I2P Address: [http://git.idk.i2p]

Skip to content
Snippets Groups Projects
Commit dfd098b3 authored by dev's avatar dev
Browse files

Fleshed out the reseed text. 

Quickie guide from http://zzz.i2p/topics/2062 was imported.
parent 8dfc8a14
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
i2p2www/pages/site/docs/reseed.html
+ 209
1
View file @ dfd098b3
{% extends "global/layout.html" %} {% extends "global/layout.html" %}
{% block title %}{% trans %}Reseed Services{% endtrans %}{% endblock %} {% block title %}{% trans %}Reseed Services{% endtrans %}{% endblock %}
{% block lastupdated %}{% trans %}January 2016{% endtrans %}{% endblock %} {% block lastupdated %}{% trans %}January 2016{% endtrans %}{% endblock %}
{% block accuratefor %}0.9.23{% endblock %} {% block accuratefor %}0.9.24{% endblock %}
{% block content %} {% block content %}
<h2 id="about">{% trans %}About Reseed hosts{% endtrans %}</h2>
<p>{% trans -%} <p>{% trans -%}
Reseed hosts are needed to for bootstrapping, that is providing the initial set of I2P nodes for your I2P node to talk to. Depending on the status of your node it may need to bootstrap every now and then if many of the nodes it knows of aren't contactable. Reseed hosts are needed to for bootstrapping, that is providing the initial set of I2P nodes for your I2P node to talk to. Depending on the status of your node it may need to bootstrap every now and then if many of the nodes it knows of aren't contactable.
{%- endtrans %}</p> {%- endtrans %}</p>
...@@ -12,4 +15,209 @@ Reseed hosts are needed to for bootstrapping, that is providing the initial set ...@@ -12,4 +15,209 @@ Reseed hosts are needed to for bootstrapping, that is providing the initial set
Reseeding is done over an encrypted connection and all of the bootstrap information is signed by the reseed host you connect to, making it impossible for an unauthenticated source to provide you with false information. Reseeding is done over an encrypted connection and all of the bootstrap information is signed by the reseed host you connect to, making it impossible for an unauthenticated source to provide you with false information.
{%- endtrans %}</p> {%- endtrans %}</p>
<h2 id="howto">{% trans %}How to run a Reseed host{% endtrans %}</h2>
Quick guide - setup a public reseed server (2016-01)
<ol>
<li><p>
{%-trans -%}
Fire up your favorite webserver
Connect a domain, sub-domain or (anonymous) third-level-domain
Setup a state-of-the-art TLS(SSL) certificate
Allow access only via HTTPS/TLS, no unencrypted HTTP
Allow only very good ciphers, compatible to Java 7/8/9
Note: A non default port other than 443 can be used; TLS certificate can be self signed; configure fail2ban as bot-net protection
{%- endtrans -%}
</p></li>
<li><p>
{%-trans -%}
Install git and golang-go (>=1.4.2), e.g.
{%- endtrans %}
<pre>
sudo apt install git
sudo apt install golang-go
</pre>
</p></li>
<li><p>
{%-trans -%}
Switch to user running i2p, fetch the i2p-tool source code, build and test it:
{%- endtrans %}
<pre>
export GOPATH=$HOME/go; mkdir $GOPATH; cd $GOPATH
go get github.com/martin61/i2p-tools
bin/i2p-tools -h
</pre>
{%-trans -%}
Note: Visit http://reseed.i2p and download a pre-build x86_64 binary, so you can skip step 2+3.
{%- endtrans -%}
</p></li>
<li><p>
{%-trans -%}
Run i2p-tool locally, use your email:
<pre>
GOPATH=$HOME/go; cd $GOPATH; bin/i2p-tools reseed --signer=backup@mail.i2p --netdb=/home/i/.i2p/netDb --port=8443 --ip=127.0.0.1 --trustProxy
</pre>
{%- endtrans -%}
</p></li>
<li><p>
{%-trans -%}
New certificates
make a backup from the new created su3-signing key and certificate found in $GOPATH and keep it in a save password protected storage
{%- endtrans -%}
</p></li>
<li><p>
{%-trans -%}
Enable autostart (+restart) for i2p-tool in your crontab:
{%- endtrans %}
<pre>
@reboot GOPATH=$HOME/go; cd $GOPATH; bin/i2p-tools reseed ... >/dev/null 2>&1
9 * * * * GOPATH=$HOME/go; cd $GOPATH; bin/i2p-tools reseed ... >/dev/null 2>&1
</pre>
</p></li>
<li><p>
{%-trans -%}
Connect your webserver via reverse-proxy-setup to the i2p-tool, examples:
{%- endtrans %}
<pre>
lighttpd configuration example:
server.modules += ( "mod_proxy" )
proxy.server = ( "i2pseeds.su3" => ( ( "host" => "127.0.0.1", "port" => 8443 ) ) )
nginx configuration example:
location / {
proxy_pass http://127.0.0.1:8443;
}
apache (sorry: untested - feedback would be appreciated)
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8443/
ProxyPassReverse / http://127.0.0.1:8443/
</pre>
{%-trans -%}
Note: i2p-tool has also an build-in standalone webserver with tls support which can be used without a webserver.
{%- endtrans -%}
</p></li>
<li><p>
{%-trans -%}
Final test from another computer with i2p running:
<ul>
<li>
place your su3-certificate (*.crt) in i2p/certificates/reseed/
</li>
<li>
place your tls-certificate (*.crt) in i2p/certificates/ssl/
</li>
<li>
visit with your webbrowser http://localhost:7657/configreseed
</li>
<li>
enter your new reseed-url and delete all others, hit "Save changes and reseed now"
</li>
<li>
check the i2p logs for "Reseed got 77 router infos from ... with 0 errors, Reseed complete, 77 received"
</li>
</ul>
{%- endtrans -%}
</p></li>
<li><p>
{%-trans -%}
Go public, the following to backup@mail.i2p.de (pgp signed welcomed :-)
<ul>
<li>
domain/url/port
</li>
<li>
su3-signing certificate
</li>
<li>
tls certificate (if self signed)
</li>
</ul>
{%- endtrans -%}
</p></li>
<li><p>
{%-trans -%}
public pgp key: backup@mail.i2p (0x47C68B7B):
{%- endtrans%}
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQINBFJ/XjQBEACwbcCskI/dFyYi2uqrfpckZqJ2hgoTd/peIAIz8T70CR96pWjE
kaKRSagb1uyN97yKbDNybWzg9RqXe07AU1d98CPbWevXlfb/bZRSy0JvTJ7InucY
AGGG0yKrY5aDb9N6OwdRawBDUw0mM6euKrHCJ2mSH3eWjN9UOgkS9JSj1sYDDPsC
cmY2TPbWg1O8jRRqgRkSogjn9KWl5oEWqY/ABYz2P0/t7woWNs0ZpzNecUVKHCa6
z2Wgwjj+Ooesw4DdfNDam6xGLpY/mvV/znGCnJNa1wHoQDG8+WP7+EyJ9i59WdzI
Lh35vMLDDPnjtlO26Iq8OOrVMuZC5mJrIzD9ycPHX8t89AqELzLie3g/HlrGCCKV
HGWJjfjglwvza5OmiletofSMFbLZY6DBxE4iNqLnozpcygezr27vJpchU1AFsZXG
9sLQbu2YetwxAwZwiQnVey+QYNE4mb3TYj+Mq1USjT655wvYD4byARpRSHbw6flb
eLHgO0RRN/hu0Fa700GKX8Nh2qRugQ3JaYpNkyNMHiKt75CqOSzfVv3jCaewi1dO
ZwQHod+wRsnVfOpWMZ7LvK39LXzNyH9PX16yL6j68KueMuCtIgoq0/UJ8/0islkQ
o7UpXn/EIhCSGNMKXgl2JVaib9i1JT+fbkik3yq3SCsNMb+p1hrvt68jQwARAQAB
tB5iYWNrdXAgKGkycCkgPGJhY2t1cEBtYWlsLmkycD6JAjgEEwECACIFAlJ/XjQC
GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEDiiy3nrvfHHgtEQAKmc5gzX
mGYl9tZ8ISWPhyr8A/1hUK9Y1R/o4tQPtKYRa2b4eXyUb2zFSaXniz8LXVdielLi
ccGinKAsHf+jJwqgh1QIQuPUrwvLud3rueHa2G6CKESDB+7n6thQYC5KAFsObHcP
K0LDC9+Y5R5MLE47SjOnukdEqa6LWtBb9f4uQVoH4EeXkomgB0SNJORkJNuoGOlQ
MLVTkY1EK1kECJFTbCtLL+Gri38Jfy7YaR7j4LIToNYylzNW7s7Q1l1Caq/c4Y9N
Q3+wVrlF5zDhgR2LdEwOz5dHzG6YMxf0YNp1D6g92z2keRE+0+6EKr+hmJ30hbAh
nB5G5/7V45ULPPdvfkE0hcahOEFhmlFUqpyTDpOZg2Vs2fhTpbsIZetyX9t75Ain
uyGxs+NZjc/Srv2+lmBBczgMT4OYlrrskBqBCbMpSnZ0MGXf2pK+yGGofXNXDN3O
UcfIN3AbGUrXkg4SacfPfWJdOt1hvfMEEncvamN5/YyKkcYNoku8H+HyKPh12fg3
d+JfmskQIKqWQoZqWowAg8xQBwi1roXjz9oAvn4/8U01tjmAMtXDQVXpHCzBQDT8
ySUOcp6DUppAt2rWnB/DAufYJ+AtR+t8O+P6fyQGIGk4CRmzTDzrztdnodGOkceG
1GQ8JH5o/j4J6di+r/bDH/pmVqbCqIpC8L9yuQINBFJ/XjQBEADPZDezlqbPueD6
sn7mQIKfzrsA31Go97SnZyPcHhhKEoba493+Dh975v/wCILWvdKIvmtZ5aAs3oC3
S8N7OV5oYiY/3rEU+1NaUl7DhM0XtPTpFkpaIzgmK+fqCzcn23Hqd8affqy/2rjt
Z1uRylCLKTMYHquLMl2+1cpcEeCVfEnZ7ExkJVIcIQ2ZU/DmyeZr2n6T9MTmvz6I
io7OBIMoAxFvq7QC2HffhKj/yfj3kRue5Y+WRkUD2sOqv3Cd/WoYQkhttgegtmoW
BNIQfygYGqLrXl7MGKCBoFmsSoDRK5+SejuZYE9Ndt9oKnkrkJnojy7FYArR/9x6
y9crFXVX9urCOncbF5S9O+SHvmFP+wtOnNtzaPPVwuClgOdkLJWKsYJFgZgy9EMF
wGL/jpV3jWTMFwyJspi0+utlGWqt6ubIA4/5/tUyO4pCYl4rgxx8nSHokt97WmF3
CAdVpF8iDRzQxxWIHnE77pIMvymXliJv0zO9dLPzaujuGEG14ZiCrXFJNB/JY5/C
1nS8RxDZksTBaw1VPDlR6Cwf38JqZy3dDCxkAgX2mQRAMvZ92HrI/vhZtBkwxN6I
F6SdMjMG2ArPmRl0Efsy5Ztfs3OVX4nHq+pzGc8TOdaRbKPT3FhLAhkX8QRN7v+a
Cvqh/HepVIQ45Kpsoadgdz8hM5ktWQARAQABiQIfBBgBAgAJBQJSf140AhsMAAoJ
EDiiy3nrvfHHnUsP/RjhWGzv/Z6sYn0sAtn3yoJrPlwz7GcqKflrKweUE2EwCueq
azFSu7Y+lJMOrInw1K9fELFdbrSgGQYSc8Cia42UoQeksDffUWS/nhNU3FzTeAnU
w8BHFhVriRUHRkK6ng5H5TEiDsqbwKeqvBoBBIf4WIyhwUinvFVCBmMKt0hdCjqh
Q70VCyCLFN4aEjd5F6CQK8Dcf7oe5n4izz7lZdV5TtWJDZliIIgV5cvYeTBTYtMF
ZYaUpfYQoAQ/2NrQx94ScATRqIaSAsJr11kePPVt2ooMzIqKCXsOxFubvEPsoPgD
zIoeHYFGrUNVgP1/JobpDp0qPF74GKlBU8XxB3udtBdoReMDieYCl89tEE5AAefo
r/hvgdWIH9IBRlVPBQBIjzun9CO1dwl8gYx+zZvzpLY2gCBY6U0U7GsbDxFzjKHM
1fgy9a8PVdAG/2RJmeU1hpGB5DlTvuPhMwqDXjRtFGcBuYUTy10SLfM6oyb6mgiO
4ZfSSTcEtkf1SW3qGAx5tixuM5QHAi/7w4+EXd3lQCfSMwTCh6fOKI5O+GcIjR1u
AfYhHnMBf5KOduLoVS4PMXrCX9469ZHpMf8pSNwLFMWvGGqA1ofhsr8rTU6HcgFz
TIUlPrFCohH5RDTwemwaJHvAShs9f5wU2Jz8+Z/Jr39ALg4C/lFuOTYh9lEp
=W/+s
-----END PGP PUBLIC KEY BLOCK-----
</pre>
</p></li>
</ol>
<h2 id="thank you">{% trans %}Thank you{% endtrans %}</h2>
<p>
{%-trans -%}
If you are running a reseed server, I would like to thank you for helping to
make the I2P network stronger and more resiliant than ever.
{%- endtrans-%}
</p>
<p>
{%-trans -%}
Thank you.
{%- endtrans-%}
</p>
{% endblock %} {% endblock %}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Base32 Address: [http://7qeve4v2chmjdqlwpa3vl7aojf3nodbku7vepnjwrsxljzqipz6a.b32.i2p] Onion Address: [http://47ggr2fa3vnwfyhvgskzdmr3i32eijwymxohtxsls45dulmriwxszjad.onion]