marek/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

#2214 - Update instructions for adding a key/hostname on stats.i2p; Remove external links, add search suggestion and specific warning about apache modules

Browse Source
This commit is contained in:
slumlord
2018-06-09 18:18:47 +00:00
parent 3f92d92ce4
commit ee5012311e
1 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
installer/resources/eepsite/docroot/help/index.html
View File

@ -111,9 +111,13 @@
<p>Now it's time to add your website to an I2P address book hosted by a site such as <a href="http://stats.i2p/ " target="_blank">stats.i2p</a> or <a href="http://no.i2p/" target="_blank">no.i2p</a>.
That is, you must enter your website name and key into a web interface on one or more of these sites.
Here is <a href="http://stats.i2p/i2p/addkey.html" target="_blank">the key entry form</a> at stats.i2p.
Your key is the entire "Local destination" key on the <a href="http://127.0.0.1:7657/i2ptunnel/edit?tunnel=3">Hidden Service Configuration page</a>.
Be sure you copy the whole thing.
Don't forget to click "add a key".
You will need your <b>Authentication String</b> for the next step, this can be found on the <b>Registration Authentication</b> page which is linked to on the Hidden Service configuration page.
Copy the entire authentication string and paste it on the key entry page.
Enter an optional name.
Describe your site briefly, this step is recommended.
If your site is a HTTP service, leave the checkbox selected - if not unselect it.
Read through the Terms of Service carefully.
Click the "Submit" button at the bottom of the page.
Check to see if it reports the key was added.
Since many routers periodically get address book updates from these sites, within several hours others will be able to find your website by simply typing <i>something</i>.i2p into their browser.</p>
<h2>Adding Addressbook Subscriptions</h2>
@ -165,7 +169,12 @@
<p>Beware that a poorly configured webserver or web appplication can leak potentially compromising information such as
your real IP address or server details that may reduce your anonymity or assist a hacker.
We recommend using the default server unless you feel comfortable doing server administration.
The following may help:
Please carry out some research into securing your web server prior to placing it online.
There are plenty of guides online, for example if you search for "nginx security hardening guide" you will find a number of guides that have good recommendations.
We will point out one major issue with the <b>Apache</b> web server:
The <code>mod_status</code> and <code>mod_info</code> Apache modules are known to be enabled by default on some operating systems, these expose various forms of internal data which can lead to serious compromise of anonymity when used on an anonymous network like I2P.
Removing the lines from your Apache configuration file where these modules are loaded is the easiest way to prevent these issues.
</p>
<ul>