Introduction

You can read and add on this page some tips and tricks about eepsite creation that are not yet available on I2P's official documentation.

If your project is to make a Blog, or a very little web site (some texts and some pictures), you should read the following page first : Blog I2P.

I2P's official documentation about eepsites

• http://localhost:7658/help/ - As wrote in the FAQ ("How do I set up my own eepsite?"), the main informations about hosting a eepsite are located onto your computer, in the demo eepsite ( http://localhost:7658/help/ ).
• http://i2p-projekt.i2p/en/faq - The FAQ contain some useful informations (search the keyword "eepsite").

Careful preparation is essential for success

Before you start choosing the right CMS, you should first think about your own security. In contrast to the Internet, nobody else is responsible for your security than you. The Darknet is a popular playground for script kiddies and serious attackers. Attacks cannot be traced back and after a successful break-in you are de-anonymized once and for all. Whether or not this can have an effect depends, of course, on the content of your website. In the simplest case you may violate such profane things as the imprint obligation or any data protection law. If the attacker has gained access to your computer, this can have fatal consequences. An installation should therefore always take place within a secure environment and not on the workstation PC with which you have to support yourself and on which personal things are stored. So self-protection should always come first.

FAQ

Can not locate the ".i2p" directory

Question: "There is no (hidden) .i2p folder in my home directory."

Answer: You installed I2P as a service (daemon), presumably via the Debian package. It asked you about this when you installed it.
This means your installation directory is /usr/share/i2p and your configuration directory, where you should make all changes, is at /var/lib/i2p . You may change the document root in the configuration file /var/lib/i2p/i2p-config/eepsite/contexts/base-context.xml
If you want the whole I2P install to be in your home directory, don't run it as a service. Uninstall and reinstall, or run dpkg-reconfigure i2p .(ref by Zzz 2014)

I edited the index.html file but I still view the help page

On Linux this issue happen if the user edit the file 'index.html' located inside : /home/username/i2p/eepsite/docroot/ instead of : /home/username/.i2p/eepsite/docroot/ This can sometimes also be a result of the previous page being cached, which can be worked around by clearing your browser cache.

Would there be any benefit to using SSL on an Eepsite?

"Would there be any benefit to using SSL on an Eepsite?"

"No, as there is a encrypted tunnel for the connection already in place. No need for any extra transport security." (ref 2014)

Is it possible to run 2 eepsites on 1 I2P router ?

"Hi, i was wondering if it was possible to have two eepsites on the same router if yes how? and could an attacker link the two sites to the same owner ? thanks."

"We try to make it hard to correlate two servers as being on the same router. But you can't avoid that both go down at the same time when you stop or restart your router." (ref Zzz 2014)

How to run a 2nd eepsite with Jetty (Zzz 2010, updated in 2014)

MultipleJettyInstances (2008)

Anonymity versus secrecy or privacy

"If you choose to run your own eepSite, please note that I2P provides anonymity – not necessarily secrecy or privacy. If you want a secret or private eepsite:
1) Don't publish in hosts.txt.
2) Secure the site using standard (.htaccess, whatever) protection mechanisms."^[1]

I keep seeing the help page and not my eepsite!

This happens because you are putting your HTML/CSS content in the docroot of /I2P/eepsite/docroot/ and not /.i2p/eepsite/docroot/ (for Linux)

I keep getting a 503 error when I try to access my eepsite!

This is often caused from enabling SSL without properly setting it up. Go to the Hidden Service Configuration page, disable SSL (or set it up properly), and restart your web server tunnel. This should fix it assuming all other settings are default, and that you are using the Jetty server that came with your I2P installation.

FAQ Clearnet

How to make my I2P eepsite browsable from the clearnet ?

You have to use a inproxy, currently (2016-03), there is one ('.xyz'), you can use it by a URL like: 'http://forum.i2p.xyz'

Note: a inproxy gives a bad service to it's visitors because people from the clearnet (and the inproxy) can know what eepsite(s) and pages the users are browing.

How to make a tunnel from my clearnet website to I2P ?

You have to run a I2Prouter software on the same computer as the web server of the website.

How to make a tunnel inside I2P to a clearnet website ?

You will run as a outproxy, your IP address will be show as the public IP.

Write me ! (or use TOR).

How to monitor the traffic volume of a eepsite ?

Here we explain how to use the logs files recorded by the web server software packaged with I2P (Jetty).

Terminal way

Easy way, basic

From a terminal, go to the logs directory:

• Linux:

  cd ~/.i2p/eepsite/logs/
  

• Windows:

  cd "C:\Users\YourUserName\Application Data\I2P\eepsite\logs"
  

Enter the following command:

• Linux:

  grep -c XXXXXX *.log
  

• Windows: ?

then replace XXXXXX with:

• html: to display the number of HTML pages uploaded per day.
• index: to display the number of index pages uploaded per day, but does not work in 2014 (no longer in the logs). Replacement wanted.
• favicon: to count the first time visitors per day, if the eepsite has a favicon.ico file.

(ref: Cheech Wizard, 2011)

Advanced way (Statistics script fu)

Note about the string "grep nsa.png": it's simply [part of] a url that a normal browser would fetch when viewing an actual page. This filters out crawlers, feed readers, etc.

Total ~unique users during past 7 days:

cat $(ls ~/.i2p/eepsite/logs/*.log | tail -7) | grep 'i2p' | grep nsa.png | sed 's/.i2p .*$//'| sort -u | wc

Total ~unique users for each of the past 7 days:

for i in $(ls ~/.i2p/eepsite/logs/*.log | tail -7); do echo $i; grep 'i2p' $i |grep nsa.png | sed 's/.i2p .*$//'| sort -u | wc; done

"Unique" users "ever":

grep 'i2p ' ~/.i2p/eepsite/logs/*.request.log |sed -e 's/.i2p .$//' -e 's/{{{{{{}}}^}}}.://'|sort -u|wc

"Unique"(*) users since last restart:

cat ~/.i2p/eepsite/logs/*.request.log | tail -1 | grep 'i2p ' | sed 's/.i2p .$//'| sort -u | wc

(*) It's not exactly unique because clients rebuild their tunnels, but over a short period of time [how short?] I guess it's a pretty close approximation of unique users.

Credit: Lucky Cat 2014-01-22 (ref. The URL of his Syndie forum ).

How to move a hidden service

How to move your hidden service address ('I2P tunnel') from a computer to a other

This howto can be useful for example :

• if you decide to buy a second computer or VPS, where to run your hidden service
• if you decide to give your hidden service to someone
• if you want to restart your hidden service onto a clean computer after several months/years down

First computer (the old one)

1. From the I2P router console: "I2P Services" > "Tunnels" > link "... i2ptunnel page" > "I2P Hidden Services" area > click the name of your service,
2. At the bottom of the page, look at the area "Signature type", note what is the type selected (example: "ECDSA-P256")
3. At the top of the page, look at the box "Private key file"
4. Backup the private key file (the default name is "i2ptunnel6-privKeys.dat", "6" as example)
5. Suggested : rename the file. For that, shut down I2P, go into "~/i2p/", rename the default file from "i2ptunnel6-privKeys.dat" ("6" as example) to something like "i2ptunnel-mygreatservice-privKeys.dat"
6. Depend if you use one or not: stop the service from "I2P services" > "Clients" > the name of your service > "Stop" > "Save client configuration"
7. Stop the I2P tunnel of your hidden service : "I2P Services" > "Tunnels" > link "... i2ptunnel page" > "I2P Hidden Services" area > at the right of your tunnel name click "Stop" > click your tunnel name > disable "Auto Start" > "Save"
8. Locate and edit the file '/.i2p/i2ptunnel.config', find the name of your tunnel or its description then copy the whole part in a new text file, you should name it 'MyI2PTunnelConfigToMove.txt'
9. If you use one, backup the software(s) of your hidden service

Second computer (the new one)

Note: if your hidden service is a website using the Jetty server provided with I2P, the process is more tricky because I2P creates automatically a tunnel.

1. Start I2P
2. Save the private key file from the old eepsite in directory i2p is running, as "i2ptunnel-mygreatservice-privKeys.dat" or whatever
3. Go to main i2ptunnel page
4. Select New Hidden Service: HTTP
5. Under "Private key file(k):" put "i2ptunnel-mygreatservice-privKeys.dat" or whatever
6. Give it a meaningful name and description (for your reference only)
7. Select "Auto Start(A):"
8. Click "Save"
9. Go to main i2ptunnel page
10. Start the tunnel if not started
11. Click "Preview"
12. Should have the same B32 as the old eepsite.

Hacking the file 'i2ptunnel.config'

Note : it seems not possible to do this step from the I2P GUI, if someone knows, please improve this Wiki.

Locate the file '/.i2p/i2ptunnel.config' then do a backup of it !

You will have to edit '/.i2p/i2ptunnel.config' in order to insert the previously saved part for your tunnel config (file name recommended was 'MyI2PTunnelConfigToMove.txt')

/!\ WARNING i2ptunnel.config is ordered ! : you must insert (and maybe have to rename) the number of your tunnel in the right place. Examples :

• 'tunnel.6' part must be placed just after tunnel.5 part, and tunnel.5 must exist
  
• 'tunnel.10' is inserted just after 'tunnel.1' part and before 'tunnel.2' part. Note that 'tunnel.10' can exist only if 'tunnel.9' already exist

Continuation

1. Start I2P
2. From the I2P router console: 'I2P Services' > 'Tunnels' > 'i2ptunnel page' > check if the tunnel of your I2P hidden service is started (else start it)
3. Now you can install the software(s) (if required) for your hidden service

HowTo by Hummingbird 2015-10-24, updated 2016-06

How to move a (Jetty) eepsite from a computer to a other

Instructions for Linux OS, and the default web server software (Jetty) bundled with I2P.

Before to follow this howto, you must move the tunnel as described in the section above.

First computer (the old one)

1. Stop the webserver service ("I2P services" > "Clients" > "I2P webserver (eepsite)" > "Stop")
2. Stop the webserver tunnel ("I2P Services" > "Tunnels" > link "... i2ptunnel page" > "I2P Hidden Services" area > "Stop" > "Save Client Configuration").
3. Copy the files of ~/.i2p/eepsite/docroot/ to the same folder on the second computer
4. Copy ~/.i2p/eepsite/eepriv.dat to the same location on the second computer (overwrite any existing file, unless you want to use that eepsite too!)
5. Delete the file ~/.i2p/eepsite/eeppriv.dat on the first computer.

Second computer (the new one)

1. Ensure I2P router is started
2. Go to main i2ptunnel page
3. Stop and start the hidden service of the eepsite (the only one automatically added)

If the username is different from the username of the old computer

You will have to modify the following files :

• /home/username/.i2p/eepsite/jetty.xml
• /home/username/.i2p/eepsite/jetty-ssl.xml
• /home/username/.i2p/eepsite/contexts/base-context.xml
• /home/username/.i2p/eepsite/contexts/cgi-context.xml

Text to modify :

• GNU/Linux : replace '/theprevioususername/' by '/yourusername/'
• Windows (to verify) : replace '\theprevioususername\' by '\yourusername\'

Otherwise the following error is displayed in the I2P router log : '24/06/16 16:20:56 CRIT [JettyStarter] outer.startup.RouterAppManager: Client Jetty [/home/yourusername/.i2p/eepsite/jetty.xml] START_FAILED '

Continuation

1. Start I2P
2. From the I2P router console: 'I2P Services' > 'Clients' > check if 'I2P webserver (eepsite)' is started (else start it)
3. From the I2P router console: 'I2P Services' > 'Tunnels' > 'i2ptunnel page' > check if the tunnel of your I2P hidden service is started (else start it)
4. Check if you can browse your eepsite from the I2P main menu (below 'I2P Services' : 'Website')
5. Check if you can browse your eepsite from it's B32 address (*)
6. Check if you can browse your eepsite from it's .i2p address (*)

(*) : if you have not created a I2P tunnel using the same keys, then the B32 address is different. Read the section above in order to be able to use the old one.

HowTo by Hummingbird 2015-10-24, updated 2016-06.

Misc

About HTTP headers

To read (2013): http://forum.i2p/viewtopic.php?t=10735

Hiding revealing information generated by Apache

Main article: Hiding revealing information generated by Apache

Adding a hit counter to my eepsite ?

Read this talk (and/or complete it)

See also

• HowTo
• Search engines and I2P
• Blogging with I2P
• Eepsite Index - A (partial) list of eepsites hosted inside I2P.
• http://echelon.i2p/docs/hardtoreach.txt - "I cannot reach any/most eepsite (service) in I2P"

External links

• How to compress your webserver content (Zzz, 2016)

References