. Synchronizing over Tor

In FreedomBox, setting up a calendar with Radicale over Tor is the same as over the clear net. Here is a short summary:

  1. When logged in to FreedomBox interface over Tor, click on Radicale, and at the prompt provide your FreedomBox user name and password.

  2. In the Radicale web interface, log in using your FreedomBox user name and password.

  3. Click on "Create new address book or calendar", provide a title, select a type, and click "Create".
  4. Save the URL, e.g., https://ONION-ADDRESS-FOR-YOUR-SERVER.onion/radicale/USERNAME/CALENDAR-CODE/. Items in italics need to be changed to match your settings.

These instructions are for Thunderbird/Lightning. Note that you will need to be connected to Tor with the Tor Browser Bundle.

  1. Open Thunderbird, install the Torbirdy add-on, and restart Thunderbird. (This may not be necessary.)
  2. In the Lightning interface, under Calendar/Home in the left panel right click with the mouse and select "New calendar".
  3. Select the location of your calendar as "On the Network".
  4. Select CalDAV and for the location copy the URL, e.g., https://ONION-ADDRESS-FOR-YOUR-SERVER.onion/radicale/USERNAME/CALENDAR-CODE/. Items in italics need to be changed to match your settings.

  5. Provide a name, etc. Click "Next". Your calendar is now syncing with your FreedomBox over Tor.

  6. If you have not generated a certificate for your FreedomBox with "Let's Encrypt", you may need to select "Confirm Security Exception" when prompted.

19.4. Synchronizing with your Android phone

There are various Apps that allow integration with the Radicale server. This example uses DAVx5, which is available e.g. on F-Droid. If you intend to use ToDo-Lists as well, the compatible app OpenTasks has to be installed first.

Follow these steps for setting up your account with the Radicale server running on your FreedomBox.

  1. Install DAVx5
  2. Create a new account on DAVx5 by clicking on the floating + button.
  3. Select the second option as shown in the first figure below and enter the base url as https://<your.freedombox.address>/radicale/username/ (don't miss the / at the end). DAVx5 will be able to discover both CalDAV and WebDAV accounts for the user.

  4. Follow this video from DAVx5 FAQ to learn how to migrate your existing contacts to Radicale.

Synchronizing contacts

  1. Click on the hamburger menus of CalDAV and CardDAV and select either "Refresh ..." in case of existing accounts or "Create ..." in case of new accounts (see the second screenshot below).
  2. Check the checkboxes for the address books and calendars you want to synchronize and click on the sync button in the header. (see the third screenshot below)

DAVx5 account setup DAVx5 refresh DAVx5 account sync

19.5. Advanced Users

19.5.1. Sharing resources

Above was shown an easy way to create a resource for a group of people by creating a dedicated account for all. Here will be described an alternative method where two users User1 and User2 are granted access to a calendar. This requires SSH-access to the FreedomBox.

  1. create a file /etc/radicale/rights

    • [friends_calendar]
      user: ^(User1|User2)$
      collection: ^.*/calendar_of_my_friends.ics$
      permission: rw
      
      # Give write access to owners
      [owner-write]
      user: .+
      collection: ^%(login)s/.+$
      permission: rw
    • [friends_calendar] is just an identifier, can be any name.

    • The [owner-write] section makes sure that owners have access to their own files

  2. edit file /etc/radicale/config and make the following changes in section [rights]

    • [rights]
      type = from_file
      file = /etc/radicale/rights
  3. Restart the radicale server or the FreedomBox

19.5.2. Importing files

If you are using a contacts file exported from another service or application, it should be copied to: /var/lib/radicale/collections/user/contact file name.vcf.

20. Roundcube (Email Client)

Roundcube icon

Available since: version 0.5

20.1. What is Roundcube?

Roundcube is a browser-based multilingual email client with an application-like user interface. Roundcube is using the Internet Message Access Protocol (IMAP) to access e-mail on a remote mail server. It supports MIME to send files, and provides particularly address book, folder management, message searching, and spell checking.

Roundcube app can be used to read and send emails in one of the two ways: using an email account you have elsewhere (other than FreedomBox), like in Riseup or in Gmail, or an account on FreedomBox. The latter is possible if an email server app, such as Postfix/Dovecot/Rspamd, is setup and enabled on FreedomBox. At present, Roundcube can only be setup for one of these two ways. This is controlled by the Use only the local mail server option in Roundcube app configuration page.

20.2. Email privacy

In the first case, you only get privacy over your drafts. Once you send the email, a copy will reside in the external services (Riseup, Gmail, etc) unless you explicitly remove it. In any case, your traffic transits through them.

In the second (self-hosted) case, your mail copies reside on your FreedomBox server. But you only keep privacy as long as the recipient also uses a private system and doesn't disclose your content.

20.3. Using Roundcube

After Roundcube is installed, it can be accessed at https://<your freedombox>/roundcube. Enter your username and password. The username for many mail services will be the full email address such as exampleuser@example.org and not just the username like exampleuser. Enter the address of your email service's IMAP server address in the Server field. You can try providing your domain name here, such as example.org for email address exampleuser@example.org and if this does not work, consult your email provider's documentation for the address of the IMAP server. Using encrypted connection to your IMAP server is strongly recommended. To do this, prepend 'imaps://' at the beginning of your IMAP server address. For example, imaps://imap.example.org.

Logging into your IMAP server

20.4. Using Gmail with Roundcube

If you wish to use Roundcube with your Gmail account, you need to first enable support for password based login in your Google account preferences. This is because Gmail won't allow applications to login with a password by default. To do this, visit Google Account preferences and enable Less Secure Apps. After this, login to Roundcube by providing your Gmail address as Username, your password and in the server field use imaps://imap.gmail.com.

Logging into Gmail

21. RSS Bridge (RSS Feed Generator)

RSS Bridge icon

Available since: version 22.16

21.1. What is RSS Bridge?

RSS-Bridge is a web application capable of generating RSS and Atom feeds for websites that don't have one. For example, with the help of RSS Bridge you can subscribe to YouTube channels without having to have a YouTube account.

21.2. Usage Example

21.2.1. Subscribing to a YouTube account

In this example, we will see one of the ways to subscribe to a given YouTube channel.

  1. Visit the YouTube channel and copy its name to the clipboard

Copy YouTube Channel Name - FreedomBox

  1. Find "YouTube Bridge" and click on show more

RSS Bridge Show More - FreedomBox

  1. Paste the previously copied channel name in the Custom name section and click on Generate Feed

RSS Bridge Paste Channel Name - FreedomBox

  1. From the available feed types select Atom. If you're using a Chromium based browser, this will open the Atom feed in a new tab, which you can easily copy into your feed Reader, such as Tiny Tiny RSS

RSS Bridge Select Atom Feed - FreedomBox

21.2.2. Subscribing to feed with Tiny Tiny RSS

  1. Copy the URL that RSS Bridge generated

RSS Bridge Copy URL - FreedomBox

  1. In Tiny Tiny RSS select Subscribe to feed from the drop-down menu on the right side.

  2. Paste the generated link from step one into the textbox and select This feed requires authentication.

  3. Submit your FreedomBox username and password and click on Subscribe

RSS Bridge Subscribe to Feed - FreedomBox

For a more detailed description of Tiny Tiny RSS, see its manual page

22. Samba (Network File Storage)

Samba icon

Available since: version 19.22

Samba lets you have shared folders over the local network that can be used from multiple computers running different operating systems. We refer to these shared folders as "shares".

You can have a personal folder shared between your own devices (Home share), a folder shared with a trusted group (Group share) or one that is shared with every device on the network (Open share).

Samba lets you to treat a share as if it's a local folder on your computer. However, shares are available only on the local network.

To learn more about Samba, please refer to the user documentation on their wiki.

22.1. Using Samba

After installation, you can choose which disks to use for sharing. Enabled shares are accessible in the file manager on your computer at location \\freedombox (on Windows) or smb://freedombox.local (on Linux and Mac). There are three types of shares you can choose from:

Open share - accessible to everyone in your local network.
Group share - accessible only to FreedomBox users who are in the freedombox-share group.
Home share - every user in the freedombox-share group can have their own private space.

22.1.1. Connecting from an Android device

To access Samba shares on an Android device, install "Android Samba Client" from F-Droid or Google Play. Enter smb://freedombox.local/<disk> as the share path in the app. Your shared folders should then be visible in the file manager app. Samba shares can also be used by VLC for Android which automatically discovers them.

22.1.2. Connecting from a macOS device

  • Open a Finder window on your Mac.
  • Use Go -> Connect to Server... from the file menu or press the shortcut Cmd+K to open the Connect To Server dialog.

  • Enter the address of your Samba share, e.g. smb://192.168.0.105/disk and click Connect.

22.2. Integration with other apps

Transmission app on FreedomBox provides a setting to allow downloads to be saved directly to a Samba share.

If you want to make available files synchronized with Syncthing through Samba you need to make sure you synchronize in a Samba share folder. Additionally in order to make Syncthing shares available in Samba Open share or Group share you will need to ensure you click "Permissions > Ignore" button under the "Advanced" tab in folder you wish in the Syncthing web UI. This will ensure that the files will be writable through Samba.

22.3. Comparison with other apps

22.3.1. Syncthing

Syncthing maintains a copy of the shared folder on each device that it is shared with. Samba maintains only one copy on your FreedomBox device.

Syncthing can synchronize your shared folders between devices over the Internet. Samba shares are only available on the local network.

Since Syncthing is primarily a synchronization solution, it has features like conflict resolution and versioning. Samba has only copy of the file, so it doesn't need such features. For example, if two people are editing a spreadsheet stored on a Samba share, the last one to save the file wins.

23. Searx (Web Search)

Searx icon

Available since: version 0.24.0

23.1. About Searx

Searx is a metasearch engine. A metasearch engine aggregates the results from various search engines and presents them in a unified interface.

Read more about Searx on their official website.

23.2. Screenshot

Searx Screenshot

23.3. Screencast

Searx installation and first steps (14 MB)

23.4. Why use Searx?

23.4.1. Personalization and Filter Bubbles

Search engines have the ability to profile users and serve results most relevant to them, putting people into filter bubbles, thus distorting people's view of the world. Search engines have a financial incentive to serve interesting advertisements to their users, increasing their chances of clicking on the advertisements.

A metasearch engine is a possible solution to this problem, as it aggregates results from multiple search engines thus bypassing personalization attempts by search engines.

Searx avoids storing cookies from search engines as a means of preventing tracking and profiling by search engines.

23.4.2. Advertisement filtering

Searx filters out advertisements from the search results before serving the results, thus increasing relevance the of your search results and saving you from distractions.

23.4.3. Privacy

Searx uses HTTP POST instead of GET by default to send your search queries to the search engines, so that anyone snooping your traffic wouldn't be able to read your queries. The search queries wouldn't stored in browser history either.

Note: Searx used from Chrome browser's omnibar would make GET requests instead of POST.

23.5. Searx on FreedomBox

  • Searx on FreedomBox uses Single Sign On. This means that you should be logged in into your FreedomBox in the browser that you're using Searx.

  • SearX is easily accessible via Tor.
  • Searx can be added as a search engine to the Firefox browser's search bar. See Firefox Help on this topic. Once Searx is added, you can also set it as your default search engine.

  • Searx also offers search results in csv, json and rss formats, which can be used with scripts to automate some tasks.

24. Shadowsocks (Bypass Censorship)

Shadowsocks icon

Available since: version 0.18.0

24.1. What is Shadowsocks?

Shadowsocks is a tool for securely forwarding network requests to a remote server. It consists of two parts: (1) a Shadowsocks server, and (2) a Shadowsocks client with a SOCKS5 proxy.

Shadowsocks can be used to bypass Internet filtering and censorship. This requires that the Shadowsocks server is in a location where it can freely access the Internet, without filtering.

Your FreedomBox can run a Shadowsocks client which can connect to a Shadowsocks server. It will also run a SOCKS5 proxy. Local devices can connect to this proxy, and their data will be encrypted and proxied through the Shadowsocks server.

Alternatively, your FreedomBox can run a Shadowsocks server, that allows Shadowsocks clients to connect to it. Clients' data will be encrypted and proxied through this server.

24.2. Using Shadowsocks?

Shadowsocks can be used as follows:

  • Shadowsocks Client (a FreedomBox) is in a region where some parts of the Internet are blocked or censored.

  • Shadowsocks Server (a different FreedomBox, or another server) is in a different region, which doesn't have these blocks.

  • The FreedomBox running Shadowsocks Client provides SOCKS proxy service on the local network for other devices to make use of its Shadowsocks connection to the server.

Shadowsocks connection diagram

24.3. Configuring your FreedomBox for Shadowsocks Client

To enable Shadowsocks Client, first navigate to the Shadowsocks Client (Bypass Censorship) page, and install it.

Server: the Shadowsocks server is not this FreedomBox's IP or URL; rather, it will be another server or VPS that has been configured as a Shadowsocks server. There are also some public Shadowsocks servers listed on the web, but be aware that whoever operates the server can see where requests are going, and any non-encrypted data will be visible to them.

To use Shadowsocks Client after setup, set the SOCKS5 proxy URL in your device, browser or application to http://freedombox_address:1080/

24.4. Configuring your FreedomBox for Shadowsocks Server

To enable Shadowsocks Server, first navigate to the Shadowsocks Server (Help Others Bypass Censorship) page, and install it.

Note: In general, a FreedomBox should be set up as either a Shadowsocks Server, or a Shadowsocks Client, but not both!

For Shadowsocks Clients to connect to your server, they will need to know your domain name, the password, and the encryption method.

24.4.1. Port Forwarding

If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for Shadowsocks Server:

  • TCP 8388
  • UDP 8388

25. Sharing (File Publishing)

Sharing icon

Available since: version 0.25

25.1. What Is Sharing App?

Sharing app allows you to share content over the web. Shared content can be individual files or whole directories.

The content can be shared publicly or restricted to the users of listed allowed groups. Allowed users will be able to access the shared content from their web browser at https://your_freedombox/share/content_name. Users not belonging to any of the allowed groups won't see or access the content through this mechanism.

25.2. Setting Up Shares

For the users to access the content through their browser it must exist and have a share. A share is an entry in the Sharing app relating:

  • the Name (an thereby the URL) with which the users will ask for the content,
  • the Disk Path of the content to be served and
  • the sharing mode. On restricted mode, it also has the list of allowed groups.

Many shares can coexist in the same server.

Only admins can create, edit or remove shares. They'll find the Sharing app in the Apps section of FreedomBox web interface. Sharing app is an easy to use web application with an evident interface.

Each share has its own sharing mode (public or restricted) setting. Only groups recognized by FreedomBox service can be combined in the list of allowed groups. Groups created in the CLI won't be offered by the Sharing app.

25.3. Providing/Updating Content

The content can be created before or after the share is created and they can be updated independently.

The content doesn't need to be provided by an admin either. Any user with write access to the share's disk path can create or update it.

Multiple shares might point to the same content.

If you are user of FreedomBox and your admin refuses to create shares for you, and you don't need to restrict the access to your content, you still can fall back to the User Websites mechanism or the P2P networks (Deluge or Transmission for Torrent) to publish your files.

25.4. Technicalities

Sharing will share the content using the built-in Apache web server.

26. Syncthing (File Synchronization)

Syncthing icon

Available since: version 0.14

With Syncthing installed on your FreedomBox, you can synchronize content from other devices to your FreedomBox and vice-versa. For example, you can keep the photos taken on your mobile phone synchronized to your FreedomBox.

Users should keep in mind that Syncthing is a peer-to-peer synchronization solution, not a client-server one. This means that the FreedomBox isn't really the server and your other devices clients. They're all devices from Syncthing's perspective. You can use Syncthing to synchronize your files between any of your devices. The advantage that FreedomBox provides is that it is a server that's always running. Suppose you want your photos on your phone to be synchronized to your laptop, if you simply sync the photos to the FreedomBox, the laptop can get them from the FreedomBox whenever it comes online the next time. You don't have to be worried about your other devices being online for synchronization. If your FreedomBox is one of the devices set up with your Syncthing shared folder, you can rest assured that your other devices will eventually get the latest files once they come online.

After installation follow the instructions in the getting started of the Syncthing project. Syncthing allows individual folders to be selectively shared with other devices. Devices must be paired up before sharing by scanning QR codes or entering the device ids manually. Syncthing has a discovery service for easily identifying the other devices on the same network having Syncthing installed.

In order to access to the web client of the Syncthing instance running on your FreedomBox, use the path /syncthing. This web client is currently only accessible to the users of the FreedomBox that have administrator privileges, though it might be accessible to all FreedomBox users in a future release.

Syncthing web interface

Syncthing has android apps available on the F-Droid and Google Play app stores. Cross-platform desktop apps are also available.

To learn more about Syncthing, please visit their official website and documentation.

26.1. Synchronizing over Tor

Syncthing should automatically sync with your FreedomBox even if it is only accessible as a Tor Onion Service.

If you would like to proxy your Syncthing client over Tor, set the all_proxy environment variable:

$ all_proxy=socks5://localhost:9050 syncthing

For more information, see the Syncthing documentation on using proxies.

26.2. Avoiding Syncthing Relays

Syncthing uses dynamic connections by default to connect with other peers. This means that if you are synchronizing over the Internet, the data might have to go through public Syncthing relays to reach your devices. This doesn't take advantage of the fact that your FreedomBox has a public IP address.

When adding your FreedomBox as a device in other Syncthing clients, set the address like "tcp://<my.freedombox.domain>" instead of "dynamic". This allows your Syncthing peers to directly connect to your FreedomBox avoiding the need for relays. It also allows for fast on-demand syncing if you don't want to keep Syncthing running all the time on your mobile devices.

26.3. Using Syncthing with other applications

26.3.1. Password Manager

Password managers that store their databases in files are suitable for synchronization using Syncthing. The following example describes using a free password manager called KeePassXC in combination with Syncthing to serve as a replacement for proprietary password managers that store your passwords in the cloud.

KeePassXC stores usernames, passwords etc. in files have the .kdbx extension. These kdbx files can be stored in a Syncthing shared folder to keep them synchronized on multiple machines. Free software applications which can read this file format are available for both desktop and mobile. You typically have to just point the application at the .kdbx file and enter the master password to access your stored credentials. For example, the same kdbx file can be accessed by using KeePassXC on desktop and KeePassDX on Android. KeePassXC can also be used to fill credentials into login fields in the browser by installing a browser extension.

26.3.2. Note-taking and Journaling

Several note-taking applications allow the notes to be stored in text files in plaintext or Markdown format. logseq is one such application that is licensed AGPLv3. It can be used to write a daily journal or discrete pages about various topics which can be linked in the form of a knowledge graph. Please note that the text is not encrypted at rest. logseq can also be used as a note-taking software by teams, instead of hosting a wiki.

A wiki software available on Debian desktops is Zim. You can set the storage for your personal zim wiki to a Syncthing folder.

If your notes are only ever going to be personal, a simpler solution exists. It is called a "quine". A wiki implemented as a quine is a single HTML file with enough embedded CSS and JavaScript in it to make it useful for note-taking, journaling and even documentation. After editing the quine's HTML file in a web browser you can use the "Save as" feature of the browser to overwrite the existing HTML file in your Syncthing folder, each time you want to save it. Quines are the simplest note-taking/personal wiki solution that work on all operating systems with no additional software required, other than a web browser. TiddlyWiki and FeatherWiki are popular software in this category.

27. Tiny Tiny RSS (News Feed Reader)

Tiny Tiny RSS icon

Available since: version 0.9

Tiny Tiny RSS is a news feed (RSS/Atom) reader and aggregator, designed to allow reading news from any location, while feeling as close to a real desktop application as possible.

Any user created through FreedomBox web interface will be able to login and use this app. Each user has their own feeds, state and preferences.

27.1. Using the Web Interface

When enabled, Tiny Tiny RSS will be available from /tt-rss path on the web server. Any user created through FreedomBox will be able to login and use this app.

Tiny Tiny RSS

27.1.1. Adding a new feed

1. Go to the website you want the RSS feed for and copy the RSS/Atom feed link from it.

Selecting feeds

2. Select "Subscribe to feed.." from the Actions dropdown.

Subscribe to feed

3. In the dialog box that appears, paste the URL for copied in step 1 and click the Subscribe button.

Subscription dialog box

Give the application a minute to fetch the feeds after clicking Subscribe.

In some websites, the RSS feeds button isn't clearly visible. In that case, you can simply paste the website URL into the Subscribe dialog (step 3) and let TT-RSS automatically detect the RSS feeds on the page.

You can try this now with the homepage of WikiNews

As you can see in the image below, TT-RSS detected and added the Atom feed of WikiNews to our list of feeds.

WikiNews feed added

If you don't want to keep this feed, right click on the feed shown in the above image, select Edit feed and click Unsubscribe in the dialog box that appears.

Unsubscribe from a feed

27.1.2. Importing your feeds from another feed reader

In your existing feed reader, find an option to Export your feeds to a file. Prefer the OPML file format if you have to choose between multiple formats. Let's say your exported feeds file is called Subscriptions.opml

Click on the Actions menu at the top left corner and select Preferences. You will be taken to another page.

Select the second tab called Feeds in the top header. Feeds has several sections. The second one is called OPML. Select it.

OPML feeds page

To import your Subscriptions.opml file into TT-RSS,

  1. Click Browse and select the file from your file system

  2. Click Import my OPML

After importing, you'll be taken to the Feeds section that's above the OPML section in the page. You can see that the feeds from your earlier feed reader are now imported into Tiny Tiny RSS. You can now start using Tiny Tiny RSS as your primary feed reader.

In the next section, we will discuss setting up the mobile app, which can let you read your feeds on the go.

27.2. Using the Mobile App

The official Android app from the Tiny Tiny RSS project works with FreedomBox's Tiny Tiny RSS Server. The older TTRSS-Reader application is known not to work.

To configure, first install the application, then in the setting page, set URL as https://<your.freedombox.address>/tt-rss-app/. Set your user name and password in the Login details as well as HTTP Authentication details. If your FreedomBox does not have a valid HTTPS certificate, then in settings request allowing any SSL certificate and any host.

Tiny Tiny RSS Tiny Tiny RSS Tiny Tiny RSS Tiny Tiny RSS Tiny Tiny RSS

27.3. RSS Bridge

RSS Bridge can be used with Tiny Tiny RSS to generate Atom/RSS links for websites that don't provide one.

28. Tor (Anonymitätnetzwerk)

Tor Ikon

Verfügbar seit: Version 0.3

28.1. Was ist Tor?

Tor ist ein Servernetzwerk, die von Freiwilligen betrieben wird. Benutzer dieser Server können ihre Privatsphäre und Sicherheit beim Surfen im Internet verbessern. Sie und Ihre Freunde können über das Tor-Netzwerk auf Ihre FreedomBox zugreifen, ohne deren IP-Adresse zu verraten. Wenn Sie die Tor-Anwendung auf Ihrer FreedomBox aktivieren, können Sie Remotedienste (Chat, Wiki, Dateifreigabe usw.) anbieten, ohne Ihren Standort anzuzeigen. Diese Anwendung bietet Ihnen einen beßeren Schutz als ein öffentlicher Webserver, denn Sie werden an weniger aufdringlichen Agente im Web ausgesetzt.

28.2. Anonymsurfen mit Tor

Tor Browser ist die empfohlene Methode, um mit Tor im Internet zu surfen. Sie können den Tor-Browser von https://www.torproject.org/projects/torbrowser.html herunterladen und den Anweisungen auf dieser Site folgen, um ihn zu installieren und rennen.

28.3. Zugriff auf Ihren FreedomBox mit dem Tor Onion Service

Der Tor Onion Service bietet eine Möglichkeit, auf Ihre FreedomBox zuzugreifen, auch wenn sie sich hinter einem Router, einer Firewall oder einem CGNAT befindet (d.h. Ihr Internetdienstanbieter stellt keine öffentliche IPv4-Adresse für Ihren Router bereit).

Um den Tor Onion Service zu aktivieren, gehen Sie erstmal zur Seite Anonymitätnetzwerk (Tor). (Wenn Sie es nicht sehen, klicken Sie oben links auf der Seite auf das FreedomBox-Logo, um zur Apps-Hauptseite zu gelangen.) Aktivieren Sie auf der Seite Anonymitätnetzwerk (Tor) unter Konfiguration die Option "Tor Onion Service aktivieren", und klicken Sie dann auf Setup aktualisieren. Tor wird neu konfiguriert und wiedergestartet werden.

Nach einer Weile wird die Seite aktualisiert und unter Status wird eine Tabelle mit der .onion-Adresse des Onion Service angezeigt. Kopieren Sie die ganze Adresse (mit der Endung .onion) und fügen Sie sie in das Adressfeld des Tor-Browsers ein. Sie sollten dann auf Ihre FreedomBox zugreifen können. (Möglicherweise wird eine Zertifikatwarnung angezeigt, denn FreedomBox'sches Zertifikat ist selbstsigniert.)

Tor Einstellung - FreedomBox

Heutzutage können nur HTTP (Port 80), HTTPS (Port 443) und SSH (Port 22) über den auf der FreedomBox konfigurierten Tor Onion Service zugegriffen werden.

28.4. Apps, die über Tor zugreifbar sind

Folgende Apps lassen sich über Tor zugreiffen. Beachten Sie, daß diese Liste nicht vollständig ist.

28.5. Ein Tor-Relais betreiben

Tor ist standardmäßig, als Brückenrelais eingestellt. Die Relais- oder Brückenoption kann man über die Tor-Konfigurationsseite in FreedomBox abschalten.

Unten, bei der Tor-Seite in FreedomBox gibt es eine Liste der vom Tor-Relais verwendeten Ports. Wenn Ihre FreedomBox sich hinter einem Router befindet, müssen Sie die Portweiterleitung auf Ihrem Router konfigurieren, um diese Ports über das öffentliche Internet zugreifbar zu lassen.

Die Anforderungen für den Betrieb eines Relais sind im Tor Relay Guide aufgegeben . Das heißt:

  • Es wird empfohlen, daß für ein Relais mindestens 16 Mbit/s (Mbps) Auf- sowohl als Herunterwärts-Bandbreite für Tor verfügbar sind. Mehr desto besser.
  • Es ist erforderlich, daß ein Tor-Relay mindestens 100 GByte ausgehenden und eingehenden Datenverkehrs pro Monat verwenden darf.
  • Für ein Nicht-Ausgang-Relais mit <40 Mbit/s wird es empfohlen, daß mindestens 512 MB RAM verfügbar sind; Ein schnelleren Relais, sollte mindestens 1 GB RAM haben.

28.6. (Fortgeschrittene) Verwendung als SOCKS-Proxy

FreedomBox bietet einen Tor SOCKS-Port, mit dem andere Anwendungen eine Verbindung herstellen können um ihren Verkehr über das Tor-Netzwerk zu leiten. Dieser Port ist an alle Schnittstellen zugänglich, die die internen Firewall-Zone zugewiesen sind. Setzen Sie SOCKS Host auf die IP-Adresse der internen Netzwerkverbindung und Stellen Sie den SOCKS-Port auf 9050 ein, um die Anwendung einzustellen.

28.6.1. Beispiel mit Firefox

Ihr Webbrowser kann so eingestellt werden, daß er das Tor-Netzwerk für alle Surfen-Aktivität verwendet wird. Dies ermöglicht die Umgehung der Zensur und versteckt auch Ihre IP-Adresse von Websites während des regelmäßigen Surfens. Für Anonymität wird TorBrowser empfohlen.

Stellen Sie Ihre lokale FreedomBox-IP-Adresse und Ihren Port 9050 als SOCKS v5-Proxy in Firefox ein. Es gibt Erweiterungen, mit denen der Proxy einfach ein- und ausgeschaltet werden kann.

Firefox mit Tor SOCKS proxy einstellen

Mit konfigurierten SOCKS-Proxy können Sie nun direkt auf Onion-URLs aus Firefox zugreifen. FreedomBox selbst hat eine Onion-v3-Adresse, mit der Sie eine Verbindung über das Tor-Netzwerk herstellen können. (Bemerken Sie sie für Notfallgelegenheiten).

28.7. Umgehung der Tor-Zensur

Wenn Ihr ISP versucht, den Tor-Verkehr zu blockieren, können Sie Tor-Bridge-Relais verwenden, um eine Verbindung zum Tor-Netzwerk herzustellen

1. Erhalten Sie die Bridge-Konfiguration aus der Tor BridgeDB

Tor BridgeDB

2. Fügen Sie die Zeilen wie unten gezeigt zu Ihrer FreedomBox Tor-Konfiguration hinzu.

Eistellungseite für Tor

29. Transmission (Distributed File Sharing via BitTorrent)

Transmission icon

Available since: version 0.5

29.1. What is Transmission ?

Transmission is a BitTorrent node (both, client and server at the same time).

BitTorrent is a communications protocol for peer-to-peer (P2P) file sharing.

  • It is not anonymous; you should assume that others can see what files you are sharing.

  • This technology works best for big, popular files.

There are two BitTorrent web nodes available in FreedomBox: Transmission and Deluge. They have similar features, but you may prefer one over the other.

Transmission is a lightweight BitTorrent client that is well known for its simplicity and a default configuration that "Just Works".

29.2. Screenshot

Transmission Web Interface

29.3. Using Transmission

After installing Transmission, it can be accessed at https://<your freedombox>/transmission. Transmission uses single sign-on from FreedomBox, which means that if you are logged in on your FreedomBox, you can directly access Transmission without having to enter the credentials again. Otherwise, you will be prompted to login first and then redirected to the Transmission app.

29.4. Tips

29.4.1. Transferring Downloads from the FreedomBox

  1. Transmission's downloads directory can be added as a shared folder in the Sharing app. You can then access your downloads from this shared folder using a web browser.

  2. (Advanced) If you have the ssh access to your FreedomBox, you can use sftp or scp to browse the downloads directory using a suitable file manager or web browser:

29.5. Port Forwarding

If your FreedomBox is behind a router you optionally might want to set up port forwarding on your router in order to improve communication with other peers. You should forward the following ports for Transmission:

  • TCP 51413 (or your configured peer listening port)

29.6. Using Remote Apps

In addition to using the web interface to control Transmission on FreedomBox, desktop and mobile apps may also be used. List of tested clients and their platforms are listed on the app page in FreedomBox web interface. When configuring these clients the URL to connect must be /transmission-remote/rpc and the port must be 443.

30. User Websites

Available since: version 0.9.4

30.1. What is User Websites?

User websites is a standard location for webservers to allow host users to expose static files on the filesystem as a website to the local network and/or the internet according to the network and firewall setup.

The standard webserver in FreedomBox is Apache and this is implemented by means of a specific Apache module.

30.2. Screenshot

30.3. Using User Websites

The module is always enabled and offers no configuration from the FreedomBox web interface. There is no configuration or status page shown for this module in the FreedomBox web interface.

To serve documents, place the files in the designated directory in a FreedomBox user's home directory in the filesystem.

This directory is: public_html

Thus the absolute path for the directory of a user named fbx with home directory in /home/fbx will be /home/fbx/public_html. User websites will serve documents placed in this directory when requests for documents with the URI path "~fbx" are received. For the the example.org domain thus a request for the document example.org/~fbx/index.html will transfer the file in /home/fbx/public_html/index.html.

30.4. Creating public_html folder and uploading documents

30.4.1. Visually from Linux

Linux standard desktop file managers use to support remote filesystem access through SFTP out of the box. Among others, Gnome's Nautilus, KDE/Plasma's Dolphin and XFCE's Thunar do so. This standarization allows for very easy, similar and straightforward procedures:

  1. Connect with the file manager to your FreedomBox:

    • Gnome's Nautilus:
      1. To lauch Nautilus you can seek its archive icon, or search ether its name or the word "file".
      2. At the bottom of the left pane you'll find an option "+ Other locations".
      3. It leads you to a list of locations. Find "freedombox SFTP server" (english literal for all desktop languages). Click on it.

      4. The first time you'll be asked for your user and password. Enter your FreedomBox user and its password. The dialog will also offer you some options to remember it for some time.

    • Plasma file manager AKA Dolphin:
      1. Click on the location bar at the top of the window.
      2. Input ftp://freedombox.local

      3. The first time you'll be asked for your user and password. Enter your FreedomBox user and its password. The dialog will also offer you some option to remember it.

    • XFCE's Thunar:
      1. Type this into the browser bar: sftp://username@freedombox.local, replacing the 'username' placeholder with your actual FreedomBox username.

      2. I guess the first time you'll be asked for your password. Enter your FreedomBox user's password.

  2. You should be shown FreedomBox filesystem. Enter the home folder and then enter you user's subfolder.

  3. If there's no public_html folder, create it: right mouse button click, etc.

  4. Drag your file(s) and drop it/'em into the public_html folder.

  5. You should now be able to navigate your browser to the corresponding url and see the files.

30.4.2. Visually from Other Plattforms

If you want to use graphical free software clients, install:

Their usage will be similar to that described for Linux desktops.

30.4.3. With a Command Line Interface (CLI)

Usually any Unix system, including Linux in all (most) of its flavours and Mac, provide the standard utilities ssh, scp and sftp. FreeDOS provides SSH2DOS. No need to install anything. It's already there!

Examples:

Connect to FreedomBox via SSH:

  1. (replacing username with a valid FreedomBox user name and freedombox.local with your FreedomBox's domain name or IP):

    $ ssh username@freedombox.local
  2. If your data is ok and your FreedomBox reachable, the first time you'll be asked to confirm its signature.

  3. Then you'll be asked for the password of your FreedomBox user.

  4. Then you'll be shown the welcome banner with the FreedomBox's buttefly logo in ASCII art (painted with characters).

  5. The prompt changes to username@freedombox:~$.

Once connected create your website folder with:

  • username@freedombox:~$ mkdir ~/public_html

...or one for another user:

  1. use the sudo prefix like

    username@freedombox:~$ sudo mkdir /home/<the_other_user>/public_html
    , and introduce your password.
  2. When you create a folder, by default it belongs to you no matter where it is created. Thus you'll then need to set its ownership to the other user:

    username@freedombox:~$ sudo chown <the_other_user>:<the_other_user> /home/<the_other_user>/public_htm
  3. Better check it before you disconnect that `public_html' is listed among the contents of the other user's home folder.
    username@freedombox:~$ ls -l /home/<the_other_user>
    ...
    drwxr-xr-x  2 <the_other_user> <the_other_user>   4096 jan 29 17:39  public_html
    ...

    . The name of the other user must appear twice in the public_html line and its permissions should be drwxr-xr-x.

Then any user can upload their files to their respective folders with any of the graphical clients. Ask them to check it.

It is a good security practice to exit instead of to just wait for the connection to time out:

  • username@freedombox:~$ exit

If then you want to also upload the web content through the command line you can

$ scp path/to/files username@freedombox.local:public_html/

. It will ask your password in FreedomBox. You should then be able to navigate your browser to the corresponding url and see the files.

Learn more about ssh, scp and sftp with $ man ssh, $ man scp and $ man sftp.

31. WireGuard (Virtual Private Network)

alt="WireGuard icon"

31.1. About WireGuard

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It can be a useful replacement for IPSec or OpenVPN.

31.2. Installation

You can install wireguard from the Apps section of the FreedomBox web interface.

31.3. Usage

  • Point-to-point tunnel
  • VPN client with default route

31.4. Configuration - Debian Peers

Note: These steps are handled automatically on FreedomBox. So you only need to follow these steps on any Debian clients that will connect to FreedomBox, or Debian servers that FreedomBox will connect to.

31.5. Configuration - Mobile Clients

WireGuard has a user space implementation for mobile devices available via the WireGuard app - available for Android and iOS (a full list of supported operating systems is available here).

The client can be configured in several ways:

31.5.1. Alternative A - Create configuration manually

This is self-explanatory, you actually create the config on the mobile device then transfer the relevant keys to the server's config.

31.5.2. Alternative B - Create configuration from archive

Here you have to create a .zip archive of the client configuration file, transfer it to the device then import it into the app.

31.5.3. Alternative C - Import by reading a QR code (most secure method)

The mobile client as of version 0.0.20180724 supports QR code based input.

qrencode can be used to generate qr codes, even in a terminal/console using UTF8 characters.

The syntax is:

# qrencode -t ansiutf8 < client.conf

This will generate a QR code that is readable by the mobile client.

The advantage of this approach is that there is no need to transfer sensitive information via data channels that can potentially be compromised and there is no need for any additional software.

32. Zoph (Foto-Manager)

alt="Zoph Ikon"

Verfügbar seit: Version 21.3 (benötigt Debian 11 "Bullseye")

32.1. Was ist Zoph?

Zoph ist ein webbasierter Foto-Manager, der das Hochladen von Fotos auf den FreedomBox-Server ermöglicht, auf dem sie in Alben organisiert und mit Orten, Personen und Kategorien verknüpft werden können. Ein einzelnes Foto kann sich in mehreren Alben befinden, und Alben, Kategorien und Orte sind hierarchisch aufgebaut.

Zoph unterstützt mehrere Benutzer und verfügt über ein Berechtigungssystem, mit dem Sie steuern können, welche Alben Benutzer sehen oder erstellen können, ob sie Personen sehen oder erstellen können usw.

Für FreedomBox muss der Benutzername in Zoph mit dem Benutzernamen der FreedomBox übereinstimmen, damit Single Sign On funktioniert.

32.2. Verwendung von Zoph

Nachdem Zoph installiert ist, müssen Sie auf "Setup" klicken. Dann können Sie den Web-Client starten. Er kann auch unter https://<Ihre freedombox>/zoph aufgerufen werden.

Nur beim allerersten Mal werden Sie nach Benutzer und Passwort gefragt. Bei den nächsten Malen werden Sie direkt zum Willkommensbildschirm weitergeleitet.

Zoph - Hauptseite

Das Registermenü wird oben auf jeder Seite angezeigt. Von dort aus können Sie Fotos von einem beliebigen Computer importieren, Zoph verwalten, um weitere Benutzer hinzuzufügen usw.

Sie können nun auf die Registerkarte "Voreinstellungen" gehen und Ihre Präferenzen festlegen, z. B. die Anzahl der Zeilen und Spalten in den Ergebnisanzeigen, wie viele Informationen über die Kamera, mit der das Foto aufgenommen wurde, angezeigt werden sollen und so weiter.

Zoph - Benutzervorzüge

Sie können Informationen über Personen hinzufügen, die sich auf Ihren Fotos befinden.

Zoph - Neue Person

32.2.1. Auswählen eines Speicherorts für Ihre Fotos

Ihre Fotos benötigen im Vergleich zu den anderen Verwendungen Ihrer FreedomBox viel Speicherplatz. Vielleicht möchten Sie sie auf einer externen Festplatte ablegen. Sie können (noch) nicht im ersten Installationsbildschirm angeben, wo Ihre Fotos gespeichert werden sollen. Die Datenbank, die Informationen über Alben, Personen usw. enthält, wird in Ihrem normalen FreedomBox-Speicher gehalten.

System

1. Backups

FreedomBox includes the ability to backup and restore data, preferences, configuration and secrets from most of the applications. The Backups feature is built using Borg backup software. Borg is a deduplicating and compressing backup program. It is designed for efficient and secure backups. This backups feature can be used to selectively backup and restore data on an app-by-app basis. Backed up data can be stored on the FreedomBox machine itself or on a remote server. Any remote server providing SSH access can be used as a backup storage repository for FreedomBox backups. Data stored remotely may be encrypted and in such cases remote server cannot access your decrypted data.

1.1. Notes for Specific App Backups

Unless otherwise noted here, backup of an app's data will include its configuration, secrets and other data.

App/Feature

Notes

Deluge

Does not include downloaded/seeding files

MiniDLNA

Does not include the data in the shared folders

Networks

No plans currently to implement backup

Samba

Does not include the data in the shared folders

Sharing

Does not include the data in the shared folders

Snapshot

Only configuration, does not include snapshot data

Syncthing

Does not include data in the shared folders

Transmission

Does not include downloaded/seeding files

Users

Backup of user accounts is planned

1.2. How to install and use Backups

Step 1

Backups: Step 1

Step 2

Backups: Step 2

Step 3

Backups: Step 3

Step 4

Backups: Step 4

Step 5

Backups: Step 5

Step 6

Backups: Step 6

Step 7

Backups: Step 7

2. BIND (Domain Name Server)

BIND enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your user devices on your network.

Currently, on FreedomBox, BIND is only used to resolve DNS queries for other machines on local network. It is also incompatible with sharing Internet connection from FreedomBox.

Note: This service is available only on networks configured as "internal" zone. It is not available when connected via OpenVPN.

2.1. Using BIND

When BIND is enabled, that does not automatically mean that anything is using it. The following can be configured:

  • FreedomBox can be configured to use the local BIND service for its own DNS lookups.

  • Clients on the Local Area Network can be configured to use the FreedomBox's BIND service for their DNS lookups.

The FreedomBox can be set to use its own BIND service for DNS lookups through Networks:

  1. Go to System page, and then select Networks.
  2. Select the "FreedomBox WAN" connection and press Edit.

  3. Under "IPv4 Addressing Method", there is a field "DNS Server". Set it to 127.0.0.1.

  4. Press "Edit Connection" at the bottom to save the changes.
  5. Restart the FreedomBox from the user drop-down menu.

3. Cockpit (Server Administration)

Cockpit is a server manager that makes it easy to administer GNU/Linux servers via a web browser. On a FreedomBox, controls are available for many advanced functions that are not usually required. A web based terminal for console operations is also available.

It can be accessed by any user on your FreedomBox belonging to the admin group. Cockpit is only usable when you have proper domain name setup for your FreedomBox and you use that domain name to access Cockpit. See the Troubleshooting section for more information.

Use cockpit only if you are an administrator of GNU/Linux systems with advanced skills. FreedomBox tries to coexist with changes to system by system administrators and system administration tools like Cockpit. However, improper changes to the system might causes failures in FreedomBox functions.

3.1. Using Cockpit

Install Cockpit like any other application on FreedomBox. Make sure that Cockpit is enabled after that.

cockpit-enable.png

Ensure that the user account on FreedomBox that will used for Cockpit is part of the administrators group.

cockpit-admin-user.png

Launch the Cockpit web interface. Login using the configured user account. Be sure to check the box to "reuse my password for privileged tasks", otherwise you will not be able to perform various tasks such as configuring raid, or editing users, once logged in.

cockpit-login.png

Start using cockpit.

cockpit-system.png

Cockpit is usable on mobile interfaces too.

cockpit-mobile.png

3.2. Features

The following features of Cockpit may be useful for advanced FreedomBox users.

3.2.1. System Dashboard

Cockpit has a system dashboard that

  • Shows detailed hardware information
  • Shows basic performance metrics of a system
  • Allows changing system time and timezone
  • Allows changing hostname. Please use FreedomBox UI to do this

  • Shows SSH server fingerprints

cockpit-system.png

3.2.2. Viewing System Logs

Cockpit allows querying system logs and examining them in full detail.

cockpit-logs.png

3.2.3. Managing Storage

Cockpit allows following advanced storage functions:

  • View full disk information
  • Editing disk partitions
  • RAID management

cockpit-storage1.png

cockpit-storage2.png

3.2.4. Networking

Cockpit and FreedomBox both rely on NetworkManager to configure the network. However, Cockpit offers some advanced configuration not available on FreedomBox:

  • Route configuration
  • Configure Bonds, Bridges, VLANs

cockpit-network1.png

cockpit-network2.png

cockpit-network3.png

3.2.5. Services

Cockpit allows management of services and periodic jobs (similar to cron).

cockpit-services1.png

cockpit-services2.png

3.2.6. Web Terminal

Cockpit offers a web based terminal that can be used perform manual system administration tasks.

cockpit-terminal.png

3.3. Troubleshooting

Cockpit requires a domain name to be properly setup on your FreedomBox and will only work when you access it using a URL with that domain name. Cockpit will not work when using IP address in the URL. Using freedombox.local as the domain name also does not work. For example, the following URLs will not work:

https://192.168.0.10/_cockpit/
https://freedombox.local/_cockpit/

Starting with FreedomBox version 19.15, using .local domain works. You can access Cockpit using the URL https://freedombox.local/_cockpit/. The .local domain is based on your hostname. If your hostname is mybox, your .local domain name will be mybox.local and the Cockpit URL will be https://mybox.local/_cockpit/.

To properly access Cockpit, use the domain name configured for your FreedomBox.Cockpit will also work well when using a Tor Onion Service. The following URLs will work:

https://mybox.freedombox.rocks/_cockpit/
https://exampletorhs.onion/_cockpit/

The reason for this behaviour is that Cockpit uses WebSockets to connect to the backend server. Cross site requests for WebSockets must be prevented for security reasons. To implement this, Cockpit maintains a list of all domains from which requests are allowed. FreedomBox automatically configures this list whenever you add or remove a domain. However, since we can't rely on IP addresses, they are not added by FreedomBox to this domain list. You can see the current list of allowed domains, as managed by FreedomBox, in /etc/cockpit/cockpit.conf. You may edit this, but do so only if you understand web security consequences of this.

4. Configure

Configure has some general configuration options:

4.1. Hostname

  • Hostname is the local name by which other devices on the local network can reach your FreedomBox. The default hostname is freedombox.

4.2. Domain Name

4.3. Webserver Home Page

Once some other app is set as the home page, you can only navigate to the FreedomBox Service by typing https://myfreedombox.rocks/plinth/ into the browser.
/freedombox can also be used as an alias to /plinth

  • You can set any web application, Ikiwiki wikis and blogs or Apache's default index.html page as the web server home page. Since release 20.20 you can also select a user's website among those users who have created their public_html directory.

  • Tip: Bookmark the URL of FreedomBox Service before setting the home page to some other app.

5. Date & Time

This network time server is a program that maintains the system time in synchronization with servers on the Internet.

You can select your time zone by picking a big city nearby (they are sorted by Continent/City) or select directly the zone with respect to GMT (Greenwich Mean Time).

DateTime.png

6. Diagnostics

The system diagnostic test will run a number of checks on your system to confirm that applications and services are working as expected.

Just click Run Diagnostics. This may take some minutes.

7. Dynamic DNS Client

7.1. What is Dynamic DNS?

In order to reach a server on the Internet, the server needs to have permanent address also known as the static IP address. Many Internet service providers don't provide home users with a static IP address or they charge more providing a static IP address. Instead they provide the home user with an IP address that changes every time the user connects to the Internet. Clients wishing to contact the server will have difficulty reaching the server.

Dynamic DNS service providers assist in working around a problem. First they provide you with a domain name, such as 'myhost.example.org'. Then they associate your IP address, whenever it changes, with this domain name. Then anyone intending to reach the server will be to contact the server using the domain name 'myhost.example.org' which always points to the latest IP address of the server.

For this to work, every time you connect to the Internet, you will have to tell your Dynamic DNS provider what your current IP address is. Hence you need special software on your server to perform this operation. The Dynamic DNS function in FreedomBox will allow users without a static public IP address to push the current public IP address to a Dynamic DNS Server. This allows you to expose services on FreedomBox, such as ownCloud, to the Internet.

7.2. GnuDIP vs. Update URL

There are two main mechanism to notify the Dynamic DNS server of your new IP address; using the GnuDIP protocol and using the Update URL mechanism.

If a service provided using update URL is not properly secured using HTTPS, your credentials may be visible to an adversary. Once an adversary gains your credentials, they will be able to replay your request your server and hijack your domain.

On the other hand, the GnuDIP protocol will only transport a salted MD5 value of your password, in a way that is secure against replay attacks.

7.3. Using the GnuDIP protocol

  1. Register an account with any Dynamic DNS service provider. A free service provided by the FreedomBox community is available at https://ddns.freedombox.org .

  2. In FreedomBox UI, enable the Dynamic DNS Service.

  3. Select GnuDIP as Service type, enter your Dynamic DNS service provider address (for example, ddns.freedombox.org) into GnuDIP Server Address field.

    Dynamic DNS Settings

  4. Fill Domain Name, Username, Password information given by your provider into the corresponding fields.

7.4. Using an Update URL

This feature is implemented because the most popular Dynamic DNS providers are using Update URLs mechanism.

  1. Register an account with a Dynamic DNS service provider providing their service using Update URL mechanism. Some example providers are listed in the configuration page itself.
  2. In FreedomBox UI, enable the Dynamic DNS service.

  3. Select other Update URL as Service type, enter the update URL given by your provider into Update URL field.

  4. If you browse the update URL with your Internet browser and a warning message about untrusted certificate appears, then enable accept all SSL certificates. WARNING: your credentials may be readable here because man-in-the-middle attacks are possible! Consider choosing a better service provider instead.

  5. If you browse the update URL with your Internet browser and the username/password box appears, enable use HTTP basic authentication checkbox and provide the Username and Password.

  6. If the update URL contains your current IP address, replace the IP address with the string <Ip>.

7.5. Checking If It Works

  1. Make sure that external services you have enabled such as /jwchat, /roundcube and /ikiwiki are available on your domain address.
  2. Go to the Status page, make sure that the NAT type is detected correctly. If your FreedomBox is behind a NAT device, this should be detected over there (Text: Behind NAT). If your FreedomBox has a public IP address assigned, the text should be "Direct connection to the Internet".

  3. Check that the last update status is not failed.

7.6. Recap: How to create a DNS name with GnuDIP

  1. Access to GnuIP login page (answer Yes to all pop ups)

  2. Click on "Self Register"
  3. Fill the registration form (Username and domain will form the public IP address [username.domain])
  4. Take note of the username/hostname and password that will be used on the FreedomBox app.

  5. Save and return to the GnuDIP login page to verify your username, domain and password (enter the datas, click login).
  6. Login output should display your new domain name along with your current public IP address (this is a unique address provided by your router for all your local devices).
  7. Leave the GnuDIP interface and open the Dynamic DNS Client app page in your FreedomBox.

  8. Click on "Set Up" in the top menu.
  9. Activate Dynamic DNS
  10. Choose GnuDIP service.
  11. Add server address (ddns.freedombox.org)
  12. Add your fresh domain name (username.domain, ie [username].freedombox.rocks)
  13. Add your fresh username (the one used in your new IP address) and password
  14. Add your GnuDIP password
  15. Fill the option with https://ddns.freedombox.org/ip/ (try this url in your browser, you will figure out immediately)

8. Firewall

Firewall is a network security system that controls the incoming and outgoing network traffic. Keeping a firewall enabled and properly configured reduces risk of security threat from the Internet.

The operation of the firewall in FreedomBox web interface is automatic. When you enable a service it is automatically permitted in the firewall and when you disable a service it is automatically disabled in the firewall. For services which are enabled by default on FreedomBox, firewall ports are also enabled by default during the first run process.

Firewall

Firewall management in FreedomBox is done using FirewallD.

8.1. Interfaces

Each interface is needs to be assigned to one (and only one) zone. If an interface is not assigned any zone, it is automatically assigned external zone. Whatever rules are in effect for a zone, those rules start to apply for that interface. For example, if HTTP traffic is allowed in a particular zone, then web requests will be accepted on all the addresses configured for all the interfaces assigned to that zone.

There are primarily two firewall zones used. The internal zone is meant for services that are provided to all machines on the local network. This may include services such as streaming media and simple file sharing. The external zone is meant for services that are provided publicly on the Internet. This may include services such as blog, website, email web client etc.

For details on how network interfaces are configured by default, see the Networks section.

8.2. Opening Custom Ports

Cockpit app provides advanced management of firewall. Both FreedomBox and Cockpit operate over firewalld and are hence compatible with each other. In particular, Cockpit can be used to open custom services or ports on FreedomBox. This is useful if you are manually running your own services in addition to the services provided by FreedomBox on the same machine.

firewalld-cockpit.png

8.3. FreedomBox Ports/Services

The following table attempts to document the ports, services and their default statuses in FreedomBox. If you find this page outdated, see the Firewall status page in FreedomBox interface.

Service

Port

External

Enabled by default

Status shown in FreedomBox

Managed by FreedomBox

Minetest

30000/udp

{*}

{X}

(./)

(./)

XMPP Client

5222/tcp

{*}

{X}

(./)

(./)

XMPP Server

5269/tcp

{*}

{X}

(./)

(./)

XMPP Bosh

5280/tcp

{*}

{X}

(./)

(./)

NTP

123/udp

{o}

(./)

(./)

(./)

FreedomBox Web Interface (Plinth)

443/tcp

{*}

(./)

(./)

{X}

Quassel

4242/tcp

{*}

{X}

(./)

(./)

SIP

5060/tcp

{*}

{X}

(./)

(./)

SIP

5060/udp

{*}

{X}

(./)

(./)

SIP-TLS

5061/tcp

{*}

{X}

(./)

(./)

SIP-TLS

5061/udp

{*}

{X}

(./)

(./)

RTP

1024-65535/udp

{*}

{X}

(./)

(./)

SSH

22/tcp

{*}

(./)

(./)

{X}

mDNS

5353/udp

{o}

(./)

(./)

(./)

Tor (Socks)

9050/tcp

{o}

{X}

(./)

(./)

Obfsproxy

<random>/tcp

{*}

{X}

(./)

(./)

OpenVPN

1194/udp

{*}

{X}

(./)

(./)

Mumble

64378/tcp

{*}

{X}

(./)

(./)

Mumble

64378/udp

{*}

{X}

(./)

(./)

Privoxy

8118/tcp

{o}

{X}

(./)

(./)

JSXC

80/tcp

{*}

{X}

{X}

{X}

JSXC

443/tcp

{*}

{X}

{X}

{X}

DNS

53/tcp

{o}

{X}

{X}

{X}

DNS

53/udp

{o}

{X}

{X}

{X}

DHCP

67/udp

{o}

(./)

{X}

{X}

Bootp

67/tcp

{o}

{X}

{X}

{X}

Bootp

67/udp

{o}

{X}

{X}

{X}

Bootp

68/tcp

{o}

{X}

{X}

{X}

Bootp

68/udp

{o}

{X}

{X}

{X}

LDAP

389/tcp

{o}

{X}

{X}

{X}

LDAPS

636/tcp

{o}

{X}

{X}

{X}

8.4. Manual operation

See FirewallD documentation for more information on the basic concepts and comprehensive documentation.

8.4.1. Enable/disable firewall

To disable firewall

service firewalld stop

or with systemd

systemctl stop firewalld

To re-enable firewall

service firewalld start

or with systemd

systemctl start firewalld

8.4.2. Modifying services/ports

You can manually add or remove a service from a zone.

To see list of services enabled:

firewall-cmd --zone=<zone> --list-services

Example:

firewall-cmd --zone=internal --list-services

To see list of ports enabled:

firewall-cmd --zone=<zone> --list-ports

Example:

firewall-cmd --zone=internal --list-ports

To remove a service from a zone:

firewall-cmd --zone=<zone> --remove-service=<service>
firewall-cmd --permanent --zone=<zone> --remove-service=<interface>

Example:

firewall-cmd --zone=internal --remove-service=xmpp-bosh
firewall-cmd --permanent --zone=internal --remove-service=xmpp-bosh

To remove a port from a zone:

firewall-cmd --zone=internal --remove-port=<port>/<protocol>
firewall-cmd --permanent --zone=internal --remove-port=<port>/<protocol>

Example:

firewall-cmd --zone=internal --remove-port=5353/udp
firewall-cmd --permanent --zone=internal --remove-port=5353/udp

To add a service to a zone:

firewall-cmd --zone=<zone> --add-service=<service>
firewall-cmd --permanent --zone=<zone> --add-service=<interface>

Example:

firewall-cmd --zone=internal --add-service=xmpp-bosh
firewall-cmd --permanent --zone=internal --add-service=xmpp-bosh

To add a port to a zone:

firewall-cmd --zone=internal --add-port=<port>/<protocol>
firewall-cmd --permanent --zone=internal --add-port=<port>/<protocol>

Example:

firewall-cmd --zone=internal --add-port=5353/udp
firewall-cmd --permanent --zone=internal --add-port=5353/udp

8.4.3. Modifying the zone of interfaces

You can manually change the assignment of zones of each interfaces after they have been autuomatically assigned by the first boot process.

To see current assignment of interfaces to zones:

firewall-cmd --list-all-zones

To remove an interface from a zone:

firewall-cmd --zone=<zone> --remove-interface=<interface>
firewall-cmd --permanent --zone=<zone> --remove-interface=<interface>

Example:

firewall-cmd --zone=external --remove-interface=eth0
firewall-cmd --permanent --zone=external --remove-interface=eth0

To add an interface to a zone:

firewall-cmd --zone=<zone> --add-interface=<interface>
firewall-cmd --permanent --zone=<zone> --add-interface=<interface>

Example:

firewall-cmd --zone=internal --add-interface=eth0
firewall-cmd --permanent --zone=internal --add-interface=eth0

9. Let's Encrypt (Certificates)

A digital certificate allows users of a web service to verify the identity of the service and to securely communicate with it. FreedomBox can automatically obtain and setup digital certificates for each available domain. It does so by proving itself to be the owner of a domain to Let's Encrypt, a certificate authority (CA).

Let's Encrypt is a free, automated, and open certificate authority, run for the public's benefit by the Internet Security Research Group (ISRG). Please read and agree with the Let's Encrypt Subscriber Agreement before using this service.

9.1. Why using Certificates

The communication with your FreedomBox can be secured so that it is not possible to intercept the content of the web pages viewed and about the content exchanged.

9.2. How to setup

  1. If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports:

    • TCP 80 (http)
    • TCP 443 (https)
  2. Make the domain name known:
    • In Configure insert your domain name, e.g. MyWebName.com

      Let's Encrypt

  3. Verify the domain name was accepted
  4. Go to the Certificates (Let's Encrypt) page, and complete the module install if needed. Then click the "Obtain" button for your domain name.
    • After some minutes a valid certificate is available

      Let's Encrypt

  5. Verify in your browser by checking https://MyWebName.com

    • Let's Encrypt Certificate

Screencast: Let's Encrypt

9.3. Using

The certificate is valid for 3 months. It is renewed automatically and can also be re-obtained or revoked manually.

With running diagnostics the certificate can also be verified.

10. Name Services

Name Services provides an overview of ways the box can be reached from the public Internet: domain name, Tor Onion Service, and Pagekite. For each type of name, it is shown whether the HTTP, HTTPS, and SSH services are enabled or disabled for incoming connections through the given name. It also shows and allows configuring how FreedomBox performs domain name resolutions.

10.1. systemd-resolved

From release 24.19, FreedomBox uses systemd-resolved as caching DNS resolver and replaces resolvconf for managing DNS server configuration. This improves privacy and security. Newer installations will come with systemd-resolved and older machines will automatically switch after an upgrade to this new release.

systemd-resolved automatically acquires DNS servers from Network Manager, the default and recommended way to configure networks on FreedomBox. However, if you are manually managing network configuration by editing /etc/network/interfaces, you will need to ensure that the DNS servers acquired are passed on to systemd-resolved. Otherwise, Fallback DNS servers will be used. See below.

10.2. Support for DNS-over-TLS and DNSSEC

systemd-resolved supports DNS-over-TLS. This protocol allows encrypting DNS communication between FreedomBox and the DNS server if your DNS server (typically provided by your ISP, sometimes a separate service) has support for it. This improves both privacy and security as it makes it harder for intermediaries to see the communication or manipulate it. New settings for enabling DNS-over-TLS are available at the global level (for all network interfaces) in Name Services app and at the per-connection level in the Networks app's connection settings.

systemd-resolved supports DNSSEC. This standard allows website owners to sign their DNS records allowing clients to authenticate them. This improves security by making it harder to manipulate DNS responses. If your DNS server supports this feature, it can be turned on. New setting for enabling DNSSEC is available in the Name Services app.

You can detect whether your current DNS supports DNS-over-TLS and DNSSEC by turning them on in the settings one at a time and running the diagnostics for the Names app. There is a diagnostic check which detects whether you can successfully resolve the domain name deb.debian.org.

10.3. Setting a custom DNS server

If your current DNS server provided by your ISP does not support DNS-over-TLS or DNSSEC features, is censoring some domains names, or if you don't trust them enough, you can instead use one of the publicly available DNS servers. This can be done by editing network connections in the Networks app and adding DNS servers manually. You will need to deactivate and re-activate the network connection (or restart FreedomBox) for the settings to become active. After this, Names app will show you the currently configured DNS servers.

10.4. Fallback DNS servers

In some cases, when internet connection is available to the system by no DNS servers are known to systemd-resolved, the fallback DNS servers are used. This may happen, for example, due to misconfiguration when manually managing network configuration instead of using FreedomBox's default, the Network Manager. These fallback DNS servers, as defaulted by the upstream systemd project, include servers from Cloudflare and Google DNS servers. This has privacy implications but we felt that it was important to avoid FreedomBox from becoming unreachable due to misconfiguration. It was a difficult decision. Once you have proper DNS configuration and you know that it works, you can turn off fallback DNS servers using a new setting in the Privacy app. There is also a renewed notification in the web interface that will attract your attention towards this. You may also edit the list of Fallback DNS servers by creating a configuration file for systemd-resolved. See systemd-resolved documentation.

11. Networks

This section describes how networking is setup by default in FreedomBox and how you can customize it. See also the Firewall section for more information on how firewall works.

11.1. Default setup

In a fresh image of FreedomBox, network is not configured at all. When the image is written to an SD card and the device boots, configuration is done. During first boot, FreedomBox setup package detects the networks interfaces and tries to automatically configure them so that FreedomBox is available for further configuration via the web interface from another machine without the need to connect a monitor. Automatic configuration also tries to make FreedomBox useful, out of the box, for the most important scenarios FreedomBox is used for.

There are two scenarios it handles: when is a single ethernet interface and when there are multiple ethernet interfaces.

11.1.1. Single ethernet interface

When there is only single ethernet interface available on the hardware device, there is not much scope for it to play the role of a router. In this case, the device is assumed to be just another machine in the network. Accordingly, the only available interface is configured to be an internal interface in automatic configuration mode. This means that it connects to the Internet using the configuration provided by a router in the network and also makes all (internal and external) of its services available to all the clients on this network.

network_single.png

11.1.2. Multiple ethernet interface

When there are multiple ethernet interfaces available on the hardware device, the device can act as a router. The interfaces are then configured to perform this function.

The first network interface is configured to be an WAN or external interface in automatic configuration mode. This means that it connects to the Internet using network configuration provided by the Internet Service Provider (ISP). Only services that are meant to be provided across the entire Internet (external services) will be exposed on this interface. You must plug your Internet connection into the port of this ethernet interface. If you wish to continue to have your existing router manage the Internet connection for you, then plug a connection from your router to the port on this interface.

The remaining network interfaces are configured for the clients of a router. They are configured as LAN or internal interfaces in shared configuration mode. This means that all the services (both external and internal) services are provided to who ever connects on this interface. Further, the shared mode means that clients will be able to receive details of automatic network connection on this interface. Specifically, DHCP configuration and DNS servers are provided on this interface. The Internet connection available to the device using the first network interface will be shared with clients using this interface. This all means that you can connect your computers to this network interface and they will get automatically configured and will be able to access the Internet via the FreedomBox.

Currently, it is not very clear which interface will be come the WAN interface (and the remaining being LAN interfaces) although the assignment process is deterministic. So, it take a bit of trail and error to figure out which one is which. In future, for each device, this will be well documented.

11.1.3. Wi-Fi configuration

All Wi-Fi interfaces are configured to be LAN or internal interfaces in shared configuration mode. They are also configured to become Wi-Fi access points with following details.

  • Name of the access point will be FreedomBox plus the name of the interface (to handle the case where there are multiple of them).

  • Password for connecting to the interface will be freedombox123.

11.2. Internet Connection Sharing

Although the primary duty of FreedomBox is to provide decentralized services, it can also act like a home router. Hence, in most cases, FreedomBox connects to the Internet and provides other machines in the network the ability to use that Internet connection. FreedomBox can do this in two ways: using a shared mode connection or using an internal connection.

When an interface is set in shared mode, you may connect your machine directly to it. This is either by plugging in an ethernet cable from this interface to your machine or by connecting to a Wi-Fi access point. This case is the simplest to use, as FreedomBox automatically provides your machine with the necessary network configuration. Your machine will automatically connect to FreedomBox provided network and will be able to connect to the Internet given that FreedomBox can itself connect to the Internet.

Sometimes the above setup may not be possible because the hardware device may have only one network interface or for other reasons. Even in this case, your machine can still connect to the Internet via FreedomBox. For this to work, make sure that the network interface that your machine is connecting to is in internal mode. Then, connect your machine to network in which FreedomBox is present. After this, in your machine's network configuration, set FreedomBox's IP address as the gateway. FreedomBox will then accept your network traffic from your machine and send it over to the Internet. This works because network interfaces in internal mode are configured to masquerade packets from local machines to the Internet and receive packets from Internet and forward them back to local machines.

11.3. Customization

The above default configuration may not be fit for your setup. You can customize the configuration to suit your needs from the Networks area in the 'setup' section of the FreedomBox web interface.

11.3.1. PPPoE connections

If your ISP does not provide automatic network configuration via DHCP and requires you to connection via PPPoE. To configure PPPoE, remove any network connection existing on an interface and add a PPPoE connection. Here, optionally, provide the account username and password given by your ISP and activate the connection.

11.3.2. Connect to Internet via Wi-Fi

By default Wi-Fi devices attached during first boot will be configured as access points. They can be configured as regular Wi-Fi devices instead to connection to a local network or an existing Wi-Fi router. To do this, click on the Wi-Fi connection to edit it. Change the mode to Infrastructure instead of Access Point mode and IPv4 Addressing Method to Automatic (DHCP) instead of Shared mode. Then the SSID provided will mean the Wi-Fi network name you wish to connect to and passphrase will be the used to while making the connection.

11.3.2.1. Problems with Privacy Feature

NetworkManager used by FreedomBox to connect to the Wi-Fi networks has a privacy feature that uses a different identity when scanning for networks and when actually connecting to the Wi-Fi access point. Unfortunately, this causes problems with some routers that reject connections from such devices. Your connection won't successfully activate and disconnect after trying to activate. If you have control over the router's behaviour, you could also turn off the feature causing problem. Otherwise, the solution is to connect with a remote shell using SSH or Cockpit, editing a file /etc/NetworkManager/NetworkManager.conf and adding the line wifi.scan-rand-mac-address=no in the [device] section. This turns off the privacy feature.

Edit a file:

$ sudo nano /etc/NetworkManager/NetworkManager.conf

Add the following:

[device]
wifi.scan-rand-mac-address=no

Then reboot the machine.

11.3.3. Adding a new network device

When a new network device is added, network manager will automatically configure it. In most cases this will not work to your liking. Delete the automatic configuration created on the interface and create a new network connection. Select your newly added network interface in the add connection page.

  • Then set firewall zone to internal and external appropriately.

  • You can configure the interface to connect to a network or provide network configuration to whatever machine connects to it.
  • Similarly, if it is a Wi-Fi interface, you can configure it to become a Wi-FI access point or to connect to an existing access points in the network.

11.3.4. Configuring a mesh network

FreedomBox has rudimentary support for participating in BATMAN-Adv based mesh networks. It is possible to either join an existing network in your area or create a new mesh network and share your Internet connection with the rest of the nodes that join the network. Currently, two connections have to be created and activated manually to join or create a mesh network.

11.3.4.1. Joining a mesh network

To join an existing mesh network in your area, first consult the organizers and get information about the mesh network.

  1. Create a new connection, then select the connection type as Wi-Fi. In the following dialog, provide the following values:

    Field Name

    Example Value

    Explanation

    Connection Name

    Mesh Join - BATMAN

    The name must end with 'BATMAN' (uppercase)

    Physical Interface

    wlan0

    The Wi-Fi device you wish to use for joining the mesh network

    Firewall Zone

    External

    Since you don't wish that participants in mesh network to use internal services of FreedomBox

    SSID

    ch1.freifunk.net

    As provided to you by the operators of the mesh network. You should see this as a network in Nearby Wi-Fi Networks

    Mode

    Ad-hoc

    Because this is a peer-to-peer network

    Frequency Band

    2.4Ghz

    As provided to you by the operators of the mesh network

    Channel

    1

    As provided to you by the operators of the mesh network

    BSSID

    12:CA:FF:EE:BA:BE

    As provided to you by the operators of the mesh network

    Authentication

    Open

    Leave this as open, unless you know your mesh network needs it be otherwise

    Passphrase

    Leave empty unless you know your mesh network requires one

    IPv4 Addressing Method

    Disabled

    We don't want to request IP configuration information yet

    Save the connection. Join the mesh network by activating this newly created connection.
  2. Create a second new connection, then select the connection type as Generic. In the following dialog, provide this following values:

    Field Name

    Example Value

    Explanation

    Connection Name

    Mesh Connect

    Any name to identify this connection

    Physical Interface

    bat0

    This interface will only show up after you successfully activate the connection in first step

    Firewall Zone

    External

    Since you don't wish that participants in mesh network to use internal services of FreedomBox

    IPv4 Addressing Method

    Auto

    Mesh networks usually have a DHCP server somewhere that provide your machine with IP configuration. If not, consult the operator and configure IP address setting accordingly with Manual method

    Save the connection. Configure your machine for participation in the network by activating this connection. Currently, this connection has to be manually activated every time you need to join the network. In future, FreedomBox will do this automatically. You will now be able reach other nodes in the network. You will also be able to connect to the Internet via the mesh network if there is an Internet connection point somewhere in mesh as setup by the operators.

11.3.4.2. Creating a mesh network

To create your own mesh network and share your Internet connection with the rest of the nodes in the network:

  1. Follow the instructions as provided above in step 1 of Joining a mesh network but choose and fix upon your own valid values for SSID (a name for you mesh network), Frequency Band (usually 2.4Ghz), Channel (1 to 11 in 2.4Ghz band) and BSSID (a hex value like 12:CA:DE:AD:BE:EF). Create this connection and activate it.

  2. Follow the instructions as provided above in step 2 of Joining a mesh network but select IPv4 Addressing Method as Shared. This will provide automatic IP configuration to other nodes in the network as well as share the Internet connection on your machine (achieved using a second Wi-Fi interface, using Ethernet, etc.) with other nodes in the mesh network.

Spread the word about your mesh network to your neighbors and let them know the parameters you have provided when creating the network. When other nodes connect to this mesh network, they have to follow steps in Joining a mesh network but use the values for SSID, Frequency Band and Channel that you have chosen when you created the mesh network.

11.4. Advanced Network Operations

Cockpit provides many advanced networking features over those offered by FreedomBox. Both FreedomBox and Cockpit operate over Network Manager and are hence compatible with each other. Some of the functions provided by Cockpit include:

  • Set the maximum transmission unit (MTU) for a network connection
  • Change the hardware address (MAC address) of a network interface
  • Add more DNS servers and configure routing of a network connection
  • Creating bonded devices for highly available network interfaces
  • Creating bridge devices to join network interfaces for aggregating separate networks
  • Manage VLAN for creating virtual partitions in the physical network

networks-cockpit.png

11.5. Manual Network Operation

FreedomBox automatically configures networks by default and provides a simplified interface to customize the configuration to specific needs. In most cases, manual operation is not necessary. The following steps describe how to manually operate network configuration in the event that a user finds FreedomBox interface to insufficient for task at hand or to diagnose a problem that FreedomBox does not identify.

On the command line interface:

For text based user interface for configuring network connections:

nmtui

To see the list of available network devices:

nmcli device

To see the list of configured connections:

nmcli connection

To see the current status of a connection:

nmcli connection show '<connection_name>'

To see the current firewall zone assigned to a network interface:

nmcli connection show '<connection_name>' | grep zone

or

firewall-cmd --zone=internal --list-all
firewall-cmd --zone=external --list-all

To create a new network connection:

nmcli con add con-name "<connection_name>" ifname "<interface>" type ethernet
nmcli con modify "<connection_name>" connection.autoconnect TRUE
nmcli con modify "<connection_name>" connection.zone internal

To change the firewall zone for a connection:

nmcli con modify "<connection_name>" connection.zone "<internal|external>"

For more information on how to use nmcli command, see its man page. Also for a full list of configuration settings and type of connections accepted by Network Manager see:

https://developer.gnome.org/NetworkManager/stable/ref-settings.html

To see the current status of the firewall and manually operate it, see the Firewall section.

12. PageKite (Public Visibility)

12.1. What is PageKite?

PageKite makes local websites and services publicly accessible immediately without creating yourself a public IP address. It does this by tunneling protocols such as HTTPS or SSH through firewalls and NAT. Using PageKite requires an account on a PageKite relay service. One such service is https://pagekite.net.

A PageKite relay service will allow you to create kites. Kites are similar to domain names, but with different advantages and drawbacks. A kite can have a number of configured services. PageKite is known to work with HTTP, HTTPS, and SSH, and may work with some other services, but not all.

12.2. Using PageKite

  1. Create an account on a PageKite relay service.

  2. Add a kite to your account. Note your kite name and kite secret.
  3. In FreedomBox, go to the "Configure PageKite" tab on the Public Visibility (PageKite) page.

  4. Check the "Enable PageKite" box, then enter your kite name and kite secret. Click "Save settings".

  5. On the "Standard Services" tab, you can enable HTTP and HTTPS (recommended) and SSH (optional).
    • HTTP is needed to obtain the Let's Encrypt certificate. You can disable it later.
  6. On the Certificates (Let's Encrypt) page, you can obtain a Let's Encrypt certificate for your kite name.

13. Performance (System Monitoring)

Available since: version 20.9.7

Performance app allows you to collect, store and view information about utilization of the hardware. This can gives you basic insights into usage patterns and whether the hardware is overloaded by users and services.

Performance metrics are collected by Performance Co-Pilot and can be viewed using the Cockpit app. When this system app is installed and enabled, cockpit's graphs shows the past (up to one year at a time).

performance-one-week.png

14. Power

To restart or shut down FreedomBox, click the user dropdown menu on the top right of the page. After you select "Restart" or "Shut Down", you will be asked to confirm.

15. Secure Shell (SSH) Server

15.1. What is Secure Shell?

FreedomBox runs openssh-server server by default allowing remote logins from all interfaces. If your hardware device is connected to a monitor and a keyboard, you may login directly as well. Regular operation of FreedomBox does not require you to use the shell. However, some tasks or identifying a problem may require you to login to a shell.

15.2. Setting Up A User Account

15.2.1. FreedomBox First Log In: Admin Account

When creating an account in FreedomBox's web interface for the first time, this user will automatically have administrator capabilities. Admin users are able to log in using ssh (see Logging In below) and have superuser privileges via sudo.

15.2.2. Default User Account

  • Note: If you can access FreedomBox's web interface, then you don't need to do this. You can use the user account created in FreedomBox's web interface to connect to SSH.

The pre-built FreedomBox images have a default user account called "fbx". However the password is not set for this account, so it will not be possible to log in with this account by default.

There is a script included in the freedom-maker program, that will allow you to set the password for this account, if it is needed. To set a password for the "fbx" user:

1. Decompress the image file.

2. Get a copy of freedom-maker from https://salsa.debian.org/freedombox-team/freedom-maker/.

3. Run sudo ./bin/passwd-in-image <image-file> fbx.

4. Copy the image file to SD card and boot device as normal.

The "fbx" user also has superuser privileges via sudo.

15.3. Logging In

15.3.1. Who can log in to FreedomBox by SSH?

FreedomBox administrative users may use SSH to to log in to FreedomBox. The user 'fbx' is created by FreedomBox and is an administrative super-user. There are options which allow ordinary users to log in:

  • SSH access can be granted to specific users in the Edit User page by selecting the option, "Remotely login using Secure Shell (SSH) (freedombox-ssh)"
  • SSH access can be granted globally to all users in the SSH configuration page by selecting the, "Allow all users to login remotely," option.

With a new FreedomBox you may log in as fbx using ssh, and other ordinary users will be able to log in after adjusting the user or Secure Shell settings above in this section. The root user account will have no password set and will not be able to log in.

15.3.2. SSH Client Software

SSH client in included in many operating systems including Linux, Microsoft Windows, and Apple MacOS. SSH is included in Chromebooks, but requires some configuration by the user. In most cases you can run SSH from a terminal or command prompt as shown here, using your FreedomBox hostname or IP address:

$ ssh freedombox.local

If your client computer does not have SSH available, PuTTY is a popular free software client program which complies with the Debian Free Software Guidelines. PuTTY has a graphical interface to remember and manage your SSH connections. See External links below for more information about PuTTY.

15.3.2.1. Cockpit as an SSH Alternative

The Cockpit Server Administration Terminal app available from the Cockpit Tools menu is an alternative shell access tool to SSH. Like SSH your connection to a FreedomBox terminal is secured. Cockpit is a good choice for users who do not wish to enable the SSH server or those who prefer to connect through a web browser. With either tool you will be presented with the FreedomBox bash command line interface.

Some users prefer to run SSH instead of, or in addition to, Cockpit. Command shell users tend to like SSH because it's something that they are already using. Users with Linux or Unix system administration experience tend to rely on this connection method because it is a simpler service which is thought to be more likely to be available if problems arise.

Refer to the Let's Encrypt and Cockpit sections of this manual to configure Cockpit and SSL certificates for security.

15.3.3. SSH over Local Network

To login via SSH, to your FreedomBox:

$ ssh fbx@freedombox.local

Replace fbx with the name of the user you wish to login as. fbx and users in admin group will be able to login on the terminal directly. Other users will be denied access.

freedombox should be replaced with the hostname. Alternatively, you can substitute the hostname by its IP address as found in the Quick Start process:

$ ssh fbx@192.168.1.1

If your FreedomBox has a domain name you can also use it:

$ ssh fbx@myfreedombox.freedombox.rocks

If you repeatedly try to login as a user and fail, you will be blocked from logging in for some time. This is due to libpam-abl package that FreedomBox installs by default. To control this behavior consult libpam-abl documentation.

Here we've used a .local network name (using multicast DNS), a local network IP address, and a DNS name to connect to FreedomBox using SSH.

15.3.4. SSH over the Internet

If your router is configured accordingly or your FreedomBox is directly exposed to the internet, you can also use a public domain name or a public IP address in the same fashion we'd do for the local network. Multicast DNS won't work here, though.

Let's look at connecting by SSH to FreedomBox using other networks now.

15.3.5. SSH over Tor

If in FreedomBox you have enabled onion services via Tor, you can access your FreedomBox using ssh over Tor. On a GNU/Linux computer, install netcat-openbsd.

$ sudo apt-get install netcat-openbsd

Edit ~/.ssh/config to enable connections over Tor.

$ nano ~/.ssh/config

Add the following:

Host *.onion
  user USERNAME
  port 22
  ProxyCommand nc -X 5 -x 127.0.0.1:9050 %h %p

Replace USERNAME with, e.g., an admin username (see above).

Note that in some cases you may need to replace 9050 with 9150.

Now to connect to the FreedomBox, open a terminal and type:

$ ssh USERNAME@ADDRESS.onion

Replace USERNAME with, e.g., an admin username, and ADDRESS with the onion service address for your FreedomBox.

15.3.6. SSH Over Pagekite

If in FreedomBox you are using Pagekite to expose services to the Internet, you can access your FreedomBox using SSH over Pagekite. On a GNU/Linux computer install netcat-openbsd.

$ sudo apt-get install netcat-openbsd

Edit ~/.ssh/config to enable connections over Pagekite.

$ nano ~/.ssh/config

Add the following:

Host *.pagekite.me
  CheckHostIP no
  ProxyCommand /bin/nc -X connect -x %h:443 %h %p

Now to connect to FreedomBox, open a terminal and type:

$ ssh USERNAME@KITENAME.pagekite.me

Replace USERNAME with, e.g., an admin username, and KITENAME with your kite name provided by pagekite.net as configured in FreedomBox.

15.4. Becoming Superuser

After logging in, if you want to become the superuser for performing administrative activities:

$ sudo su

Make a habit of logging in as root only when you need to. If you aren't logged in as root, you can't accidentally break everything.

15.5. Changing Password

To change the password of a user managed by FreedomBox's web interface, use the change password page. However, the fbx default user is not managed by FreedomBox's web interface and its password cannot be changed through it.

To change password on the terminal, log in to your FreedomBox as the user whose password you want to change. Then, run the following command:

$ passwd

This will ask you for your current password before giving you the opportunity to set a new one.

15.6. SSH Keys

The next step for SSH security and convenience is to understand and use ssh keys. If you logged in to FreedomBox the first time using ssh following the instructions above you specified a username and password to log in. In this section you'll learn about Server Fingerprints and host keys, authorized keys, and reasons to use these to make connection easier and more secure.

By default SSH is configured to prefer to use keys while still allowing you to use a username and password to log in. At the end of this section you will be able to:

  • Connect to FreedomBox and know that you are connecting to the right computer.

  • Connect instantly without giving a username and password.
  • Further improve the security of your FreedomBox by disabling SSH password authentication.

15.6.1. SSH Public and Private Keys

SSH keys are generated in pairs called a key pair. There is a public key and a private key for each key pair. The public key encrypts data which can only be read using the private key, and the private key encrypts data which can only be read using the public key. This is called an asymmetric cryptography system. SSH will distribute your public keys automatically to the other connected system while keeping your private keys safe.

Using SSH keys creates a powerful set of security features:

  • You are assured that you are connected to your FreedomBox.

  • Nobody will be able to read or modify your ssh communication to FreedomBox.

  • The FreedomBox SSH server will know you are the remote user connected.

  • Nobody will be able to read or modify your ssh communication from FreedomBox.

  • Connection is automatic with no username or password.
  • Your FreedomBox can block any password guessing attack.

15.6.2. Create your personal SSH keys on your client computer using ssh-keygen

You will create an SSH key pair on your client computer. We'll use the defaults and will not specify a password. Just press the Enter key when you are prompted for an SSH key password. This is very simple using the ssh-keygen command with no arguments. Here is how to run the command and a sample of the output the ssh-keygen program will give to you:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa): 
Created directory '/home/username/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/username/.ssh/id_rsa
Your public key has been saved in /home/username/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:nHcTP5DBKxBOgt8BFMyb2QUs//t8ge+8vw2zjOuE71U username@clientpc
The key's randomart image is:
+---[RSA 3072]----+
|     ==++o ..    |
|    . +++ . .o   |
|     . O.+  +.   |
|      =.+.. .+   |
|        S...o.o E|
|         ..o...o |
|          ....+. |
|          .+ =o+.|
|           +O+*++|
+----[SHA256]-----+

That's all you need to do. You now have a personal SSH key pair on your client computer.

15.6.3. Verify your FreedomBox Server Fingerprint

On your first time connecting to FreedomBox using ssh you may have noticed a message similar to this:

$ ssh fbx@freedombox.local
The authenticity of host 'freedombox.local (192.168.1.4)' can't be established.
ED25519 key fingerprint is SHA256:TwJFdepq7OaTXcycoYfYE8/lRtuOxUGCrst0K/RUh4E.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? 

There are a few things to understand about this message:

  • SSH is telling you that you have never connected to this server before and SSH cannot guarantee that this server is safe for you to use.
  • You have an opportunity to tell SSH that this new server is known to you and safe to use by indicating, 'yes.'
  • SSH has received an encryption key to communicate securely with this server (even if we're not certain which with server we're communicating with).
  • SSH is giving you a piece of information that you will use to confirm that the remote SSH server is in fact your FreedomBox.

Go to FreedomBox in your web browser. Click on the System menu, and then Secure Shell. The second section of this page is, Server Fingerprints. There is an ED25519 key entry on this page:

Algorithm

Fingerprint

RSA

SHA256:ZGvgdxiDEpGKdw82Z6z0QRmDpT3Vgi07Ghba5IBJ4tQ

ECDSA

SHA256:BLMMfPxNHpHF0sqCazAwE6ONdLtMY+W2yrgjP7AeXcQ

ED25519

SHA256:TwJFdepq7OaTXcycoYfYE8/lRtuOxUGCrst0K/RUh4E

Compare the ED25519 fingerprint on the FreedomBox Secure Shell page with the ED25519 fingerprint received by the ssh client in the first-connection example above. If these fingerprints are the same then you may be confident that you are connecting to your FreedomBox.

If you'd like to walk through these steps but you have already made the first connection, you can reset that. Issue this command on your ssh client computer.

$ ssh-keygen -R freedombox.local

This removes the record of your known connection to FreedomBox. Now open your Secure Shell system configuration page on FreedomBox to the Server Fingerprints section. Next connect to FreedomBox with your ssh client and properly verify the server fingerprint before indicating yes to the host authenticity question. Having done this correctly you can be certain that when you make an SSH connection to FreedomBox you are connecting to your server.

Each time you connect to a new SSH server you will be given the opportunity to verify the server fingerprint. If you connect to FreedomBox using different names or IP address (local IP, DNS name, Pagekite name, TOR .onion address...) you will be asked once for each name or address, but the fingerprint will not change.

Your server fingerprints are not private information. The fingerprint is a summary of a public key shared by the server which is used encrypt information sent to the SSH server. Your server public key is also not private information. You could share fingerprints and public keys with the world and the security of your FreedomBox will not be diminished.

15.6.4. Share your personal SSH key with FreedomBox using ssh-copy-id

By now you have a personal key pair, and you have verified the identity of FreedomBox. FreedomBox still does not know about your identity, and will ask you for your password when you try to log in by ssh. The ssh-copy-id program will tell FreedomBox to accept your personal key as your password.

$ ssh-copy-id username@freedombox.local
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
username@freedombox.local's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'username@freedombox.local'"
and check to make sure that only the key(s) you wanted were added.

This step adds your personal public key to your user account on FreedomBox. With this step complete the FreedomBox SSH server will compare the key sent by the client computer with the key stored on FreedomBox. If these match then you will be logged in without the need to give a password. Try it now:

$ ssh freedombox.local
Linux freedombox 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64

                         .--._    _.--.
                        (     \  /     )
                         \     /\     /
                          \_   \/   _/
                           /        \
                          (    /\    )
                           `--'  `--'

                           FreedomBox

FreedomBox is a pure blend of Debian GNU/Linux. Web interface is available at
https://localhost/ . FreedomBox manual is available in /usr/share/doc/freedombox
and from the web interface.

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Sun Mar 17 14:27:03 2024 from 192.168.144.101
username@freedombox:~$

Once you have added your client SSH key to FreedomBox you will be able to connect using that one key by every method of addressing your FreedomBox:

  • Local network name
  • Local network IP address
  • ISP Public IP address
  • DNS name if you are using Dynamic DNS
  • Pagekite name if you are using Pagekite
  • TOR .onion address if you are using TOR

15.6.5. Block SSH password guessing attempts by disabling password authentication

Once you are able to connect to FreedomBox by ssh using a key and not entering a password you can take a step to improve the security of FreedomBox. If your FreedomBox is accessible from the internet you may notice that there are repeated attempts to log in to your FreedomBox from the internet. A good password is your first line of defense, and FreedomBox has additional features which protect you from these intrusion attempts. You can stop this nonsense completely by disabling password authentication for Secure Shell.

Go to your FreedomBox System menu. Click the Secure Shell configuration link. Look under Configuration and select, "Disable password authentication"

  • [x] Disable password authentication

Click the, "Update setup," button and it's done. This will stop all password guessing intrusion attempts using ssh. You can log in using your key, and nobody else will be able to log in by guessing a password.

15.6.6. Remote Host Identification has Changed : What it means and what to do

You may eventually experience an alarming message when you try to log in to your FreedomBox with SSH. You will see a message similar to this.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:ZGvgdxiDEpGKdw82Z6z0QRmDpT3Vgi07Ghba5IBJ4tQ.
Please contact your system administrator.
Add correct host key in /home/username/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/username/.ssh/known_hosts:2
  remove with:
  ssh-keygen -f "/home/username/.ssh/known_hosts" -R "freedombox.freedombox.rocks"
Host key for freedombox.freedombox.rocks has changed and you have requested strict checking.
Host key verification failed.

This message tells you something important. It's usually not threatening, but there is the possibility that an attack could be made on a computer or network which can also produce this. What's important is that you'll do the same thing in either case.

The nature of this message is that the trust relationship you make with the SSH server through the fingerprint verification and key exchange with ssh-copy-id has been broken. Reading this error message closely, the issue is that the key fingerprint sent by FreedomBox at connection time does not match the key stored on the SSH client at the time you did the fingerprint verification. This could mean a few different things:

  • Your .ssh/known_hosts file on the client was modified or corrupted such that the stored fingerprint was altered.
  • You generated new keys for the FreedomBox SSH server.

  • Your network has changed such that when you attempt SSH to FreedomBox your connection goes elsewhere. This could happen if you change IP addresses on FreedomBox and SSH to the old IP address, or it could happen by way of a sophisticated network attack.

Fix this by removing the FreedomBox entry from the client computer. On your laptop or desktop do the command as written exactly as in the the error message you receive (don't copy one from the message above!).

$ ssh-keygen -f /home/username/.ssh/known_hosts -R "freedombox.freedombox.rocks" 
# Host freedombox.freedombox.rocks found: line 2
# Host freedombox.freedombox.rocks found: line 3
/home/username/.ssh/known_hosts updated.
Original contents retained as /home/username/.ssh/known_hosts.old

In so doing you have removed the FreedomBox fingerprint verification step we've done. Go back to the Verify your FreedomBox Server Fingerprint section above and complete the steps again. For good measure, make an effort to see that you are connected to your own FreedomBox in case you are being attacked.

16. Security

Press the Show security report button to see a report including the following:

  • Number of security vulnerabilities in installed version of FreedomBox.

  • Number of security vulnerabilities for each installed app.
  • Whether each installed app supports security sandboxing.
  • For each enabled app, the security sandbox coverage as a percentage.

16.1. Configuration

When the Restrict console logins option is enabled, only users in the admin group will be able to log in via console, secure shell (SSH) or graphical login. When this option is disabled, any user with an account on FreedomBox will be able to log in. They may be able to access some services without further authorization. This option should only be disabled if all the users of the system are well trusted. If you wish to use your FreedomBox machine also as a desktop and allow non-admin users to login via GUI, this option must be disabled. You can define the list of users belonging to admin group in the Users section.

Security.png

17. Service Discovery

Service discovery allows other devices on the network to discover your FreedomBox and services running on it. If a client on the local network supports mDNS, it can find your FreedomBox at <hostname>.local (for example: freedombox.local).

It also allows FreedomBox to discover other devices and services running on your local network.

Service discovery is not essential and works only on internal networks. It may be disabled to improve security especially when connecting to a hostile local network.

17.1. Troubleshooting

17.1.1. Unable to reach <hostname>.local

If <hostname>.local is not able to be reached, you may simply need to disable and re-enable the Service Discovery feature in FreedomBox. To do this, go to System -> Service Discovery, slide the toggle to the left position to disable it (it turns grey), followed by sliding it back to the right to re-enable it (it turns blue).

To do this you obviously need other means to reach your FreedomBox than <hostname>.local. See the Quick Start Guide for those.

18. Storage

Storage allows you to see the storage devices attached to your FreedomBox and their disk space usage.

FreedomBox can automatically detect and mount removable media like USB flash drives. They are listed under the Removable Devices section along with an option to eject them.

If there is some free space left after the root partition, the option to expand the root partition is also available. This is typically not shown, since expanding the root partition happens automatically when the FreedomBox starts up for the first time.

Storage.png

18.1. Advanced Storage Operations

Cockpit provides many advanced storage features over those offered by FreedomBox. Both FreedomBox and Cockpit operate over Udisks2 storage daemon and are hence compatible with each other. Some of the functions provided by Cockpit include:

  • Format a disk or partition with a fresh filesystem
  • Add, remove partitions or wipe the partition table
  • Create and unlock encrypted file systems
  • Create and manage RAID devices

storage-cockpit.png

19. Storage Snapshots

Snapshots allows you to create filesystem snapshots, and rollback the system to a previous snapshot.

  • Note: This feature requires a Btrfs filesystem. All of the FreedomBox stable disk images use Btrfs.

Snapshots

There are three types of snapshots:

  • boot: Taken when the system boots up
  • Software Installation (apt): Taken when software is installed or updated
  • Timeline: Taken hourly, daily, weekly, monthly, or yearly

The Timeline and Software Installation snapshots can be turned on or off, and you can limit the number of each type of Timeline snapshot. You can also set a percentage of free disk space to be maintained.

20. Software Updates

FreedomBox can automatically install security updates. On the Update page of the System section in FreedomBox web interface you can turn on automatic updates. This feature is enabled by default and there is no manual action necessary. It is strongly recommended that you have this option enabled to keep your FreedomBox secure.

Updates are performed every day at night according to you local time zone. You can set the time zone with Date & Time. If you wish to shutdown FreedomBox every day after use, keep it running at night once a week or so to let the automatic updates happen. Alternatively, you can perform manual updates as described below.

Note that once the updates start, it may take a long time to complete. During automatic update process that runs every night or during manual update process, you will not be able to install apps from FreedomBox web interface.

update.png

20.1. When Will I Get the Latest Features?

Although updates are done every day for security reasons, latest features of FreedomBox will not propagate to all the users. The following information should help you understand how new features become available to users.

Stable Users: This category of users include users who bought the FreedomBox Pioneer Edition, installed FreedomBox on a Debian stable distribution or users who downloaded the stable images from freedombox.org. As a general rule, only security updates to various packages are provided to these users. One exception to this rule is where FreedomBox service itself is updated when a release gains high confidence from developers. This means that latest FreedomBox features may become available to these users although not as quickly or frequently as testing users. If an app is available only in testing distribution but not in stable distribution, then that app will show up in the web interface but will not be installable by stable users. Some apps are also provided an exception to the rule of "security updates only" when the app is severely broken otherwise. Every two years, a major release of Debian stable happens with the latest versions of all the software packages and FreedomBox developers will attempt to upgrade these users to the new release without requiring manual intervention.

Testing Users: This category of users include users who installed FreedomBox on a Debian testing distribution or users who downloaded the testing images from freedombox.org. Users who use Debian testing are likely to face occasional disruption in the services and may even need manual intervention to fix the issue. As a general rule, these users receive all the latest features and security updates to all the installed packages. Every two weeks, a new version of FreedomBox is released with all the latest features and fixes. These releases will reach testing users approximately 2-3 days after the release.

Unstable Users: This category of users include users who installed FreedomBox on a Debian unstable distribution or users who downloaded the unstable images from freedombox.org. Users who use Debian unstable are likely to face occasional disruption in the services and may even need manual intervention to fix the issue. As a general rule, these users receive all the latest features to all the installed packages. Every two weeks, a new version of FreedomBox is released with all the latest features and fixes. Theses releases will reach unstable users on the day of the release. Only developers, testers and other contributors to the FreedomBox project should use the unstable distribution and end users and advised against using it.

20.2. Manual Updates from Web Interface

To get updates immediately and not wait until the end of the day, you may want to trigger updates manually. You can do this by pressing the Update now button in Manual update tab for Update page in System section. Note that this step is not necessary if you have enabled Auto-updates as every night this operation is performed automatically.

When installing apps you may receive an error message such as

Error installing packages: E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem

This is typically caused by shutting down FreedomBox while it is installing apps, while performing daily updates or during some other operations. This situation can be rectified immediately by running manual update.

20.3. Manual Updates from Terminal

Some software packages may require manual interaction for updating due to questions related to configuration. In such cases, FreedomBox updates itself and brings in new knowledge necessary to update the package by answering configuration questions. After updating itself, FreedomBox acts on behalf of the user and updates the packages by answering the questions. Until FreedomBox has a chance to update the package, such packages should not be be updated manually. The manual update triggered from the web interface is already mindful of such packages and does not update them.

In some rare situations, FreedomBox itself might fail to update or the update mechanism might fall into a situation that might need manual intervention from a terminal. To perform manual upgrades on the terminal, login into FreedomBox on a terminal (if you have monitor and keyboard connected), via a web terminal (using FreedomBox/Manual/Cockpit) or using a remote secure shell (see Secure Shell section). Then run the following commands:

$ sudo su -
Password: <enter user password here>
# dpkg --configure -a
# apt update
# apt -f install
# unattended-upgrade --debug
# apt install freedombox
# apt update

If apt update asks for a confirmation to change Codename or other release information, confirm yes. If during update of freedombox package, if a question about overwriting configuration files is asked, answer to install new configuration files from the latest version of the package. This process will upgrade only packages that don't require configuration file questions (except for freedombox package). After this, let FreedomBox handle the upgrade of remaining packages. Be patient while new releases of FreedomBox are made to handle packages that require manual intervention.

If you want to go beyond the recommendation to upgrade all the packages on your FreedomBox and if you are really sure about handling the configuration changes for packages yourself, run the following command:

$ apt full-upgrade

20.4. Auto-Update to Next Stable Release

FreedomBox can automatically update itself when there is a new stable release of Debian. This update feature is recommended, and enabled by default for stable systems. Note that it also requires "Enable auto-update" to be enabled, and that there is 5 GB free space on the root partition.

In some special cases, such as advanced customization made to the system, the automatic update could fail. If you wish, you can disable it on the System -> Update page, by clearing the “Enable auto-update to next stable release” checkbox.

If you decide to stay on an older release, you should check DebianReleases#Production_Releases to see how long it will be supported by Debian security team. Note that older releases will not have new versions of FreedomBox, even through backports.

20.5. Manual Update to Next Stable Release

Auto-update is recommended for most users. However if you want to do the update manually, here are some tips:

  • Take backups of your apps' data before performing the update.
  • Create a system snapshot before you begin.
  • General instructions for upgrading Debian distribution are available.

  • Some packages are known to have prompts during upgrade, due to modified conffiles. It is recommended not to upgrade these packages manually, but rather to allow FreedomBox to handle their upgrade automatically. This applies to the following packages:

    • bind9
    • firewalld
    • janus
    • minetest-server
    • minidlna
    • mumble-server
    • radicale
    • roundcube-core
    • tt-rss

21. Users and Groups

You can grant access to your FreedomBox for other users. Provide the Username with a password and assign a group to it. Currently the groups

  • admin
  • bit-torrent
  • calibre
  • ed2k
  • feed-reader
  • freedombox-share
  • git-access
  • i2p
  • minidlna
  • syncthing
  • web-search
  • wiki

are supported.

The user will be able to log in to services that support single sign-on through LDAP, if they are in the appropriate group.

Users in the admin group will be able to log in to all services. They can also log in to the system through SSH and have administrative privileges (sudo).

A user's groups can also be changed later.

It is also possible to set an SSH public key which will allow this user to securely log in to the system without using a password. You may enter multiple keys, one on each line. Blank lines and lines starting with # will be ignored.

The interface language can be set for each user individually. By default, the language preference set in the web browser will be used.

A user's account can be deactivated, which will temporarily disable the account.

Hardware

FreedomBox zielt darauf ab, ein Unterhaltungselektronik-Gerät zu sein, das einfach zu installieren, zu unterhalten und zu verwenden ist. Das Projekt zielt nicht darauf ab, ein spezielles Gerät zu realisieren. Statt dessen planen wir existierende Hardware zu unterstützen/anzupassen.

Zusätzlich zur Unterstützung verschiedener Single-Board-Computer und anderer Geräte, unterstützt FreedomBox auch die Installation in einer virtuellen Maschine. Auch kann jede Debian-Maschine in eine FreedomBox durch die Installation des freedombox-setup Paket umgewandelt werden. Siehe das Handbuch für weitere Details.

1. Unterstützte Hardware

1.1. Empfohlene Hardware

FreedomBox Danube Edition
FreedomBox - Danube Edition
(basierend auf Cubietruck)

BeagleBone Black
BeagleBone Black

A20 OLinuXino Lime2
A20 OLinuXino Lime2

A20 OLinuXino MICRO
A20 OLinuXino MICRO

PC Engines APU
PC Engines APU

Debian
Debian

VirtualBox
VirtualBox

.

.

.

1.2. Auch Funktionierende Hardware

Diese Hardware funktioniert, ist aber nicht empfohlen aufgrund von Freiheits-, Kosten-Nutzen- oder anderer Bedenken:

Raspberry Pi 2
Raspberry Pi 2

Hinweis: Da FreedomBox noch in der Entwicklung ist, bedeutet Unterstützte Hardware, dass FreedomBox Images für die genannte Hardware realisiert werden und mindestens ein Entwickler berichtet hat, dass sie in ihren Grundfunktionen arbeitet.

2. Ziel-Hardware

2.1. Liste der Ziel-Hardware

Obwohl sich das Projekt auf die Unterstützung von bestimmten Geräten konzentriert, versuchen wir eine möglichst breite Vielzahl an Hardware zu unterstützen, die für die FreedomBox geeignet ist. Werfen Sie einen Blick auf die Liste der unterstützen Hardware für weitere Unterstützung.

2.2. Hardware Unterstützung hinzufügen

Wenn Sie Entwickler sind, sollten Sie erwägen, Hardware-Unterstützung für Ihr Gerät beizutragen, indem Sie Freedom Maker und FreedomBox Setup anpassen.

3. Pioneer Edition FreedomBox

Pioneer FreedomBox Home Servers are produced and sold by Olimex, a company which specializes in Open Source Hardware (OSHW). The kit includes pocket-sized server hardware, an SD card with the operating system pre-installed, and a backup battery which can power the hardware for 4-5 hours in case of outages. It sells for 69 euro. An optional storage add-on for high capacity hard disk (HDD) or solid-state drive (SSD) is also available from Olimex. By purchasing this product, you also support the FreedomBox Foundation's efforts to create and promote its free and open source server software.

Pioneer Edition FreedomBox Home Server Kit

3.1. Product Features

The Pioneer Edition FreedomBox Home Server Kit includes all the hardware needed for launching a FreedomBox home server on an Olimex A20-OLinuXino-LIME2 board:

  • the A20-OlinuXino-LIME2,

  • a custom metal case with a laser-engraved FreedomBox logo,

  • a high-speed 32GB micro SD card with the FreedomBox software pre-installed,

  • a backup battery,
  • a power adapter, and
  • an Ethernet cable.
  • an optional storage add-on for hard disk (HDD) or solid-state drive (SSD)

3.2. Recommended Hardware

This is the hardware recommended for all users who just want a turn-key FreedomBox, and don't want to build their own one.

(Building your own FreedomBox means some technical stuff like choosing and buying the right components, downloading the image and preparing the SD card).

3.3. Availability

The Pioneer Edition FreedomBox Home Server is the first commercially available version of FreedomBox.

3.4. Hardware Specifications

Pioneer Edition FreedomBox Home Server is based on A20-OLinuXino-LIME2.

  • Open Source Hardware (OSHW): Yes

  • CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core
  • RAM: 1 GiB DDR3
  • Storage: 32GB class 10+ microSD card pre-loaded with FreedomBox

  • SATA: 1 SATA port 2.6 compliant 3Gb/s
  • USB: 2 USB 2.0 Hi-Speed host ports
  • Battery: 3.3V Li-Po, 1400mAh (4-5 hours of backup without additional devices connected via USB)
  • Ethernet: 10/100/1000, RJ45 (1 meter cable included)
  • Power adapter: 110-220 V input, 5V output, EU style (with optional UK or US sockets)
  • Power consumption: 1.5W and 5W depending on load (0.3A to 1A current)
  • Box: Custom metallic box with FreedomBox decal

Further information:

The kits run entirely on Free Software. They work with Kernel and u-boot from Debian repositories. Even the boot firmware in ROM called BROM is free software (GPLV2+).

3.5. Storage Add-on

You can order a storage add-on along with the Pioneer Edition FreedomBox Home Server. The storage add-on is a SATA disk drive enclosure case optionally with a hard disk or solid-state drive of size 128GB to 2000GB. If you have already purchased the Home Server without the add-on, you can order the add-on separately.

  • Olimex Store

  • Price: 9 EUR (without the hard disk, only for the case, you need to add your own HDD/SSD to it)
  • Price: 42 EUR (with 128GB Solid-State Drive)
  • Price: 69 EUR (with 512GB Solid-State Drive)
  • Price: 42 EUR (with 320GB Hard Disk)
  • Price: 53 EUR (with 500GB Hard Disk)
  • Price: 64 EUR (with 1000GB Hard Disk)
  • Price: 86 EUR (with 2000GB Hard Disk)

3.6. Download

The kits come with an SD card pre-loaded with FreedomBox. There's NO need to download images.

However, if you wish to reset your devices to a pristine state, then you can do so with the image provided. Follow the instructions on the download page to create a FreedomBox SD card and boot the device. Make sure to download the Pioneer Edition images. These SD card images are meant for use with the on-board SD card slot and won't work when used with a separate SD card reader connected via USB.

An alternative to downloading these images is to install Debian on the device and then install FreedomBox on it.

3.7. Build Image

FreedomBox images for this hardware can be built using Freedom Maker.

3.8. Known Issues

  • The image that shipped with the kits uses a slightly modified u-boot from Debian and not stock Debian like the rest of FreedomBox. So, if you wish to get the source code, please use the FreedomBox team's u-boot repository.

3.9. Obtaining Source Code

After you purchase and receive your Pioneer Edition FreedomBox, you may want to obtain the source code of the software running in it. Continue reading this section for instructions.

FreedomBox is fully free software and you can obtain the source code to study, modify and distribute improvements.

3.9.1. From within FreedomBox

FreedomBox is made up of several software programs and you can obtain the source code to any of them. These instructions are similar to obtaining and building source code for Debian since FreedomBox is a pure blend of Debian. Using this process you can obtain the source code to the exact version of the package you are currently using in FreedomBox.

  1. To see the list of software packages installed on your FreedomBox, run the following in a terminal:

    dpkg -l
  2. To obtain the source code for any of those programs, then run:
    apt source <package_name>

    This requires that the file /etc/apt/sources.list file contains the information about the source code repositories. These are present by default on all FreedomBox images. If you have installed FreedomBox using a package from Debian, you need to ensure that source repositories are added in the file.

  3. To build the package from source code, first install its dependencies
    apt build-dep <package_name>

    Switch to the source directory created by the apt source command:

    cd <source_directory>
    Then build the package
     dpkg-buildpackage -rfakeroot -uc
  4. Install the package:
     dpkg -i ../<built_package>.deb

3.9.2. Other Ways to Obtain Source Code

  1. Source code for any of the packages can be browsed and searched using the web interface at sources.debian.org. For example, see the plinth package.

  2. Source code and pre-built binary package for any version of a package including historic versions can be obtained from snapshot.debian.org. For example, see the plinth package.

  3. You can also obtain the links to upstream project homepage, upstream version control, Debian's version control, changelog, etc. from the Debian tracker page for a project at tracker.debian.org. For example, see the tracker page for plinth package.

  4. You can build and install a package from its Debian's version control repository. For example,
     git clone https://salsa.debian.org/freedombox-team/freedombox.git
     cd freedombox
     apt build-dep .
     dpkg-buildpackage -rfakeroot -uc
     dpkg -i ../freedombox*.deb

3.9.3. Building Disk Images

You can also build FreedomBox disk images for various hardware platforms using the freedom-maker tool. This is also available as a Debian package and source code for it may be obtained using the above methods. Build instructions for creating disk images are available as part of the source code for freedom-maker package.

FreedomBox disk images are built and uploaded to official servers using automated Continuous Integration infrastructure. This infrastructure is available as source code too and provides accurate information on how FreedomBox images are built.

3.9.4. U-boot on Pioneer Edition Images

There is one minor exception to the u-boot package present on the hardware sold as FreedomBox Home Server Kits Pioneer Edition. It contains an small but important fix that is not part of Debian sources. The fork of the Debian u-boot source repository along with the minor change done by the FreedomBox is available as a separate repository. We expect this change to be available in upstream u-boot eventually and this repository will not be needed. This package can be built on a Debian armhf machine as follows (cross compiling is also possible, simply follow instructions for cross compiling Debian packages):

apt install git git-buildpackage
git clone https://salsa.debian.org/freedombox-team/u-boot.git
cd u-boot
pbuilder create --distribution=buster
gbp buildpackage --git-pbuilder

The u-boot Debian package will be available in u-boot-sunxi*.deb. This package will contain

mkdir temp
dpkg -x u-boot-suxi*.deb temp
unxz <lime2_image_built_with_freedom_maker>
dd if=temp/usr/lib/u-boot/A20-OLinuXino-Lime2/u-boot-sunxi-with-spl.bin of=<lime2.img> seek=8 bs=1k conv=notrunc

The resulting image will have the modified u-boot in it.

3.10. Power and reset buttons

The Pioneer Edition Kit has 3 undocumented buttons for RESET, BOOT, and POWER. They are legacy features originally designed to be used with Android operating system but are useful in particular cases.

Pioneer Edition Undocumented buttons

Warning: Excessive force will break the buttons. The three buttons are not intended to be pushed regularly, which is why they are fragile and not easily to push.

More details in our Forum.

4. A20 OLinuXino Lime2

A20 OLinuXino Lime2

Olimex's A20 OLinuXino Lime2 is a fully Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the FreedomBox goals. It uses the Allwinner A20 Dual Core ARM processor.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

4.1. Similar Hardware

The following similar hardware will also work well with FreedomBox.

4.2. Download

FreedomBox SD card images are available for this device. Follow the instructions on the download page to create a FreedomBox SD card and boot the device. These SD card images are meant for use with the on-board SD card slot and won't work when used with a separate SD card reader connected via USB.

An alternative to downloading these images is to install Debian on the device and then install FreedomBox on it.

4.3. Availability

  • Price: 45 EUR (A20 OLinuXino Lime2)
  • Price: 55 EUR (A20 OLinuXino Lime2 4GB)
  • Olimex Store

4.4. Hardware

  • Open Source Hardware (OSHW): Yes

  • CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core
  • RAM: 1 GiB DDR3
  • Storage: 4 GB NAND flash built-in (only on 4GB model), 1x microSD slot
  • Architecture: armhf
  • Ethernet: 10/100/1000, RJ45
  • WiFi: None, use a USB WiFi device

  • SATA: 1x port

4.5. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Not available

  • Boot Firmware: BROM (GPLV2+)

4.6. Known Issues

5. A20 OLinuXino MICRO

A20 OLinuXino MICRO

Olimex's A20 OLinuXino MICRO is a fully Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the FreedomBox goals. It uses the Allwinner A20 Dual Core ARM processor.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

5.1. Similar Hardware

The following similar hardware will also work well with FreedomBox.

5.2. Download

FreedomBox MicroSD card images are available for this device. Follow the instructions on the download page to create a FreedomBox MicroSD card and boot the device. These MicroSD card images are meant for use with the on-board MicroSD card slot and won't work on the SD card slot or when using a separate MicroSD card reader connected via USB.

An alternative to downloading these images is to install Debian on the device and then install FreedomBox on it.

5.3. Availability

  • Price: 50 EUR (A20 OLinuXino MICRO)
  • Price: 63 EUR (A20 OLinuXino MICRO 4GB)
  • Olimex Store

5.4. Hardware

  • Open Source Hardware (OSHW): Yes

  • CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core
  • RAM: 1 GiB DDR3
  • Storage: 4 GB NAND flash built-in (only on 4GB model), 1x microSD slot
  • Architecture: armhf
  • Ethernet: 10/100, RJ45
  • WiFi: None, use a USB WiFi device

  • SATA: 1x port

5.5. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Not available

  • Boot Firmware: BROM (GPLV2+)

5.6. Known Issues

  • Not visible on local network
  • When booting the 'stable' image (made on 2017-06-18) the board does not automatically get an IP address from the router's DHCP server over ethernet. Booting the 'testing' image (2018-06) the board does get an IP address. Tested on MICRO hardware revision J. see also: https://www.olimex.com/forum/index.php?topic=5839.msg24167#msg24167

6. APU

PC Engines APU 1D

PC Engines APU 1D is a single board computer with 3 Gigabit ethernet ports, a powerful AMD APU and Coreboot firmware. FreedomBox images built for AMD64 machines are tested to work well for it.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

6.1. Similar Hardware

Although untested, the following similar hardware is also likely to work well with FreedomBox.

6.2. Download

FreedomBox disk images for this hardware are available. Follow the instructions on the download page to create a FreedomBox SD card, USB disk, SSD or hard drive and boot into FreedomBox. Pick the image meant for all amd64 machines.

An alternative to downloading these images is to install Debian on the APU and then install FreedomBox on it.

6.3. Networking

The first network port, the left most one in the above picture, is configured by FreedomBox to be an upstream Internet link and the remaining 2 ports are configured for local computers to connect to.

6.4. Availability

6.5. Hardware

  • Open Hardware: No
  • CPU: AMD G series T40E

  • RAM: 2 GB DDR3-1066 DRAM
  • Storage: SD card, External USB
  • Architecture: amd64
  • Ethernet: 3 Gigabit Ethernet ports
  • WiFi: None, use a USB WiFi device

  • SATA: 1 m-SATA and 1 SATA

6.6. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Not available

  • Boot firmware: Coreboot

7. Cubietruck

7.1. FreedomBox Danube Edition

FreedomBox Danube Edition

FreedomBox Danube Edition is a custom casing around Cubietruck and an SSD-hard drive.

7.2. Cubietruck / Cubieboard3

Cubietruck (Cubieboard3) is a single board computer with very good performance compared to many other boards. FreedomBox images are built for this device.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

7.3. Download

FreedomBox SD card images are provided for this hardware. These SD card images are meant for use with the on-board SD card slot and do not work when used with a separate SD card reader connected via USB.

An alternative to downloading these images is to install Debian on the Cubietruck and then install FreedomBox on it.

7.4. Availability

Cubietruck / Cubieboard3

7.5. Hardware

  • Open Hardware: No
  • CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core
  • RAM: 2 GiB DDR3 @ 480 MHz
  • Storage: 8 GB NAND flash built-in, 1x microSD slot
  • Architecture: armhf
  • Ethernet: 10/100/1000, RJ45
  • WiFi: Broadcom BCM4329/BCM40181 (no free WiFi drivers + firmware available)

  • SATA: 1x 2.0 port

7.6. Non-Free Status

  • Non-free blobs required: ?
  • WiFi: no free WiFi drivers + firmware available

7.7. Known Issues

  • The on-board WiFi does not work with free software. A separate USB WiFi device is recommended.

8. Cubieboard 2

Cubieboard 2

The Cubieboard 2 is a single board computer based on the Allwinner A20 processor. It doesn't require any non-free firmware to run FreedomBox, and Wifi capability can be added via a USB adaptor if needed. This board is available in two versions, one with on-board flash and a microSD slot, and a version with two microSD card slots.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

8.1. Download

FreedomBox SD card images are available for this device. Follow the instructions on the download page to create a FreedomBox SD card and boot the device.

8.2. Availability

8.3. Hardware

  • CPU: ARM Cortex A7 Dual-Core
  • RAM: 1GB DDR3 @960M
  • Storage: 4GB internal NAND flash, up to 64GB on uSD slot
  • Architecture: armhf
  • Ethernet: 10/100, RJ45
  • WiFi: None, use a USB WiFi device

  • SATA: Yes

8.4. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Not available

9. Beagle Bone Black

Beagle Bone Black

Beagle Bone Black (Revision C.1) is an Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the FreedomBox goals. FreedomBox images are built and tested for this device.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

9.1. Download

FreedomBox SD card images are available for this device. Follow the instructions on the download page to create a FreedomBox SD card and boot the device.

Note: This image is for BeagleBone Black (Revision C.1) only. It will not work on the BeagleBone Green, and also not on the Revisions A & B.

An alternative to downloading these images is to install Debian on the BeagleBone and then install FreedomBox on it.

9.2. Availability

9.3. Hardware

  • Open Source Hardware (OSHW): Yes

  • CPU: AM335x 1GHz ARM Cortex-A8

  • RAM: 512MB DDR3L 800 Mhz
  • Storage: Onboard 4GB, 8bit Embedded MMC and microSD
  • Architecture: armhf
  • Ethernet: 10/100, RJ45
  • WiFi: None, use a USB WiFi device

  • SATA: None

9.4. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Not available

10. pcDuino3

LinkSprite pcDuino3S

LinkSprite pcDuino3S is a single board computer running on Allwinner A20 and sold with a good case. FreedomBox images are built and tested for this device.

Note: The FreedomBox logo is simply a sticker on top of device brought from store.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

10.1. Similar Hardware

Although untested, the following similar hardware is also likely to work well with FreedomBox.

10.2. Download

FreedomBox disk images for this hardware are available. Follow the instructions on the download page to create a FreedomBox SD card, USB disk, SSD or hard drive and boot into FreedomBox. Pick the image meant for pcduino3.

An alternative to downloading these images is to install Debian on the APU and then install FreedomBox on it.

10.3. Availability

10.4. Hardware

  • Open Hardware: No
  • CPU: AllWinner A20 SoC, 1GHz ARM Cortex A7 Dual Core

  • RAM: 1 GB
  • Storage: SD card, 4 GB onboard flash
  • Architecture: armhf
  • Ethernet: 10/100 Mbps
  • WiFi: Built-in WiFi requires non-free firmware, use a USB WiFi device instead

  • SATA: 1 SATA host socket

10.5. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Requires non-free firmware

  • Boot Firmware: BROM (GPLV2+)

Include: Nothing found for "## BEGIN_INCLUDE"!

11. Debian

FreedomBox ist ein "pure blend" von Debian. Dies bedeutet dass alles von FreedomBox in den Debian Paketen zur Verfügung steht. Es bedeutet auch, dass jedes Gerät das mit Debian läuft in eine FreedomBox umgewandelt werden kann.

Diese Seite beschreibt den Prozess wie man FreedomBox auf einem Debian-System installiert. Aktuell arbeitet FreedomBox auf Debian Testing (Stretch) und Unstable (Sid).

Setzen Sie eine frische Debian Installation ein

Die Installation der FreedomBox verändert Ihr Debian System in umfangreicher und wichtiger Weise. Dies beinhaltet die Installing einer Firewall und die Neuerstellung von Server Zertifikaten. Es ist deshalb empfohlen dass Sie FreedomBox auf einem frischen/neuen Debian System installieren anstatt auf einem existierenden Setup.

nutzen Sie "fbx" als Login-Nname

Wenn Sie eine erstes Benutzerkonto erstellen, nutzen Sie "fbx" als Login-Name. (Sobald der FreedomBox Setup abgeschlossen ist werden alle Benutzerkonten außer "fbx" durch pam_access ausgesperrt werden. Dies beeinflusst auch den sudo Zugriff.)

11.1. Auf Debian installieren

  1. Beachten Sie den Abschnitt zur Fehlerbehebung weiter unten; er enthält Tips und Work-arounds die bei der Installation hilfreich sein können.
  2. Installieren Sie Debian 10 (Buster) oder Unstable (Sid) auf Ihre Hardware.

  3. Aktualisieren Sie Ihre Paketliste.
    $ sudo apt-get update
  4. Installieren Sie das freedombox Package.

    $ sudo DEBIAN_FRONTEND=noninteractive apt-get install freedombox
  5. Während der Installation Sie bekommen einen Geheimkode, dass man bei der Konfigurationsprozess zufügen braucht. Zeichnen Sie dies auf. Der Geheimkode kann später im Datei /var/lib/plinth/firstboot-wizard-secret gelesen werden.

  6. Nach dem zweiten Neustart können Sie beginnen Ihre FreedomBox zu benutzen.

11.2. Fehlerbehebungen

  1. FreedomBox unterstützt keine Netzwerkkonfiguration über /etc/network/interfaces und sie wird keine non-loopback Interfaces die dort definiert sind unterstützen. (Siehe Fehler #797614.) Zukünftige Versionen von freedombox-setup werden diese Datei automatisch leeren; für den Moment editieren Sie sie per Hand und stellen sicher dass sie nur folgendes enthält:

    auto lo
    iface lo inet loopback

    Wenn Sie den Installationsprozess bereits abgeschlossen haben ohne diesen Schritt durchzuführen, müssen Sie jetzt die Datei /etc/network/interfaces entsprechend anpassen und den Rechner neustarten. Anschließend werden die Netzwerke die durch den setup Schritt oben definiert worden sind konfiguriert werden. Netzwerk-Schnittstellen werden dann in der Firewall-Zone internal oder external stehen. Dies ist wesentlich damit das FreedomBox Web-Interface von anderen Geräten im Netzwerk erreichbar ist. Man kann die Netzwerkverbindungen über das nmtui Kommando, falls nötig, bearbeiten.

12. VirtualBox

VirtualBox

This page will help you get started with using FreedomBox on a virtual machine using VirtualBox. While VirtualBox images are primarily used for testing and development, they can also be used for regular use if you have spare resources on one of your machines. This setup is useful if:

  • You don't own one of the supported hardware devices.

  • You don't use Debian GNU/Linux as your operating system.
  • You don't want to disturb your Debian installation to try out FreedomBox.

Prebuilt FreedomBox images for VirtualBox are routinely made available in VirtualBox's own VDI image file format. They contain a Debian GNU/Linux operating system and an installation of FreedomBox with all dependencies ready to run on any OS supported by VirtualBox (Windows, Linux, Macintosh, and Solaris).

A more adventurous alternative to downloading one of these images is to install Debian on VirtualBox and then install FreedomBox on it.

VirtualBox itself is available from https://www.virtualbox.org/ (or your distribution's package manager).

12.1. Download

Follow the instructions on the download page to download and verify a VirtualBox image. The latest images are available on freedombox.org.

12.2. Creating a Virtual Machine

  1. Decompress the downloaded VDI image (tool for Windows, Mac).

  2. Create a new VM in the VirtualBox UI with OS type Linux and Version Debian (32/64-bit according to the downloaded image).

VirtualBox Name and OS dialog

  1. In the Hard disk dialog choose Use an existing virtual hard disk file and select the .vdi file you extracted in step 1.

VirtualBox Hard disk dialog

  1. When created, go to the virtual machine's Settings -> [Network] -> [Adapter 1]->[Attached to:] and choose the network type your want the machine to use according to the explanation in Network Configuration below. The recommended type is the Bridged adapter option, but be aware that this exposes the FreedomBox's services to your entire local network.

VirtualBox recommended network setting

Note: It is important to make sure that you have provided the correct network interface in the above step. For example, if the virtual machine is running on a laptop connected to a Wi-Fi network, then the wireless interface (starts with wlp) must be chosen as shown in the screenshot.

12.3. First Boot

When satisfied with the VM settings click the start button in the VirtualBox UI and your new FreedomBox will boot.

The console of the VM will show the textual screen below when finished booting, from here most interaction with FreedomBox will be through the web interface in a browser.

FreedomBox console after booting successfully

If everything went well so far, you should be able to access the web interface of FreedomBox by pointing a browser on the host machine to https://freedombox.local.

In case freedombox.local cannot be resolved, you need to find out your FreedomBox's IP address as described in Finding out the IP address of the virtual machine. Then access this IP from a web browser which is on the same network as the VM (for example, the host). If all is well, you are now presented with a welcome message and invited to complete the first boot process.

FreedomBox welcomes you to the first boot

This mainly consist of creating an administrative user for the system.

12.4. Using

See the FreedomBox usage page for more details.

You can log in to the Debian GNU/Linux system as the user created during FreedomBox first boot on the VirtualBox console or remotely via ssh.

After logging in, you can become root with the command sudo su.

12.5. Build Image

If you wish to build your own images instead of downloading available images, it can be done using Freedom Maker.

12.6. Tips & Troubleshooting

12.6.1. Network Configuration

VirtualBox provides many types of networking options. Each has its advantages and disadvantages. For more information about how various networking types work in VirtualBox, see VirtualBox's networking documentation. https://www.virtualbox.org/manual/ch06.html

For a simple setup, it is recommended that you use a single network interface in your guest machine. This will make the first boot script automatically configure that interface as an internal network with automatic network configuration. Inside the guest machine, the networking is configured automatically and all the services are made available on this network interface. For more information on how networks are configured by default in FreedomBox, see Networks section.

What remains is to make those services available to the host machine or to other machines in the network. You must then choose one of the following types of networking for the network interface on your guest machine. To set a particular type of network for the guest's network adapter, go to the guest VM's settings then the network options and then select the adapter you wish to configure. There, set the network type from the available list of networks.

  1. First and the recommended option is to use the Bridged type of network. This option exposes the guest machine to the same network that host network is connected to. The guest obtains network configuration information from a router or DHCP server on the network. The guest will appear as just another machine in the network. A major advantage of this of setup is that the host and all other machines in the network will be able to access the services provided by guest without requiring any further setup. The only drawback of this approach is that if the host is not connected to any network, the guest's network will remain unconfigured making it inaccessible even from the host.

  2. Second method is Host only type of networking. With a guest's network interface configured in this manner, it will only be accessible from the host machine. The guest will not able access any other machine but the host, so you do not have internet access on the guest. All services on the guest are available to the host machine without any configuration such as port forwarding.

  3. The third option is to use the NAT type of network. This the networking type that VirtualBox assigns to a freshly created virtual machine. This option works even when host is not connected to any network. The guest is automatically configured and is able to access the internet and local networks that host is able to connect to. However, the services provided by the guest require port forwarding configuration setup to be available outside.

    To configure this go to VM settings -> [Network] -> [Adapter] -> [Port Forwarding]. Map a port such as 2222 from host to guest port 22 and you will be able to ssh into FreedomBox from host machine as follows:

     ssh -p 2222 fbx@localhost

    Map 4443 on host to 443 on the guest. This make FreedomBox HTTPS service available on host using the URL https://localhost:4443/ You will need to add a mapping for each such services from host to guest.

  4. The final option is to create two network interfaces, one host only and one NAT type. This way you can access the guest without any additional configuration, and you have internet access on the guest. The guest will be invisible to any other machines on the network.

Summary of various network types:

-

Guest accessible from other machines

Guest accessible from host

Works without port forwarding

Works without host connected to network

Guest has internet access

Bridged

(./)

(./)

(./)

{X}

(./)

Host only

{X}

(./)

(./)

(./)

{X}

NAT

(./)

(./)

{X}

(./)

(./)

NAT and Host

{X}

(./)

(./)

(./)

(./)

12.6.2. Finding out the IP address of the virtual machine

This depends on the network configuration you chose. With a bridged adapter, your virtual machine gets its IP address from the DHCP server of your network, most likely of your Router. You can try the first couple of IP addresses or check your router web interface for a list of connected devices.

If you chose host-only adapter, the IP address is assigned by the DHCP server of your VirtualBox network. In the VirtualBox Manager, go to File -> Preferences -> Network -> Host-only Networks. You can see and edit the DHCP address range there, typically you get assigned addresses close to the Lower Address Bound.

Another possibility of finding the IP address is to login via the VirtualBox Manager (or similar software). The FreedomBox images do not have any default user accounts, so you need to set an initial user and password using the passwd-in-image script.

See also QuickStart for instructions on how to scan your network to discover the IP of the VM.

12.6.3. Networking Problems with macchanger

The package macchanger can cause network problems with VirtualBox. If you have a valid IP address on your guest's host network adapter (like 192.168.56.101) but are not able to ping or access the host (like 192.168.56.1), try uninstalling macchanger:

$ dpkg --ignore-depends=freedombox-setup --remove macchanger 

You might have to manually remove the script /etc/network/if-prep-up/macchanger. If Debian complains about unmet dependencies when you use a package manager (apt-get, aptitude, dpkg), try to remove 'macchanger' from the dependencies of 'freedombox-setup' in the file /var/lib/dpkg/status.

12.6.4. Mounting Images Locally

If you want to mount images locally, use the following to copy built images off the VirtualBox:

$ mkdir /tmp/vbox-img1 /tmp/vbox-root1
$ vdfuse -f freedombox-unstable_2013.0519_virtualbox-i386-hdd.vdi /tmp/vbox-img1/
$ sudo mount -o loop /tmp/vbox-img1/Partition1 /tmp/vbox-root1
$ cp /tmp/vbox-root1/home/fbx/freedom-maker/build/freedom*vdi ~/
$ sudo umount /tmp/vbox-root1
# $ sudo umount /tmp/vbox-img1 # corruption here.

12.6.5. Fixing the time after suspend and resume

The virtual machine loses the correct time/date after suspending and resuming. One way to fix this is to create a cron-job that restarts the time service ntp. You can add a crontab entry as root to restart ntp every 15 minutes by typing 'crontab -e' and adding this line:

*/15 * *   *   *     /etc/init.d/ntp restart

Do not restart this service too often as this increases the load of publicly and freely available NTP servers.

12.6.6. UUID collision in VB

Whenever this happens VirtualBox shows following error message: Cannot register the hard disk A with UUID ... because a hard disk B with UUID ... already exists in the media registry

Creating several VMs from the same image causes collisions due to ID's (hostname, IP, UUID, etc) that are expected to be universally unique. Most can be handeled operating the running VM. But VirtualBox complains before that (at the very creation of the VM) about the hard disk's UUID. This is usual stuff when you develop/test e.g. FreedomBox.

You can change a clone's UUID in the terminal as follows:

$ VBoxManage internalcommands sethduuid path/to/the/hd/vdi/file

13. Pine A64+

Pine 64+

Pine A64+ is an affordable single board computer with good performance.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

13.1. Similar Hardware

  • Both 1GB and 2GB versions of Pine A64+ are supported with the same FreedomBox image.

  • There is a separate Pine A64-LTS image.

13.2. Download

FreedomBox SD card images for this hardware are available. Follow the instructions on the download page to create a FreedomBox SD card and boot into FreedomBox. Pick the image meant for Pine A64+.

An alternative to downloading these images is to install Debian on the device and then install FreedomBox on it.

13.3. Availability

13.4. Hardware

  • Open Source Hardware (OSHW): No
  • CPU: Allwinner A64, Quad-core ARM Cortex A53 64-bit processor
  • RAM: 3 variants - 512 MB (not recommended), 1 GB and 2 GB (recommended)
  • Storage: SD card, eMMC (module sold separately but not tested with FreedomBox)

  • Architecture: arm64
  • Ethernet: Gigabit Ethernet port
  • Battery: Supports battery backup using a Li-Po battery
  • WiFi: None, use a USB WiFi device

  • SATA: None

13.5. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Not available

14. Banana Pro

Banana Pro

LeMaker Banana Pro is an updated version of its predecessor Banana Pi.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

14.1. Download

FreedomBox SD card images for this hardware are available. Follow the instructions on the download page to create a FreedomBox SD card and boot into FreedomBox. Pick the image meant for Banana Pro.

An alternative to downloading these images is to install Debian on the device and then install FreedomBox on it.

14.2. Hardware

  • Open Source Hardware (OSHW): No
  • CPU: Allwinner A20, Dual-core ARM Cortex A7 processor
  • RAM: 3 variants - 1 GB
  • Storage: SD card
  • Architecture: armhf
  • Ethernet: 10/100/1000 Mbps
  • Battery: No
  • WiFi: WiFi 802.11 b/g/n 2.4GHz (not tested with FreedomBox)

  • SATA: SATA 2.0 (2.5 inch SSD or HDD recommended)

14.3. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Unknown

15. Orange Pi Zero

Orange Pi Zero

Orange Pi Zero is a single board computer available at very low price. It uses the Allwinner H2 SoC, and has 256MB/512MB DDR3 SDRAM. It doesn't require any non-free firmware to run FreedomBox. However, the onboard Wi-Fi module needs proprietary firmware to work. The board is available in two versions: with 256MB RAM and 512MB RAM. The version with 512 MB RAM is recommended for FreedomBox. Even then, FreedomBox is expected to gracefully run only a small number of services.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

15.1. Download

FreedomBox SD card images are available for this device. Follow the instructions on the download page to create a FreedomBox SD card and boot the device.

15.2. Availability

15.3. Hardware

  • CPU: ARM Cortex-A7 Quad-Core (Allwinner H2)
  • RAM: 256MB/512MB DDR3 SDRAM
  • Storage: Up to 32GB on uSD slot, 2MB SPI Flash
  • Architecture: armhf
  • Ethernet: 10/100, RJ45
  • WiFi: Onboard 802.11 b/g/n, use a USB WiFi device

15.4. Non-Free Status

  • Non-free blobs required: No (without Wi-Fi)
  • Wi-Fi: no free Wi-Fi drivers + firmware available

16. RockPro64

RockPro64

Pine64's RockPro64 is a powerful single board computer. It uses the Rockchip RK3399 Hexa Core ARM64 processor. FreedomBox images are built and tested for this device.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

16.1. Download

Before downloading and using FreedomBox you need to ensure that latest u-boot based firmware is installed into the SPI flash chip. See instructions on how to write u-boot firmware into SPI flash. The gist is that you download and write an image to an SD card. Boot with SD card and wait for white LED blinking to stop. After that power off, remove the SD card and proceed with FreedomBox download.

FreedomBox images meant for all "arm64" hardware work well for this device. However, u-boot firmware must be present in SPI flash (or on a separate SD card, which is not explained here). Follow the instructions on the download page to create a FreedomBox SD card and boot the device. These images also work well for onboard eMMC, USB 2.0 and USB 3.0 disk drives. The process for preparing USB disk drives is same as for an SD card. For eMMC, boot the board using any OS and then write the image to the eMMC similar to writing to SD card.

An alternative to downloading these images is to install Debian on the device and then install FreedomBox on it.

16.2. Availability

16.3. Hardware

  • Open Source Hardware (OSHW): No
  • CPU: Rockchip RK3399 SOC (2x Cortex A72@1.8Ghz, 4x Cortex A53@1.4Ghz)

  • GPU: Mali T860 MP4 GPU
  • RAM: 2 GiB or 4 GiB LPDDR4
  • Storage: eMMC module slot, microSD slot, 16 MiB SPI Flash
  • USB: 2x USB 2.0, 1x USB 3.0, 1x USB-C
  • Expansion slot: 1x PCIe 4x slot (NVMe disks, etc.)
  • Architecture: arm64
  • Ethernet: 10/100/1000, RJ45
  • WiFi: None, use a USB WiFi device

16.4. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Not available

16.5. Known Issues

  • FreedomBox on NVMe disk has not been tested.

17. Rock64

Rock64

Pine64's Rock64 is a powerful single board computer. It uses the Rockchip RK3328 Quad Core ARM64 processor. FreedomBox images are built and tested for this device.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

17.1. Download

Before downloading and using FreedomBox you need to ensure that latest u-boot based firmware is installed into the SPI flash chip. Download the latest u-boot to write to SPI flash and then see instructions on how to write u-boot firmware into SPI flash. The gist is that you download and write an image to an SD card. Boot with SD card and wait for white LED to blink continuously. After that power off remove SD card and proceed with FreedomBox download.

FreedomBox images meant for all "arm64" hardware work well for this device. However, u-boot firmware must present in SPI flash (or on a separate SD card, which is not explained here). Follow the instructions on the download page to create a FreedomBox SD card and boot the device. These images also work well for eMMC disk which an optional attachment to this board and disk drives in USB 2.0 ports (but not in the USB 3.0 port). The process for preparing them is same as for an SD card.

An alternative to downloading these images is to install Debian on the device and then install FreedomBox on it.

17.2. Availability

  • Price: 25 USD (1GB)
  • Price: 35 USD (2GB)
  • Price: 45 USD (4GB)
  • Pine64 Store

17.3. Hardware

  • Open Source Hardware (OSHW): No
  • CPU: Rockchip RK3328 Quad-Core SOC (4x Cortex A53 @ 1.5Ghz)
  • GPU: Mali 450MP2
  • RAM: 1 GiB or 2 GiB or 4 GiB LPDDR3
  • Storage: eMMC module slot, microSD slot, 16 MiB SPI Flash
  • USB: 2x USB 2.0, 1x USB 3.0
  • Architecture: arm64
  • Ethernet: 10/100/1000, RJ45
  • WiFi: None, use a USB WiFi device

17.4. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Not available

17.5. Known Issues

  • FreedomBox does not work when booted from USB 3.0 port (but works from eMMC, SD card or USB 2.0 disk).

  • FreedomBox does not work when booted form the top USB 2.0 port with some u-boot firmware versions (the one listed above). It only works with the bottom USB 2.0 port (the one closer to the board).

18. Raspberry Pi 2 Model B

Raspberry Pi 2

Raspberry Pi 2 (Model B ) is a popular single board computer developed with the intention of promoting teaching of basic computer science in schools. It is a successor to Raspberry Pi Model B+ with much faster processor and more RAM. FreedomBox images are built and tested for it.

Please do not expect any output on a monitor connected via HDMI to this device as it does not display anything beyond the message 'Starting kernel...'. See the Quick Start page to access and control your FreedomBox from network.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

18.1. Download

FreedomBox SD card images for this hardware are available. Follow the instructions on the download page to create a FreedomBox SD card and boot into FreedomBox.

18.2. Availability

18.3. Hardware

  • Open Hardware: No
  • CPU: 900 MHz quad-core ARM Cortex-A7
  • RAM: 1 GB
  • Storage: MicroSD card slot
  • Architecture: armhf
  • Ethernet: 10/100, RJ45
  • WiFi: None, use a USB WiFi device

  • SATA: None

18.4. Non-Free Status

  • Non-free blobs required: boot firmware
  • WiFi: Not available

19. Raspberry Pi 3 Model B

Raspberry Pi 3 Model B

Raspberry Pi 3 Model B is a popular single board computer developed with the intention of promoting teaching of basic computer science in schools. It is a successor to Raspberry Pi 2 Model B with a 64-bit processor and on-board Wi-Fi. FreedomBox "stable" and "testing" images are available for Raspberry Pi 3 Model B.

Please do not expect any output on a monitor connected via HDMI to this device as it does not display anything beyond the message 'Starting kernel...'. See the Quick Start page to access and control your FreedomBox from network.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

19.1. Download

Raspberry Pi recommends creating a bootable SD card with the Raspberry Pi Imager (rpi-imager), their official cross-platform utility that downloads an image and writes it to removable media. FreedomBox "stable" and "testing" images can be selected in rpi-imager under the "Other specific-purpose OS" category.

FreedomBox SD card images for this hardware are also available online. Download the "stable" or "testing" image for Raspberry Pi 3 Model B. Follow the instructions on the download page to create a FreedomBox SD card and boot into FreedomBox.

19.2. Availability

19.3. Hardware

  • Open Hardware: No
  • CPU: 1.2GHz 64-bit quad-core ARMv8 CPU
  • RAM: 1 GB
  • Storage: MicroSD card slot
  • Architecture: armhf
  • Ethernet: 10/100, RJ45
  • WiFi: 802.11n but requires non-free firmware, instead use a USB WiFi device

  • SATA: None

19.4. Non-Free Status

  • Non-free blobs required: boot firmware
  • WiFi: Requires non-free firmware

20. Raspberry Pi 3 Model B+

Raspberry Pi 3 Model B+

Raspberry Pi 3 Model B+ is a popular single board computer developed with the intention of promoting teaching of basic computer science in schools. It is a successor to Raspberry Pi 3 Model B with better Ethernet and a 5Ghz Wi-Fi. FreedomBox "stable" and "testing" images are available for Raspberry Pi 3 Model B+.

Please do not expect any output on a monitor connected via HDMI to this device as it does not display anything beyond the message 'Starting kernel...'. See the Quick Start page to access and control your FreedomBox from network.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

20.1. Download

Raspberry Pi recommends creating a bootable SD card with the Raspberry Pi Imager (rpi-imager), their official cross-platform utility that downloads an image and writes it to removable media. FreedomBox "stable" and "testing" images can be selected in rpi-imager under the "Other specific-purpose OS" category.

FreedomBox SD card images for this hardware are also available online. Download the "stable" or "testing" image for Raspberry Pi 3 Model B+. Follow the instructions on the download page to create a FreedomBox SD card and boot into FreedomBox.

20.2. Availability

20.3. Hardware

  • Open Hardware: No
  • CPU: 1.4GHz 64-bit quad-core ARMv8 CPU
  • RAM: 1 GB
  • Storage: MicroSD card slot
  • Architecture: armhf
  • Ethernet: 10/100/1000, RJ45
  • WiFi: 802.11ac but requires non-free firmware, instead use a USB WiFi device

  • SATA: None

20.4. Non-Free Status

  • Non-free blobs required: boot firmware
  • WiFi: Requires non-free firmware

21. Raspberry Pi 4 Model B

Raspberry Pi 4 Model B

Raspberry Pi 4 Model B is a popular single board computer developed with the intention of promoting teaching of basic computer science in schools. It is a successor to Raspberry Pi 3 Model B+ with better processor and ability to drive multiple displays. Both stable and "testing" images are available for Raspberry Pi 4 Model B.

21.1. Download

Raspberry Pi recommends creating a bootable SD card with the Raspberry Pi Imager (rpi-imager), their official cross-platform utility that downloads an image and writes it to removable media. FreedomBox "stable" and "testing" images can be selected in rpi-imager under the "Other specific-purpose OS" category.

FreedomBox SD card images for this hardware are also available online. Download the "stable" or "testing" image for Raspberry Pi 4 Model B. Follow the instructions on the download page to create a FreedomBox SD card or USB drive and boot into FreedomBox.

21.2. Booting from USB

MicroSD cards are notouriously slow and prone to be corrupted. SD card corruption means that a high read/write load or a sudden power outage can make render your card unusable. It is therefore strongly recommended that you use a USB drive for your root partition. To be able to do that, you have to follow these preliminary steps:

  1. Download and install the Raspberry Pi Imager.

  2. Insert a microSD card to your computer.
  3. Open the Raspberry Pi Imager

    3.1 Select CHOOSE OS >> Misc utility images >> Bootloader >> USB Boot

    3.2 From CHOOSE STORAGE select your microSD card

    3.3 Click on WRITE

  4. After the writing was succesful, you should eject the card.
  5. Insert the newly created card into your Raspberry Pi and boot up the device. If it is connected to a monitor, you will see a green screen. Let your device rest for a minute, after which you can disconnect it from power and eject the card from the Raspberry Pi. It can now boot from USB.
  6. Final step: write your FreedomBox image into your USB device, then connect it to your Raspberry Pi. Make sure you did not leave your microSD card in the Raspberry Pi.

Please note that steps 1. to 5. only need to be done once.

21.3. Build Image

FreedomBox images for this hardware can be built using Freedom Maker. Use the target 'raspberry64' to build the image for this board.

21.4. Availability

21.5. Hardware

  • Open Hardware: No
  • CPU: Broadcom BCM2711 SOC (4x Cortex-A72@1.5GHz)

  • RAM: 2 GB or 4GB or 8 GB
  • Storage: MicroSD card slot or USB drive
  • USB: 2x USB 2.0, 2x USB 3.0, USB Type-C power supply
  • Architecture: arm64
  • Ethernet: 10/100/1000, RJ45
  • WiFi: 802.11ac but requires non-free firmware, instead use a USB WiFi device

  • SATA: None

21.6. Non-Free Status

  • Non-free blobs required: boot firmware
  • WiFi: Requires non-free firmware

22. USB Wi-Fi

FreedomBox works on many single board computers. However, many of these boards do not have built-in Wi-Fi capabilities. Even when Wi-Fi capability is available, non-free proprietary firmware is required to make them work.

A solution to the problem is to plug-in a USB Wi-Fi device into one of the available USB ports. There are many such devices available which do not require non-free firmware to work. The following is a list of such devices that work with FreedomBox devices. Some devices based on these chips have tested to work well with FreedomBox including functions such as access point mode.

22.1. Firmware Installation

The free firmware for these devices is not packaged in Debian yet. You can manually download and install the firmware as follows:

sudo su [enter password]
cd /lib/firmware
wget https://www.thinkpenguin.com/files/ath9k-htc/version-1.4-beta/htc_9271.fw
wget https://www.thinkpenguin.com/files/ath9k_firmware_free-version/htc_7010.fw

22.2. Resources

Release Notes

The following are the release notes for each FreedomBox version.

1. FreedomBox 24.21 (2024-10-07)

1.1. Highlights

  • django: Improve handling of file uploads
  • nextcloud: Fix existing installs to upgrade properly

1.2. Other Changes

  • action_utils: Fix missing parent folder when creating apt hold flag
  • action_utils: Introduce utility to move uploaded files
  • actions: Handle exceptions with Path-like objects
  • featherwiki: Use new utility for handling uploads
  • functional tests: Upgrade dependencies selenium and splinter
  • kiwix: Don't leave invalid .zim in library after a failed attempt
  • kiwix: Use new utility for handling uploads
  • locale: Albanian: Fix build issue by correcting typo
  • locale: Update translations for Albanian, Czech
  • names: Don't control resolved daemon when package is not installed
  • names: Don't hard depend on systemd-resolved
  • names: Don't show resolver status if package is not installed
  • names: Introduce method to check if resolved is installed
  • names: Perform resolve diagnostics only if resolved is installed
  • names: Schedule a task to install systemd-resolved when possible
  • names: Try to install systemd-resolved during app setup
  • networks: Disable DNS-over-TLS option if resolved is not installed
  • networks: Don't show DNS-over-TLS when resolved is not installed
  • nextcloud: During upgrade wait properly for upgrade to complete
  • privacy: Disable DNS fallback option if resolved is not installed
  • samba: Remove option to backup app
  • storage: Skip tests that involve loopback device in a container
  • tiddlywiki: Avoid writing duplicate temporary files
  • transmission: tests: Fix functional test failures in Debian testing

2. FreedomBox 24.20.1 (2024-09-25)

2.1. Highlights

  • samba: Fix nmb systemd service is in erroneous state
  • users: Inactivate users in LDAP user database

2.2. Other Changes

  • Revert "debian: tests: Wait for systemd-resolved to be started"
  • ci: Run autopkgtest but allow failure
  • d/tests: Add breaks-testbed restriction
  • locale: Update translations for Bulgarian, Chinese (Simplified Han script), Spanish, Turkish
  • security: Remove PAM configuration for 'access' module
  • users: Increment app version for changes w.r.t. inactive users
  • users: Set proper class on default password policy object

3. FreedomBox 24.20 (2024-09-23)

3.1. Highlights

  • nextcloud: Fix issue with upgrading to next version

3.2. Other Changes

  • action_utils: Add a method to reset services in 'failed' state
  • action_utils: Update outdated docstrings
  • apache: Don't restart daemon when changing certificates
  • config, names: Move domain name configuration to names app
  • config, names: Move setting hostname from config to names
  • debian: tests: Wait for systemd-resolved to be started
  • letsencrypt: Allow reloading daemons after cert changes
  • locale: Update translations for Albanian, Bulgarian, Chinese (Simplified Han script), Czech, Dutch, Spanish, Turkish
  • miniflux: Workaround a packaging bug with DB connection
  • service: Add privileged utility for 'try-reload-or-restart' action
  • tests: functional: Don't timeout when web server restarts
  • upgrades: Treat n/a release as testing
  • users: Don't cache NSS user identity information
  • users: Invalidate nscd cache after nslcd service startup

4. FreedomBox 24.19 (2024-09-09)

4.1. Highlights

  • mediawiki: Increase PHP maximum execution time to 100 seconds
  • names: Use systemd-resolved for DNS resolution

4.2. Other Changes

  • bind: Don't start a stopped daemon during changes/upgrades
  • bind: Fix port number clash with 'shared' network connections
  • bind: Set default forwarder as systemd-resolved
  • container: Re-run failed provisioning even if container is running
  • letsencrypt: Handle both standard and custom repairs
  • locale: Update translations for Albanian, Bulgarian, Chinese (Simplified), Dutch, German, Spanish, Telugu, Turkish, Ukrainian
  • makefile: Workaround problems with systemd-resolved package
  • names, network: Re-feed DNS known to network-manager to resolved
  • names: Add option for setting global DNS-over-TLS preference
  • names: Add option for setting global DNSSEC preference
  • names: Implement a diagnostic check for checking name resolution
  • names: Restart instead of reload for systemd-resolved changes
  • names: Show systemd-resolved status in the names page
  • networks: Add more options for IPv6 configuration method
  • networks: Add support for DNS-over-TLS for individual connections
  • networks: Declare a need for DHCP/DNS ports to be open in firewall
  • networks: Fix focusing on network interface field on error
  • networks: Groups fields in create/edit connection form
  • networks: Set 'auto' as default IPv6 method in new connection form
  • networks: Show current global value of DNS-over-TLS and link to it
  • privacy: Implement a way to disable fallback DNS servers
  • privacy: Show notification again so that users see the new setting
  • storage: Handle grub-pc package not available
  • upgrades: Add repair step for held packages

5. FreedomBox 24.18 (2024-08-26)

  • *.md, pyproject.toml: Update default branch from 'master' to 'main'
  • d/control: Don't recommend libnss-gw-name
  • d/control: Remove haveged as it no longer relevant on latest kernels
  • debian: Set gbp default branch to main
  • doc/dev: Fix Django related errors with auto-documentation
  • doc/dev: Limit table of contents depth to 2 for clarity
  • doc/dev: Update copyright year
  • featherwiki, tiddlywiki: Remove redundant </p> in template

  • locale: Update translations for Albanian, Bulgarian, Chinese (Simplified), Czech, Dutch, Norwegian Bokmål, Spanish, Telugu, Turkish, Ukrainian
  • plinth: Fix translating app operations
  • ttrss: Remove unavailable Android client - org.fox.tttrss
  • upgrades: Add diagnostic for held packages

6. FreedomBox 24.17 (2024-08-12)

6.1. Highlights

  • featherwiki: Add new app for Personal Notebooks
  • tiddlywiki: Add new app for Non-linear Notebooks

6.2. Other Changes

  • COPYING.md: Update copyright years
  • actions: Add error when likely parameters are not marked as secret
  • actions: Define and allow a new alias for str; secret_str
  • actions: Log arguments without secret strings in privileged calls
  • apache: Enable dav and dav_fs modules
  • backups: Mark secret strings in privileged actions
  • base.html: Drop dependency on modernizr.js library
  • bepasty: Mark secret strings in privileged actions
  • django: settings: Don't set USE_L10N on newer versions
  • featherwiki: Fix a type check failure
  • featherwiki: Proxy download through freedombox.org
  • firewall: Setup inter-zone forwarding
  • gitweb: Don't backup/restore a drop-in configuration file
  • ikiwiki: Mark secret strings in privileged actions
  • locale: Update translations for Albanian, Bulgarian, Chinese (Simplified), Czech, Spanish, Turkish
  • makefile: Don't fail while building and installing multiple versions
  • mediawiki: Mark secret strings in privileged actions
  • miniflux: Mark secret strings in privileged actions
  • mumble: Mark secret strings in privileged actions
  • nextcloud: Mark secret strings in privileged actions
  • nextcloud: Prevent process restart when nextcloud is uninstalled
  • nextcloud: Redirect to URL nextcloud/ if ending slash is not given
  • nextcloud: tests: functional: Add base and interface tests
  • pagekite: Mark secret strings in privileged actions
  • rssbridge: tests: Add missing __init__.py

  • shadowsocks: Mark secret strings in privileged actions
  • shadowsocksserver: Mark secret strings in privileged actions
  • ssh: Mark secret strings in privileged actions
  • storage: Add diagnostic for grub config issue
  • templates: Fix warning about using default.html for form template
  • tests: functional: Allow submitting form buttons along with inputs
  • tests: functional: Name the background fixture
  • users: Mark secret strings in privileged actions

7. FreedomBox 24.16 (2024-07-29)

7.1. Highlights

  • miniflux: Add new app
    • Note that miniflux is currently only available in Debian testing and unstable.

7.2. Other Changes

  • locale: Update translations for Bulgarian, Chinese (Traditional), German, Swedish
  • miniflux, ttrss: Factor out duplicated postgres utility methods
  • miniflux: Add list of client apps from upstream clients list
  • miniflux: Drop postgres-contrib package as it seem redundant
  • miniflux: Fix error handling for reset password
  • miniflux: Fix issues with running the CLI in a pseudo-terminal
  • miniflux: Fix regression in creating admin user
  • miniflux: Remove a spurious error message after resetting password
  • miniflux: Trim error messages when creating user
  • miniflux: tests: functional: Fix failing tests when run out of order
  • readme: Mention the AGPLv3+ license
  • tests: functional: Handle click failure when waiting for page update
  • tests: functional: Handle obscured elements when submitting forms

8. FreedomBox 24.15 (2024-07-16)

  • locale: Update translations for Albanian, Chinese (Simplified), French, German, Polish, Spanish, Turkish, Ukrainian
  • make: Ignore .mypy_cache folders while copying files

9. FreedomBox 24.14 (2024-07-01)

  • container: Allow podman containers to run inside the container
  • diagnostics: Add option for automatic repair
  • locale: Update translations for French

10. FreedomBox 24.13 (2024-06-17)

  • locale: Update translations for Czech, Dutch, Swedish, Ukrainian

11. FreedomBox 24.12 (2024-06-03)

  • locale: Update translations for Albanian, Chinese (Traditional), German, Russian

12. FreedomBox 24.11 (2024-05-20)

  • locale: Update translations for Chinese (Simplified), Chinese (Traditional), Spanish, Swedish, Turkish

13. FreedomBox 24.10 (2024-05-06)

13.1. Highlights

  • nextcloud: Enable app with experimental warning
  • minidlna: Add media directory selection form

13.2. Other Changes

  • app, component: Add repair method
  • diagnostics: Add optional component_id to DiagnosticCheck

  • diagnostics: Change "Re-run setup" to "Try to repair"
  • letsencrypt: Re-obtain certificates during repair
  • letsencrypt: Remove unused imports
  • locale: Update translations for Chinese (Simplified), Chinese (Traditional), Czech, Spanish, Turkish
  • minidlna: Do not proxy minidlna web interface over Apache
  • minidlna: Explicitly include ssdp service to firewall configuration
  • minidlna: Restart app when upgrading to reconfigure firewall
  • nextcloud: Add fallback for when quadlet is not available
  • nextcloud: Allow re-running setup
  • nextcloud: Allow re-running setup when app is disabled
  • nextcloud: Create network using systemd generator
  • nextcloud: Drop network namespacing in container, use host network
  • nextcloud: Enable pretty URLs without /index.php in them
  • nextcloud: Implement enable/disable container
  • nextcloud: Populated and maintain a list of trusted domains
  • nextcloud: Pull the image separately before starting systemd unit
  • nextcloud: Restart container when dependent services are restarted
  • nextcloud: Ship instead of create cron timer related units
  • nextcloud: Use php-fpm container instead of apache container
  • nextcloud: Use systemd generator for creating container service
  • nextcloud: Wait on init sync lock
  • nextcloud: Warn that community provides the container not team
  • notification: Handle more formatting errors
  • setup: Add method to run app repair
  • storage: Add an option to include help text to directory selection form

14. FreedomBox 24.9 (2024-04-22)

  • action_utils, nextcloud: Make podman util more generic
  • config: Handle dropin config files with limited permissions
  • locale: Update translations for Albanian, Chinese (Simplified), Chinese (Traditional), Russian, Spanish, Turkish
  • nextcloud: (Note that this app is currently disabled, and not available to install.)
    • Add network interface to firewall zone after creating it
    • Add warning that the app is experimental
    • Allow backup/restore when app is disabled
    • Connect to mysql using socket instead of TCP
    • Connect to redis using Unix socket
    • Connect to slapd for LDAP using Unix socket
    • Don't fail uninstall if DB or user do not exist
    • Don't set password on redis server
    • Don't show incorrect phone region when it is not set
    • Drop a repeated creation of systemd service file
    • Ensure that database is running when running setup
    • Expand on the warning about container usage
    • Fail on errors when configuring the app
    • Fix configuring trusted proxies setting
    • Improve check used to test if installation wizard is done
    • Improve database permission granting
    • Improve setting up LDAP configuration
    • Minor changes to cron timer units
    • Minor refactoring
    • Minor update to description regarding users' usage
    • Refactor container creation code
    • Refactor setting admin password
    • Remove fail2ban jail, brute force protection present
    • Rename the systemd service names
    • Retrieve database password in a more robust way
    • Use a separate DB for redis
    • Use secrets module generate passwords
    • When backup fails, unset the maintenance mode
  • tests: functional: Disable functional tests

15. FreedomBox 24.8 (2024-04-08)

15.1. Highlights

  • gitweb: Fix an issue when cloning existing repository
  • ttrss: Improve backup and restore of the database
  • ttrss: Include dbconfig configuration file in backup
  • zoph: Include dbconfig configuration file in backup

15.2. Other Changes

  • action_utils: Add generic utils for managing podman containers
  • actions: Don't repeat action traceback in stderr
  • diagnostics: Don't store list of app objects with results
  • locale: Update translations for Albanian, Chinese (Simplified), Dutch, French, German, Norwegian Bokmål, Spanish, Turkish
  • network: Skip bridge interfaces in connections list
  • nextcloud: Add new app based on podman container
    • Note: The Nextcloud app is currently disabled (not available to install). It will be made available after there has been more testing and review.
    • Add backup/restore
    • Add option to configure the default phone region
    • Configure redis caching, create static PHP file
  • ttrss: Ensure that database is removed after uninstall
  • ttrss: tests: functional: Uninstall during backup/restore test
  • upgrades: Re-enable unattended-upgrade during dist-upgrade
  • zoph: Re-add a safety check when reading the setup state of the app

16. FreedomBox 24.7 (2024-03-25)

16.1. Highlights

  • package: Don't remove packages of other apps on uninstall
  • samba: Fix Samba not accessible from IPv6 localhost ::1 address
  • system: Organize items into sections
  • users: Add email address field when creating/updating user accounts

16.2. Other Changes

  • actions: Minor refactor to action error logging
  • actions: Move most of the privileged action code to main directory
  • actions: Provide HTML error message with action error
  • backups: Adjust to changes in privileged errors
  • letsencrypt: Remove unnecessary processing of the error messages
  • letsencrypt: Show better error messages
  • letsencrypt: Simplify error warning when certificate revoke fails
  • matrixsynapse: Prevent setup page from being shown during uninstall
  • middleware: Show HTML exception message as extra detail in messages
  • package: Drop special error message handling for package errors
  • samba: Disable nmbd NetBIOS service
  • snapshot: Show better error messages
  • storage: Adjust to changes in privileged errors
  • storage: Show better error message
  • tests: Automatically create pytest marks for apps
  • tests: Merge actions related test files
  • tests: Move test configuration to plinth directory
  • tests: Remove unused fixture for testing actions
  • upgrades: Show better error messages
  • users: Add email address field during first boot
  • views: Fix alignment of close button in error messages
  • views: Implement a utility to easily show error message

17. FreedomBox 24.6 (2024-03-11)

17.1. Highlights

  • gitweb: Fix modifying git repositories when gitweb app is disabled
  • users: Fix creating users with initial set of groups
  • wordpress:
    • Don't fail setup if mysql installed but not running
    • Drop database user when app is uninstalled
    • Fix backup, restore and uninstall when db is not running
  • zoph:
    • Don't fail setup if mysql installed but not running
    • Don't fail with backup/restore if app is disabled
    • Don't redirect to setup page when app is disabled
    • Ensure that database server is running when setting up app
    • Hide configuration form when app is disabled
    • Restore database password to old value after restore operation
    • Uninstall fully so that reinstall works

17.2. Other Changes

  • *: Add type hints for app init methods
  • *: Add type hints for diagnose method
  • action_utils: Implement method for starting a service temporarily
  • actions: Fix log message when action return can't be decoded
  • actions: When action errors out, log a better message
  • app: Add ability to hide configuration form when app is disabled
  • app: views: Expose method to get enabled/disabled state and cache it
  • daemon: Added method to ensure a daemon is running in component
  • diagnostics: Add tests for get_results
  • diagnostics: Handle TypeError when copying results

  • locale: Update translations for Dutch
  • log: Don't log with in color inside actions scripts
  • samba: Ignore non-existent users who are in freedombox-share group
  • tests: functional: Refactor install/setup fixture for apps
  • tests: functional: Uninstall app after backup and before restore
  • users: Minor refactor when creating django groups
  • users: tests: Do not remove LDAP user when testing views
  • wordpress: Fix minor issue in restoring database
  • wordpress: tests: Uninstall app after backup and before restore

18. FreedomBox 24.5 (2024-02-26)

  • backups: tests: Don't use pytest marks on fixtures
  • container: Fix issue with missing make command on stable image
  • daemon: Add new component for daemons shared across apps
  • firewalld: Implement force upgrading to any 2.x versions
  • gitweb, users: Minor fixes for newer pycodestyle
  • locale: Update translations for German
  • pyproject.toml: Exclude the build directory from mypy checks
  • setup: Ensure that apt is updated before checking force upgrade
  • setup: Ensure that force upgrade won't run when app is not installed
  • setup: Minor refactoring of force upgrader class instantiation
  • setup: Try force upgrade before running app setup
  • tests: Patch apps_init for enable/disable daemon test
  • tor: tests: Convert to pytest style tests from class based tests
  • tor: tests: Fix issue with pytest 8.x versions
  • wordpress: Add shared daemon component for mariadb/mysql
  • zoph: Add shared daemon component for mariadb/mysql

19. FreedomBox 24.4 (2024-02-12)

19.1. Highlights

  • locale: Update translations for Albanian, Chinese (Simplified), German, Spanish, Swedish, Telugu, Turkish, Ukrainian

19.2. Other Changes

  • *: Introduce make file based build, eliminate setup.py
  • Makefile: Move most of the provision process into build system
  • Makefile: Move various tests into build system
  • actions: Drop legacy placeholders for unused actions
  • d/copyright: Update copyright year
  • debian: Remove lintian override for init script
  • doc: Install man1 page using Makefile
  • doc: dev: Update all references to setup.py
  • help: tests: Run tests using doc in current dir instead of /usr
  • pyproject.toml: Move project meta data from setup.py

20. FreedomBox 24.3 (2024-01-29)

20.1. Highlights

  • diagnostics: Add option to toggle daily run
  • zoph: Fix failing PHP configuration requirements

20.2. Other Changes

  • diagnostics: Add parameters to DiagnosticCheck

  • diagnostics: Add method to translate checks
  • diagnostics: Translate descriptions only in view
  • diagnostics: Store results of full run in database
  • diagnostics: Simplify getting translated description in results
  • diagnostics: Safely access results when showing notification
  • diagnostics: Fix a potential iteration of None value in error cases
  • glib: Change API for repeating an in-thread scheduled task

21. FreedomBox 24.2 (2024-01-15)

  • locale: Update translations for Chinese (Simplified), French, Spanish, Swedish, Turkish, Ukrainian

22. FreedomBox 24.1 (2024-01-01)

22.1. Highlights

  • locale: Add translation for Belarusian
  • storage: Show notification when rootfs is read-only

22.2. Other Changes

  • locale: Update translation for Dutch
  • tests: operation: Fix mock has_calls assertion

23. FreedomBox 23.21 (2023-11-20)

  • locale: Update translations for Chinese (Simplified), Czech, Spanish, Swedish, Turkish, Ukrainian

24. FreedomBox 23.20 (2023-11-06)

24.1. Highlights

  • backups: Don't leave services stopped if backup fails
  • coturn: Fix incorrectly passing transport argument to STUN URIs

24.2. Other Changes

  • apache: tests: Update to use DiagnosticCheck class

  • app: Update diagnose() docstring
  • datetime: Fix diagnostic test for checking NTP server sync
  • diagnostics: Add shortcut to re-run setup for app
  • ejabberd: Update old STUN URIs to remove 'transport' parameter
  • email: Increase the size of the message to 100MiB
  • locale: Update translations for Albanian, German, Spanish, Turkish, Ukrainian
  • matrixsynapse: Update old STUN URIs to remove 'transport' parameter
  • operation: Fix issue with re-running setup when it fails first time
  • tests: functional: Run tests on two app servers

25. FreedomBox 23.19 (2023-10-23)

25.1. Highlights

  • backup: Fix bug in adding existing unencrypted backup location
  • diagnostics: Run daily check and notify on failures
  • email: Fix issue with install caused by missing drop-in config file
  • kiwix: Add app for Kiwix offline Wikipedia reader
  • upgrades: Allow matrix-synapse to be installed from bookworm

25.2. Other Changes

  • db: Serialize most of the database queries using locks
  • diagnostics: Add DiagnosticCheck dataclass

  • diagnostics: Refactor background diagnostics task
  • diagnostics: Refactor check IDs, tests and background checks
  • glib: Add a jitter to the interval by default when scheduling tasks
  • glib: Refactor schedule debugging in a central place
  • kiwix: Do not require login to access the app
  • kiwix: Drop unnecessary file in /etc/plinth/modules-enabled
  • kiwix: Fix various issues after review
  • locale: Update translations for Arabic, Czech, Dutch, German, Hindi, Spanish, Swedish, Telugu, Turkish, Ukrainian
  • matrix-synapse: Update warning on how to change domain name
  • operation: Add unique ID for each operation

26. FreedomBox 23.18 (2023-09-25)

  • *: Fix all typing hint related errors
  • development: Make passing mypy checks mandatory
  • development: Perform backports tests on bookworm instead of bullseye
  • ikiwiki: Disable discussion pages by default for new wiki/blog
  • locale: Update translations for Bulgarian
  • middleware: Add new middleware to handle common errors like DB busy
  • upgrades: Fix detecting apt over tor during upgrade
  • wordpress: Use absolute path in service file

27. FreedomBox 23.17 (2023-09-11)

  • locale: Update translations for Czech, Dutch, Spanish, Swedish, Turkish, Ukrainian

28. FreedomBox 23.16 (2023-08-28)

28.1. Highlights

  • openvpn: Renew server/client certificates
  • openvpn: Correctly set expiry of server/client certs to 10 years

28.2. Other Changes

  • backups: Remove use of length_is template function
  • django: Remove use of X-XSS-Protection header
  • locale: Update translations for Czech, Norwegian Bokmål, Swedish
  • networks, samba: Fix tests setting firewall zone
  • openvpn: Ensure that re-running setup works as expected
  • openvpn: Fix app not installing on Debian testing
  • openvpn: Minor refactoring in setting up easy-rsa
  • openvpn: Use config file instead of env vars for easy-rsa
  • sso: Switch to django-axes >= 5.0

  • sso: Use POST method for logout
  • users, networks: Use the autofocus HTML attribute sparingly

29. FreedomBox 23.15 (2023-08-14)

  • debian: Add Swedish translation for debconf
  • locale: Update translations for Dutch, German, Spanish, Turkish, Ukrainian

30. FreedomBox 23.14 (2023-07-31)

30.1. Highlights

  • app: Implement advanced option to rerun app setup
  • torproxy: Add separate app for Tor Proxy
  • upgrades: Use codename in apt preferences

30.2. Other Changes

  • HACKING: Add instructions for container on Raspberry Pi
  • bepasty: Don't enable app when setup is rerun
  • bind: Don't enable app when setup is rerun
  • ci: Add mypy static type check
  • container: Add support for retrieving GPG keys using wget
  • container: Update for bookworm images
  • deluge: Don't enable app when setup is rerun
  • ejabberd: Don't enable app when setup is rerun
  • firewall: Add diagnostic check for backend
  • firewall: Add diagnostic check for passthroughs
  • firewall: Add diagnostic for default zone
  • gitweb: Don't enable app when setup is rerun
  • ikiwiki: Don't enable app when setup is rerun
  • infinoted: Don't enable app when setup is rerun
  • janus: Don't enable app when setup is rerun
  • jsxc: Don't enable app when setup is rerun
  • kvstore: Optionally, don't throw exception when deleting key
  • locale: Update translations for Dutch
  • mediawiki: Don't enable app when setup is rerun
  • minetest: Don't enable app when setup is rerun
  • openvpn: Don't enable app when setup is rerun
  • performance: Don't enable app when setup is rerun
  • privoxy: Don't enable app when setup is rerun
  • quassel: Don't enable app when setup is rerun
  • radicale: Don't enable app when setup is rerun
  • rssbridge: Don't enable app when setup is rerun
  • shaarli: Don't enable app when setup is rerun
  • sharing: Don't enable app when setup is rerun
  • tor, torproxy: Export settings from old to new app
  • tor, torproxy: Update description for info on services provided
  • tor: tests: Make functional test check for running service
  • ttrss: Don't enable app when setup is rerun
  • upgrades: Use codename for unattended-upgrades origin pattern
  • users: Add diagnostic checks for nsswitch config
  • users: Add diagnostics check for nslcd config
  • wireguard: Don't enable app when setup is rerun
  • zoph: Don't enable app when setup is rerun

31. FreedomBox 23.13 (2023-07-17)

  • container: Add support for ARM64 containers
  • HACKING: Instructions for macOS on Apple Silicon
  • locale: Update translations for German, Spanish, Turkish, Ukrainian

32. FreedomBox 23.12 (2023-06-19)

32.1. Highlights

  • packages: Purge packages on uninstall
  • gitweb: Fix issue with service startup when gitweb is not enabled
  • mediawiki: Increment version to run update.php automatically

32.2. Other Changes

  • deluge: Utilize purging of packages and don't remove explicitly
  • locale: Update translations for Czech, Dutch, Spanish, Turkish, Ukrainian
  • mediawiki: Utilize purging of packages and don't remove explicitly
  • roundcube: Clarify description for local mail only option
  • samba: Remove additional configuration files on uninstall
  • searx: Fix typo in method name
  • shaarli: Utilize purging of packages and don't remove explicitly
  • uninstall: Remove experimental warning

33. FreedomBox 23.11 (2023-06-05)

33.1. Highlights

  • *: Fix icons not present in the generated .deb
  • shadowsocksserver: Add separate app for Shadowsocks server

33.2. Other Changes

  • apache: Fix failure during app update
  • apache: Use drop-in config component for /etc files
  • bepasty: Use drop-in config component for /etc files
  • calibre: Use drop-in config component for /etc files
  • cockpit: Use drop-in config component for /etc files
  • config: Add new component for managing drop-in /etc/ config files
  • debian/install: Add new place in /usr to keep drop-in config files
  • deluge: Use drop-in config comonents for /etc files
  • ejabberd: Use drop-in config component for /etc files
  • email: Use drop-in config component for /etc files
  • gitweb: Use drop-in config component for /etc files
  • i2p: Use drop-in config component for /etc files
  • ikiwiki: Use drop-in config component for /etc files
  • janus: Use drop-in config component for /etc files
  • letsencrypt: Use drop-in config component for /etc files
  • matrixsynapse: Use drop-in config component for /etc files
  • mediawiki: Use drop-in config component for /etc files
  • minidlna: Use drop-in config component for /etc files
  • networks: Use drop-in config component for /etc files
  • pagekite: Drop the config file for forcing use of Debian certs
  • privacy: Use drop-in config component for /etc files
  • radicale: Use drop-in config component for /etc files
  • roundcube: Use drop-in config component for /etc files
  • rssbridge: Use drop-in config component for /etc files
  • searx: Use drop-in config component for /etc files
  • security: Use drop-in config component for /etc files
  • sharing: Use drop-in config component for /etc files
  • ssh: Use drop-in config component for /etc files
  • sso: Use drop-in config component for /etc files
  • syncthing: Use drop-in config component for /etc files
  • transmission: Use drop-in config component for /etc files
  • ttrss: Use drop-in config component for /etc files
  • upgrades: Use drop-in config component for /etc files
  • users: Use drop-in config component for /etc files
  • wordpress: Use drop-in config component for /etc files

34. FreedomBox 23.10 (2023-05-22)

  • *: Move modules-enabled files to /usr/share
  • locale: Update translations for Dutch, Portuguese, Spanish, Turkish, Ukrainian
  • doc/dev: Set language code explicitly in Sphinx configuration
  • gitweb: Disable gpg signing in tests

35. FreedomBox 23.9 (2023-05-08)

35.1. Highlights

  • transmission: Allow remote UIs to connect
  • ttrss: Allow apps to use /tt-rss URL instead of separate one

35.2. Other Changes

  • apache: Reload apache using component if config changes
  • debian: Follows policy v4.6.2
  • debian: Update copyright years
  • doc/dev: Update copyright year
  • help: Add information on obtaining source code
  • locale: Update translations for Japanese
  • mediawiki: Make a utility method public
  • mediawiki: Make retrieving list of supported languages robust
  • mediawiki: Simplify retrieving the default language
  • minidlna: Resize icon and export to PNG also
  • service: Remove reference to managed_services in a message
  • storage: Handle mount error properly
  • theme: Move icons to app folders
  • tor: Check if Hidden service is version 3
  • tor: Only diagnose relay ports if feature enabled
  • tor: Rename Hidden service to Onion service
  • transmission: Add Tremotesf to list of client apps
  • ttrss: Don't show app in enabled list of apps if install fails
  • ttrss: Update list of clients
  • ttrss: Use the apache component to restart apache on config change
  • uninstall: Fix issue with uninstall of apps that have no backup
  • zoph: Don't fail at showing app view during uninstall

36. FreedomBox 23.6.2 (2023-05-01)

  • upgrades: Check apt result during dist-upgrade
  • locale: Update translations for Bulgarian, Ukrainian

37. FreedomBox 23.8 (2023-04-24)

37.1. Highlights

  • coturn: Prevent package removal when roundcube is uninstalled
  • datetime: Re-implement backup/restore for timezone
  • gitweb: Disable snapshot feature

37.2. Other Changes

  • HACKING: Force pip to install packages to system environment
  • bepasty: When uninstalling, remove all data and configuration
  • calibre: Remove libraries during uninstallation
  • ci: Force pip install for functional tests
  • coturn: When uninstalling, remove all data and configuration
  • datetime: Use unique component ID for related daemon
  • deluge: When uninstalling, remove all data and configuration
  • gitweb: When uninstalling, remove all data and configuration, remove repositories
  • gitweb: Make globally configured features overridable per-repository
  • gitweb: Simplify handling shortcut for front page
  • ikiwiki: When uninstalling, remove all data and configuration
  • infinoted: When uninstalling, remove all data and configuration
  • locale: Update translations for Bulgarian, French, Ukrainian
  • matrixsynapse: When uninstalling, remove all data and configuration
  • mediawiki: When uninstalling, remove all data and configuration
  • mediawiki: Fix broken view on Bullseye due to language selection
  • openvpn: When uninstalling, remove all data and configuration
  • roundcube: When uninstalling, remove all data and configuration
  • rssbridge: When uninstalling, remove all data and configuration
  • samba: When uninstalling, remove all data and configuration
  • searx: When uninstalling, remove all data and configuration
  • searx: Simplify handling shortcut for front page
  • shaarli: When uninstalling, remove all data and configuration
  • shadowsocks: When uninstalling, remove all data and configuration
  • sharing: When uninstalling, remove all data and configuration
  • syncthing: When uninstalling, remove all data and configuration
  • syncthing: Remove unused pathlib import so job code-quality can pass
  • tests: Don't error during collection if selenium is not installed
  • tests: functional: Make install script work for Bullseye
  • tests: functional: Remove handling for custom enable/disable buttons
  • tests: functional: Update detecting page changes
  • tor: When uninstalling, remove all data and configuration
  • ttrss: When uninstalling, remove all data and configuration
  • upgrades: Check apt result during dist-upgrade
  • wordpress: When uninstalling, remove all data and configuration

38. FreedomBox 23.6.1 (2023-04-10)

  • coturn: Prevent package removal when roundcube is uninstalled
  • datetime: Re-implement backup/restore for timezone
  • gitweb: Disable snapshot feature
  • gitweb: Make globally configured features overridable per-repository
  • locale: Update translations for Bulgarian, French

39. FreedomBox 23.7 (2023-03-27)

39.1. Highlights

  • matrixsynapse: Add token based registration verification
  • mediawiki: Allow setting site language code

39.2. Other Changes

  • container: Fix resizing disk image containing multiple partitions
  • container: Force pip to install packages to system environment
  • container: Increase wait time to accommodate slower architectures
  • locale: Update translations for Bulgarian
  • tests: functional: Fix setting first ethernet connection as internal

40. FreedomBox 23.6 (2023-03-13)

  • /etc/issue: Update message to reflect that all users can login
  • ci: Force pip to install packages to system environment
  • datetime: Use timedatectl to read current timezone
  • samba: Make sure shares are not accessible from the internet
  • ttrss: Fix failing backup

41. FreedomBox 23.5 (2023-02-27)

  • mediawiki: Fix app view error
  • locale: Update translations for Albanian, Bulgarian, Czech, Dutch, German, Spanish, Swedish, Turkish, Ukrainian
  • samba: tests: Fix enable share view test

42. FreedomBox 23.4 (2023-02-13)

42.1. Highlights

  • ejabberd: Fix making call connections when using TURN
  • matrixsynapse: Disable verification to fix public registrations
  • snapshot: Fix issue with snapshot rollbacks

42.2. Other Changes

  • app: Add backup and restore menu items to toolbar menu
  • backups: Allow selecting a single app from URL when creating backup
  • config: Drop RuntimeMaxUse=5% for journal logging

  • dynamicdns: Skip uninstall test
  • ejabberd: Add Monal and Siskin for iOS and remove ChatSecure

  • email: Redirect to the app page if roundcube isn't installed
  • ikiwiki: Re-run setup for each site after restore
  • locale: Update translations for Bulgarian, Spanish
  • matrixsynapse: Minor refactor in getting/setting public registrations
  • matrixsynapse: Add python3-psycopg2 to packages
  • matrixsynapse: Use yaml.safe_load
  • searx: Add libjs-bootstrap to packages
  • snapshot: Fix mounting /.snapshots subvolume and use automounting
  • templates: Show better title for 404 page
  • uninstall: Fix spelling in warning message
  • vagrant: Drop unnecessary script that deletes sqlite file
  • vagrant: Hide the vagrant-script directory
  • vagrant: Mount source in /freedombox instead of /vagrant
  • vagrant: Switch to /freedombox before running service with alias

43. FreedomBox 23.3 (2023-01-30)

  • config: Fix showing the value of the default home page
  • email: Revert workaround for error on finishing uninstall
  • firewalld: Allow upgrade to version 2*
  • gitweb: tests: Skip tests using git when git is not installed
  • locale: Update translations for Bulgarian
  • tests: functional: Fix submitting forms with notifications present
  • tor: Also use Aptsources822 augeas lens
  • tor: Remove workaround for old Augeas bug
  • upgrades: Add augeas lens for Deb822 apt sources
  • views: Use dedicated view when showing an app with operations

44. FreedomBox 23.2 (2023-01-16)

  • locale: Update translations for Albanian, Bulgarian
  • ssh: Add sudo to allowed groups
  • upgrades: Stop quassel during dist upgrade

45. FreedomBox 23.1 (2023-01-03)

45.1. Highlights

  • package: Don't uninstall packages that are in use by other apps
  • tor: Add onion location to apache

45.2. Other Changes

  • email: Workaround an issue with error on finishing uninstall
  • gitweb: Run git commands as a web user
  • janus: Allow upgrade to 1.1
  • locale: Update translations for Galician, Spanish
  • operation: tests: Fix warning when test helpers start with 'Test'
  • zoph: Add explicit dependency on default-mysql-server

46. FreedomBox 22.27 (2022-12-19)

46.1. Highlights

  • minidlna: Fix incorrect marking for firewall local protection
  • zoph, wordpress: Add conflicts on libpam-tmpdir

46.2. Other Changes

  • container: Drop free tag from image URLs
  • d/control: Don't recommend libpam-tmpdir
  • locale: Update translations for Bulgarian, Chinese (Simplified), Czech, Dutch, German, Turkish, Ukrainian
  • package, email: Move conflicting package removal to framework
  • snapshot: Fix showing unsupported message on non-btrfs filesystems
  • tests: functional: Set timeout to 3 hours
  • upgrades: dist-upgrade: Don't change apt security line
  • users: tests: Fix privileged tests
  • wordpress: Redirect Webfinger queries

47. FreedomBox 22.26 (2022-12-05)

47.1. Highlights

  • ejabberd: Enable mod_http_upload
  • security: Remove restricted access setting and configuration
  • ssh: Restrict logins to groups root, admin and freedombox-ssh

47.2. Other Changes

  • calibre: Add protection to local service using firewall
  • deluge: Add protection to local service using firewall
  • email: Add protection to local service using firewall
  • firewall: Create a mechanism for protecting local services
  • firewall: Introduce component for local service protection
  • i2p: Add protection to local service using firewall
  • i2p: Remove donation URL that is no longer available
  • minidlna: Add protection to local service using firewall
  • searx: Ensure that socket is only reachable by Apache and root
  • ssh: Add checkbox to remove login group restrictions
  • syncthing: Add protection to local service using firewall
  • transmission: Add protection to local service using firewall

48. FreedomBox 22.25 (2022-11-21)

  • email: Add fail2ban jail for dovecot
  • email: Fix creation of aliases for security@ and usenet@

49. FreedomBox 22.24 (2022-11-07)

49.1. Highlights

  • locale: Update translations for Bulgarian, French, German, Norwegian Bokmål

49.2. Other Changes

  • debian/lintian-overrides: Fix mismatch patterns and new messages
  • minetest: Handle upgrade from 5.3.0 to 5.6.1
  • storage: Drop skip_recommends
  • upgrades: Add documentation link to upgrades service file
  • upgrades: Update list of holds during dist upgrade

50. FreedomBox 22.23 (2022-10-24)

50.1. Highlights

  • letsencrypt: Fix regression with comparing certificate
  • rssbridge: Add option to allow public access

50.2. Other Changes

  • locale: Update translations for Bulgarian, Hungarian, Swedish
  • storage: Handle file systems on non-physical devices
  • upgrades: Allow FreedomBox vendor when adding backports

  • upgrades: Skip unattended-upgrade in dist-upgrade

51. FreedomBox 22.22.1 (2022-10-16)

  • debian: tests: Fix PYTHONPATH
  • locale: Update translations for Bulgarian, Chinese (Simplified), Czech, Dutch, Turkish, Ukrainian
  • privacy: Remove unused import, fix pipeline

52. FreedomBox 22.22 (2022-10-10)

52.1. Highlights

  • privacy: Add new system app for popularity-contest
  • matrix: Add fail2ban jail

52.2. Other Changes

  • *: Use privileged decorator for actions
  • action_utils: Drop support for non-systemd environments
  • action_utils: Drop unused progress requests from apt-get
  • actions: Allow actions to be called by other users
  • actions: Allow nested and top-level actions
  • actions: Drop unused superuser_run and related methods
  • actions: Implement getting raw output from the process
  • actions: Use separate IPC for communicating results
  • apache: Fix logs still going into /var/log files
  • bind: Drop enabling DNSSEC (deprecated) as it is always enabled
  • config: Drop ability to set hostname on systems without systemd
  • config: Drop legacy migration of Apache homepage settings
  • fail2ban: Make fail2ban log to journald
  • firewall: Drop showing running status
  • locale: Update translations for Albanian, Czech, Norwegian Bokmål, Russian, Swedish, Ukrainian
  • minidlna: Use the exposed URL for diagnostic test
  • openvpn: Drop RSA to ECC migration code and two-step setup
  • privacy: Set vendor as FreedomBox for dpkg and popularity-contest

  • searx: Show status of public access irrespective of enabled state
  • templates: Update HTML meta tags for better description and app-name
  • tests: Add fixture to help in testing privileged actions
  • wordpress: Update fail2ban filter

53. FreedomBox 22.21.1 (2022-10-01)

  • locale: Update translations for Bulgarian, Ukrainian
  • notification: Don't fail when formatting message strings

54. FreedomBox 22.21 (2022-09-26)

  • janus: Enable systemd sandboxing
  • locale: Update translations for Albanian, Bulgarian, Czech, Danish, Dutch, French, German, Greek, Hungarian, Indonesian, Italian, Latvian, Lithuanian, Norwegian Bokmål, Persian, Polish, Portuguese, Russian, Serbian, Slovenian, Spanish, Swedish, Turkish, Ukrainian
  • mediawiki: Add powered by freedombox logo
  • wordpress: Add fail2ban filter and jail
  • wordpress: Disable readme.html, xmlrpc.php, wp-cron.php

55. FreedomBox 22.20 (2022-09-12)

55.1. Highlights

  • matrixsynapse: Allow matrix-synapse >= 1.65 to install successfully

55.2. Other Changes

  • backups: Use generic form template for create and schedule views
  • backups: tests: functional: Find forms more accurately
  • bepasty: Use generic form template for add password view
  • bepasty: tests: functional: Minor refactor for form submission
  • calibre: tests: functional: Find forms more specifically
  • d/maintscript: remove tahoe and mldonkey apache conf files
  • debian: Add Italian debconf translation
  • ejabberd: tests: functional: Ensure jsxc is installed
  • firewall: Allow upgrade from any version to 1.2.*
  • first_boot: tests: functional: Find form more specifically
  • gitweb: Fix issue with page not refreshing during uninstall
  • gitweb: Use generic form template for create/edit repository
  • gitweb: tests: functional: Find forms more accurately
  • ikiwiki: tests: functional: Find forms more accurately
  • locale: Update translations for Chinese (Simplified), Czech, French, Italian, Turkish
  • samba: Ignore mounted files when listing mounts