I actually have my tracker behind Cloudflare because it helps with routing traffic for users with IPv6. If I wanted to I could add the DDOS protection as well but I use Page rules to bypass caching and a lot of other options.
Your page rules should look like this:
Code:
http://tracker.example.com:8080/*
Cache Level: Bypass
and
Code:
http://tracker.example.com:2052/*
Cache Level: Bypass
First you have to look up Cloudflares supported ports, use one that works for you. There's a list here:
By default, Cloudflare proxies traffic destined for the HTTP/HTTPS ports listed below.
HTTP ports supported by Cloudflare:
Code:
80
8080
8880
2052
2082
2086
2095
HTTPS ports supported by Cloudflare:
Code:
443
2053
2083
2087
2096
8443
Then you need to put Nginx in front of your torrent tracker. For example if you use Xbt Tracker you need to use Nginx rewrite like this, in "default.conf" or whatever you'd like to name it .conf in the conf.d folder:
Code:
server {
listen 8080;
server_name localhost;
location / {
rewrite ^(.*)$ $1?ip=$remote_addr break;
proxy_pass http://127.0.0.1:2052/;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
access_log off;
log_not_found off;
}
}
Basically you would be running your tracker from port 2052 for example and then run Nginx proxied from port 8080. And then you would insert port 8080 in your torrents.
I think that's about it, you can look up how to add more options to Nginx like the amount of workers and keep alive time.
If you don't put Nginx in front of your tracker then the tracker will get all Cloudflare ip addresses and won't be able to communicate and track properly.
Also make another file in the Nginx conf.d folder called cloudflare.conf and put the following inside, this will allow you to get the real ips:
Code:
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
real_ip_header CF-Connecting-IP;
Enjoy. And monitor your database for the correct Ips to make sure it's working well.