Bravo List - XBT tracker on Cloudflare

Bravo List (http://www.bvlist.com/index.php)

- xBTiT (http://www.bvlist.com/forumdisplay.php?f=30)

- - XBT tracker on Cloudflare (http://www.bvlist.com/showthread.php?t=10973)

This is what you do m8

create a subdomain and use it for your announce URL and have you site url on CloudFlare... Problem solved :)

Quote:

Originally Posted by firefly007 (Post 49417)

This is what you do m8

create a subdomain and use it for your announce URL and have you site url on CloudFlare... Problem solved :)

you think it will solve the solution you think ddosers are n00bs

Quote:

Originally Posted by TraceR (Post 49413)

:muscle: do you have cloudflare account go and login and show where do you have option to change port..

My Tracker announce url :

http://website.com/announce.php

I don't know what is thi port ?
and i can't find its port forward option in CF

if you use PHP announce what do you think the port is? :coffee:

XBT tracker on cloudflare using Nginx to help

I actually have my tracker behind Cloudflare because it helps with routing traffic for users with IPv6. If I wanted to I could add the DDOS protection as well but I use Page rules to bypass caching and a lot of other options.

Your page rules should look like this:

Code:

http://tracker.example.com:8080/*

    Cache Level: Bypass

and

Code:

http://tracker.example.com:2052/*

    Cache Level: Bypass

First you have to look up Cloudflares supported ports, use one that works for you. There's a list here:

By default, Cloudflare proxies traffic destined for the HTTP/HTTPS ports listed below.

HTTP ports supported by Cloudflare:

Code:

HTTPS ports supported by Cloudflare:

Code:

Then you need to put Nginx in front of your torrent tracker. For example if you use Xbt Tracker you need to use Nginx rewrite like this, in "default.conf" or whatever you'd like to name it .conf in the conf.d folder:

Code:

server {



    listen       8080;



    server_name  localhost;

      location / {

      rewrite ^(.*)$ $1?ip=$remote_addr break; 

        proxy_pass http://127.0.0.1:2052/;

        proxy_redirect     off;

        proxy_set_header   Host                  $http_host;

    proxy_set_header   X-Real-IP        $remote_addr;

    proxy_set_header   X-Forwarded-For  $remote_addr;

    access_log off;

    log_not_found off;

      }

    }

Basically you would be running your tracker from port 2052 for example and then run Nginx proxied from port 8080. And then you would insert port 8080 in your torrents.

I think that's about it, you can look up how to add more options to Nginx like the amount of workers and keep alive time.

If you don't put Nginx in front of your tracker then the tracker will get all Cloudflare ip addresses and won't be able to communicate and track properly.

Also make another file in the Nginx conf.d folder called cloudflare.conf and put the following inside, this will allow you to get the real ips:

Code:

  set_real_ip_from 103.21.244.0/22;

    set_real_ip_from 103.22.200.0/22;

    set_real_ip_from 103.31.4.0/22;

    set_real_ip_from 104.16.0.0/12;

    set_real_ip_from 108.162.192.0/18;

    set_real_ip_from 131.0.72.0/22;

    set_real_ip_from 141.101.64.0/18;

    set_real_ip_from 162.158.0.0/15;

    set_real_ip_from 172.64.0.0/13;

    set_real_ip_from 173.245.48.0/20;

    set_real_ip_from 188.114.96.0/20;

    set_real_ip_from 190.93.240.0/20;

    set_real_ip_from 197.234.240.0/22;

    set_real_ip_from 198.41.128.0/17;



    set_real_ip_from 2400:cb00::/32;

    set_real_ip_from 2405:8100::/32;

    set_real_ip_from 2405:b500::/32;

    set_real_ip_from 2606:4700::/32;

    set_real_ip_from 2803:f800::/32;

    set_real_ip_from 2c0f:f248::/32;

    set_real_ip_from 2a06:98c0::/29;



    real_ip_header CF-Connecting-IP;

Enjoy. And monitor your database for the correct Ips to make sure it's working well.

SSL

Code:

#Tracker

server {



    listen 2083 ssl;

    ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_prefer_server_ciphers on;

    ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;

    server_name  localhost;

      location / {

      rewrite ^(.*)$ $1?ip=$remote_addr break; 

        proxy_pass http://127.0.0.1:8080/;

        proxy_redirect     off;

        proxy_set_header   Host                  $http_host;

    proxy_set_header   X-Real-IP        $remote_addr;

    proxy_set_header   X-Forwarded-For  $remote_addr;

    access_log off;

    log_not_found off;

      }

    }

Ive been trying to do the same with apache by adding:

Code:





   ProxyPreserveHost On

   ProxyPass http://mysite.xyz:2710/ retry=0

   ProxyPassReverse http://mysite.xyz:2710/



SSLEngine On

        SSLCertificateFile /etc/letsencrypt/live/mysite.xyz/fullchain.pem

        SSLCertificateKeyFile /etc/letsencrypt/live/mysite.xyz/privkey.pem

        Include /etc/letsencrypt/options-ssl-apache.conf

Its running on both ports, but the peers show server IP. Tried adding mod_remoteip, but it not working.

Has anyone been able to do this?

YMMV
Try this, it works with proxying xbt, but not tested with cloudflare:

Code:

    location ~ ^/(.*?)/announce$ {

        proxy_pass http://127.0.0.1:2710/$1/announce$is_args$args&ip=$remote_addr;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Host $remote_addr;

        proxy_pass_header Content-Type;

        proxy_pass_header Content-Disposition;

        proxy_pass_header Content-Length;

        proxy_buffering off;

        proxy_buffer_size 128k;

        proxy_busy_buffers_size 256k;

        proxy_buffers 4 256k;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection $http_connection;



        real_ip_recursive on;

    }

nginx variables to explain those used above. You may or may not need all of those headers.

Quote:

Originally Posted by darkalchemy (Post 54649)

YMMV
Try this, it works with proxying xbt, but not tested with cloudflare:

Code:

    location ~ ^/(.*?)/announce$ {

        proxy_pass http://127.0.0.1:2710/$1/announce$is_args$args&ip=$remote_addr;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Host $remote_addr;

        proxy_pass_header Content-Type;

        proxy_pass_header Content-Disposition;

        proxy_pass_header Content-Length;

        proxy_buffering off;

        proxy_buffer_size 128k;

        proxy_busy_buffers_size 256k;

        proxy_buffers 4 256k;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection $http_connection;



        real_ip_recursive on;

    }

nginx variables to explain those used above. You may or may not need all of those headers.

You don't want to use that code that you added. The code that I added is from the creator of the Xbt Tracker. And what it does is just rewrites all announces and scrapes to add the users ip in the string. This rewrite is needed because information is passing through Cloudflare and the users ip doesn't get passed on without this method.

I know this looks simple but that's all that's needed, trust me I've looked at what it does in the Xbt Tracker Access logs:

Code:

server {



    listen       8080;



    server_name  localhost;

      location / {

      rewrite ^(.*)$ $1?ip=$remote_addr break; 

        proxy_pass http://127.0.0.1:2052/;

        proxy_redirect     off;

        proxy_set_header   Host                  $http_host;

    proxy_set_header   X-Real-IP        $remote_addr;

    proxy_set_header   X-Forwarded-For  $remote_addr;

    access_log off;

    log_not_found off;

      }

    }

This is what it does:

Code:

servertime        (actual ip that's shown) = 127.0.0.1        (otherinfohere)        GET /users-passkey/announce?ip=users-ip-address-here&info_hash=users-hash-info&peer_id=-UT2210-&port=users-port-95865786767695&uploaded=0&downloaded=0&left=0&corrupt=0&key=59845y9ty8945y88&event=started&numwant=200&compact=1&no_peer_id=1&ipv6=users-ip-address-here HTTP/1.1

Why wouldn't I use the code I posted? I'm using it and it works as expected. My code proxies external https to internal http, so all external traffic is secure. Yours is http to http and it does not do the same thing.
Also, as posted by the author of xbt_tracker not all torrent clients include the ip address in the query string, my code adds it to the proxied url just in case it isn't already there.
And, I have logged the announce also, it looks like this

Code:

1589673357        127.0.0.1        37032        GET /blahblahblah/announce?info_hash=blahblahblah&peer_id=-qB4030-xRH7k*70(3me&port=8999&uploaded=0&downloaded=0&left=0&corrupt=0&key=6E012D46&event=stopped&numwant=0&compact=1&no_peer_id=1&supportcrypto=1&redundant=0&ip=ipaddress HTTP/1.0

I grant you that the buffers may not be needed, but I did google a bit and thats what I found to be recommended.

I have no issue with saying your code works, but I do have an issue with you saying mine does not.

In my searches, neither method (proxy_pass, rewrite) is recommended over the other, so it comes down to what you prefer. I could not find any evidence that one is faster than the other.

Trouble getting the real IP to XBT once proxied with NGINX

Quote:

Originally Posted by darkalchemy (Post 54649)

YMMV
Try this, it works with proxying xbt, but not tested with cloudflare:

Code:

    location ~ ^/(.*?)/announce$ {

        proxy_pass http://127.0.0.1:2710/$1/announce$is_args$args&ip=$remote_addr;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Host $remote_addr;

        proxy_pass_header Content-Type;

        proxy_pass_header Content-Disposition;

        proxy_pass_header Content-Length;

        proxy_buffering off;

        proxy_buffer_size 128k;

        proxy_busy_buffers_size 256k;

        proxy_buffers 4 256k;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection $http_connection;



        real_ip_recursive on;

    }

nginx variables to explain those used above. You may or may not need all of those headers.

I've been successfully using XBT on my HTTPS Apache powered site for about a year now but only running HTTP on the tracker. Decided to finally attempt securing my tracker and do have client connections working but no matter which NGINX config I try XBT still keeps getting 127.0.0.1 on all client IPs seen from my XBT debug page. Any ideas on what I'm doing wrong? My NGINX config is below. Thanks

Code:

# START REV-PROXY CONF

server {

    listen 8443 ssl http2;

    server_name tracker.example.com;



    ssl_certificate /etc/letsencrypt/live/tracker.example.com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/live/tracker.example.com/privkey.pem;

    ssl_trusted_certificate /etc/letsencrypt/live/tracker.example.com/chain.pem;

    include snippets/ssl.conf;



    location / {

      rewrite ^(.*)$ $1?ip=$remote_addr break;

      proxy_pass http://127.0.0.1:4000/;

      proxy_redirect     off;

      proxy_set_header   Host             $http_host;

      proxy_set_header   X-Real-IP        $remote_addr;

      proxy_set_header   X-Forwarded-For  $remote_addr;

      access_log off;

      log_not_found off;

    }

}

# END REV-PROXY CONF

Below is what I see on my XBT debug page with NGINX Rev-Proxy.

IPv4 IPv6 Port UID Seeder Modified Peer ID
127.0.0.1:: 51159 398 0 12.1 minutes

127.0.0.1:: 20035 28 1 28.0 seconds

Any and all help anyone can provide is greatly appreciated. Thanks again.