killyourtv.i2p/ tahoe-lafs/ Configuring Tahoe-LAFS for I2P
[!] It is very important that you read this page carefully to make sure you don't accidentally leak your identity.
  1. About this document
  2. Preparation
  3. Client node
    1. Create a client node
    2. Configuration
    3. Node Operation
    4. Example URLs
  4. Storage node
    1. Configuration
    2. Node Operation
  5. Introducer

About this document

These instructions are I2P specific. More specifically, these instructions are for duck's modifications to Tahoe-LAFS. For generic documentation see Tahoe-LAFS Docs.

At this point it is assumed that Tahoe LAFS for I2P has been successfully installed and that you also have a running I2P node.

Preparation

Tahoe-LAFS will need an I2P HTTP Proxy to communicate between nodes. This document will assume you use the default one on 127.0.0.1:4444, but you can also create another proxy, for example with 1 hop for lower latency (but also lower anonymity).

/!\ The web interface shows detailed version numbers and the full path where Tahoe is installed. Bear this in mind if you decide to host the webui over I2P.

In this manual it's also assumed that the PATH has been updated as suggested in the installation guide so that the tahoe command can be easily used. If not, the full path name will need to be provided every time that tahoe is executed .

Client node

A client node is used to communicate with storage nodes in order to store and retrieve files on the grid. There is a web interface (default on http://127.0.0.1:3456/) and a command line interface (via tahoe) for accessing this data. Other interfaces are available, see the Tahoe-LAFS site for details.

Create a client node

(!) Windows users: ~/.tahoe = %USERPROFILE%\.tahoe.

Following these instructions, a client node will be installed to ~/.tahoe. If desired, the node can be in another location. More information is available by running tahoe create-client --help.

$ tahoe create-client

Configuration

Edit the configuration file ~/.tahoe/tahoe.cfg. Modify the following options, the other values should be left at the defaults for now:

[node]
nickname = yourclientnodename
web.port = tcp:3456:interface=127.0.0.1
http_proxy = 127.0.0.1:4444
tub.location =

Specify a nickname for your node. This is shown to all nodes in the grid so choose the nickname carefully.

The web.port number and bind address for the web interface can be changed if desired. This should not be opened up to the public; see above privacy warning.

Uncomment http_proxy and enter the I2P HTTP Proxy. Most users will enter 127.0.0.1:4444 here.

Uncomment tub.location but leave it empty. This will prevent your other interfaces besides 127.0.0.1 from being broadcast to the introducer. /!\ WARNING: Make sure that you do this to avoid leaking your IP address! /!\

(!) Please use grid-updates, a script that retrieves important NEWS alerts and keeps your introducer lists up-to-date.

Introducers on Tahoe-LAFS define the grid and their addresses should be published to everyone who wishes to connect to this grid. The example below points to a test introducer operated by KillYourTV. To use KYTV's introducer, add the following introducer.furl to tahoe.cfg.

[client]
introducer.furl = pb://c6w5ernw7y7rp3uwmdyu5clujyt2y4m4@w2zrwz5gplkkufix7cb4gmxfbrkwg2abnsgk62bm5iifzlahe7kq.b32.i2p/introducer

Add each introducer that you want to use to ~/.tahoe/introducers -- one per line! For example, I currently have

$ cat ~/.tahoe/introducers
pb://c6w5ernw7y7rp3uwmdyu5clujyt2y4m4@w2zrwz5gplkkufix7cb4gmxfbrkwg2abnsgk62bm5iifzlahe7kq.b32.i2p/introducer
pb://exupps5kk3amc5iq4q6f5ahggkm4s5fl@oj7cffq5fnk46iw3i3h2sdgncxrqbxm7wh6i4h2cbpmqsydygkcq.b32.i2p/introducer
pb://md2tltfmdjvzptg4mznha5zktaxatpmz@5nrsgknvztikjxnpvidlokquojjlsudf7xlnrnyobj7e7trdmuta.b32.i2p/introducer
pb://fmcbgy7zd6ubrbphilmrlocvb7f327z5@gdr3tt5uewgnm7r7xn54k2qikf2kuwwegjjsnkz44pjticcacsua.b32.i2p/introducer
pb://tq7rx35yopkvodmsxkqra4qqkbho3yaa@6ga2r2h2fyq6tzcyh6bf3hpio3i7r4edadbq7l4wnh4y62taj6ia.b32.i2p/introducer
pb://cys5w43lvx3oi5lbgk6liet6rbguekuo@sagljtwlctcoktizkmyv3nyjsuygty6tpkn5riwxlruh3f2oze2q.b32.i2p/introducer
pb://r3bs6joub24gtsofe7ohnnjcnwfmo2jy@qaihdh5z7osn7tc3326ahv3z46badiuaulff43wchmap7skg7euq.b32.i2p/42mrbm7zxmjemz6hzejo3i7aunx4eoun

You will need to restart your tahoe node after editing ~/.tahoe/introducers with tahoe restart. Any existing introducer.furl entries in tahoe.cfg will be automatically copied to ~/.tahoe/introducers. A list of known introducers is available.

If you are curious what the other configuration options that we didn't modify do, look over Configuring a Tahoe node.

Node Operation

To start your node as a daemon:

$ tahoe start

You can now access your node via the web interface at http://127.0.0.1:3456.

Example URLs

Some example URLs to try can be found on another page.

[!] There is no way to recover the URL/CAP if you lose it. Using bookmarks and/or aliases is highly recommended.

Besides the web interface, there is also a command line interface and web API.

To stop your node if running as daemon:

$ tahoe stop

Storage node

Experiment with a client node and familiarize yourself with the official Tahoe-LAFS documentation before setting up a storage node. You should also be willing and able to run a storage node 24/7 before continuing with this section. A node that's up for only twelve hours each day is worse than useless--it's harmful.

Create a server tunnel in the I2P Tunnel Manager.

Choose Type: Standard (an HTTP tunnel won't work). Point it to a a free TCP port (for example 3459) where you want to run your storage server on. You can reduce your tunnel length for lower latency (but also lower anonymity). Start the server tunnel and copy the Base32 destination for later usage.

Configuration

Edit ~/.tahoe/tahoe.cfg

[!] If the tub.location is not specified or the its tunnel is not running, no one will be able to use your storage node. If you leave tub.location commented out you will leak your IP address (and no one will be able to connect to your node)!

We'll keep most of the configuration from the previous section, but a few values need to be added.

[node]
tub.port = tcp:3459:interface=127.0.0.1
tub.location = n6k7tu37diq4obmcmv3f144oxxxnehp6njz5lwu4hllp5gp6hbga.b32.i2p

Specify the tub.port and interface to listen on. This is the TCP port as configured for the I2P server tunnel. Bind it only to 127.0.0.1 to prevent outside access.

For tub.location enter the Base32 destination for the server tunnel as created in the I2P Tunnel Manager console. Since I2P destinations don't have a port, don't specify one. Also don't add any other hostnames or IP addresses as these would be broadcast to everyone, leaking your identity.

[storage]
enabled = true
[!] DO NOT activate a storage node unless you are willing/able to keep it running nearly 24/7! Storage nodes that run for just 6-12 hours each day are harmful.

Change enabled to true to turn your client into a storage node.

Optionally you may define how much disk space is reserved with reserved_space:

reserved_space = 5GB

The storage server will not accept any share which causes the amount of free disk space to drop below this value. Currently there is no option to directly limit the size consumed by the storage server, see ticket #671.

Node Operation

Restart your node to have these changes take effect:

$ tahoe restart

Verify on the web interface that the Storage Server service is running.

Introducer

Setting up and running your own introducer on I2P involves a few simple steps. The first of these steps is to create the introducer node:

$ tahoe create-introducer ~/.tahoe/introducer

The introducer can exist anywhere on your filesystem. If you don't want it to be contained within your ~/.tahoe directory, simply specify a different directory.

Next, edit ~/.tahoe/introducer/tahoe.cfg. Fill out the web.port. In this example we'll use 3460:

[node]
web.port = tcp:3460:interface=127.0.0.1
web.static = public_html

All of the other options can be left as they are.

Start your introducer:

$ tahoe start ~/.tahoe/introducer

The introducer will bind to a random, unused port when it's first run. The port is stored in the file introducer.port. You can cat the file to find the port number.

$ cat introducer.port
17337

Create a server tunnel in the I2P Tunnel Manager.

Choose Type: Standard (don't pick HTTP; it won't work). Point it to the port listed in introducer.port (in the example above, 17337). Start the server tunnel and take note of the Base32 destination. Edit ~/.tahoe/introducer/tahoe.cfg once more and set the tub.location to the introducer's Base32 destination. Restart your introducer node once more.

$ tahoe restart ~/.tahoe/introducer

Verify on the web interface that the introducer service is running.

At this point you have an introducer running and a tunnel pointing to it so it can be used on I2P. Of course, no one will be able to use your introducer without its existence being known. You will find the introducer.furl to give to others in the file ~/.tahoe/introducer/private/introducer.furl

$ cat ~/.tahoe/introducer/private/introducer.furl
pb://c6w5ernw7y7rp3uwmdyu5clujyt2y4m4@w2zrwz5gplkkufix7cb4gmxfbrkwg2abnsgk62bm5iifzlahe7kq.b32.i2p/introducer

Let us know about your new introducer in #tahoe-lafs (and/or send an email to killyourtv@mail.i2p and darrob@mail.i2p) so that we can update our list. You should also add it to your own ~/.tahoe/introducers file so that you can also benefit from your generosity. :D