Configuring I2P services (revision 1)

Introduction

This page describes how Alexis Huxley installed and configured I2P.

Notes for next time

  1. some time after installation it became necessary to install i2p-keyring (presumably because the repo became signed and apt-get updates failed)

Installation the I2P way

This method was last used 18/09/2016. It is based on https://geti2p.net/en/download/debian#ubuntu. It did not work (as explained below). It is retained here for future reference.

  1. Run: 
    apt-add-repository ppa:i2p-maintainers/i2p
apt-get update
apt-get install i2p dpkg-reconfigure i2p

    and specify that I2P should be started at bootup but without using Apparmor (because that is not installed).

  2. Run: 
    service i2p start
  3. This fails with the error message: 
    gigli# dpkg-reconfigure i2p
Synchronizing state of i2p.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install enable i2p
Job for i2p.service failed because the control process exited with error code. See "systemctl status i2p.service" and "journalctl -xe" for details.
invoke-rc.d: initscript i2p, action "start" failed.
gigli# systemctl status i2p.service
● i2p.service - load-balanced unspoofable packet switching network
   Loaded: loaded (/lib/systemd/system/i2p.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2016-09-18 12:51:30 CEST; 4s ago
  Process: 9800 ExecStart=/usr/sbin/wrapper $I2P_ARGS (code=exited, status=231/APPARMOR)
  Process: 9796 ExecStartPre=/bin/chmod 750 /var/log/i2p (code=exited, status=0/SUCCESS)
  Process: 9793 ExecStartPre=/bin/chown -R ${I2PUSER}:${I2PUSER} /var/log/i2p /run/i2p /tmp/i2p-daemon (code=exited, status=0/SUCCESS)
  Process: 9789 ExecStartPre=/bin/mkdir -p /tmp/i2p-daemon (code=exited, status=0/SUCCESS)

Sep 18 12:51:30 gigli systemd[1]: Starting load-balanced unspoofable packet switching network...
Sep 18 12:51:30 gigli systemd[9800]: i2p.service: Failed at step APPARMOR spawning /usr/sbin/wrapper: No such file or directory
Sep 18 12:51:30 gigli systemd[1]: i2p.service: Control process exited, code=exited status=231
Sep 18 12:51:30 gigli systemd[1]: Failed to start load-balanced unspoofable packet switching network.
Sep 18 12:51:30 gigli systemd[1]: i2p.service: Unit entered failed state.
Sep 18 12:51:30 gigli systemd[1]: i2p.service: Failed with result 'exit-code'.
gigli#
  4. To clean up after this failed installation run: 
    debfoster     #  remove added software
apt-add-repository -r ppa:i2p-maintainers/i2p
  5. Had the above worked, then for the purposes of the configuration section below, run the following command: 
    I2P_USER=i2psvc
I2P_GROUP=i2psvc

Installation the manual way

This method was last used 05/08/2018.

  1. Install prerequisites: 
    apt-get install openjdk-8-jre-headless
  2. If upgraded then, as root, clean up old versions: 
    killall -9 -u i2p
mkdir /var/tmp/i2p.delete-soon
mv /usr/local/opt/i2p-* /var/tmp/i2p.delete-soon
mv /etc/init.d/i2p /var/tmp/i2p.delete-soon
rm /usr/local/opt/i2p
rm /etc/*.d/*i2p*
userdel i2p   #  this also deletes i2p group
  3. Install: 
    VERSION=0.9.35
groupadd --system i2p
useradd --system --gid i2p --create-home --home /usr/local/opt/i2p --shell /bin/bash i2p
mv /usr/local/opt/i2p /usr/local/opt/i2p-$VERSION
ln -s i2p-$VERSION /usr/local/opt/i2p
cd /tmp && wget 
su - i2p
java -jar /tmp/i2p*.jar -console
  4. This next bit is not copy-and-pastable; do it one step at a time, manually: 
    1                        #  continue
<ENTER>                  #  accept default path
1                        #  confirm
./i2prouter start        #  start
sleep 60                 #  allow time for creation of config files; don't worry about firewall issues just yet
./i2prouter stop         #  stop
exit
  5. Create init.d scripts: 
    {
    cat <<'EOF'
#!/bin/sh -e
### BEGIN INIT INFO
# Provides:          i2p
# Required-Start:    $local_fs $remote_fs $network
# Required-Stop:     $local_fs $remote_fs $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start or stop the i2p router.
### END INIT INFO
EOF
    echo "NAME=i2p"
    echo "DAEMON=/usr/local/opt/i2p-$VERSION/i2prouter"
    echo "USER=i2p"
    echo "PIDFILE=/usr/local/opt/i2p-$VERSION/.i2p/i2p.pid"
    cat <<'EOF'
[ -x $DAEMON ] || exit 0
. /lib/lsb/init-functions

case "$1" in
    start)   log_daemon_msg "Starting i2p router" "$NAME"
             start-stop-daemon --start --background \
                 --pidfile $PIDFILE --chuid $USER --exec $DAEMON -- start
             log_end_msg 0 ;;
    stop)    log_daemon_msg "Stopping i2p router" "$NAME"
             start-stop-daemon --stop --pidfile $PIDFILE --chuid $USER
             log_end_msg 0 ;;
    restart) $0 stop
             $0 start ;;
    *)       echo "Usage: /etc/init.d/$NAME { start | stop | restart }"
             exit 2 ;;
esac
EOF
} > /etc/init.d/i2p
chmod 755 /etc/init.d/i2p
systemctl enable i2p
systemctl start  i2p
  6. For the purposes of the configuration section below, run the following command: 
    I2P_USER=i2p
I2P_GROUP=i2p

Configuration the I2P way

This method has not been used recently because on 18/09/2016 the procedure ‘Installation the I2P way’ above, which is a prerequisite for running this procedure, failed. It is retained here for future reference.

  1. Stop I2P.
  2. To allow the I2P console to be accessible from the local network:
    1. Edit /var/lib/i2p/i2p-config/clients.config and make the following changes: 
      clientApp.0.args=7657 0.0.0.0 ./webapps/
  3. Edit /var/lib/i2p/i2p-config/router.config and make the following changes: 
    i2np.udp.internalPort=<your-preferred-udp-port-number>
i2np.udp.port=<the-same-preferred-udp-port-number>
  4. To allow the I2P web proxy to be access from the local network, complete the following sub-procedure:
    1. Edit /var/lib/i2p/i2p-config/i2ptunnel.config and make the following changes: 
      tunnel.0.interface=0.0.0.0
  5. If storage for I2P snark is to be in a different location then:
    1. Edit /var/lib/i2p/i2p-config/i2psnark.config.d/i2psnark.config and change: 
      i2psnark.dir=<path-to-your-i2p-torrents>
    2. Make sure any existing content there is correctly owned by running: 
      chown -R $I2P_USER:$I2P_GROUP <path-to-your-i2p-torrents>
  6. Restart I2P.

Configuration the manual way

This method was last used 05/08/2018.

  1. To allow the I2P console to be accessible from the local network:
    1. Stop I2P.
    2. Edit ~i2p/.i2p/clients.config and make the following changes: 
      clientApp.0.args=7657 0.0.0.0 ./webapps/
    3. Restart I2P and wait 60 seconds. 
    4. Visit http://<name-of-i2p-server>:7657/config.jsp. Don’t try to access this via a proxy yet; that won’t yet work.
  2. To change the TCP & UDP ports I2P listens on to match those configured in your firewall, complete the following sub-procedure:
    1. Click the “Network” tab and scroll down to the “IP AND TRANSPORT CONFIGURATION” section (this is the only section on this page nowadays).
    2. In “UDP Configuration” paragraph, change “UDP port” to whatever you’ve set up on the firewall, then scroll down and click “Save changes”.
    3. After that just wait, the network will recover, as indicated by the ‘Network: ‘ status in the left panel.
  3. To adjust download and upload bandwidths, complete the following sub-procedure:
    1. Click the “Bandwidth” tab and scroll down to the “Bandwidth limiter” section (this is the only section on this page nowadays).
    2. Enter your full download and upload bandwidths (for me 13250KBps and 800KBps) and the percentage of that you wish to share (f0r me 20%), then scroll down and click “Save changes”.
  4. To allow the I2P web proxy to be access from the local network, complete the following sub-procedure:
    1. In the left panel, under “I2P INTERNALS” click “Hidden Services Manager”.
    2. Scroll down to the “I2P CLIENT TUNNELS” sections and click “I2P HTTP Proxy”.
    3. In the “Edit proxy settings” section, change “Reachable by:” to “0.0.0.0”.
    4. Scroll down and click “Save”.
  5. If storage for I2PSnark is to be in a different location then:
    1. Stop I2P.
    2. Make more storage available at /usr/local/opt/i2p/.i2p/i2psnark.
      Migrate content from the old I2P server this new I2P server.
    3. Make sure any existing content there is correctly owned by running: 
      chown -R $I2P_USER:$I2P_GROUP <path-to-your-i2p-torrents>
    4. Restart I2P.

Proxying I2P

  1. Set up a frontend Apache vhost with SSL-only support dedicated to being the frontend for the I2P server.
  2. Run: 
    a2enmod proxy
a2enmod proxy_http
  3. Add something like this to the vhost’s configuration: 
     SSLProxyEngine off
 # Authtype cannot be for the whole of a vhost, it must be for a specific
 # location. That also means we need to move the proxy pass inside here too.
 <Location />
     ProxyPass http://gigli.pasta.net:7657/
     ProxyPassReverse http://gigli.pasta.net:7657/
     AuthType Basic
         AuthName "I2P Service"
         AuthBasicProvider file
         AuthUserFile /etc/apache2/i2p.htpasswd
         Require valid-user
 </Location>
  4. This will forward requests for https://<your-vhost-name>/ to http://gigli.pasta.net:7657/.
  5. Run: 
    service apache2 reload

See also