English عربية Azerbaijani 中文 Deutsch Ελληνικά Español فارسی Français Magyar bahasa Indonesia Italian Nederlands Polish Português Română Русский Svenska Turkish Українська

I2P Anonymous Webserver

Guide to Anonymous Webserving on I2P

This is your own anonymous I2P webserver (traditionally referred to as an eepsite). To serve your own content, simply edit the files in the webserver's root directory and the site will be public once you follow the instructions below.

The webserver's root directory can be found in one of the following locations, depending on your operating system:

In I2P, hidden services are addressed using a Base32 address ending in ".b32.i2p", or a Destination represented as a long Base64 string. The Base32 address may be used as a hostname, until you register a name following the instructions below. The Destination is somewhat like an IP address, and is shown on the Hidden Service Configuration page.

The instructions below detail how to assign a name like "mysite.i2p" to your website and enable access by others. You may reach your site locally via http://127.0.0.1:7658/.

How to set up and announce your hidden service

Your webserver is running by default, but is not accessible by others until you start the hidden service tunnel. After you start your I2P Webserver tunnel, it will be difficult for other people to find. It can only be accessed with the long Destination or with the shorter Base32 address (.b32.i2p), which is a hash of the Destination. You could just tell people the Destnation or the Base32 address, but thankfully I2P has an address book and several easy ways to tell people about your website. Here are detailed instructions.

Directory listings are enabled, so you may host files from a subdirectory without providing a page with links to the files. You may change the appearance of the directory by supplying an edited jetty-dir.css file for each directory. The lib subdirectory demonstrates a custom style. The resources subdirectory demonstrates the default style. If you need a template for a basic site, feel free to adapt this page and associated content.

If you're returned to this page after editing the content, try clearing your browser's web cache:

Register your own I2P Domain

Now it is time to add your website to an I2P address book hosted by a site such as stats.i2p. You must enter your website name and Destination (or Registration Authentication string) on one or more of these sites.

Some registration sites require the Destination. If so, highlight and copy the entire Local destination on the Hidden Service Configuration page. Make sure you copy the whole thing, it is over 500 characters.

Some registration sites, including stats.i2p, require the Registration Authentication string. It is found on the Registration Authentication page linked from the Hidden Service configuration page. Copy the entire authentication string and paste it on the registration page. Make sure you copy the whole thing, it is over 500 characters. Describe your site briefly if the site requests this information. If your site is a HTTP service, leave the checkbox selected; if not, unselect it.

For all registration sites, read through the Terms of Service carefully. Click the "Submit" button. Verify the submission was successful. Since many routers periodically get address book updates from these sites, within several hours others will be able to find your website by simply entering your hostname in their browser.

Adding Addressbook Subscriptions

Speaking of address book updates, this would be a good time to add some more addressbooks to your own subscription list. Go to your Subscriptions Configuration page and add one or more for an automatically updated list of new hosts:

If you are in a hurry and can't wait a few hours, you can tell people to use a "jump" address helper redirection service. This will work within a few minutes of your registering your hostname on the same site. Test it yourself first by entering http://stats.i2p/cgi-bin/jump.cgi?a=something.i2p into your browser. Once it is working, you can tell others to use it.

Some people check website lists such as Identiguy's eepsite status list or no.i2p's active host list for new eepsites, so your site may start getting some traffic. There are plenty of other ways to tell people. Here are a few ideas:

Note that some sites recommend pasting in that really long destination. You can if you want, but if you have successfully registered your hostname on a registration service, tested it using a jump service, and waited 24 hours for the address book update to propagate to others, that shouldn't be necessary.

Using an alternative webserver to host your site

This site (and the I2P router console) is running on the Jetty webserver, but you may wish to use a different webserver to host your content. To maintain anonymity, be sure that your webserver is configured to only allow connections from localhost (127.0.0.1), and check the documentation to ensure your webserver isn't advertising details that may compromise your anonymity.

To configure your webserver for use on I2P, you may either use the existing webserver tunnel and disable the default webserver from running, or create a new HTTP Server tunnel in the Hidden Services Manager. Ensure that the listening port configured for the webserver (7658 by default) is also configured in the Hidden Services settings. For example, if your webserver is listening by default on address 127.0.0.1 port 80, you'd need to also ensure that the Target port in the Hidden Service Manager settings page for the service is also configured to port 80.

Beware that a poorly configured webserver or web appplication can leak potentially compromising information such as your real IP address or server details that may reduce your anonymity or assist a hacker. We recommend using the default server unless you feel comfortable doing server administration. Please ensure your web server is secure prior to placing it online. There are plenty of guides online, for example if you search for "nginx security hardening guide" you will find a number of guides that have good recommendations.

There is one important issue with the Apache web server. The mod_status and mod_info Apache modules are enabled by default on some operating systems. These modules expose internal data which can lead to serious compromise of anonymity when used on an anonymous network. Removing the lines in the configuration file where these modules are loaded is the easiest way to prevent these issues.

Further Assistance

If you have any questions, the following places are available for support:

This page, the project website and the router console need translations! Please help the project grow by getting involved or translating.