Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   xBTiT (http://www.bvlist.com/forumdisplay.php?f=30)
-   -   XBT tracker on Cloudflare (http://www.bvlist.com/showthread.php?t=10973)

nilim 24th September 2016 07:51
XBT tracker on Cloudflare
 
Can someone tell me how to put xbtit and xbt tracker on cloudflare. it blocks the 2710 port so torrents can not be connected. how to solve this?

TraceR 24th September 2016 09:42
Quote:
Originally Posted by nilim (Post 49402)
Can someone tell me how to put xbtit and xbt tracker on cloudflare. it blocks the 2710 port so torrents can not be connected. how to solve this?

not possible with present xbt will not work you need to modified and re-code to work on reverse proxy

which script you want to enable xbt with cloudflare i coded for tsue works with cloudflare

DND 24th September 2016 10:05
yes it works..
open port 2710 into cloudflare panel and server iptables
remove announce from cloudflare cache
add cloudflare ips to the whitelist on your server iptables
pray to GOD :):coffee:
that will do the trick :)

TraceR 24th September 2016 10:25
Quote:
Originally Posted by DND (Post 49404)
yes it works..
open port 2710 into cloudflare panel and server iptables
remove announce from cloudflare cache
add cloudflare ips to the whitelist on your server iptables
pray to GOD :):coffee:
that will do the trick :)
lol dont give wrong solutions if you dont know how it make it works..:muscle:

nilim 24th September 2016 13:03
Quote:
Originally Posted by TraceR (Post 49403)
not possible with present xbt will not work you need to modified and re-code to work on reverse proxy

which script you want to enable xbt with cloudflare i coded for tsue works with cloudflare
i am using xbtitFM 2.0 with modified xbt 2494. can you fix it?

DND 24th September 2016 20:39
i have xbt working on CF..
but mnehh.whatever:coffee:

nilim 25th September 2016 07:48
Quote:
Originally Posted by DND (Post 49408)
i have xbt working on CF..
but mnehh.whatever:coffee:
I tried to follow your info but how to open up port 2710 in CF free?

TraceR 25th September 2016 08:06
Quote:
Originally Posted by nilim (Post 49410)
I tried to follow your info but how to open up port 2710 in CF free?

lol he is just joking i think there is port change in CF you need to change port in xbt and still it will not work as CF filters it.. you need to recode it to work with reverse proxy..

Bump:
Quote:
Originally Posted by DND (Post 49408)
i have xbt working on CF..
but mnehh.whatever:coffee:
lol if you have why dont yu post it or help him providing proper info

DND 25th September 2016 12:37
i just told him what to do..
what do you mean i didnt post good info ?
i post exactly what i did to make it work

TraceR 25th September 2016 13:54
Quote:
Originally Posted by DND (Post 49412)
i just told him what to do..
what do you mean i didnt post good info ?
i post exactly what i did to make it work

:muscle: do you have cloudflare account go and login and show where do you have option to change port..

firefly007 26th September 2016 12:46
This is what you do m8

create a subdomain and use it for your announce URL and have you site url on CloudFlare... Problem solved :)

TraceR 29th September 2016 13:34
Quote:
Originally Posted by firefly007 (Post 49417)
This is what you do m8

create a subdomain and use it for your announce URL and have you site url on CloudFlare... Problem solved :)
you think it will solve the solution you think ddosers are n00bs

Raful 13th October 2016 13:59
Quote:
Originally Posted by TraceR (Post 49413)
:muscle: do you have cloudflare account go and login and show where do you have option to change port..
My Tracker announce url :


http://website.com/announce.php

I don't know what is thi port ?
and i can't find its port forward option in CF

DND 13th October 2016 19:04
if you use PHP announce what do you think the port is? :coffee:

fullcrumcake 23rd March 2020 20:44
XBT tracker on cloudflare using Nginx to help
 
I actually have my tracker behind Cloudflare because it helps with routing traffic for users with IPv6. If I wanted to I could add the DDOS protection as well but I use Page rules to bypass caching and a lot of other options.

Your page rules should look like this:

Code:
http://tracker.example.com:8080/*
    Cache Level: Bypass
and

Code:
http://tracker.example.com:2052/*
    Cache Level: Bypass

First you have to look up Cloudflares supported ports, use one that works for you. There's a list here:

By default, Cloudflare proxies traffic destined for the HTTP/HTTPS ports listed below.

HTTP ports supported by Cloudflare:

Code:
80
    8080
    8880
    2052
    2082
    2086
    2095
HTTPS ports supported by Cloudflare:

Code:
443
    2053
    2083
    2087
    2096
    8443
Then you need to put Nginx in front of your torrent tracker. For example if you use Xbt Tracker you need to use Nginx rewrite like this, in "default.conf" or whatever you'd like to name it .conf in the conf.d folder:

Code:
server {

    listen      8080;

    server_name  localhost;
      location / {
      rewrite ^(.*)$ $1?ip=$remote_addr break;
        proxy_pass http://127.0.0.1:2052/;
        proxy_redirect    off;
        proxy_set_header  Host                  $http_host;
    proxy_set_header  X-Real-IP        $remote_addr;
    proxy_set_header  X-Forwarded-For  $remote_addr;
    access_log off;
    log_not_found off;
      }
    }
Basically you would be running your tracker from port 2052 for example and then run Nginx proxied from port 8080. And then you would insert port 8080 in your torrents.

I think that's about it, you can look up how to add more options to Nginx like the amount of workers and keep alive time.

If you don't put Nginx in front of your tracker then the tracker will get all Cloudflare ip addresses and won't be able to communicate and track properly.

Also make another file in the Nginx conf.d folder called cloudflare.conf and put the following inside, this will allow you to get the real ips:

Code:
  set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 104.16.0.0/12;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 131.0.72.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;

    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2c0f:f248::/32;
    set_real_ip_from 2a06:98c0::/29;

    real_ip_header CF-Connecting-IP;

Enjoy. And monitor your database for the correct Ips to make sure it's working well.

madness85 1st April 2020 12:45
SSL
Code:
#Tracker
server {

    listen 2083 ssl;
    ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
    server_name  localhost;
      location / {
      rewrite ^(.*)$ $1?ip=$remote_addr break;
        proxy_pass http://127.0.0.1:8080/;
        proxy_redirect    off;
        proxy_set_header  Host                  $http_host;
    proxy_set_header  X-Real-IP        $remote_addr;
    proxy_set_header  X-Forwarded-For  $remote_addr;
    access_log off;
    log_not_found off;
      }
    }
Ive been trying to do the same with apache by adding:

Code:


  ProxyPreserveHost On
  ProxyPass http://mysite.xyz:2710/ retry=0
  ProxyPassReverse http://mysite.xyz:2710/

SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/mysite.xyz/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mysite.xyz/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
Its running on both ports, but the peers show server IP. Tried adding mod_remoteip, but it not working.

Has anyone been able to do this?

darkalchemy 1st April 2020 15:47
YMMV
Try this, it works with proxying xbt, but not tested with cloudflare:

Code:
    location ~ ^/(.*?)/announce$ {
        proxy_pass http://127.0.0.1:2710/$1/announce$is_args$args&ip=$remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $remote_addr;
        proxy_pass_header Content-Type;
        proxy_pass_header Content-Disposition;
        proxy_pass_header Content-Length;
        proxy_buffering off;
        proxy_buffer_size 128k;
        proxy_busy_buffers_size 256k;
        proxy_buffers 4 256k;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;

        real_ip_recursive on;
    }
nginx variables to explain those used above. You may or may not need all of those headers.

fullcrumcake 16th May 2020 23:05
Quote:
Originally Posted by darkalchemy (Post 54649)
YMMV
Try this, it works with proxying xbt, but not tested with cloudflare:

Code:
    location ~ ^/(.*?)/announce$ {
        proxy_pass http://127.0.0.1:2710/$1/announce$is_args$args&ip=$remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $remote_addr;
        proxy_pass_header Content-Type;
        proxy_pass_header Content-Disposition;
        proxy_pass_header Content-Length;
        proxy_buffering off;
        proxy_buffer_size 128k;
        proxy_busy_buffers_size 256k;
        proxy_buffers 4 256k;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;

        real_ip_recursive on;
    }
nginx variables to explain those used above. You may or may not need all of those headers.
You don't want to use that code that you added. The code that I added is from the creator of the Xbt Tracker. And what it does is just rewrites all announces and scrapes to add the users ip in the string. This rewrite is needed because information is passing through Cloudflare and the users ip doesn't get passed on without this method.

I know this looks simple but that's all that's needed, trust me I've looked at what it does in the Xbt Tracker Access logs:

Code:
server {

    listen      8080;

    server_name  localhost;
      location / {
      rewrite ^(.*)$ $1?ip=$remote_addr break;
        proxy_pass http://127.0.0.1:2052/;
        proxy_redirect    off;
        proxy_set_header  Host                  $http_host;
    proxy_set_header  X-Real-IP        $remote_addr;
    proxy_set_header  X-Forwarded-For  $remote_addr;
    access_log off;
    log_not_found off;
      }
    }
This is what it does:

Code:
servertime        (actual ip that's shown) = 127.0.0.1        (otherinfohere)        GET /users-passkey/announce?ip=users-ip-address-here&info_hash=users-hash-info&peer_id=-UT2210-&port=users-port-95865786767695&uploaded=0&downloaded=0&left=0&corrupt=0&key=59845y9ty8945y88&event=started&numwant=200&compact=1&no_peer_id=1&ipv6=users-ip-address-here HTTP/1.1

darkalchemy 17th May 2020 02:01
Why wouldn't I use the code I posted? I'm using it and it works as expected. My code proxies external https to internal http, so all external traffic is secure. Yours is http to http and it does not do the same thing.
Also, as posted by the author of xbt_tracker not all torrent clients include the ip address in the query string, my code adds it to the proxied url just in case it isn't already there.
And, I have logged the announce also, it looks like this
Code:
1589673357        127.0.0.1        37032        GET /blahblahblah/announce?info_hash=blahblahblah&peer_id=-qB4030-xRH7k*70(3me&port=8999&uploaded=0&downloaded=0&left=0&corrupt=0&key=6E012D46&event=stopped&numwant=0&compact=1&no_peer_id=1&supportcrypto=1&redundant=0&ip=ipaddress HTTP/1.0
I grant you that the buffers may not be needed, but I did google a bit and thats what I found to be recommended.

I have no issue with saying your code works, but I do have an issue with you saying mine does not.

In my searches, neither method (proxy_pass, rewrite) is recommended over the other, so it comes down to what you prefer. I could not find any evidence that one is faster than the other.

protocolprowler 12th April 2021 06:34
Trouble getting the real IP to XBT once proxied with NGINX
 
Quote:
Originally Posted by darkalchemy (Post 54649)
YMMV
Try this, it works with proxying xbt, but not tested with cloudflare:

Code:
    location ~ ^/(.*?)/announce$ {
        proxy_pass http://127.0.0.1:2710/$1/announce$is_args$args&ip=$remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $remote_addr;
        proxy_pass_header Content-Type;
        proxy_pass_header Content-Disposition;
        proxy_pass_header Content-Length;
        proxy_buffering off;
        proxy_buffer_size 128k;
        proxy_busy_buffers_size 256k;
        proxy_buffers 4 256k;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;

        real_ip_recursive on;
    }
nginx variables to explain those used above. You may or may not need all of those headers.

I've been successfully using XBT on my HTTPS Apache powered site for about a year now but only running HTTP on the tracker. Decided to finally attempt securing my tracker and do have client connections working but no matter which NGINX config I try XBT still keeps getting 127.0.0.1 on all client IPs seen from my XBT debug page. Any ideas on what I'm doing wrong? My NGINX config is below. Thanks


Code:
# START REV-PROXY CONF
server {
    listen 8443 ssl http2;
    server_name tracker.example.com;

    ssl_certificate /etc/letsencrypt/live/tracker.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/tracker.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/tracker.example.com/chain.pem;
    include snippets/ssl.conf;

    location / {
      rewrite ^(.*)$ $1?ip=$remote_addr break;
      proxy_pass http://127.0.0.1:4000/;
      proxy_redirect    off;
      proxy_set_header  Host            $http_host;
      proxy_set_header  X-Real-IP        $remote_addr;
      proxy_set_header  X-Forwarded-For  $remote_addr;
      access_log off;
      log_not_found off;
    }
}
# END REV-PROXY CONF
Below is what I see on my XBT debug page with NGINX Rev-Proxy.

IPv4 IPv6 Port UID Seeder Modified Peer ID
127.0.0.1:: 51159 398 0 12.1 minutes

127.0.0.1:: 20035 28 1 28.0 seconds


Any and all help anyone can provide is greatly appreciated. Thanks again.

darkalchemy 12th April 2021 12:35
You quote my post but you aren't using it. I don't use it with cloudflare, but I have been using that config for more than a year.

This line sends all of the query params and adds the ip, just in case, to XBT
Code:
proxy_pass http://127.0.0.1:2710/$1/announce$is_args$args&ip=$remote_addr;
I am not an expert with nginx, but I think this line just rewrites the incoming url and does nothing for XBT
Code:
rewrite ^(.*)$ $1?ip=$remote_addr break;
since this line is what is sent to XBT
Code:
proxy_pass http://127.0.0.1:4000/;
Maybe try getting SSL to works without Cloudflare. Once you have that working move on to Cloudflare.
Hope you get it sorted.

protocolprowler 13th April 2021 00:57
I should have been more clear, let me try that agian
 
I found both NGINX configurations listed in the feed to get client connections working. Like you, I'm not involving Cloudflare either my trouble is nether solution get the clients public IPs to my XBT.

Code:
# START REV-PROXY CONF
server {
    listen 8443 ssl http2;
    server_name tracker.example.com;

    ssl_certificate /etc/letsencrypt/live/tracker.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/tracker.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/tracker.example.com/chain.pem;
    include snippets/ssl.conf;

    location ~ ^/(.*?)/announce$ {
        proxy_pass http://127.0.0.1:4000/$1/announce$is_args$args&ip=$remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $remote_addr;
        proxy_pass_header Content-Type;
        proxy_pass_header Content-Disposition;
        proxy_pass_header Content-Length;
        proxy_buffering off;
        proxy_buffer_size 128k;
        proxy_busy_buffers_size 256k;
        proxy_buffers 4 256k;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;

        real_ip_recursive on;
    }
}
# END REV-PROXY CONF
I've even tried disabling all the SSL config and certs and just rev-proxy from 8443 to to 4000 I still lose my client IPs. I'm grasping at straws here...could it be my version of XBT or some requirement in my XBT config? (everything else about my XBT is working)

This is the copy of XBT that I'm currently using.
wget https://github.com/OlafvdSpek/xbt/archive/master.zip

Thanks again for always replying to my questions but I understand I'm asking for your time. I would be glad to toss a PayPal donation your way or repay the favor with my skills somehow.

darkalchemy 13th April 2021 01:16
The only difference that I see in what you are using compared with mine is you don't have
Code:
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
which may be included in your
Code:
include snippets/ssl.conf;
and you can remove http2 from
Code:
listen 8443 ssl http2;
as you are not sending files, so is not any benefit, but I can't say it will improve connection speed or performance.

Also, I have recently change this to on
Code:
proxy_buffering off;
as I think it was a typo, originally.

Just to be sure, you have XBT listening on port 4000?

My debug page shows the real ip address of the clients.

Otherwise, I don't see any issues.

protocolprowler 13th April 2021 02:48
Troubleshooting continued
 
Yes, my XBT is listening on port 4000 which is actively working correctly via HTTP.



I don't think it's the SSL config because I lose the real client IPs with SSL completely disabled, but here is my SSL config.

vi /etc/nginx/snippets/ssl.conf
Code:
# START SSL CONF
ssl_dhparam /etc/ssl/certs/dhparam.pem;

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 30s;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
# END SSL CONF
Here is my current XBT config w/ private info cleared
Code:
mysql_host = localhost
mysql_user = svc_account
mysql_password = *********
mysql_database = mydatebase
announce_interval=1800
anonymous_announce=0
anonymous_scrape=0
auto_register=0
clean_up_interval=15
daemon=1
debug=0
full_scrape=0
listen_ipa *
listen_port=4000
log_access=0
log_announce=1
log_scrape=0
read_config_interval=20
read_db_interval=15
write_db_interval=15
scrape_interval=0
table_files=torrents
query_log=query_log.txt
I'm soooo close its too hard to give up now... :mad:

Bump: I've now taken captures from my loopback on my XBT listening port 4000 so i can just see traffic forwarded from NGINX. Both config options show x-forwarded-for and others populated with the real client IP. (see images)
Is there some mod version of XBT that understands forwarded header data?

https://i.ibb.co/6sh5ygC/cap1.pnghttps://i.ibb.co/Ps2gnHj/cap2.png

darkalchemy 13th April 2021 23:53
XBT gets the ip address from the query parameter ip.

That's why I specifically add it to the query string here

Code:
proxy_pass http://127.0.0.1:4000/$1/announce$is_args$args& => ip=$remote_addr <=;
as some clients do not also include the ip.

protocolprowler 14th April 2021 04:48
parameter ip not processed by XBT tracker
 
I've deeply tested both NGINX configuration options and both successfully input the parameter ip into the /GET URL. However, I'm still seeing only the loopback IP on my debug page. Here is some output from my XBT access log (IP & PID masked).



Code:
1618364669    ::ffff:127.0.0.1    51354    GET /d005231e*****7fa30ff8bf0378/announce?info_hash=b%60%7F%FBw%E1%CD%CA%CC%12%29%00%82%06%D8%B6%CB%24%18y&peer_id=-lt0D60-%15l%DCj%3A%B7g%23%03%91%A0%86&key=29b87ff9&compact=1&port=20035&uploaded=0&downloaded=8952338711&left=0&ip=188.209.**.9 HTTP/1.0
I can't read C code so I'm not confident in my understanding of tracker_input.cpp.



What else could be preventing XBT from ingesting the IP in the URL? Do I need an XBT mod?



Thanks for sticking with me on this subject. :cool:

darkalchemy 14th April 2021 05:25
What does the XBT access log show for the same connection?

Show 2 from each so we can compare.

protocolprowler 14th April 2021 07:06
Both NGINX configs with access logs from two clients
 
FOR REFERANCE WITHOUT NGINX (WORKING)


Code:
1618375670    ::ffff:188.209.**.9    44016    GET /d005231e8f5******a30ff8bf0378/announce?info_hash=%B82%B5%0A%A2%F8x%1CS%24%8E%A6%DC%2A%FA%40%E5%BFz%EB&peer_id=-lt0D60-%F6G%D3%0C%B1%9Bdz%A9%D6%1D%87&key=485194ee&compact=1&port=20035&uploaded=0&downloaded=0&left=0 HTTP/1.1
OPTION 1 - NGINX CONFIG

Code:

# START REV-PROXY CONF
server {
    listen 8443 ssl;
    server_name tracker.******.club;

    ssl_certificate /etc/letsencrypt/live/tracker.******.club/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/tracker.******.club/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/tracker.******.club/chain.pem;
    include snippets/ssl.conf;

    location ~ ^/(.*?)/announce$ {
        proxy_pass http://127.0.0.1:4000/$1/announce$is_args$args&ip=$remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $remote_addr;
        proxy_pass_header Content-Type;
        proxy_pass_header Content-Disposition;
        proxy_pass_header Content-Length;
        proxy_buffering on;
        proxy_buffer_size 128k;
        proxy_busy_buffers_size 256k;
        proxy_buffers 4 256k;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;

        real_ip_recursive on;
    }
}
# END REV-PROXY CONF
OPTION 1 - ACCESS LOG FROM TWO CLIENTS
Code:
1618375162    ::ffff:127.0.0.1    51474    GET /03260510******d7d0405e2b449/announce?info_hash=X8e%B0%838%7C%40%C4%A6%2C%29%A8%3B%BE%A31uH%EF&peer_id=-lt0D60-%D7ePZ%DA%93%23%7E%BF%12%2F%8B&key=726ad0f6&compact=1&port=20035&uploaded=0&downloaded=0&left=0&ip=188.209.**.9 HTTP/1.0

1618375695    ::ffff:127.0.0.1    51488    GET /d005231e8f*******0ff8bf0378/announce?info_hash=%f7%d1%19%ad%01(%7c%b0H%3a%ad%b0%11*%f6%8e%16%fb%8c%9a&peer_id=-qB4250-X5Is.YF9Il08&port=3999&uploaded=0&downloaded=0&left=0&corrupt=0&key=19C2643D&event=started&numwant=200&compact=1&no_peer_id=1&supportcrypto=1&redundant=0&ip=73.97.**.21 HTTP/1.0
OPTION 2 - NGINX CONFIG
Code:
# START REV-PROXY CONF
server {
    listen 8443 ssl;
    server_name tracker.******.club;

    ssl_certificate /etc/letsencrypt/live/tracker.******.club/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/tracker.******.club/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/tracker.******.club/chain.pem;
    include snippets/ssl.conf;

    location / {
      rewrite ^(.*)$ $1?ip=$remote_addr break;
      proxy_pass http://127.0.0.1:4000/;
      proxy_redirect    off;
      proxy_set_header  Host            $http_host;
      proxy_set_header  X-Real-IP        $remote_addr;
      proxy_set_header  X-Forwarded-For  $remote_addr;
      access_log off;
      log_not_found off;
    }
}
# END REV-PROXY CONF
OPTION 2 - ACCESS LOG FROM TWO CLIENTS
Code:
1618374805    ::ffff:127.0.0.1    51472    GET /03260510d*******7d0405e2b449/announce?ip=188.209.**.9&info_hash=X8e%B0%838%7C%40%C4%A6%2C%29%A8%3B%BE%A31uH%EF&peer_id=-lt0D60-%D7ePZ%DA%93%23%7E%BF%12%2F
%8B&key=726ad0f6&compact=1&port=20035&uploaded=0&downloaded=0&left=0 HTTP/1.0

1618374597    ::ffff:127.0.0.1    51470    GET /d005231e8f********30ff8bf0378/announce?ip=73.97.**.21&info_hash=%f7%d1%19%ad%01(%7c%b0H%3a%ad%b0%11*%f6%8e%16%fb%8c%9a&peer_id=-qB4250-(E7w0(MtA5jP&port=3999&uploaded=0&downloaded=0&left=0&corrupt=0&key=D0A6C2B3&event=started&numwant=200&compact=1&no_peer_id=1&supportcrypto=1&redundant=0 HTTP/1.0
Thanks again for your help and time with this! :sos:

darkalchemy 14th April 2021 07:20
The IP is being passed to XBT, so the issue is not your nginx config. I don't use a stock version of XBT so I can't say with certainty that there isn't an issue with XBT. But my version only differs slightly where it's checking for the IP address.

Maybe someone else can speak up and offer some insight?


Are you running XBT on the same machine as the client you are testing with?

protocolprowler 14th April 2021 07:39
No my XBT tracker is cloud hosted with my custom front-end project. My clients are runnings on other seedboxes.



I'm dying to get my tracker secured...Any chance you could share your version of just XBT tracker? Or the modifications to make it process the IP parameter?

darkalchemy 14th April 2021 12:11
What you need to do next is compare an xbt announce that is from client directly to xbt. What is the difference in what it's receiving?

Bump: Your issue just reminded me that I had the same issue after he changed the codebase for ipv6. Read and follow the instructions here and you should be good to go.

https://github.com/OlafvdSpek/xbt/issues/94

protocolprowler 14th April 2021 19:57
That worked! Thank you.
 
You would think out of all searches I did one of them would have revealed that issue on Github. :smack:



Thanks again for digging that up for me!

darkalchemy 14th April 2021 20:49
No problem

firefly007 7th May 2021 10:14
Fix Cloudflare problems with your announce
 
I dont know if this thread is dead meaning u found a fix but if u haven't u could try and host your announce on a sub-domain. Obviously the sub-domain wont utilize cloudflare


All times are GMT +2. The time now is 12:08.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.