I2P Anonymous Webserver
Introduction to Webserving on I2P
By default, I2P is supplied with a webserver to host your own anonymized website (traditionally referred to as an eepsite). Both this site and the Router Console are running on a streamlined version of Jetty, customized for I2P.
| Location of the I2P webserver root directory (docroot) | |
|---|---|
%APPDATA%\I2P\eepsite\docroot\ | |
/Users/(user)/Library/Application Support/i2p | |
Standard Java installation ➜ ~/.i2p/eepsite/docroot/Package / repository installation ➜ /var/lib/i2p/i2p-config/eepsite/docroot/ | |
To serve your own static content, you only need to edit or replace the files in the webserver's root directory, and the site will be available on the I2P network after you've followed the instructions below. Additionally, cgi and python scripts can be run from the cgi-bin directory immediately above docroot if you have perl and python installed.
Directory Listings & Custom Error Pages
Directory listings (sometimes referred to as virtual directories) are enabled by default, so you can host files from a sub-directory of docroot without providing a page with links to the files. You can also serve content that exists outside of docroot by using a symbolic link to the desired directory.
You can override the default appearance of the directory listing by supplying an edited jetty-dir.css file to set the global appearance. This file must be located at docroot/eepsite/.resources/jetty-dir.css. Note that this file will not be displayed in the webserver's directory listing. Files and directories prefixed with . and files named favicon.ico or files ending with ~ or .bak or .old will also be hidden from view (though still accessible).
Note: To create hidden files with a . prefix on Windows, add a trailing . to the file or directory e.g. .hidden. and Windows explorer will then save the file with the correct name, removing the trailing dot in the process.
To disable directory listings, find the entry for org.eclipse.jetty.servlet.Default.dirAllowed in the base-context.xml file, located in the eepsite/contexts folder (just above docroot folder), and change 'true' to 'false' immediately underneath. To apply the change immediately, stop and restart the I2P Webserver client on the Client Configuration page. You can also drop an empty index.html file in any exposed directory to suppress directory listings for that location.
To enable custom 404 and 403 error pages, create 404.html and 403.html files and copy them to docroot/.resources/ or modify the existing files to suit your needs.
Setting up & announcing your website
Your Jetty webserver is running by default at http://127.0.0.1:7658/, but is not accessible by others until you start the I2P Webserver tunnel in the Tunnel Manager
On the I2P network, remotely hosted services can be accessed using a Base32 address ending in ".b32.i2p", a destination represented as a long Base64 string, or more usually by using an .i2p domain. A destination is I2P's equivalent to an IP address, and is shown on the Tunnel Manager Configuration page. You can share your b32.i2p address to allow others to access to your website until you've registered your own .i2p domain.
- Choose a name for your website (something.i2p), using lower-case. Enter the new name for your website on the Tunnel Manager Configuration page where it indicates Website name, replacing the default mysite.i2p placeholder. If you want your website to be available when I2P starts, check the Auto Start box and click the Save button.
- Click the Start button for your webserver tunnel on the Tunnel Manager index page. You should now see it listed under Service Tunnels on the Router Console sidebar. A green star displayed next to the tunnel name (I2P Webserver by default) indicates that your website is active on the I2P network.
- Highlight and copy the entire Local destination on the Tunnel Manager Configuration page.
- Enter the name and paste the destination into your address book. Click Add to save the new entry.
- In the web browser you have configured for I2P usage, browse to your website name (something.i2p) and you should be returned to this page.
Before you tell the world about your new website, you should add some content. Go to the server's root directory listed above and replace the index.html redirect page with your own content. If you need a template for a basic site, feel free to adapt this page. If you're returned to this page after editing the content, try clearing your browser's web cache.
Registering an I2P Domain
You may wish to register your website with an I2P Domain registrar such as stats.i2p, identiguy.i2p or reg.i2p. Some registration sites require the full B64 destination address, which you should copy in full from the Local destination section on the Tunnel Manager Configuration page.
If a Registration Authentication string is requested, you can find it (for the default webserver tunnel) on the Registration Authentication page linked from the Tunnel Manager Configuration page.
If you are in a hurry and can't wait a few hours, you can tell people to use a "jump" address helper redirection service. This will usually work within a few minutes of your hostname registration when using the jump service from the same site, or after a few hours if using a 3rd party jump service. Once you have confirmed it is working, you can tell others to use it.
Active jump services include:
http://stats.i2p/cgi-bin/jump.cgi?a=something.i2phttp://notbob.i2p/cgi-bin/defcon.cgi?jump=something.i2p
Alternatively, you can copy the address helper link for your domain, indicated either on the addressbook list page, or on the details page for your domain e.g. details for i2p-projekt.i2p, and paste the link where it's required to share it with others.
Services such as Identiguy's eepsite status list and notbob's site uptime monitor may direct visitors to your site. To actively promote your site, there are various options you could try, for example:
- Post an announcement on one of the I2P forums e.g. I2P forum or Ramble
- Publish it on the I2P Wiki Eepsite Index
- Tell people about it on I2P's IRC network
Using an alternative webserver
To configure an alternative webserver for use on I2P, you can either use the existing webserver tunnel and disable the default webserver from running, or create a new HTTP Server tunnel in the Tunnel Manager. Ensure that the webserver's listening port is also configured in the Tunnel Manager settings. For example, if your webserver is listening by default on address 127.0.0.1 port 80, you'd also need to ensure that the Target port in the Tunnel Manager settings page for the service is also configured to port 80.
To preserve anonymity, make sure that the webserver is not publicly available outside of the I2P network, which is normally achieved by configuring the webserver to listen on localhost (127.0.0.1) rather than all interfaces (0.0.0.0).
Be aware that a poorly configured webserver or web appplication can leak information such as your real IP address or server details that may reduce your anonymity or assist a hacker. If using an alternative platform, be sure to secure it before putting it online. If in doubt, consult online guides about web server and web application hardening, for example:
Note: On some Apache installations, the mod_status and mod_info modules are enabled by default. It is important to disable these, or otherwise protect access to the urls, to avoid compromising the anonymity and security of your server.