From 2ee7843f389d5eedf5c11014681bbb9842a5d93f Mon Sep 17 00:00:00 2001 From: MDLeom <2809763-curben@users.noreply.gitlab.com> Date: Sat, 21 Mar 2020 07:40:51 +0000 Subject: [PATCH] post(i2p-nixos): inbound and outbound length to adjust hops --- source/_posts/i2p-eepsite-nixos.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/source/_posts/i2p-eepsite-nixos.md b/source/_posts/i2p-eepsite-nixos.md index 2c47cb0..8c4d0a0 100644 --- a/source/_posts/i2p-eepsite-nixos.md +++ b/source/_posts/i2p-eepsite-nixos.md @@ -47,6 +47,8 @@ To join the I2P network, I'm using [i2pd](https://i2pd.website/), an (unofficial address = "::1"; destination = "::1"; port = 8081; + # inbound.length = 1; + # outbound.length = 1; }]; enableIPv4 = false; enableIPv6 = true; @@ -55,16 +57,16 @@ To join the I2P network, I'm using [i2pd](https://i2pd.website/), an (unofficial 1. `ifname` is the interface name that has Internet connection. 2. `address` is the IP address of that Internet-connected interface. Usually i2pd can figure it out by itself, but in an IPv6 environment, an interface could have multiple IPv6 addresses due to IPv6 privacy extensions. In that case, the _true_ IPv6 address needs to be specified. -2. I `name` the service as "myOnion", so the key pair will be stored in "/var/lib/i2pd/**myEep**-keys.dat". I set `keys` to make sure it really save to that file, despite being the default. +3. I `name` the service as "myOnion", so the key pair will be stored in "/var/lib/i2pd/**myEep**-keys.dat". I set `keys` to make sure it really save to that file, despite being the default. 4. `inPort` is to set the port number that the service binds to. Recommend to set it to port **80**. * If you set it to "1234", visitor needs to specify the port number to browse your site, e.g. http://foobar.i2p:1234 * There is no need to grant CAP_NET_BIND_SERVICE capability nor open port 80. I2P has NAT traversal capability and can function without opening any inbound port. 5. `address` is location of your server where the Eepsite is hosted. For most use cases, set it to the loopback **127.0.0.1** (default). In my case, it is the IPv6 loopback "::1". 6. `destination` is the location of your website where Eeepsite will forward the request to. It can be a loopback (if website and Eepsite are hosted within the same server), an IP address, a domain or even another eepsite. * You can even set your domain here and skip the rest of the sections. However, this can double the latency, especially if the website is behind a CDN. For separation of privilege, it is recommended to have a web server that is dedicated for Eepsite only. The [next section](#caddyI2p.nix) shows how to set up the web server. -6. `port` is the port number that your web server listens to. -7. `enableIPv4` and `enableIPv6` are optional. I set them because my server is IPv6 only. -8. (Optional) +7. `port` is the port number that your web server listens to. +8. `enableIPv4` and `enableIPv6` are optional. I set them because my server is IPv6 only. +9. (Optional) If your website is not behind a CDN, meaning the server's IP address is publicly known (in DNS A/AAAA record), I recommend setting both `inbound.length` and `outbound.length` to 1 (from the default 3). This can significantly decrease the latency of your Eepsite by reducing the hops. This [diagram](https://geti2p.net/en/faq#slow) illustrates the effect of hops. Run `# nixos-rebuild switch` and the keypair will be generated in a file "/var/lib/i2pd/**myEep**-keys.dat". There are no separate files for public and private keys, both are embedded in the same file.