Decentralize your website!

Published: 2022-08-15 - Updated: 2022-08-15

Why?

Well, there's many reasons why you would want to mirror your website to a darknet. Mainly to promote an open internet which isn't run by massive corporations, whom only seek profit. In this article I'll cover I2P and Tor.

Both of these protocols don't rely on any middle man to get your website avaliable there, as opposed to the clearnet which has alot of issues in its current state such as the following:

Tor and I2P solves these issues by letting the user generate a set of keys which represent a address, one issue with this is that the addresses you get are unmemorable, take the following examples:

urofnon3layyes5wworh3x3i4wmgdm4livdn2qiedpsetujfxegmg4qd.onion
oztmbptelqcuj5ic5ogh7yccdokaordeocthrn56r6v3cqtksaba.b32.i2p

I2P has a solution for this and lets you register a custom address.

Tor

Setup a hidden service

Getting your website avaliable through Tor is easy, first you'll have to install Tor. This can be done by getting the tor package

apt install tor

Now that we have tor installed, we'll have to configure it. Configuration is done through the /etc/tor/torrc file. Edit it with your favourite editor, I'll be using nano for simplicity

nano /etc/tor/torrc

Add the following lines to the bottom of that file, I recommend changing hidden_service to your domain name. Note: the HiddenServiceDir contains your keys, and if you lose them you'll also lose access to your hidden service.

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

Now that we've configured our hidden service, we'll have to enable it.

systemctl enable --now tor@default

Aslongest there wasn't any errors with starting, you should be able to get your onion link by looking at the contents of the hostname file. Replace hidden_service with the directory you choose above.

cat /var/lib/tor/hidden_service/hostname

The output from the command will be the onion link that'll be used to connect to your website. Now we'll have to configure our web server, I personally use nginx. But it shouldn't be too hard to adapt it to your prefered server.

What we want to do is make our server also respond to the onion link as opposed to only our clearnet domain. This can be done by just adding the onion link inside of the server_name.

A good practice is to also advertise the Tor version through a special Onion-Location header. This can be done by adding the following to your server directive:

add_header Onion-Location http://urofnon3layyes5wworh3x3i4wmgdm4livdn2qiedpsetujfxegmg4qd.onion$request_uri;

Of course swap out the onion link to the one you retrived above. Now restart nginx, and you should be good to go!

systemctl restart nginx

Vanity domains

If you're interested in having a custom prefix to your onion link, I personally have my onion begin with urof. These can be generated using mkp224o. Just note it may take forever to generate a prefix above 6 characters.

I2P

I2P, The Invisible Internet Protocol is a anonymous network layer. Traffic is routed through a network consiting of thousands of computers, all send with end-to-end encryption. Major difference between I2P and Tor is that its primary purpose is to create hidden services, so called eepsites unlike Tor which tries to create a relay from the Tor network to the clearnet.

Setup an eepsite

Making your website avaliable through I2P is similar to how we did above. We'll begin by installing the i2pd package. One thing to note is that the version in Debian bullseye may be very outdated, and is known to segfault alot. So, if you are using Debian, you can either compile from source or upgrading to testing (not recommended)

apt install i2pd

Now that we have i2pd installed, we'll have to configure it. Configuration is done inside of /etc/i2pd/tunnels.conf. Go to the bottom of the file and add the following:

[website]
type = http
host = 127.0.0.1
port = 80
keys = website.dat

You can of course replace website with something else. Once done, we need to enable i2pd.

systemctl enable --now i2pd

Now to get the url to our new eepsite, we need to access the i2pd dashboard. This is avaliable over port 7070, I'll be using to Lynx to access it. It can be easily installed like this

apt install lynx

And now to access the dashboard use lynx 127.0.0.1:7070, you can navigate to I2P tunnels and you should see the address to your new eepsite under Server Tunnels.

Now just like we did before we'll have to configure our web server, I personally use nginx. But it shouldn't be too hard to adapt it to your prefered server.

What we want to do is make our server also respond to the eepsite as opposed to only our clearnet domain. This can be done by just adding the eepsite address inside of the server_name.

systemctl restart nginx

Now you should've a working eepsite, you can use lynx to test. Just replace the eepsite with your address.

http_proxy=http://127.0.0.1:4444 lynx http://oztmbptelqcuj5ic5ogh7yccdokaordeocthrn56r6v3cqtksaba.b32.i2p/

Note: Your eepsite keys are stored by default inside of /var/lib/i2pd/, don't LOSE them!

Register a .i2p address

There is a way of getting a human readable address inside of the I2P network, you'll have to go through a register such as reg.i2p. Note: you shouldn't rely on everyone being able to access your eepsite through the .i2p address though.

Questions or comments? contact me!