diff --git a/content/blog/i2p-on-vps.md b/content/blog/i2p-on-vps.md new file mode 100644 index 0000000..1278697 --- /dev/null +++ b/content/blog/i2p-on-vps.md @@ -0,0 +1,55 @@ ++++ +title = 'Welcome to the Invisible Internet! — Setting up I2P on a VPS' +date = 2024-11-17T18:49:59+02:00 +author = '' +draft = false +tags = ['self-hosting', 'privacy'] +categories = [] ++++ + +A major hurdle for the wider adoption of the I2P protocol is the same as with many other purely P2P protocols: you need to reach a certain peer connectivity level before anything becomes usable. For example, [this Mental Outlaw video](https://youtu.be/KhG29riqVUE) about I2P shows that it can take many hours of waiting before most eepsites become accessible. This is drastically different from e.g. Tor, which is basically plug-and-play. + +Setting up I2P on a remote VPS and port forwarding that connection with SSH provides a robust solution to this problem, as the client being online 24/7 guarantees excellent connectivity. + +## Setting up I2P + +It's advisable to create a separate `.env` file and set the `EXT_PORT` environment variable there (this is the exposed host port where I2NP will be reachable, i.e. it must also be unblocked from the firewall). + +The advertised memory usage for I2P's JVM is 128 MB, but it's still good to set a cap using the `JVM_XMX` environment variable. Additionally, the `i2ptorrents:i2psnark` volume can be commented out if you don't need BitTorrent support. See the [official documentation](https://github.com/i2p/i2p.i2p/blob/master/Docker.md) for more information on possible configuration options. + +```yaml +services: + i2p: + image: geti2p/i2p + container_name: i2p + restart: unless-stopped + ports: + - ${EXT_PORT:?host port must be manually set}:12345/tcp + - ${EXT_PORT:?host port must be manually set}:12345/udp + volumes: + - ${PWD}/i2pconfig:/i2p/.i2p:rw # Mandatory configs + - ${PWD}/i2ptorrents:/i2psnark:rw # Torrenting support + environment: + JVM_XMX: 256m + EXT_PORT: ${EXT_PORT:?host port must be manually set} +``` + +Once the container is fully configured, run `docker compose up -d` and check the `i2p` container's logs. You should see something like this (there should be no warnings about the connection being firewalled): + +``` +Starting I2P +[startapp] Running in container +[startapp] Running in docker network +[startapp] setting reachable IP to container IP 172.18.0.1 +Starting I2P 2.7.0-0 +``` + +## Connecting via an SSH tunnel + +The `AllowTcpForwarding` variable in the OpenSSH configuration (`/etc/ssh/sshd_config`) defaults to `yes`, but must be modified if explicitly set to `no`. After this the following command can be used to start the tunnel in the background (implied by `-f` and `-n` flags): + +```shell +ssh -fnN -L [LOCAL_PORT]:[CONTAINER_LOCAL_IP]:[REMOTE_PORT] [USERNAME]@[VPS_IP] +``` + +Once the container is booted up for the first time, the installation setup must be completed by accessing the router console via port `7657`. Then, configure the I2P proxy via port `4444` to your browser and you're ready to go. If you want to configure any additional services, here's the [complete list of the ports used by I2P](https://geti2p.net/en/docs/ports).