P2P networks for website hosting

Decentralized

© Lead Image © Victoria, fotolia.com

© Lead Image © Victoria, fotolia.com

Article from Issue 187/2016
Author(s):

Many users associate the term P2P with BitTorrent and the (not always legal) exchange of files. But peer-to-peer networks offer an option for anonymously offering websites and other services. We examine five popular alternatives for P2P networking.

If a web server on the World Wide Web fails, its pages are no longer accessible. Administrators try to compensate for this problem with redundant systems, but duplicating an entire web infrastructure involves high maintenance overhead. At the same time, the data typically crosses the wire without encryption; and even if you use SSL/TLS encryption, third parties can still identify the sender and recipient.

Several projects try to remove both of these disadvantages with hybrid and pure peer-to-peer (P2P) approaches. Much like file sharing via BitTorrent, these websites are not hosted on a central server. Instead, clients connected to the web serve up the web pages.

Some providers distribute the data across multiple network nodes. If a client disappears off the network, the data is still available. Because the projects also consistently encrypt the traffic, none of the participants can eavesdrop on the communications of others. The provider of the web pages and the users thus remain anonymous.

To use P2P networks like Freenet [1], I2P [2], IPFS [3], Tor [4], and ZeroNet [5], users only need to install the client software provided by the projects on their computers. All five networks are open to any interested party and are thus not darknets.

The individual clients use encryption to communicate; each P2P network uses its own protocols. But the messages are delivered to all the nodes via the Internet and with the help of tried and trusted protocols. The clients thus project their own networks with their own URLs onto the existing Internet; in some cases, they even have their own name services. The data, files, sites, and services available on the network received are given unique IDs, which the clients create using cryptographic methods. Then other clients request the data via this ID. In some of the P2P networks discussed is this article, sites cannot be recalled or deleted once they are published.

Freenet

The history of the Freenet project goes back to the year 1999 [1]. Irish student Ian Clark initially developed the idea of a "distributed anonymous information storage and retrieval system," which he then implemented with several helpers as Freenet. The donation-funded Freenet Project Inc. was founded to coordinate Freenet's development.

On Freenet, users can exchange files but also publish complete websites. Freenet refers to these websites as Freesites. To prevent third parties from tracking the communication of participants, Freenet routes the encrypted packets over multiple computer nodes. Additionally, users can tell their clients to connect only to known and trusted individuals or nodes. The Freenet developers somewhat misleadingly call this mode Darknet mode or high-security mode.

Freenet is based on a distributed filesystem, where each user contributes some of their disk space. From a technical point of view, the Freenet client caches some of the files offered on Freenet in an encrypted format in what is known as a data store.

Only the Freenet client determines which files are stored in the data store. The client version when this article went to press was 0.7.5. The code for the Freenet client is partly released under the GNU GPL and the Apache License. The client itself is written in Java and therefore needs the Java Runtime Environment (JRE) version 1.6. The developers recommend JRE version 1.7 by Oracle.

The best approach to installing the client is via the Java Web Start Installer [6]; you'll need to have a plugin installed in the browser. Alternatively, the developers provide an installation wizard [7], which you can launch by typing java -jar new_installer_offline.jar. The complete source code of the client is available on GitHub [8].

Immediately after completing the installation, the browser opens a small wizard (Figure 1). In it, users are prompted to define the size of the data store, among other things. The minimal possible size is 512MB, and the maximum is 100GB. You also define the monthly maximum data transfer volume and bandwidth restrictions. These settings will ensure that Freenet does not permanently block your bandwidth.

Figure 1: The wizard handles the installation of the Freenet client.

The Freenet client runs as a daemon in the background. The installation wizard adds it to startup scripts. The activities of the daemon can sometimes delay the computer startup and shutdown drastically. The client offers a user interface on http://localhost:8888. You can use this user interface to upload new files and modify the client's default settings (Figure 2). The home page of the web interface offers what is currently an experimental search engine that helps you discover objects on Freenet.

Figure 2: The web interface of the Freenet client provides a link list as an entry point into the Freenet network.

On Freenet, all data is given an ID, or key. To retrieve data, you simply add the corresponding key to the URL http://localhost:8888/. Freenet distinguishes between four key types for different data or services. In all cases, the result is a cryptic monster such as:

USK@0iU87PXyodL2nm6kCpmYntsteViIbMwlJE~wlqIVvZ0,nenxGvjXDElX5R\
  IZxMvwSnOtRzUKJYjoXEDgkhY6Ljw,AQACAAE/freenetproject-mirror/243/

Keyword Signed Keys simplify things by letting users store pages and files based on a pattern of KSK@my_file.txt on Freenet. But, because multiple users can use the same name for a file, the keys are not protected from spamming and hijacking. Freenet also offers containers. A container is an archive of several files that can be up to 2MB in size and often includes a free site. Containers allow the Freenet client to load the entire site at once and not bit by bit.

If you want to offer your own website on Freenet, the graphical Jsite tool is a useful helper (Figure 3). You only need to create a new project, specify the file path to the completed web pages on the hard disk, and select the file with the home page (typically index.html). Jsite then uploads the website to Freenet and shows the key through which the site is accessible. Freenet does not support sites written in PHP or other scripting languages. Users can extend client functions through plugins; you'll find plugins for an email system, a microblogging service, and a chat system.

Figure 3: The Jsite tool helps users create their own websites on Freenet.

The Freenet website leads to a sparsely populated wiki and a brief guide that makes your eyes water after a short time because of the black background. Another page shows how users can deploy known plugins; a collection of links on the home page points users to several white papers on Freenet.

I2P

The network of the Invisible Internet Project (I2P, [2]) is primarily designed to guarantee anonymous communication. I2P is one of the most commonly used P2P networks. The client software is used by many security distributions and even exists for Android smartphones. In August 2015, I2PCon took place in Toronto, the first conference devoted to I2P [9]. Work on I2P started in 2003; the software was originally a modification of Freenet.

Unlike IPFS or Freenet, I2P does not store any files but merely enables the encrypted transmission of data packets between clients. Other programs rely on this service to anonymously communicate with each other or to offer their own services on the I2P network. A user could start a web server, for example, on their computer and then offer its services on the I2P network through the I2P client. Each communication endpoint is given a unique ID, generated by a cryptographic method that acts as a receiving and sending address. The web server would thus have its own ID.

When a client wants to send a message, it first sends it via several other machines in the direction of the target. The I2P developers refer to this chain as the outbound tunnel (Figure 4). Before the message arrives at the destination computer, it also passes through a chain of computers known as the inbound tunnel.The return route through the tunnel is ruled out. I2P refers to each node in this chain as a router. The IP protocol is used for actually transporting encrypted data.

Figure 4: On the I2P network, the sender chooses the hosts for the outbound tunnel, and the recipient chooses the hosts for the inbound tunnel. This strategy allows for anonymous communication.

Instead of the DNS system known from the Internet, the I2P developers rely on distributed address books; every user has a separate address book on their local system in which they can assign an arbitrary name to each endpoint. In addition, the user can import address books from other trusted sources.

If applications want to send data via I2P, they must be programmed to do so. The I2P developers provide a matching Java library and a simple C library. Work on Python and Perl libraries is currently in progress. Programs that exchange their data via UDP can be quite easily converted for use with I2P: If the application wants to send data to a specific destination, it typically only needs to state its cryptographic ID in I2P. I2P then encrypts and delivers.

The I2P developers also offer a streaming library, which applications use to communicate with each other in a similar way to using TCP. The library's special features include congestion control, which ensures that packets actually reach their targets.

On request, the I2PTunnel tool routes normal TCP traffic through the I2P network. You can thus continue to use existing software. For example, a user can start a normal web server on their computer and then rely on the I2PTunnel to publish this web server on the I2P network. Additionally, I2P has an HTTP proxy in the form of Eeproxy, which can be used to retrieve I2P services with your browser. A user who wants to use many services simultaneously must build a tunnel for each. Building this tunnel costs additional resources. The proxy does not prevent the browser from sending information about its users and the operating system.

Several applications developed explicitly for I2P exist today. I2P Messenger supports secure and anonymous chats over the I2P network. Other programs help with sharing files, exchanging email, and creating blogs. The Eepsite [10] web server serves up pages directly on the I2P network, and you can build a distributed data store or a cloud on the I2P network with Tahoe LAFS [11]. The usability of the programs varies greatly.

The I2P developers provide a package on their project site containing the I2P router, the I2P libraries, and selected applications. The components are available under various open source licenses; the core components are all public domain – meaning you can do whatever you want with the source code.

Prebuilt packages are available for Ubuntu, Mint, Debian, and Knoppix; all other Linux users need to turn to the installation wizard. The preconditions are JRE version 1.6; the developers recommend at least Java 7. The source code is available on GitHub [12]. When this issue went to press, the stable version of the software was 0.9.24; updates appear every six to ten weeks with minor new features or changes to the interface.

Users first launch the I2P router i2prouter, which runs as a daemon and exchanges data packets with other I2P routers on the network. The libraries rely on the I2P services, and the applications then rely on the libraries. The router also provides a web interface on http://localhost:7657 (Figure 5). Users can manipulate the configuration and define the maximum usable bandwidth, among other things. The numerous ports used by I2P are listed in the documentation [13].

Figure 5: The web interface of the I2P client already comes with many links to services on I2P.

The package also includes an address book, which provides a number of important sites and services with readable addresses. For the browser to be able to access these addresses on I2P, the user needs to manually enter the I2P proxy in the browser settings; the proxy listens on the IP address 127.0.0.1, port 4444.

Thanks to the preconfigured client, users can quickly provide their own websites on the I2P network. You only need to save your web pages in a specified directory and enable a matching tunnel. A Jetty instance serves up the website and listens on port 7658. The I2P router can be extended via plugins. The documentation is limited to the general online help on the I2P home page.

IPFS

As its name suggests, the Interplanetary File System (IPFS) [3] is basically a distributed filesystem. The basic idea is to let users serve up hypermedia content and thus offer websites. The filesystem was mainly developed by Protocol Labs; however, the developers invite all interested parties to participate. The protocol and the client software are currently at an early stage of development. The IPFS client 0.4.0, which is released under an MIT license and completely programmed in Go, was the latest when this issue went to press. Its source code is available on GitHub [14]; prebuilt packages for 32- and 64-bit systems are available [3]. To set things up, users only need to download the appropriate archive, unzip it, and include the ipfs program in the default search path. Alternatively, a Docker container with a preconfigured IPFS is available [15].

Before you access the distributed filesystem with ipfs, you need to set up a local repository for IPFS with ipfs init. The data typically ends up in ~/.ipfs. Moreover, an ID that uniquely identifies the client is generated during initialization ipfs. You can then customize files or entire directories with ipfs, as in (ipfs add <file>.txt). Every file and every directory is given a unique hash value, which other users can then use to address or download it.

You can start the ipfs client as a daemon, in which case it will automatically connect to the nearest IPFS clients, or peers, and keep the connections alive. The active daemon also offers a web server on port 8080. You can use it to address an object on the IFPS network in your browser. To do so, simply type https://localhost:8080/ABC, where ABC is the hash of the desired object.

A web page available on http://localhost:5001/webui provides information about your own node and the currently connected peers (Figure 6). You can use this page to quickly upload new files or retrieve existing files. Using Fuse technology, you can mount IFPS like a normal filesystem. In this way, the IPFS developers provide access to individual objects, without the user needing the ifps client. To do so, simply type https://ipfs.io/ipfs/ABC in your browser, where ABC stands for the hash of the desired object.

Figure 6: The web interface of IPFS client offers an overview of the currently open connections. In addition, you can upload files.

IPFS does not support a DNS system; users thus have to communicate with objects via their cryptic hash values. However, you can integrate normal DNS servers. The IPFS URL is stored in the TXT record, which the ipfs command-line tool in turn queries – the exact procedure is described by the output from ipfs dns --help. The documentation is limited to some tutorials and a sparse command line reference. The technical background of IPFS is covered by a white paper [3], which is still in the draft stage.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Freenet

    The Free Network Project provides a safe environment for free speech – even for users who fear censorship.

  • Free Software Projects

    Hundreds of thousands of registered users have chosen their favorite Sourceforge projects in 14 categories. Also in this issue: Linux electrified, and Freenet’s plans for freedom of speech on the web. We’ll also round up the latest Debian news.

  • MOFO Linux

    Controls, surveillance, and censorship are increasing rapidly on the Internet. MOFO Linux lets you anonymize your communication on the web with an easy-to-use live system.

  • New Wine with More Functions

    A new version of Wine, the program loader that lets Windows run on Linux, has been released.

  • Zero Trust Security

    Some old-school admins are still philosophizing about secure internal networks, but the experts have already moved on: Zero trust architectures use a reliable but complex strategy to protect the network from all threats – inside and outside.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News