Configuring I2P services (revision 3)

Introduction

This page describes how Alexis Huxley installed and configured I2P. It assumes the host has already been set up using PCMS.

I first tried to install I2P using the official instructions but led to this error:

systemd[50687]: i2p.service: Failed to prepare AppArmor profile change to system_i2p: No such file or directory
systemd[50687]: i2p.service: Failed at step APPARMOR spawning /usr/sbin/wrapper: No such file or directory

and I switch to a manual installation.

Special hardware requirements

• 4GB RAM
• 50GB disk for I2PSnark

Installation the manual way

This method was last used 29/04/2022.

1. Install prerequisites:

   apt-get install -y openjdk-11-jre-headless

2. Install:

   VERSION=1.7.0
   groupadd --system i2p
   useradd --system --gid i2p --create-home --home /home/i2p --shell /bin/bash i2p
   mkdir -p /usr/local/opt/i2p-$VERSION
   chown i2p:i2p /usr/local/opt/i2p-$VERSION
   ln -s i2p-$VERSION /usr/local/opt/i2p
   cd /tmp && wget http://files.i2p-projekt.de/$VERSION/i2pinstall_$VERSION.jar
   echo -e "0\n1\n1\n/usr/local/opt/i2p\n1\n1" | su - i2p -c "java -jar /tmp/i2p*.jar -console"

   The answers fed to the installer are:

   0                   #  select language
   1                   #  continue
   1                   #  continue
   /usr/local/opt/i2p  #  install path
   1                   #  continue
   1                   #  continue

3. Run I2P, give it time to create stuff and then stop it:

   su - i2p -c "/usr/local/opt/i2p/i2prouter start"
   sleep 60
   su - i2p -c "/usr/local/opt/i2p/i2prouter stop"
   

4. Verify that I2P really is stopped.
5. Create a very simple service config file:

   {
       echo "[Unit]"
       echo "Description=I2P"
       echo "After=network.target"
       echo
       echo "[Service]"
       echo "Type=forking"
       echo "User=i2p"
       echo "Group=i2p"
       echo "ExecStart=/usr/local/opt/i2p/i2prouter start"
       echo "ExecStop=/usr/local/opt/i2p/i2prouter stop"
       echo "#ExecStartPre=/bin/mkdir -p /dev/shm/i2p-netDb /dev/shm/i2p-peerProfiles"
       echo "#ExecStartPre=/bin/chown -R i2p:i2p /dev/shm/i2p-netDb /dev/shm/i2p-peerProfiles"
       echo
       echo "[Install]"
       echo "WantedBy=multi-user.target"
   } > /etc/systemd/system/i2p.service
   systemctl enable i2p

6. To avoid writing frequently to disk:
   1. Uncomment the ExecStartPre lines in the service file.
   2. Manually run the uncommented commands.
   3. Run:

      systemctl daemon-reload

   4. Run:

      su - i2p
      cd .i2p
      mv netDb netDb.old
      mv peerProfiles peerProfiles.old
      ln -s /dev/shm/i2p-netDb netDb
      ln -s /dev/shm/i2p-peerProfiles peerProfiles
      exit
      

7. To allow the I2P console to be accessible from the local network:
   1. Edit ~i2p/.i2p/clients.config.d/00-net.i2p.router.web.RouterConsoleRunner-clients.config and make the following changes:

      clientApp.0.args=7657 0.0.0.0 ./webapps/

8. To allow the I2P web proxy to be accessible from the local network, complete the following sub-procedure:
   1. Edit ~i2p/.i2p/i2ptunnel.config.d/’00-I2P HTTP Proxy-i2ptunnel.config’ (note quoting to protect spaces in name) and make the following changes:

      interface=0.0.0.0

9. I2pSnark requires a lot of space, so you might want to:
   1. Edit ~i2p/.i2p/i2psnark.config.d/i2psnark.config and set:

      i2psnark.dir=/srv/i2psnark

   2. Make sure to change the ownership of the specified directory to i2p:i2p.
10. Decide what TCP and UDP port I2P will use.
11. On the firewall set up any necessary port forwarding.
12. Restart I2P and wait an hour.
13. Visit http://<name-of-i2p-server>:7657/ (don’t try to access this via a proxy yet; that won’t yet work).
14. Navigate through the setup screens. Of note:
    1. I set bandwidth share to 30%
15. Visit http://<name-of-i2p-server>:7657/config.jsp
16. To change the TCP & UDP ports I2P listens on to match those configured in your firewall, complete the following sub-procedure:
    1. Click the “Network” tab and scroll down to the “IP and Transport Configuration” section (this is the only section on this page nowadays).
    2. In “UDP Configuration” paragraph, change “UDP port” to whatever you’ve set up on the firewall, then scroll down and click “Save changes”.
    3. After that just wait, the network will recover, as indicated by the ‘Network: ‘ status in the left panel.
17. If there is a front-end webserver then have it proxy connections to the site:
    1. Run:

       grep ^listenPort ~i2p/.i2p/i2ptunnel.config.d/'00-I2P HTTP Proxy-i2ptunnel.config'

       and note the port number specified that i2p listens on.

    2. See Configuring web services (revision 2).
18. To allow download and cleanup access:
    1. Install an NFS server (for LXC containers: package unfs3 and install it).
    2. Add a suitable entry to /etc/exports and have the NFS server reload the file (how this is done depends on which NFS server you installed).
    3. Add a suitable entry to other systems’ /etc/fstab or automounter maps.
19. Set up whatever ssh tunnels your browser needs to reach eepsites via the I2P HTTP proxy.
20. Do a test download.
21. Add a crontab entry for the i2p user:

    */5 * * * * find /srv/i2psnark/ -mindepth 1 \! -name lost+found \! -name .rdw2-ignore \! -perm -g+rX,o+rX -exec chmod a+rX {} \;

See also

• Computing
• https://geti2p.net