mirror of https://gitlab.com/curben/blog
post(i2p-nixos): link related posts
This commit is contained in:
parent
19a6bd3237
commit
092fc80eec
|
@ -9,12 +9,15 @@ tags:
|
||||||
- nixos
|
- nixos
|
||||||
---
|
---
|
||||||
|
|
||||||
This post is Part 1 of a series of articles that show you how I set up Caddy and Tor hidden service on NixOS:
|
In this segment, I show you how I install NixOS.
|
||||||
|
|
||||||
|
This post is Part 1 of a series of articles that show you how I set up Caddy, Tor hidden service and I2P Eepsite on NixOS:
|
||||||
|
|
||||||
- Part 1: Install NixOS
|
- Part 1: Install NixOS
|
||||||
- {% post_link caddy-nixos-part-2 'Part 2: Configure NixOS' %}
|
- {% post_link caddy-nixos-part-2 'Part 2: Configure NixOS' %}
|
||||||
- {% post_link caddy-nixos-part-3 'Part 3: Configure Caddy' %}
|
- {% post_link caddy-nixos-part-3 'Part 3: Configure Caddy' %}
|
||||||
- {% post_link tor-hidden-onion-nixos 'Part 4: Setup Tor hidden service' %}
|
- {% post_link tor-hidden-onion-nixos 'Part 4: Setup Tor hidden service' %}
|
||||||
|
- {% post_link i2p-eepsite-nixos 'Part 5: Configure I2P' %}
|
||||||
|
|
||||||
## Background
|
## Background
|
||||||
|
|
||||||
|
|
|
@ -9,14 +9,17 @@ tags:
|
||||||
- nixos
|
- nixos
|
||||||
---
|
---
|
||||||
|
|
||||||
|
In this post, I show you how I securely configure the NixOS, the server OS behind this website.
|
||||||
|
|
||||||
This post is Part 2 of a series of articles that show you how I set up Caddy and Tor hidden service on NixOS:
|
This post is Part 2 of a series of articles that show you how I set up Caddy and Tor hidden service on NixOS:
|
||||||
|
|
||||||
- {% post_link caddy-nixos-part-1 'Part 1: Install NixOS' %}
|
- {% post_link caddy-nixos-part-1 'Part 1: Install NixOS' %}
|
||||||
- Part 2: Configure NixOS
|
- Part 2: Configure NixOS
|
||||||
- {% post_link caddy-nixos-part-3 'Part 3: Configure Caddy' %}
|
- {% post_link caddy-nixos-part-3 'Part 3: Configure Caddy' %}
|
||||||
- {% post_link tor-hidden-onion-nixos 'Part 4: Configure Tor' %}
|
- {% post_link tor-hidden-onion-nixos 'Part 4: Configure Tor' %}
|
||||||
|
- {% post_link i2p-eepsite-nixos 'Part 5: Configure I2P' %}
|
||||||
|
|
||||||
In this post, I show you how I securely configure my NixOS, the server OS behind this website. Following diagram shows the architecture behind this website.
|
Following diagram shows the architecture behind this website.
|
||||||
|
|
||||||
![Architecture behind mdleom.com](20200223/caddy-nixos.png)
|
![Architecture behind mdleom.com](20200223/caddy-nixos.png)
|
||||||
|
|
||||||
|
|
|
@ -9,17 +9,18 @@ tags:
|
||||||
- nixos
|
- nixos
|
||||||
---
|
---
|
||||||
|
|
||||||
|
In this segment, I show you how I set up this website (mdleom.com) to reverse proxy to curben.netlify.com using Caddy on NixOS (see above diagram). If you're not using NixOS, simply skip to the [Caddyfile](#Caddyfile) section.
|
||||||
|
|
||||||
This post is Part 2 of a series of articles that show you how I set up Caddy and Tor hidden service on NixOS:
|
This post is Part 2 of a series of articles that show you how I set up Caddy and Tor hidden service on NixOS:
|
||||||
|
|
||||||
- {% post_link caddy-nixos-part-1 'Part 1: Install NixOS' %}
|
- {% post_link caddy-nixos-part-1 'Part 1: Install NixOS' %}
|
||||||
- {% post_link caddy-nixos-part-2 'Part 2: Configure NixOS' %}
|
- {% post_link caddy-nixos-part-2 'Part 2: Configure NixOS' %}
|
||||||
- Part 3: Configure Caddy
|
- Part 3: Configure Caddy
|
||||||
- {% post_link tor-hidden-onion-nixos 'Part 4: Configure Tor' %}
|
- {% post_link tor-hidden-onion-nixos 'Part 4: Configure Tor' %}
|
||||||
|
- {% post_link i2p-eepsite-nixos 'Part 5: Configure I2P' %}
|
||||||
|
|
||||||
![Architecture behind mdleom.com](20200223/caddy-nixos.png)
|
![Architecture behind mdleom.com](20200223/caddy-nixos.png)
|
||||||
|
|
||||||
In this segment, I show you how I set up this website (mdleom.com) to reverse proxy to curben.netlify.com using Caddy on NixOS (see above diagram). If you're not using NixOS, simply skip to the [Caddyfile](#Caddyfile) section.
|
|
||||||
|
|
||||||
## Background
|
## Background
|
||||||
|
|
||||||
In NixOS, Caddy can be easily configured through "configuration.nix", without even touching a Caddyfile, if you have a rather simple setup. For example, to serve static files from "/var/www/" folder,
|
In NixOS, Caddy can be easily configured through "configuration.nix", without even touching a Caddyfile, if you have a rather simple setup. For example, to serve static files from "/var/www/" folder,
|
||||||
|
|
|
@ -11,6 +11,8 @@ tags:
|
||||||
- censorship
|
- censorship
|
||||||
---
|
---
|
||||||
|
|
||||||
|
In this segment, I show you how I set up I2P Eepsite service that reverse proxy to curben.netlify.com. This website can be accessed using this [B32 address](http://ggucqf2jmtfxcw7us5sts3x7u2qljseocfzlhzebfpihkyvhcqfa.b32.i2p) or [mdleom.i2p](http://mdleom.i2p/)
|
||||||
|
|
||||||
This post is Part 5 of a series of articles that show you how I set up Caddy, Tor hidden service and I2P Eepsite on NixOS:
|
This post is Part 5 of a series of articles that show you how I set up Caddy, Tor hidden service and I2P Eepsite on NixOS:
|
||||||
|
|
||||||
- {% post_link caddy-nixos-part-1 'Part 1: Install NixOS' %}
|
- {% post_link caddy-nixos-part-1 'Part 1: Install NixOS' %}
|
||||||
|
@ -19,8 +21,6 @@ This post is Part 5 of a series of articles that show you how I set up Caddy, To
|
||||||
- {% post_link tor-hidden-onion-nixos 'Part 4: Configure Tor' %}
|
- {% post_link tor-hidden-onion-nixos 'Part 4: Configure Tor' %}
|
||||||
- Part 5: Configure I2P
|
- Part 5: Configure I2P
|
||||||
|
|
||||||
In this segment, I show you how I set up I2P Eepsite service that reverse proxy to curben.netlify.com. This website can be accessed using this [B32 address](http://ggucqf2jmtfxcw7us5sts3x7u2qljseocfzlhzebfpihkyvhcqfa.b32.i2p) or [mdleom.i2p](http://mdleom.i2p/)
|
|
||||||
|
|
||||||
The reason I set up an Eepsite is similar to why I have a Tor hidden service, is to let people visit my website (mdleom.com) anonymously. I2P is touted as superior to Tor with its garlic routing which is claimed to be an improvement to onion routing. In practice though, I don't see much difference. From a client's (as in client-server) perspective, the browsing experience is still as slow since the traffic has to jump through a few hops, just like in Tor. For a server, the setup is similar as both involve creating public/private key pair.
|
The reason I set up an Eepsite is similar to why I have a Tor hidden service, is to let people visit my website (mdleom.com) anonymously. I2P is touted as superior to Tor with its garlic routing which is claimed to be an improvement to onion routing. In practice though, I don't see much difference. From a client's (as in client-server) perspective, the browsing experience is still as slow since the traffic has to jump through a few hops, just like in Tor. For a server, the setup is similar as both involve creating public/private key pair.
|
||||||
|
|
||||||
A thing to note about I2P is that, while inside its network, you can only browse *.i2p websites, not normal websites or what is so-called the _clearnet_. This is unlike Tor where you can browse .onion and clearnet, which is routed through _exit relays_. You could browse the clearnet from I2P network by using a _outproxy_, which works similarly to exit relay of Tor. However, I2P user is discouraged from using a outproxy as that would compromise the user's anonymity.
|
A thing to note about I2P is that, while inside its network, you can only browse *.i2p websites, not normal websites or what is so-called the _clearnet_. This is unlike Tor where you can browse .onion and clearnet, which is routed through _exit relays_. You could browse the clearnet from I2P network by using a _outproxy_, which works similarly to exit relay of Tor. However, I2P user is discouraged from using a outproxy as that would compromise the user's anonymity.
|
||||||
|
@ -165,12 +165,12 @@ in {
|
||||||
ReadWriteDirectories = cfg.dataDir;
|
ReadWriteDirectories = cfg.dataDir;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.caddyI2p = {
|
users.users.caddyI2p = {
|
||||||
home = cfg.dataDir;
|
home = cfg.dataDir;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.groups.caddyI2p = {
|
users.groups.caddyI2p = {
|
||||||
members = [ "caddyI2p" ];
|
members = [ "caddyI2p" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -11,14 +11,15 @@ tags:
|
||||||
- censorship
|
- censorship
|
||||||
---
|
---
|
||||||
|
|
||||||
This post is Part 4 of a series of articles that show you how I set up Caddy and Tor hidden service on NixOS:
|
In this segment, I show you how I set up Tor hidden (.onion) service that reverse proxy to curben.netlify.com. This website can be accessed through the following [.onion address](http://xw226dvxac7jzcpsf4xb64r4epr6o5hgn46dxlqk7gnjptakik6xnzqd.onion).
|
||||||
|
|
||||||
|
This post is Part 4 of a series of articles that show you how I set up Caddy, Tor hidden service and I2P Eepsite on NixOS:
|
||||||
|
|
||||||
- {% post_link caddy-nixos-part-1 'Part 1: Install NixOS' %}
|
- {% post_link caddy-nixos-part-1 'Part 1: Install NixOS' %}
|
||||||
- {% post_link caddy-nixos-part-2 'Part 2: Configure NixOS' %}
|
- {% post_link caddy-nixos-part-2 'Part 2: Configure NixOS' %}
|
||||||
- {% post_link caddy-nixos-part-3 'Part 3: Configure Caddy' %}
|
- {% post_link caddy-nixos-part-3 'Part 3: Configure Caddy' %}
|
||||||
- Part 4: Configure Tor
|
- Part 4: Configure Tor
|
||||||
|
- {% post_link i2p-eepsite-nixos 'Part 5: Configure I2P' %}
|
||||||
In this segment, I show you how I set up Tor hidden (.onion) service that reverse proxy to curben.netlify.com. This website can be accessed through the following [.onion address](http://xw226dvxac7jzcpsf4xb64r4epr6o5hgn46dxlqk7gnjptakik6xnzqd.onion).
|
|
||||||
|
|
||||||
The main reason for me to have a Tor hidden service is so that visitor can visit my website (mdleom.com) anonymously. Visitor indeed can browse this website _somewhat_ anonymously via VPN, but it's not hidden from the VPN provider. Even with Tor, the traffic still needs to get out from the Tor network to the Internet via exit relays, and exit relays can [do whatever](https://doi.org/10.1007/978-3-319-08506-7_16) they want to the traffic. Tor hidden service ensures the traffic is end-to-end encrypted and stays inside the Tor network--without involving any exit relay.
|
The main reason for me to have a Tor hidden service is so that visitor can visit my website (mdleom.com) anonymously. Visitor indeed can browse this website _somewhat_ anonymously via VPN, but it's not hidden from the VPN provider. Even with Tor, the traffic still needs to get out from the Tor network to the Internet via exit relays, and exit relays can [do whatever](https://doi.org/10.1007/978-3-319-08506-7_16) they want to the traffic. Tor hidden service ensures the traffic is end-to-end encrypted and stays inside the Tor network--without involving any exit relay.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue