i2p.md (6908B)
1 # I2P Federation and Accessability
2
3 This guide is going to focus on the Pleroma federation aspect. The actual installation is neatly explained in the official documentation, and more likely to remain up-to-date.
4 It might be added to this guide if there will be a need for that.
5
6 We're going to use I2PD for its lightweightness over the official client.
7 Follow the documentation according to your distro: https://i2pd.readthedocs.io/en/latest/user-guide/install/#installing
8
9 How to run it: https://i2pd.readthedocs.io/en/latest/user-guide/run/
10
11 ## I2P Federation
12
13 There are 2 ways to go about this.
14 One using the config, and one using external software (fedproxy). The external software works better so far.
15
16 ### Using the Config
17
18 **Warning:** So far, everytime I followed this way of federating using I2P, the rest of my federation stopped working. I'm leaving this here in case it will help with making it work.
19
20 Assuming you're running in prod, cd to your Pleroma folder and append the following to `config/prod.secret.exs`:
21 ```
22 config :pleroma, :http, proxy_url: {:socks5, :localhost, 4447}
23 ```
24 And then run the following:
25 ```
26 su pleroma
27 MIX_ENV=prod mix deps.get
28 MIX_ENV=prod mix ecto.migrate
29 exit
30 ```
31 You can restart I2PD here and finish if you don't wish to make your instance viewable or accessible over I2P.
32 ```
33 systemctl stop i2pd.service --no-block
34 systemctl start i2pd.service
35 ```
36 *Notice:* The stop command initiates a graceful shutdown process, i2pd stops after finishing to route transit tunnels (maximum 10 minutes).
37
38 You can change the socks proxy port in `/etc/i2pd/i2pd.conf`.
39
40 ### Using Fedproxy
41
42 Fedproxy passes through clearnet requests direct to where they are going. It doesn't force anything over Tor.
43
44 To use [fedproxy](https://github.com/majestrate/fedproxy) you'll need to install Golang.
45 ```
46 apt install golang
47 ```
48 Use a different user than pleroma or root. Run the following to add the Gopath to your ~/.bashrc.
49 ```
50 echo "export GOPATH=/home/ren/.go" >> ~/.bashrc
51 ```
52 Restart that bash session (you can exit and log back in).
53 Run the following to get fedproxy.
54 ```
55 go get -u github.com/majestrate/fedproxy$
56 cp $(GOPATH)/bin/fedproxy /usr/local/bin/fedproxy
57 ```
58 And then the following to start it for I2P only.
59 ```
60 fedproxy 127.0.0.1:2000 127.0.0.1:4447
61 ```
62 If you want to also use it for Tor, add `127.0.0.1:9050` to that command.
63 You'll also need to modify your Pleroma config.
64
65 Assuming you're running in prod, cd to your Pleroma folder and append the following to `config/prod.secret.exs`:
66 ```
67 config :pleroma, :http, proxy_url: {:socks5, :localhost, 2000}
68 ```
69 And then run the following:
70 ```
71 su pleroma
72 MIX_ENV=prod mix deps.get
73 MIX_ENV=prod mix ecto.migrate
74 exit
75 ```
76 You can restart I2PD here and finish if you don't wish to make your instance viewable or accessible over I2P.
77
78 ```
79 systemctl stop i2pd.service --no-block
80 systemctl start i2pd.service
81 ```
82 *Notice:* The stop command initiates a graceful shutdown process, i2pd stops after finishing to route transit tunnels (maximum 10 minutes).
83
84 You can change the socks proxy port in `/etc/i2pd/i2pd.conf`.
85
86 ## I2P Instance Access
87
88 Make your instance accessible using I2P.
89
90 Add the following to your I2PD config `/etc/i2pd/tunnels.conf`:
91 ```
92 [pleroma]
93 type = http
94 host = 127.0.0.1
95 port = 14447
96 keys = pleroma.dat
97 ```
98 Restart I2PD:
99 ```
100 systemctl stop i2pd.service --no-block
101 systemctl start i2pd.service
102 ```
103 *Notice:* The stop command initiates a graceful shutdown process, i2pd stops after finishing to route transit tunnels (maximum 10 minutes).
104
105 Now you'll have to find your address.
106 To do that you can download and use I2PD tools.[^1]
107 Or you'll need to access your web-console on localhost:7070.
108 If you don't have a GUI, you'll have to SSH tunnel into it like this:
109 `ssh -L 7070:127.0.0.1:7070 user@ip -p port`.
110 Now you can access it at localhost:7070.
111 Go to I2P tunnels page. Look for Server tunnels and you will see an address that ends with `.b32.i2p` next to "pleroma".
112 This is your site's address.
113
114 ### I2P-only Instance
115
116 If creating an I2P-only instance, open `config/prod.secret.exs` and under "config :pleroma, Pleroma.Web.Endpoint," edit "https" and "port: 443" to the following:
117 ```
118 url: [host: "i2paddress", scheme: "http", port: 80],
119 ```
120 In addition to that, replace the existing nginx config's contents with the example below.
121
122 ### Existing Instance (Clearnet Instance)
123
124 If not an I2P-only instance, add the nginx config below to your existing config at `/etc/nginx/sites-enabled/pleroma.nginx`.
125
126 And for both cases, disable CSP in Pleroma's config (STS is disabled by default) so you can define those yourself seperately from the clearnet (if your instance is also on the clearnet).
127 Copy the following into the `config/prod.secret.exs` in your Pleroma folder (/home/pleroma/pleroma/):
128 ```
129 config :pleroma, :http_security,
130 enabled: false
131 ```
132
133 Use this as the Nginx config:
134 ```
135 proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
136 # The above already exists in a clearnet instance's config.
137 # If not, add it.
138
139 server {
140 listen 127.0.0.1:14447;
141 server_name youri2paddress;
142
143 # Comment to enable logs
144 access_log /dev/null;
145 error_log /dev/null;
146
147 gzip_vary on;
148 gzip_proxied any;
149 gzip_comp_level 6;
150 gzip_buffers 16 8k;
151 gzip_http_version 1.1;
152 gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
153
154 client_max_body_size 16m;
155
156 location / {
157
158 add_header X-XSS-Protection "1; mode=block";
159 add_header X-Permitted-Cross-Domain-Policies none;
160 add_header X-Frame-Options DENY;
161 add_header X-Content-Type-Options nosniff;
162 add_header Referrer-Policy same-origin;
163 add_header X-Download-Options noopen;
164
165 proxy_http_version 1.1;
166 proxy_set_header Upgrade $http_upgrade;
167 proxy_set_header Connection "upgrade";
168 proxy_set_header Host $http_host;
169
170 proxy_pass http://localhost:4000;
171
172 client_max_body_size 16m;
173 }
174
175 location /proxy {
176 proxy_cache pleroma_media_cache;
177 proxy_cache_lock on;
178 proxy_ignore_client_abort on;
179 proxy_pass http://localhost:4000;
180 }
181 }
182 ```
183 reload Nginx:
184 ```
185 systemctl stop i2pd.service --no-block
186 systemctl start i2pd.service
187 ```
188 *Notice:* The stop command initiates a graceful shutdown process, i2pd stops after finishing to route transit tunnels (maximum 10 minutes).
189
190 You should now be able to both access your instance using I2P and federate with other I2P instances!
191
192 [^1]: [I2PD tools](https://github.com/purplei2p/i2pd-tools) to print information about a router info file or an I2P private key, generate an I2P private key, and generate vanity addresses.
193
194 ### Possible Issues
195
196 Will be added when encountered.