How to set up untraceable websites (eepsites) on I2P

Masayuki Hatta
4 min readOct 29, 2018

--

A short introduction on how to run websites free from censorship and surveillance.

“man standing while holding burning book” by Nonsap Visuals on Unsplash

What’s “eepsites”?

Eepsites are websites in the I2P network, which means you can only access them with I2P. The official FAQ says:

An eepsite is a website that is hosted anonymously, a hidden service which is accessible through your web browser. It can be accessed by setting your web browser’s HTTP proxy to use the I2P web proxy (typically it listens on localhost port 4444), and browsing to the site.

It is easy to set up eepsites, but you can not easily know the real IP address of eepsites. For example, I am running an eepsite called legwork.i2p (a search engine in the I2P network). You can access it easily, but you may not be able to know the network or physical location of the server it is actually hosted (if you could, please contact me ASAP! well, in my case, it is not really a secret, but anyway). Eepsites are roughly equivalent to Tor’s Hidden Services.

Note that bugs or design defects in I2P or your carelessness still might reveal the location accidentally. Remember, there is no silver bullet.

Easy way: using the I2P webserver

I2P actually comes with its own webserver based on Jetty. It is disabled by default, but you can activate it quickly.

Run I2P (if you have no idea how to run I2P, see my previous article), access the I2P router console (http://localhost:7657) with your web browser, then click “LOCAL TUNNELS” (or you can open directly with http://localhost:7657/i2ptunnelmgr). Now you see “HIDDEN SERVICE MANAGER” and you can easily find “I2P webserver” in “I2P HIDDEN SERVICES”. Click “Start” button on the right side.

I2P’s hidden services manager.

You can reach your eepsite locally at http://localhost:7658. You will be greeted by the default webpage. Unfortunately, some of the information on that page is a bit dated (for example, forum.i2p is defunct, now there is new i2pforum.i2p), but most of it is still relevant and very informative, please read it carefully.

I2P’s embedded webserver’s default webpage.

If you only want to set up a simple static blog, basically it is done. Put your web contents under:

  • For GNU/Linux: ~/.i2p/eepsite/docroot/
  • For Windows: %APPDATA%\I2P\eepsite\docroot\
  • For Mac: /Users/(user)/Library/Application Support/i2p

I recommend using static site generators such as Hugo or Pelican.

Three expressions of the I2P address

How can we access your new eepsite? Like IP address or URI, I2P has its own naming system.

Firstly, your eepsite have “Destination”. If you use I2P webserver, you can check your destination by clicking “I2P webserver” in “I2P HIDDEN SERVICES”. You will find it in “Local destination”.

Local destination.

For example, my legwork.i2p’s destination is:

h-Qo-~lFHGvc067ASKg~X~zyUIPyppCz3d3AszMmZlVAolXttaokLhGh5PnKZzReapqIQuVjyP-AnIryo8uCNlPyWYXDgimA2~QQN2dkyWR3a9dNcNHGwIcdU20EmlSJdVg0gT~jvxkHO6i-94i-PTk1M70MwZfhHK7T-S1~jrFlG0ZbW2J8AjsHbOUWRW7NGr3eCawfplqJ6Ys44nZZeHWecd4sATBp7gMOSCEdU1H8btw-9H1HdfTLUJ1hm2omMjOeXk9sVrMsIn3L0ZMgcppBmFnI52YgNJBAnrmiZjVlxKl-V5CLAB1SNhso1ZxD3Pjrh~z4PxvW61qjOZAVHZj-taWwxWs6iwkYOF0BFmbtOftBGCH-JtqUcYtgU-~QqSkLTAK309QKwGYhNQ5USZvyX5~GJ0cGIiJ10jf0fI9rAoXAgec1YtEDyHI3vDj~yVfFfHuCOyBwW4z5DGJ7hngh4z8KNn9qc0aDsCh30Xt~fv6F-svrfOfVqPuz3EQ6BQAEAAcAAA==

This is the canonical “address” of your eepsite (encoded in Base64), but too long and inconvenient. So there is a shorter expression colloquially called “b32”, looks like:

cuss2sgthm5wfipnnztrjdvtaczb22hnmr2ohnaqqqz3jf6ubf3a.b32.i2p

This is the shortened version (more precisely, a hash in Base32 encoding) of destination, plus “.b32.i2p”. It is roughly equivalent to Tor’s .onion address. You can use this in your web browser’s URL window if you set up your proxy setting correctly.

Registering .i2p domain

Destination and b32 address are automatically assigned if you create an eepsite. You can always use b32 to access eepsites. Then, how can you assign human-readable addresses such as “legwork.i2p”? You have to register them manually.

There are several “registration service” on I2P. You may use stats.i2p or no.i2p (they synchronize data, so you only have to register once). Read their Terms of Service and instruction.

Mildly difficult way: using other webservers

You can run more complex, dynamic content websites on I2P, such as PHP-powered forums. In such case, you might want to use other full-fledged webservers such as Apache or Nginx instead of Jetty.

First, make sure your webserver actually works regardless of I2P. Can you access your website as http://localhost:80 or such?

Then, stop “I2P webserver” if you run, and you can click “Tunnel Wizard” button in the “ GLOBAL TUNNEL CONTROL” section in http://localhost:7657/i2ptunnelmgr.

The entrance of I2P’s Tunnel Wizard

This wizard is nicely designed, all you have to do is just follow the instruction. Possibly your choices are:

  • Choose “Server Tunnel”
  • Choose “HTTP” tunnel type
  • Make sure to set correct host address and port number of your web service

Easy, isn’t it? The real reason I said it is “mildly difficult” is, you have to make sure by yourself that your site do not leak IP address or other identifying information. It is not easy. For example, Riseup.net’s Best Practices for Hosting Onion Services is written initially for Tor’s Hidden Services, but you can learn a lot from it for running I2P eepsites.

--

--