Install I2P on Debian Server
Want a lightweight anonymity layer for your Debian box? This quick guide shows you how to pull in I2P, tweak the defaults, and get it humming in no time—so you can surf hidden sites or run a Tor‑like service without the extra bloat.
Why You’d Want I2P on a Server
I2P is a good middle ground: it’s not as widely used as Tor, so it tends to slip past some network monitors. It also runs in its own encrypted tunnel, which makes it great for hosting a hidden service or protecting your admin traffic from snoops.
Prerequisites & Quick Check
- A clean Debian 12 (Bookworm) server.
- Root or sudo access.
- At least 1 GB of RAM; I2P will eat ~300 MB of memory when idle.
- Internet connectivity to fetch packages.
If you’re on a VPS with strict outbound rules, remember that I2P uses UDP for routing—so tweak your firewall accordingly.
Step 1: Update Your System
sudo apt update && sudo apt upgrade -y
Why this matters? Debian’s package list may still be pointing to an old repository; updating ensures you get the latest JRE and I2P binaries, plus security patches for your server.
Step 2: Install Java Runtime
I2P is a Java application, so you need a JVM. The project recommends OpenJDK 17 but works fine with 11.
sudo apt install -y openjdk-17-jre-headless
The headless variant omits desktop libraries, saving space on a server. After installation, confirm:
java -version # Expected: openjdk version "17.x" …
Step 3: Grab the Latest I2P Release
Download the tarball directly from the official site.
cd /opt sudo wget https://geti2p.net/download/i2pd-1.7.4.tgz sudo tar -xzf i2pd-1.7.4.tgz
Why not use apt? I2P’s Debian package is notoriously out‑of‑date and doesn’t set up a clean service wrapper, so pulling the tarball gives you full control.
Step 4: Create a Dedicated User
Running services as root is a bad idea—especially something that talks to the internet. Make a low‑privilege account:
sudo useradd -r -s /usr/sbin/nologin i2puser
Then move ownership of the I2P folder:
sudo chown -R i2puser:i2puser /opt/i2pd-1.7.4
Step 5: Configure Basic Settings
Edit the config file to set ports and logging preferences.
sudo nano /opt/i2pd-1.7.4/config.json
At a minimum, change:
{
"listen_port": 7656,
"http_local_host": "127.0.0.1",
"http_local_port": 7657,
// keep the rest at defaults unless you know what you’re doing
}
The default listen_port is fine, but binding HTTP to localhost prevents external machines from hitting your admin UI accidentally.
Step 6: Set Up a Systemd Service
Create /etc/systemd/system/i2pd.service:
[Unit] Description=I2P Network Daemon After=network.target [Service] User=i2puser Group=i2puser WorkingDirectory=/opt/i2pd-1.7.4 ExecStart=/usr/bin/java -Xms256m -Xmx512m -jar i2pd.jar Restart=on-failure StandardOutput=syslog StandardError=syslog SyslogIdentifier=i2pd [Install] WantedBy=multi-user.target
Enable and start it:
sudo systemctl daemon-reload sudo systemctl enable --now i2pd
If you ever hit “Failed to start” check journalctl -u i2pd—common hiccup: Java path mis‑typed or missing JRE.
Step 7: Open the Firewall
I2P uses UDP for routing and TCP for HTTP. Allow both:
sudo ufw allow 7656/udp sudo ufw allow 7656/tcp # optional, but harmless
If you’re behind a stricter firewall, consider binding listen_port to a high port like 9000 to dodge packet inspection.
Step 8: Verify It’s Running
systemctl status i2pd # or netstat -tulpn | grep 7656
Open your web browser (or curl) to http://localhost:7657 on the server. The I2P admin interface should appear, confirming that routing is active.
When to Skip I2P
If you only need a single hidden service and already run Tor, I2P can feel like an extra layer of complexity for little gain. It’s slower by design; expect 50–100 ms latency on top of your traffic. So, if speed matters more than the quirky privacy model, consider staying with Tor.
That’s it—your Debian server is now a low‑profile node in the I2P network. Drop in some hidden services or just use it to keep your admin traffic out of sight.
