Merge pull request ravendb#1414 from serezhub/RDoc-1712-Secure-Manual…

…-Setup

RDoc-1712 - Secure Manual Setup

Documentation/4.2/Raven.Documentation.Pages/start/installation/manual.markdown

@@ -0,0 +1,90 @@
+# Installation: Manual Setup
+
+{NOTE: Automatic Certificate Renewals Via Setup Wizard}
+
+RavenDB has developed a quick and simple process to set up a fully secure cluster with our Setup Wizard.  
+We've developed automatic renewals of certificates when setting up with the Setup Wizard together with Let's Encrypt.  
+
+If you choose manual setup and/or to provide your own certificate, **you are responsible for its periodic renewal**.
+
+{NOTE/}
+
+In this page: 
+
+* [Downloading Server and Setting Up Node Folders](../../start/installation/manual#downloading-server-and-setting-up-node-folders)
+* [Disabling 'Setup Wizard'](../../start/installation/manual#disabling-setup-wizard)  
+* [Server Url and Port](../../start/installation/manual#server-url-and-port)
+* [Security](../../start/installation/manual#security)
+* [Configuration](../../start/installation/manual#configuration)
+
+## Downloading Server and Setting Up Node Folders
+Download the [RavenDB server package](https://ravendb.net/download) and extract it into permanent server folders on each machine.  
+
+We recommend using multiple machines to improve [cluster availability via failover](../../client-api/cluster/how-client-integrates-with-replication-and-cluster) in case one goes down.  
+
+* Each folder that contains an extracted server package will become a functional node in your cluster.  
+* If you move the folders after installation, **the server will not work**.  
+   You'll receive a 'System.InvalidOperationException: Unable to start the server.' error because it will look for the file path that is set when you install.  
+
+By default, when a server is started using `run.ps1` (or `run.sh` in Linux) script. It will open a browser with a [Setup Wizard](../../start/installation/setup-wizard) which will guide you through the server configuration process.  
+
+The setup is started because the default configuration file [settings.json](../../server/configuration/configuration-options#json) (found in the downloaded RavenDB Server package inside the **Server** folder) comes configured like this:
+
+{CODE-BLOCK:json}
+{
+    "ServerUrl": "http://127.0.0.1:0",
+    "Setup.Mode": "Initial",
+    "DataDir": "RavenData"
+}
+{CODE-BLOCK/}
+
+Which means that the Server will run:
+
+- On `localhost` with a `random port`
+- In `Setup Wizard` mode
+- Store the data in `RavenData` directory
+
+## Disabling 'Setup Wizard'
+
+To disable the 'Setup Wizard' please change the `Setup.Mode` in the settings.json configuration to `None` or remove it completely.
+
+## Server Url and Port
+
+Setting the `ServerUrl` to `http://127.0.0.1:0` will bind the server to a `localhost` with a `random port`. For manual setup we suggest changing the port to a non-random value - e.g. **8080**.
+
+{NOTE:Port in Use}
+
+In some cases the port might be in use, this will prevent the Server from starting with "address in use" error (`EADDRINUSE`).  
+For a list of IPs and ports already in use on your machine, enter `netstat -a` in the command line.  
+
+{NOTE/}
+
+## Security
+
+{WARNING: Protect Your Cluster From The Start}
+
+We highly recommend securing your server from the start to [prevent potential vulnerabilities](https://ravendb.net/articles/ravendb-secure-by-default-document-database) later.  
+ RavenDB makes securing your cluster from the start as easy as possible to prevent the possiblity of forgetting to secure before going into production. 
+
+If you set RavenDB to listen to connections outside your local machine without first securing your cluster, 
+your database will immediately block this now vulnerable configuration and require the administrator to properly setup the security and 
+access control to prevent unauthorized access.  
+
+{WARNING/}
+
+Read the [Manual Certificate Configuration](../../server/security/authentication/certificate-configuration) section to learn how to setup security manually.
+
+## Configuration
+
+Read the [Configuration Section](../../server/configuration/configuration-options) to learn more about using [settings.json](../../server/configuration/configuration-options#json) and see a list of configuration options.
+
+## Related articles
+
+### Installation
+
+- [Common Setup Wizard Errors and FAQ](../../server/security/common-errors-and-faq#setup-wizard-issues)
+- [Setup Wizard](../../start/installation/setup-wizard)
+
+### Security
+
+- [Security in RavenDB](../../server/security/overview)

Documentation/4.2/Raven.Documentation.Pages/start/installation/running-as-service.markdown

@@ -1,31 +1,53 @@
 # Installation: Running as a Service
 
+* Running servers as OS services reduces downtime whenever a machine restarts because the servers automatically start every time the machine boots.  
+
+* After completing the Server configuration process either via the [Setup Wizard](../../start/installation/setup-wizard) 
+  or [Manually](../../start/installation/manual), you can register the Server as a Service using the `rvn` tool that can be found inside the RavenDB Server 
+  distribution package.
+
+* After registering RavenDB as a service, be sure to check your OS "Services" manager to see that the "RavenDB" service is there 
+  and that the Startup Type is "Automatic".  
+
+In this page: 
+
+* [Windows](../../start/installation/running-as-service#windows)  
+  * [Registering](../../start/installation/running-as-service#registering)  
+  * [Unregistering](../../start/installation/running-as-service#unregistering)  
+  * [Starting and Stopping](../../start/installation/running-as-service#starting-and-stopping)  
+* [Linux - Ubuntu 16.04](../../start/installation/running-as-service#linux---ubuntu-16.04)  
+
 {INFO:Prerequisites}
 
 The prerequisites for running RavenDB as a Service are defined [here](../../start/getting-started#prerequisites).  
 
 {INFO/}
 
-After completing the Server configuration process either via the [Setup Wizard](../../start/installation/setup-wizard) or [Manually](../../start/installation/manual), you can register the Server as a Service using the `rvn` tool that can be found inside the RavenDB Server distribution package.
-
 {PANEL:Windows}
 
 ### Registering
 
-To register RavenDB as a Service on Windows OS, run powershell with administrator privileges. 
+To register RavenDB as a Service on Windows OS, run PowerShell with administrator privileges.  
 Navigate to the RavenDB package root and execute:  
 
 {CODE-BLOCK:powershell}
-.\setup-as-service.ps1
+`.\setup-as-service.ps1`
 {CODE-BLOCK/}
 
-Alternatively, navigate to the `Server` folder and execute the following command:  
+If you receive the following error:  
+"setup-as-service.ps1 cannot be loaded. The file [YourFileLocation] is not digitally signed" 
+
+1. Run the following command `Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass`.
+2. Affirm the "Execution Policy Change" with `Y`. 
+3. Run `.\setup-as-service.ps1` again.  
+
+Alternatively, navigate to the node **Server** folder and execute the following command:  
 
 {CODE-BLOCK:powershell}
-.\rvn.exe windows-service register --service-name RavenDB
+`.\rvn.exe windows-service register --service-name RavenDB`
 {CODE-BLOCK/}
 
-If you want to run the service under a non-default user (`Local Service` is default) then execute following command:
+If you want to run the service under a non-default user (**Local Service** is default) then execute the following command:
 
 {CODE-BLOCK:powershell}
 .\rvn.exe windows-service register --service-name RavenDB --service-user-name MyUser --service-user-password MyPassword
@@ -60,7 +82,7 @@ Service can be also controlled using the `start` and `stop` commands:
 
 You can run RavenDB as a daemon by running the script `install-daemon.sh` from the package root.
 
-Alternatively, open a bash terminal, and create the following file `/etc/systemd/system/ravendb.service`, using super user permissions:
+Alternatively, open a bash terminal, and create the following file `/etc/systemd/system/ravendb.service`, using super-user permissions:
 
 {CODE-BLOCK:bash}
 [Unit]
@@ -109,7 +131,9 @@ journalctl -f -u ravendb.service
 
 ### Installation
 
-- [System Requirements](../../start/installation/system-requirements)
-- [System Configuration Recommendations](../../start/installation/system-configuration-recommendations)
+- [Setup Wizard](../../start/installation/setup-wizard)
+- [Manual Setup](../../start/installation/manual)
 - [Running in a Docker Container](../../start/installation/running-in-docker-container)
 - [Upgrading to New Version](../../start/installation/upgrading-to-new-version)
+- [System Requirements](../../start/installation/system-requirements)
+- [System Configuration Recommendations](../../start/installation/system-configuration-recommendations)

Documentation/5.1/Raven.Documentation.Pages/start/getting-started.markdown

@@ -2,24 +2,26 @@
 
 Welcome to RavenDB! 
 
-This article will get you started and guide you through all the parts of RavenDB needed for basic understanding and simple setup.  
+This article will get you started and guide you through all the aspects of RavenDB needed for basic understanding and a simple setup.  
 
 In this page:  
 
-* The [Server](../start/getting-started#server) part will focus on installation, setup & configuration of the RavenDB server  
+* The [Server](../start/getting-started#server) portion will focus on installation, setup & configuration of the RavenDB server  
     * [Prerequisites](../start/getting-started#prerequisites)  
     * [Installation & Setup](../start/getting-started#installation--setup)  
     * [Configuration](../start/getting-started#configuration)  
     * [Studio](../start/getting-started#studio)  
     * [Security Concerns](../start/getting-started#security-concerns)  
-* The [Client](../start/getting-started#client) part will describe the general principles behind our client libraries 
+* The [Client](../start/getting-started#client) portion will describe the general logic and principles behind our client libraries 
     * [DocumentStore](../start/getting-started#documentstore)  
     * [Session](../start/getting-started#session)  
 
+---
 
 {PANEL: Server}
 
-Let's start by installing and configuring the server. In order to do that first we need to download the server package from the [downloads](https://ravendb.net/downloads) page.
+Let's start by installing and configuring the server. To do that, first we need to download the server package 
+from the [downloads](https://ravendb.net/downloads) page.
 
 RavenDB is cross-platform with support for the following operating systems:
 
@@ -43,7 +45,7 @@ Please install [Visual C++ 2015 Redistributable Package](https://support.microso
 
 {NOTE: Linux}
 
-We highly recommend **updating** your **Linux OS** prior to launching the RavenDB server. Also check if .NET Core requires any other prerequisites in the [Prerequisites for .NET Core on Linux](https://docs.microsoft.com/en-us/dotnet/core/linux-prerequisites) article written by Microsoft.
+We highly recommend **updating** your **Linux OS** prior to launching the RavenDB server. Also, check if .NET Core requires any other prerequisites in the [Prerequisites for .NET Core on Linux](https://docs.microsoft.com/en-us/dotnet/core/linux-prerequisites) article written by Microsoft.
 
 {NOTE/}
 
@@ -57,16 +59,34 @@ We highly recommend **updating** your **MacOS** and checking the [Prerequisites
 
 ### Installation & Setup
 
-1. Set up a parent folder in a permanent location for your installation package and server settings for the next steps.  
-2. Set up separate folders in the parent folder for each node and keeping it in a safe place for future use.  
-![Cluster Parent/Nodes Folder](images/Cluster-Parent-Nodes-Folders.png "Cluster Parent/Nodes Folder")  
+{NOTE: Highly Available Clusters}
+
+We recommend setting up your cluster nodes on separate machines so that if one goes down, the others can keep the cluster active. 
+
+{NOTE/}
+
+1. Set up a server folder on each machine that will host the nodes in your cluster. 
+ You may want to include the node designation (nodes A, B, C...) in the name of each server folder, to prevent future confusion.  
+
+2. Extract the server package into permanent server folders on each machine.  
+ Each folder that contains an extracted server package will become a functional node in your cluster.  
+ If you've set up on separate machines, go to step 3 below.  
 
 {WARNING: Important:} If you move this folder after installation, the server will not run.  
-You'll receive a 'System.InvalidOperationException: Unable to start the server.' error because it will look for the file path that is set when you install.
+You'll receive a 'System.InvalidOperationException: Unable to start the server.' error because it will look for the file path that is set 
+when you install. If you must move your folder at a later time, you can [reconfigure the certificate file path](../server/security/authentication/certificate-configuration#standard-manual-setup-with-certificate-stored-locally) 
+in the `settings.json` file.
 {WARNING/}
 
-3. Extract the downloaded `RavenDB...zip` server package into the Node A folder.  
-4. If you want to install the cluster as a service (it will run in the background every time your machine starts), this step will be done after initial installation via the Setup Wizard or manually. Read [Running as a Service](installation/running-as-service).  
+If you choose to use only one machine (although this will increase the chances of your cluster going down) you'll need to:
+
+1. Set up a parent folder in a permanent location for your installation package and server settings for the next steps.  
+2. Set up separate folders in the parent folder for each node and keep it in a safe place for future use.  
+  ![Cluster Parent/Nodes Folder](images/Cluster-Parent-Nodes-Folders.png "Cluster Parent/Nodes Folder")  
+
+3. Extract the [downloaded](https://ravendb.net/downloads) `RavenDB...zip` server package into each node folder.  
+4. If you want to install the cluster **as a service** (it will improve availability because it will automatically run in the background every time your 
+machine restarts), this simple step will be done after initial secure installation via the Setup Wizard or manually. Read [Running as a Service](installation/running-as-service).  
 5. Start the [Setup Wizard](../start/installation/setup-wizard) by running `run.ps1` (or `run.sh` in Linux) in PowerShell or [disable the 'Setup Wizard' and configuring the server manually](../start/installation/manual).  
 ![Running the Setup Wizard](images/run-ps1-with-PowerShell.png "Running the Setup Wizard")
 
@@ -107,9 +127,11 @@ appearing:
 
 ### Configuration
 
-The RavenDB server is using a [settings.json](../server/configuration/configuration-options#json) file to store the server-wide configuration options.  
-This file is located in the `Server` directory.  
-After making changes to this file, a server restart is required in order for them to be applied.
+The RavenDB server uses a [settings.json](../server/configuration/configuration-options#json) file in each node `Server` folder to store the server-wide configuration options.  
+When starting a server, RavenDB will look for the `settings.json` file in the node `Server` folder, so it must be located there.  
+The [Setup Wizard](../start/installation/setup-wizard) places it correctly automatically.  
+
+After making changes to this file, a server restart is required for them to be applied.  
 
 You can read more about the available configuration options in our [dedicated article](../server/configuration/configuration-options).
 
@@ -125,7 +147,7 @@ The configuration file included in each RavenDB server distribution package is a
 }
 {CODE-BLOCK/}
 
-Which means that the server will run:
+This means that the server will run:
 
 - On `localhost` with a `random port`
 - In `Setup Wizard` mode
@@ -135,7 +157,7 @@ Which means that the server will run:
 
 {WARNING: Port in Use}
 
-In some cases the port might be in use. This will prevent the Server from starting with an "address in use" error (`EADDRINUSE`).
+In some cases, the port might be in use. This will prevent the Server from starting with an "address in use" error (`EADDRINUSE`).
 
 The port can be changed by editing the `ServerUrl` value in the `settings.json` file.  
 For a list of IPs and ports already in use, run `netstat -a` in the command line.
@@ -175,13 +197,16 @@ Whenever you run the server folder script `run.ps1` the Studio opens automatical
 
 ### Security Concerns
 
+**We recommend using the 'Setup Wizard' to easily install RavenDB securely from the very start** to prevent potential future vulnerability.  
+[The process](../start/getting-started#installation--setup) in RavenDB only takes a few minutes and is free.  
+
 To let a developer start coding an application quickly, RavenDB will run with the following default security mode:
 
 {WARNING: Default Security Mode}
 
 As long as the database is used inside the local machine and no outside connections are allowed, you can ignore security concerns 
 and you require no authentication. Once you set RavenDB to listen to connections outside your local machine, 
-your database will immediately block this now vulnerable configuration and require the administrator to properly setup the security and 
+your database will immediately block this now vulnerable configuration and require the administrator to properly set up the security and 
 access control to prevent unauthorized access to your data or to explicitly allow the unsecured configuration.
 
 {WARNING/}
@@ -287,7 +312,7 @@ select Name
 {CODE-TAB-BLOCK/}
 {CODE-TABS/}
 
-The following articles can extend your knowledge about the `Session`:
+**Session** - The following articles can extend your knowledge about the Session:
 
 - [What is a Session and how does it work?](../client-api/session/what-is-a-session-and-how-does-it-work)
 - [Opening a Session](../client-api/session/opening-a-session)
@@ -296,15 +321,15 @@ The following articles can extend your knowledge about the `Session`:
 - [Loading Entities](../client-api/session/loading-entities)
 - [Saving Changes](../client-api/session/saving-changes)
 
-The introductory articles describing `Querying` can be found here:
+**Querying** - The introductory articles describing Querying can be found here:
 
 - [Basics](../indexes/querying/basics)
 - [What is RQL?](../indexes/querying/what-is-rql)
 
-If you wish to understand `Indexes` better, we recommend reading the following articles:
+**Indexes** - If you wish to understand Indexes better, we recommend reading the following articles:
 
 - [Indexes: What are indexes?](../indexes/what-are-indexes)
-- [Indexes: Creating and deploying indexes?](../indexes/creating-and-deploying)
+- [Indexes: Creating and deploying indexes](../indexes/creating-and-deploying) (RavenDB's Auto-Indexing and how to set up static indexes)  
 - [Indexes: Indexing basics](../indexes/indexing-basics)
 - [Indexes: Map indexes](../indexes/map-indexes)