From 29f74ba72a7398454548e5a4289b558a0ea2aa1f Mon Sep 17 00:00:00 2001
From: Zlatin Balevsky <zlatinb@gmail.com>
Date: Wed, 16 Feb 2022 11:14:10 +0000
Subject: [PATCH] change interfaces 0.0.0.0->127.0.0.1 and update documentation

---
 Docker.md                          | 49 ++++++++++++++++++++++--------
 docker/rootfs/i2p/clients.config   |  4 +--
 docker/rootfs/i2p/i2ptunnel.config |  4 +--
 3 files changed, 41 insertions(+), 16 deletions(-)

diff --git a/Docker.md b/Docker.md
index d8d797c9dd..c3ac844d35 100644
--- a/Docker.md
+++ b/Docker.md
@@ -1,5 +1,25 @@
 # I2P in Docker
 
+### Very quick start
+If you just want to give I2P a quick try or are using it on a home network, follow these steps:
+
+1. Create two directories `i2pconfig` and `i2ptorrents`
+2. Copy the following text and save it in a file `docker-compose.yml`
+```
+version: "3.5"
+services:
+    i2p:
+        image: geti2p/i2p
+        network_mode: host
+        volumes:
+            - ./i2pconfig:/i2p/.i2p
+            - ./i2ptorrents:/i2psnark
+```
+3. Execute `docker-compose up`
+4. Start a browser and go to `http://127.0.0.1:7657` to complete the setup wizard.
+
+Note that this quick-start approach is not recommended for production deployments on remote servers.  Please read the rest of this document for more information.
+
 ### Building an image
 There is an i2P image available over at [DockerHub](https://hub.docker.com).  If you do not want to use that one, you can build one yourself:
 ```
@@ -17,21 +37,26 @@ By the default the image limits the memory available to the Java heap to 512MB.
 #### Ports
 There are several ports which are exposed by the image.  You can choose which ones to publish depending on your specific needs.
 
-|Port|Description|TCP/UDP|
-|---|---|---|
-|4444|HTTP Proxy|TCP|
-|4445|HTTPS Proxy|TCP|
-|6668|IRC Proxy|TCP|
-|7654|I2CP Protocol|TCP|
-|7656|SAM Bridge TCP|TCP|
-|7657|Router console|TCP|
-|7658|I2P Site|TCP|
-|7659|SMTP Proxy|TCP|
-|7660|POP Proxy|TCP|
-|12345|I2NP Protocol|TCP and UDP|
+|Port|Interface|Description|TCP/UDP|
+|---|---|---|---|
+|4444|127.0.0.1|HTTP Proxy|TCP|
+|4445|127.0.0.1|HTTPS Proxy|TCP|
+|6668|127.0.0.1|IRC Proxy|TCP|
+|7654|127.0.0.1|I2CP Protocol|TCP|
+|7656|127.0.0.1|SAM Bridge TCP|TCP|
+|7657|127.0.0.1|Router console|TCP|
+|7658|127.0.0.1|I2P Site|TCP|
+|7659|127.0.0.1|SMTP Proxy|TCP|
+|7660|127.0.0.1|POP Proxy|TCP|
+|7652|LAN interface|UPnP|TCP|
+|7653|LAN interface|UPnP|UDP|
+|12345|0.0.0.0|I2NP Protocol|TCP and UDP|
 
 You probably want at least the Router Console (7657)  and the HTTP Proxy (4444).  If you want I2P to be able to receive incoming connections from the internet, and hence not think it's firewalled, publish the I2NP Protocol port (12345) - but make sure you publish to a different random port, otherwise others may be able to guess you're running I2P in a Docker image.
 
+#### Networking
+The `network_mode=host` used in the quick-start example is not recommended for cloud deployments.  The [macvlan](https://docs.docker.com/network/macvlan) driver is preferred.  See this [blog post](https://blog.oddbit.com/post/2018-03-12-using-docker-macvlan-networks/) for some tips on using macvlan.
+
 #### Example
 Here is an example container that mounts `i2phome` as home directory, `i2ptorrents` for torrents, and opens HTTP Proxy, IRC, Router Console and I2NP Protocols.  It also limits the memory available to the JVM to 256MB.
 ```
diff --git a/docker/rootfs/i2p/clients.config b/docker/rootfs/i2p/clients.config
index 190dc9c698..48378a16a4 100644
--- a/docker/rootfs/i2p/clients.config
+++ b/docker/rootfs/i2p/clients.config
@@ -30,7 +30,7 @@
 ## non-SSL and SSL
 #clientApp.0.args=7657 ::1,127.0.0.1 -s 7667 ::1,127.0.0.1 ./webapps/
 ## non-SSL only, both IPv6 and IPv4 local interfaces
-clientApp.0.args=7657 0.0.0.0 ./webapps/
+clientApp.0.args=7657 127.0.0.1 ./webapps/
 clientApp.0.main=net.i2p.router.web.RouterConsoleRunner
 clientApp.0.name=webConsole
 clientApp.0.onBoot=true
@@ -38,7 +38,7 @@ clientApp.0.onBoot=true
 # start up the SAM bridge so other client apps can connect
 clientApp.1.main=net.i2p.sam.SAMBridge
 clientApp.1.name=SAMBridge
-clientApp.1.args=sam.keys 0.0.0.0 7656 i2cp.tcp.host=localhost i2cp.tcp.port=7654
+clientApp.1.args=sam.keys 127.0.0.1 7656 i2cp.tcp.host=localhost i2cp.tcp.port=7654
 clientApp.1.startOnLoad=false
 
 # poke the i2ptunnels defined in i2ptunnel.config
diff --git a/docker/rootfs/i2p/i2ptunnel.config b/docker/rootfs/i2p/i2ptunnel.config
index 2dabde3763..7503799af1 100644
--- a/docker/rootfs/i2p/i2ptunnel.config
+++ b/docker/rootfs/i2p/i2ptunnel.config
@@ -19,7 +19,7 @@ tunnel.0.name=I2P HTTP Proxy
 tunnel.0.description=HTTP proxy for browsing eepsites and the web
 tunnel.0.type=httpclient
 tunnel.0.sharedClient=true
-tunnel.0.interface=0.0.0.0
+tunnel.0.interface=127.0.0.1
 tunnel.0.listenPort=4444
 tunnel.0.proxyList=false.i2p
 tunnel.0.i2cpHost=127.0.0.1
@@ -44,7 +44,7 @@ tunnel.1.name=Irc2P
 tunnel.1.description=IRC tunnel to access the Irc2P network
 tunnel.1.type=ircclient
 tunnel.1.sharedClient=false
-tunnel.1.interface=0.0.0.0
+tunnel.1.interface=127.0.0.1
 tunnel.1.listenPort=6668
 tunnel.1.targetDestination=irc.postman.i2p:6667,irc.echelon.i2p:6667
 tunnel.1.i2cpHost=127.0.0.1
-- 
GitLab