git.squeep.com Git - akkoma/blob - docs/config/i2p.md

   1 # I2P Federation
   2 # I2P Federation and Accessability
   3
   4 This guide is going to focus on the Pleroma federation aspect. The actual installation is neatly explained in the official documentation, and more likely to remain up-to-date.
   5 It might be added to this guide if there will be a need for that.
   6
   7 We're going to use I2PD for its lightweightness over the official client.
   8 Follow the documentation according to your distro: https://i2pd.readthedocs.io/en/latest/user-guide/install/#installing
   9
  10 How to run it: https://i2pd.readthedocs.io/en/latest/user-guide/run/
  11
  12 ## I2P Federation
  13
  14 There are 2 ways to go about this.
  15 One using the config, and one using external software (fedproxy). The external software works better so far.
  16
  17 ### Using the Config
  18
  19 **Warning:** So far, everytime I followed this way of federating using I2P, the rest of my federation stopped working. I'm leaving this here in case it will help with making it work.
  20
  21 Assuming you're running in prod, cd to your Pleroma folder and append the following to `config/prod.secret.exs`:
  22 ```
  23 config :pleroma, :http, proxy_url: {:socks5, :localhost, 4447}
  24 ```
  25 And then run the following:
  26 ```
  27 su pleroma
  28 MIX_ENV=prod mix deps.get
  29 MIX_ENV=prod mix ecto.migrate
  30 exit
  31 ```
  32 You can restart I2PD here and finish if you don't wish to make your instance viewable or accessible over I2P.
  33 ```
  34 systemctl stop i2pd.service --no-block
  35 systemctl start i2pd.service
  36 ```
  37 *Notice:* The stop command initiates a graceful shutdown process, i2pd stops after finishing to route transit tunnels (maximum 10 minutes).
  38
  39 You can change the socks proxy port in `/etc/i2pd/i2pd.conf`.
  40
  41 ### Using Fedproxy
  42
  43 Fedproxy passes through clearnet requests direct to where they are going. It doesn't force anything over Tor.
  44
  45 To use [fedproxy](https://github.com/majestrate/fedproxy) you'll need to install Golang.
  46 ```
  47 apt install golang
  48 ```
  49 Use a different user than pleroma or root. Run the following to add the Gopath to your ~/.bashrc.
  50 ```
  51 echo "export GOPATH=/home/ren/.go" >> ~/.bashrc
  52 ```
  53 Restart that bash session (you can exit and log back in).
  54 Run the following to get fedproxy.
  55 ```
  56 go get -u github.com/majestrate/fedproxy$
  57 cp $(GOPATH)/bin/fedproxy /usr/local/bin/fedproxy
  58 ```
  59 And then the following to start it for I2P only.
  60 ```
  61 fedproxy 127.0.0.1:2000 127.0.0.1:4447
  62 ```
  63 If you want to also use it for Tor, add `127.0.0.1:9050` to that command.
  64 You'll also need to modify your Pleroma config.
  65
  66 Assuming you're running in prod, cd to your Pleroma folder and append the following to `config/prod.secret.exs`:
  67 ```
  68 config :pleroma, :http, proxy_url: {:socks5, :localhost, 2000}
  69 ```
  70 And then run the following:
  71 ```
  72 su pleroma
  73 MIX_ENV=prod mix deps.get
  74 MIX_ENV=prod mix ecto.migrate
  75 exit
  76 ```
  77 You can restart I2PD here and finish if you don't wish to make your instance viewable or accessible over I2P.
  78
  79 ```
  80 systemctl stop i2pd.service --no-block
  81 systemctl start i2pd.service
  82 ```
  83 *Notice:* The stop command initiates a graceful shutdown process, i2pd stops after finishing to route transit tunnels (maximum 10 minutes).
  84
  85 You can change the socks proxy port in `/etc/i2pd/i2pd.conf`.
  86
  87 ## I2P Instance Access
  88
  89 Make your instance accessible using I2P.
  90
  91 Add the following to your I2PD config `/etc/i2pd/tunnels.conf`:
  92 ```
  93 [pleroma]
  94 type = http
  95 host = 127.0.0.1
  96 port = 14447
  97 keys = pleroma.dat
  98 ```
  99 Restart I2PD:
 100 ```
 101 systemctl stop i2pd.service --no-block
 102 systemctl start i2pd.service
 103 ```
 104 *Notice:* The stop command initiates a graceful shutdown process, i2pd stops after finishing to route transit tunnels (maximum 10 minutes).
 105
 106 Now you'll have to find your address.
 107 To do that you can download and use I2PD tools.[^1]
 108 Or you'll need to access your web-console on localhost:7070.
 109 If you don't have a GUI, you'll have to SSH tunnel into it like this:
 110 `ssh -L 7070:127.0.0.1:7070 user@ip -p port`.
 111 Now you can access it at localhost:7070.
 112 Go to I2P tunnels page. Look for Server tunnels and you will see an address that ends with `.b32.i2p` next to "pleroma".
 113 This is your site's address.
 114
 115 ### I2P-only Instance
 116
 117 If creating an I2P-only instance, open `config/prod.secret.exs` and under "config :pleroma, Pleroma.Web.Endpoint," edit "https" and "port: 443" to the following:
 118 ```
 119    url: [host: "i2paddress", scheme: "http", port: 80],
 120 ```
 121 In addition to that, replace the existing nginx config's contents with the example below.
 122
 123 ### Existing Instance (Clearnet Instance)
 124
 125 If not an I2P-only instance, add the nginx config below to your existing config at `/etc/nginx/sites-enabled/pleroma.nginx`.
 126
 127 And for both cases, disable CSP in Pleroma's config (STS is disabled by default) so you can define those yourself seperately from the clearnet (if your instance is also on the clearnet).
 128 Copy the following into the `config/prod.secret.exs` in your Pleroma folder (/home/pleroma/pleroma/):
 129 ```
 130 config :pleroma, :http_security,
 131   enabled: false
 132 ```
 133
 134 Use this as the Nginx config:
 135 ```
 136 proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
 137 # The above already exists in a clearnet instance's config.
 138 # If not, add it.
 139
 140 server {
 141     listen 127.0.0.1:14447;
 142     server_name youri2paddress;
 143
 144     # Comment to enable logs
 145     access_log /dev/null;
 146     error_log /dev/null;
 147
 148     gzip_vary on;
 149     gzip_proxied any;
 150     gzip_comp_level 6;
 151     gzip_buffers 16 8k;
 152     gzip_http_version 1.1;
 153     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
 154
 155     client_max_body_size 16m;
 156
 157     location / {
 158
 159         add_header X-XSS-Protection "1; mode=block";
 160         add_header X-Permitted-Cross-Domain-Policies none;
 161         add_header X-Frame-Options DENY;
 162         add_header X-Content-Type-Options nosniff;
 163         add_header Referrer-Policy same-origin;
 164         add_header X-Download-Options noopen;
 165
 166         proxy_http_version 1.1;
 167         proxy_set_header Upgrade $http_upgrade;
 168         proxy_set_header Connection "upgrade";
 169         proxy_set_header Host $http_host;
 170
 171         proxy_pass http://localhost:4000;
 172
 173         client_max_body_size 16m;
 174     }
 175
 176     location /proxy {
 177         proxy_cache pleroma_media_cache;
 178         proxy_cache_lock on;
 179         proxy_ignore_client_abort on;
 180         proxy_pass http://localhost:4000;
 181     }
 182 }
 183 ```
 184 reload Nginx:
 185 ```
 186 systemctl stop i2pd.service --no-block
 187 systemctl start i2pd.service
 188 ```
 189 *Notice:* The stop command initiates a graceful shutdown process, i2pd stops after finishing to route transit tunnels (maximum 10 minutes).
 190
 191 You should now be able to both access your instance using I2P and federate with other I2P instances!
 192
 193 [^1]: [I2PD tools](https://github.com/purplei2p/i2pd-tools) to print information about a router info file or an I2P private key, generate an I2P private key, and generate vanity addresses.
 194
 195 ### Possible Issues
 196
 197 Will be added when encountered.