XBT tracker on Cloudflare
Can someone tell me how to put xbtit and xbt tracker on cloudflare. it blocks the 2710 port so torrents can not be connected. how to solve this?
|
Quote:
not possible with present xbt will not work you need to modified and re-code to work on reverse proxy which script you want to enable xbt with cloudflare i coded for tsue works with cloudflare |
yes it works..
open port 2710 into cloudflare panel and server iptables remove announce from cloudflare cache add cloudflare ips to the whitelist on your server iptables pray to GOD :):coffee: that will do the trick :) |
Quote:
|
Quote:
|
i have xbt working on CF..
but mnehh.whatever:coffee: |
Quote:
|
Quote:
lol he is just joking i think there is port change in CF you need to change port in xbt and still it will not work as CF filters it.. you need to recode it to work with reverse proxy.. Bump: Quote:
|
i just told him what to do..
what do you mean i didnt post good info ? i post exactly what i did to make it work |
Quote:
:muscle: do you have cloudflare account go and login and show where do you have option to change port.. |
This is what you do m8
create a subdomain and use it for your announce URL and have you site url on CloudFlare... Problem solved :) |
Quote:
|
Quote:
http://website.com/announce.php I don't know what is thi port ? and i can't find its port forward option in CF |
if you use PHP announce what do you think the port is? :coffee:
|
XBT tracker on cloudflare using Nginx to help
I actually have my tracker behind Cloudflare because it helps with routing traffic for users with IPv6. If I wanted to I could add the DDOS protection as well but I use Page rules to bypass caching and a lot of other options.
Your page rules should look like this: Code:
http://tracker.example.com:8080/* Code:
http://tracker.example.com:2052/* First you have to look up Cloudflares supported ports, use one that works for you. There's a list here: By default, Cloudflare proxies traffic destined for the HTTP/HTTPS ports listed below. HTTP ports supported by Cloudflare: Code:
80 Code:
443 Code:
server { I think that's about it, you can look up how to add more options to Nginx like the amount of workers and keep alive time. If you don't put Nginx in front of your tracker then the tracker will get all Cloudflare ip addresses and won't be able to communicate and track properly. Also make another file in the Nginx conf.d folder called cloudflare.conf and put the following inside, this will allow you to get the real ips: Code:
set_real_ip_from 103.21.244.0/22; Enjoy. And monitor your database for the correct Ips to make sure it's working well. |
SSL
Code:
#Tracker Code:
Has anyone been able to do this? |
YMMV
Try this, it works with proxying xbt, but not tested with cloudflare: Code:
location ~ ^/(.*?)/announce$ { |
Quote:
I know this looks simple but that's all that's needed, trust me I've looked at what it does in the Xbt Tracker Access logs: Code:
server { Code:
servertime (actual ip that's shown) = 127.0.0.1 (otherinfohere) GET /users-passkey/announce?ip=users-ip-address-here&info_hash=users-hash-info&peer_id=-UT2210-&port=users-port-95865786767695&uploaded=0&downloaded=0&left=0&corrupt=0&key=59845y9ty8945y88&event=started&numwant=200&compact=1&no_peer_id=1&ipv6=users-ip-address-here HTTP/1.1 |
Why wouldn't I use the code I posted? I'm using it and it works as expected. My code proxies external https to internal http, so all external traffic is secure. Yours is http to http and it does not do the same thing.
Also, as posted by the author of xbt_tracker not all torrent clients include the ip address in the query string, my code adds it to the proxied url just in case it isn't already there. And, I have logged the announce also, it looks like this Code:
1589673357 127.0.0.1 37032 GET /blahblahblah/announce?info_hash=blahblahblah&peer_id=-qB4030-xRH7k*70(3me&port=8999&uploaded=0&downloaded=0&left=0&corrupt=0&key=6E012D46&event=stopped&numwant=0&compact=1&no_peer_id=1&supportcrypto=1&redundant=0&ip=ipaddress HTTP/1.0 I have no issue with saying your code works, but I do have an issue with you saying mine does not. In my searches, neither method (proxy_pass, rewrite) is recommended over the other, so it comes down to what you prefer. I could not find any evidence that one is faster than the other. |
Trouble getting the real IP to XBT once proxied with NGINX
Quote:
I've been successfully using XBT on my HTTPS Apache powered site for about a year now but only running HTTP on the tracker. Decided to finally attempt securing my tracker and do have client connections working but no matter which NGINX config I try XBT still keeps getting 127.0.0.1 on all client IPs seen from my XBT debug page. Any ideas on what I'm doing wrong? My NGINX config is below. Thanks Code:
# START REV-PROXY CONF IPv4 IPv6 Port UID Seeder Modified Peer ID 127.0.0.1:: 51159 398 0 12.1 minutes 127.0.0.1:: 20035 28 1 28.0 seconds Any and all help anyone can provide is greatly appreciated. Thanks again. |
You quote my post but you aren't using it. I don't use it with cloudflare, but I have been using that config for more than a year.
This line sends all of the query params and adds the ip, just in case, to XBT Code:
proxy_pass http://127.0.0.1:2710/$1/announce$is_args$args&ip=$remote_addr; Code:
rewrite ^(.*)$ $1?ip=$remote_addr break; Code:
proxy_pass http://127.0.0.1:4000/; Hope you get it sorted. |
I should have been more clear, let me try that agian
I found both NGINX configurations listed in the feed to get client connections working. Like you, I'm not involving Cloudflare either my trouble is nether solution get the clients public IPs to my XBT.
Code:
# START REV-PROXY CONF This is the copy of XBT that I'm currently using. wget https://github.com/OlafvdSpek/xbt/archive/master.zip Thanks again for always replying to my questions but I understand I'm asking for your time. I would be glad to toss a PayPal donation your way or repay the favor with my skills somehow. |
The only difference that I see in what you are using compared with mine is you don't have
Code:
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; Code:
include snippets/ssl.conf; Code:
listen 8443 ssl http2; Also, I have recently change this to on Code:
proxy_buffering off; Just to be sure, you have XBT listening on port 4000? My debug page shows the real ip address of the clients. Otherwise, I don't see any issues. |
Troubleshooting continued
Yes, my XBT is listening on port 4000 which is actively working correctly via HTTP.
I don't think it's the SSL config because I lose the real client IPs with SSL completely disabled, but here is my SSL config. vi /etc/nginx/snippets/ssl.conf Code:
# START SSL CONF Code:
mysql_host = localhost Bump: I've now taken captures from my loopback on my XBT listening port 4000 so i can just see traffic forwarded from NGINX. Both config options show x-forwarded-for and others populated with the real client IP. (see images) Is there some mod version of XBT that understands forwarded header data? https://i.ibb.co/6sh5ygC/cap1.pnghttps://i.ibb.co/Ps2gnHj/cap2.png |
XBT gets the ip address from the query parameter ip.
That's why I specifically add it to the query string here Code:
proxy_pass http://127.0.0.1:4000/$1/announce$is_args$args& => ip=$remote_addr <=; |
parameter ip not processed by XBT tracker
I've deeply tested both NGINX configuration options and both successfully input the parameter ip into the /GET URL. However, I'm still seeing only the loopback IP on my debug page. Here is some output from my XBT access log (IP & PID masked).
Code:
1618364669 ::ffff:127.0.0.1 51354 GET /d005231e*****7fa30ff8bf0378/announce?info_hash=b%60%7F%FBw%E1%CD%CA%CC%12%29%00%82%06%D8%B6%CB%24%18y&peer_id=-lt0D60-%15l%DCj%3A%B7g%23%03%91%A0%86&key=29b87ff9&compact=1&port=20035&uploaded=0&downloaded=8952338711&left=0&ip=188.209.**.9 HTTP/1.0 What else could be preventing XBT from ingesting the IP in the URL? Do I need an XBT mod? Thanks for sticking with me on this subject. :cool: |
What does the XBT access log show for the same connection?
Show 2 from each so we can compare. |
Both NGINX configs with access logs from two clients
FOR REFERANCE WITHOUT NGINX (WORKING)
Code:
1618375670 ::ffff:188.209.**.9 44016 GET /d005231e8f5******a30ff8bf0378/announce?info_hash=%B82%B5%0A%A2%F8x%1CS%24%8E%A6%DC%2A%FA%40%E5%BFz%EB&peer_id=-lt0D60-%F6G%D3%0C%B1%9Bdz%A9%D6%1D%87&key=485194ee&compact=1&port=20035&uploaded=0&downloaded=0&left=0 HTTP/1.1 Code:
Code:
1618375162 ::ffff:127.0.0.1 51474 GET /03260510******d7d0405e2b449/announce?info_hash=X8e%B0%838%7C%40%C4%A6%2C%29%A8%3B%BE%A31uH%EF&peer_id=-lt0D60-%D7ePZ%DA%93%23%7E%BF%12%2F%8B&key=726ad0f6&compact=1&port=20035&uploaded=0&downloaded=0&left=0&ip=188.209.**.9 HTTP/1.0 Code:
# START REV-PROXY CONF Code:
1618374805 ::ffff:127.0.0.1 51472 GET /03260510d*******7d0405e2b449/announce?ip=188.209.**.9&info_hash=X8e%B0%838%7C%40%C4%A6%2C%29%A8%3B%BE%A31uH%EF&peer_id=-lt0D60-%D7ePZ%DA%93%23%7E%BF%12%2F |
The IP is being passed to XBT, so the issue is not your nginx config. I don't use a stock version of XBT so I can't say with certainty that there isn't an issue with XBT. But my version only differs slightly where it's checking for the IP address.
Maybe someone else can speak up and offer some insight? Are you running XBT on the same machine as the client you are testing with? |
No my XBT tracker is cloud hosted with my custom front-end project. My clients are runnings on other seedboxes.
I'm dying to get my tracker secured...Any chance you could share your version of just XBT tracker? Or the modifications to make it process the IP parameter? |
What you need to do next is compare an xbt announce that is from client directly to xbt. What is the difference in what it's receiving?
Bump: Your issue just reminded me that I had the same issue after he changed the codebase for ipv6. Read and follow the instructions here and you should be good to go. https://github.com/OlafvdSpek/xbt/issues/94 |
That worked! Thank you.
You would think out of all searches I did one of them would have revealed that issue on Github. :smack:
Thanks again for digging that up for me! |
No problem
|
Fix Cloudflare problems with your announce
I dont know if this thread is dead meaning u found a fix but if u haven't u could try and host your announce on a sub-domain. Obviously the sub-domain wont utilize cloudflare
|
All times are GMT +2. The time now is 19:16. |
Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.