idk/reseed-tools
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

TLS certificate: rsa4096 --> ECDSAWithSHA512 384bit secp384r1

Browse Source 
elliptic curves in ECDHE handshake: only CurveP384 + CurveP521, default CurveP256 removed
RebuildInterval: 24h --> 72h
certificate valid: 2y --> 5y
throttled.PerDay(4) --> PerHour(4), to enable limited testing
This commit is contained in:
martin61
2016-01-29 19:36:41 +01:00
parent 350dfa9587
commit e66b97b460
6 changed files with 39 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@@ -5,24 +5,28 @@ This tool provides a secure and efficient reseed server for the I2P network. The
## Installation
If you have Go installed you can download, build, and install this tool with `go get`
If you have go installed you can download, build, and install this tool with `go get`
```
$ export GOPATH=$HOME/go
$ cd $GOPATH
$ go get github.com/martin61/i2p-tools
...
$ i2p-tools -h
...
$ bin/i2p-tools -h
```
Otherwise, a binary for your OS can be downloaded from http://matt.i2p/
## Usage
If this is your first time running a reseed server (ie. you don't have any existing keys). You can simply run the following command and follow the prompts to create the appropriate keys and certificates.
### Locally behind a webserver (reverse proxy setup), preferred:
```
$ i2p-tools reseed --signer=you@mail.i2p --tlsHost=your-domain.tld --netdb=/var/lib/i2p/i2p-config/netDb
...
$ GOPATH=$HOME/go; cd $GOPATH; bin/i2p-tools reseed --signer=you@mail.i2p --key=you_at_mail.i2p.pem --netdb=/home/i2p/.i2p/netDb --port=8443 --ip=127.0.0.1 --trustProxy
```
This will start an HTTPS reseed server on the default port and generate 4 files in your current directory (a TLS key and certificate, and a signing key and certificate). Both of the certificates (*.crt) will need to be sent to the I2P developers in order for your reseed server to be included in the standard I2P package.
### Without webserver, standalone with tls support
```
$ GOPATH=$HOME/go; cd $GOPATH; bin/i2p-tools reseed --signer=you@mail.i2p --key=you_at_mail.i2p.pem --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld
```
If this is your first time running a reseed server (ie. you don't have any existing keys), you can simply run the command and follow the prompts to create the appropriate keys and certificates.
Afterwards an HTTPS reseed server will start on the default port and generate 4 files in your current directory (a TLS key and certificate, and a signing key and certificate).