golfed.xyz/content/blog/i2p-on-vps.md

2.9 KiB

+++ title = 'Welcome to the Invisible Internet! — Setting up I2P on a VPS' date = 2024-11-17T18:49:59+02:00 author = '' draft = false tags = ['i2p', 'docker', 'privacy'] categories = ['self-hosting'] +++

A major hurdle for the wider adoption of the I2P protocol is the same as with many other purely P2P protocols: you need to reach a certain peer connectivity level before anything becomes usable. For example, this Mental Outlaw video about I2P shows that it can take many hours of waiting before most eepsites become accessible. This is drastically different from e.g. Tor, which is basically plug-and-play.

Setting up I2P on a remote VPS and port forwarding that connection with SSH provides a robust solution to this problem, as the client being online 24/7 guarantees excellent connectivity.

Setting up I2P

It's advisable to create a separate .env file and set the EXT_PORT environment variable there (this is the exposed host port where I2NP will be reachable, i.e. it must also be unblocked from the firewall).

The advertised memory usage for I2P's JVM is 128 MB, but it's still good to set a cap using the JVM_XMX environment variable. Additionally, the i2ptorrents:i2psnark volume can be commented out if you don't need BitTorrent support. See the official documentation for more information on possible configuration options.

services:
  i2p:
    image: geti2p/i2p
    container_name: i2p
    restart: unless-stopped
    ports:
      - ${EXT_PORT}:${EXT_PORT}/tcp
      - ${EXT_PORT}:${EXT_PORT}/udp
    volumes:
      - ${PWD}/i2pconfig:/i2p/.i2p:rw # Mandatory configs
      - ${PWD}/i2ptorrents:/i2psnark:rw # Torrenting support
    environment:
      JVM_XMX: 256m
      EXT_PORT: ${EXT_PORT:?host port must be manually set}

Once the container is fully configured, run docker compose up -d and check the i2p container's logs. You should see something like this (there should be no warnings about the connection being firewalled):

Starting I2P
[startapp] Running in container
[startapp] Running in docker network
[startapp] setting reachable IP to container IP 172.18.0.1
Starting I2P 2.7.0-0

Connecting via an SSH tunnel

The AllowTcpForwarding variable in the OpenSSH configuration (/etc/ssh/sshd_config) defaults to yes, but must be modified if explicitly set to no. After this the following command can be used to start the tunnel in the background (implied by -f and -n flags):

ssh -fnN -L [LOCAL_PORT]:[CONTAINER_LOCAL_IP]:[REMOTE_PORT] [USERNAME]@[VPS_IP]

Once the container is booted up for the first time, the installation setup must be completed by accessing the router console via port 7657. Then, configure the I2P proxy via port 4444 to your browser and you're ready to go. If you want to configure any additional services, here's the complete list of the ports used by I2P.