-
-
Notifications
You must be signed in to change notification settings - Fork 653
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds support for listening on and connecting to I2P and Onion services securely #3293
base: main
Are you sure you want to change the base?
Conversation
I hereby donate this code to Anoa. |
I accept this donation and sign off on this code.
|
Moving this from How to build a Dendrite Homeserver modified to run over I2P or Tor
==================================================================
I2P mode: I2P must be installed first, and the SAMv3 API bridge must
be activated.
1. First, clone the `matrix-org/dendrite` implementation of dendrite into your GOPATH and change branch to the `i2p-demo` checkout.
2. Second, build the binary:
go build -o bin/dendrite-demo-i2p ./cmd/dendrite-demo-i2p
3. Third, run it.
go build -o bin/dendrite-demo-i2p ./cmd/dendrite-demo-i2p
Tor mode: Tor must be installed first.
1. First, clone the `matrix-org/dendrite` implementation of dendrite into your GOPATH and change branch to the `i2p-demo` checkout.
2. Second, build the binary:
go build -o bin/dendrite-demo-tor ./cmd/dendrite-demo-tor
3. Third, run it.
go build -o bin/dendrite-demo-tor ./cmd/dendrite-demo-tor
|
(@eyedeekay I can officially confirm that the code donation above checks out 🙂) |
…prioritizing the use of modern crypto
I have demo instances up and running but I'm not sure how best to share them, as I have enabled open registration for now and don't think that I should make them that public. Let me know if there's a best way to share them with testers on your side. |
Sorry for just moving this to |
Seems like GHA or whatever is upset right now, looking at the golangci-lint errors. Unit tests seem to be a real issue, could you take a look at this please? |
I'm certainly fine with it being in It would also be a more general way to open up the use of Go matrix homeservers to other kinds of P2P and/or Overlay networks. Anyone who could implement a Also, at least in some of these scenarios, it's sort of implied that if you can set up the server somewhere you can always set up a client to talk to it, as in the case of Tor or I2P. If you have Tor, you can talk to onion services, if you can't, then Tor has a problem. Same for I2P, if you have I2P, you can talk to I2P services, if you can't, it's our problem. This means that every I2P or Tor homeserver can also be a client of and also federate with any other I2P or Tor homeserver(at least for the purposes of mere contactability). So if you wanted to serve up something other than I think in the end everybody would win. You don't have to maintain a bunch of /missive With regard to the unit tests, I'm pretty sure the demo-tor unit test is failing because there isn't a Tor instance in the unit test container but that's just a hypothesis. It might be kind of rude to spin up a Tor client to run unit tests in CI so I'm going to work to confirm that hypothesis locally and if that's the case then my advice would be to simply disable that test. but please give me a little while to be absolutely sure that's what it is. |
This PR adds 2
dendrite-demo
main's, each designed expressly to serve a Hidden Service/Overlay network.The first,
dendrite-demo-i2p
add self-configuration for use of dendrite as an I2P hidden service(eepsite) and to connect to I2P services(federate) as an I2P client. It further disables thedendrite
server from communicating with non-anonymous servers by federation(because I2P does not canonically have the ability to exit, we rely on donors for exit traffic), and enables the use of self-signed TLS certificates(because I2P services are self-authenticating but TLS is still required for other aspects of the system to work reliably). This demo turns the system into an "pseudonymous" homeserver which people can connect to using an I2P-enabled Matrix client(I likecinny
and it's what I tested with).The second,
dendrite-demo-tor
adds self-configuration for the use of dendrite as an Onion service and to connect to other onion services and non-anonymous web sites using Tor to obfuscate it's physical location and providing, optionally, pseudonymity. It also enables the use of self-signed TLS certificates, for the same reason as with I2P, because onion services aren't typically eligible for TLS certificates. It has also been tested withcinny
.These services are both pseudonymous like myself, not anonymous. I will be meeting members of the element team at the CCC assembly shortly to discuss contributing under my pseudonym.
As none of the other
dendrite-demo
have unit tests I did not add them to these checkins.