idk/Reseed_Tools
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

page generation update for: 2023-01-04 20:59:59.360506363 +0000 UTC m=+7.706706616

Browse Source
This commit is contained in:
idk
2023-01-04 20:59:59 +00:00
parent 8c369acad2
commit 5ab8bc07b1
2 changed files with 76 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
docs/PLUGIN.md Normal file
View File

@ -0,0 +1,26 @@
# Plugin install URL's
Plugin releases are available inside of i2p at http://idk.i2p/reseed-tools/
and via the github mirror at https://github.com/eyedeekay/reseed-tools/releases.
These can be installed by adding them on the
[http://127.0.0.1:7657/configplugins](http://127.0.0.1:7657/configplugins).
After installing the plugin, you should immediately edit the `$PLUGIN/signer`
file in order to set your `--signer` email, which is used to name your keys.
You can find the `$PLUGIN` directory in your I2P config directory, which is
usually `$HOME/.i2p` on Unixes.
This will allow the developers to contact you if your reseed has issues
and will authenticate your reseed to the I2P routers that use it.
- darwin/amd64: [http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3)
- darwin/arm64: [http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3](http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3)
- linux/386: [http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3)
- linux/amd64: [http://idk.i2p/reseed-tools/reseed-tools-linux-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-amd64.su3)
- linux/arm: [http://idk.i2p/reseed-tools/reseed-tools-linux-arm.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-arm.su3)
- linux/arm64: [http://idk.i2p/reseed-tools/reseed-tools-linux-arm64.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-arm64.su3)
- openbsd/amd64: [http://idk.i2p/reseed-tools/reseed-tools-openbsd-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-openbsd-amd64.su3)
- freebsd/386: [http://idk.i2p/reseed-tools/reseed-tools-freebsd-386.su3](http://idk.i2p/reseed-tools/reseed-tools-freebsd-386.su3)
- freebsd/amd64: [http://idk.i2p/reseed-tools/reseed-tools-freebsd-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-freebsd-amd64.su3)
- windows/amd64: [http://idk.i2p/reseed-tools/reseed-tools-windows-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-windows-amd64.su3)
- windows/386: [http://idk.i2p/reseed-tools/reseed-tools-windows-386.su3](http://idk.i2p/reseed-tools/reseed-tools-windows-386.su3)

50
docs/TLS.md Normal file
View File

@ -0,0 +1,50 @@
TLS Configuration for your Reseed Server
========================================
By default, `reseed-tools` will generate self-signed certificates for your reseed service.
This is so that it can use TLS by default, and so that it can offer self-signed certificates when operating in `.onion` mode.
It is also possible to configure `reseed-tools` without TLS certificates,
or to configure it to use ACME in order to automtically obtain a certificate from Let's Encrypt.
I2P does not rely on TLS Certificate Authorities to authenticate reseed servers.
Instead, the certificates are effectively "Pinned" in the software, after manual review by the I2P developers and the community.
It is acceptable to use self-signed certificates in this fashion because they are not summarily trusted.
A self-signed certificate which is not configured in the I2P software will not work when serving a reseed to an I2P router.
Disable TLS
-----------
If you do this, it is highly recommended that you use a reverse proxy such as `Apache2` or `nginx` to provide a TLS connection to clients.
Alternatively, you could run `reseed-tools` as an `.onion` service and rely on Tor for encryption and authentication.
You can disable automatic TLS configuration with the `--trustProxy` flag like this:
```sh
./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --trustProxy
```
Setup Self-Signed TLS non-interactively
---------------------------------------
If you don't want to interactively configure TLS but still want to use self-signed certificates, you can pass the `--yes` flag, which will use the defaults for all config values.
```sh
./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --yes
```
Use ACME to acquire TLS certificate
-----------------------------------
Instead of self-signed certificates, if you want to chain up to a TLS CA, you can.
To automate this process using an ACME CA, like Let's Encrypt, you can use the `--acme` flag.
Be sure to change the `--acmeserver` option in order to use a **production** ACME server, as
the software defaults to a **staging** ACME server for testing purposes.
This functionality is new and may have issues. Please file bug reports at (i2pgit)[https://i2pgit.org/idk/reseed-tools) or [github](https://github.com/eyedeekay/reseed-tools).
```sh
./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --acme --acmeserver="https://acme-v02.api.letsencrypt.org/directory"
```