2.9 KiB
+++ title = 'Welcome to the Invisible Internet! — Setting up I2P on a VPS' date = 2024-11-17T18:49:59+02:00 author = '' draft = false tags = ['i2p', 'docker', 'privacy'] categories = ['self-hosting'] +++
A major hurdle for the wider adoption of the I2P protocol is the same as with many other purely P2P protocols: you need to reach a certain peer connectivity level before anything becomes usable. For example, this Mental Outlaw video about I2P shows that it can take many hours of waiting before most eepsites become accessible. This is drastically different from e.g. Tor, which is basically plug-and-play.
Setting up I2P on a remote VPS and port forwarding that connection with SSH provides a robust solution to this problem, as the client being online 24/7 guarantees excellent connectivity.
Setting up I2P
It's advisable to create a separate .env
file and set the EXT_PORT
environment variable there (this is the exposed host port where I2NP will be reachable, i.e. it must also be unblocked from the firewall).
The advertised memory usage for I2P's JVM is 128 MB, but it's still good to set a cap using the JVM_XMX
environment variable. Additionally, the i2ptorrents:i2psnark
volume can be commented out if you don't need BitTorrent support. See the official documentation for more information on possible configuration options.
services:
i2p:
image: geti2p/i2p
container_name: i2p
restart: unless-stopped
ports:
- ${EXT_PORT}:${EXT_PORT}/tcp
- ${EXT_PORT}:${EXT_PORT}/udp
volumes:
- ${PWD}/i2pconfig:/i2p/.i2p:rw # Mandatory configs
- ${PWD}/i2ptorrents:/i2psnark:rw # Torrenting support
environment:
JVM_XMX: 256m
EXT_PORT: ${EXT_PORT:?host port must be manually set}
Once the container is fully configured, run docker compose up -d
and check the i2p
container's logs. You should see something like this (there should be no warnings about the connection being firewalled):
Starting I2P
[startapp] Running in container
[startapp] Running in docker network
[startapp] setting reachable IP to container IP 172.18.0.1
Starting I2P 2.7.0-0
Connecting via an SSH tunnel
The AllowTcpForwarding
variable in the OpenSSH configuration (/etc/ssh/sshd_config
) defaults to yes
, but must be modified if explicitly set to no
. After this the following command can be used to start the tunnel in the background (implied by -f
and -n
flags):
ssh -fnN -L [LOCAL_PORT]:[CONTAINER_LOCAL_IP]:[REMOTE_PORT] [USERNAME]@[VPS_IP]
Once the container is booted up for the first time, the installation setup must be completed by accessing the router console via port 7657
. Then, configure the I2P proxy via port 4444
to your browser and you're ready to go. If you want to configure any additional services, here's the complete list of the ports used by I2P.