Bravo List - Xbt backend ssl

Bravo List (http://www.bvlist.com/index.php)

- Community Cafe (http://www.bvlist.com/forumdisplay.php?f=18)

- - Xbt backend ssl (http://www.bvlist.com/showthread.php?t=12174)

Xbt doesn't support ssl by default and I know it can be done with nginx. I've been trying for days now to configure this correctly, but the IPs of peers is showing the proxy IP and not the users.

Can anyone please share an example of nginx conf for xbt, that also shows real IP.

Regards ~

Quote:

Originally Posted by Napon (Post 54201)

https://certbot.eff.org/instructions

That's a free ssl certificate. It has nothing to do with xbt working on ssl with nginx reverse proxy.

can you please share your nginx conf file here others will get a better idea of how to help you fix it ;)

Quote:

Originally Posted by rio (Post 54203)

can you please share your nginx conf file here others will get a better idea of how to help you fix it ;)

My example:

events {
worker_connections 4096; ## Default: 1024
}
http {
server {
listen test.site.me:2083 ssl ;
ssl_certificate /etc/apache2/ssl/apache.crt;
ssl_certificate_key /etc/apache2/ssl/apache.key;
location / {
proxy_pass http://test.site.me:2710/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
error_log /var/log/nginx/error.log;
}
}
}

Xbt is running is running on 2710 as default. Proxy to secure 2083 works, but all peers have the server IP.

remove everything to do with ssl and just run certbot it will take are of things for you

Quote:

Originally Posted by rio (Post 54205)

remove everything to do with ssl and just run certbot it will take are of things for you

So if I have xbt running on 2710 can you give me an example of nginx config with cerbot please.

it will look something like this

Quote:

server {
listen 2087 ssl;
root /var/www/html;
server_name tracker.mysite.com;

index index.html index.php;

ssl_certificate /etc/letsencrypt/live/mysite.tk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.tk/privkey.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aEC DH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

error_log /var/log/nginx/tracker.mysite.com_error.log notice;
access_log /var/log/nginx/tracker.mysite.com_access.log main;

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
real_ip_header X-Forwarded-For;
include fastcgi.conf;
proxy_pass http://localhost:6670;
}

}

certbot will take care of adding the ssl

Will get back to you guys on progress.