|
#21
|
|||
|
|||
You quote my post but you aren't using it. I don't use it with cloudflare, but I have been using that config for more than a year.
This line sends all of the query params and adds the ip, just in case, to XBT Code:
proxy_pass http://127.0.0.1:2710/$1/announce$is_args$args&ip=$remote_addr; Code:
rewrite ^(.*)$ $1?ip=$remote_addr break; Code:
proxy_pass http://127.0.0.1:4000/; Hope you get it sorted. |
#22
|
||||
|
||||
I should have been more clear, let me try that agian
I found both NGINX configurations listed in the feed to get client connections working. Like you, I'm not involving Cloudflare either my trouble is nether solution get the clients public IPs to my XBT.
Code:
# START REV-PROXY CONF server { listen 8443 ssl http2; server_name tracker.example.com; ssl_certificate /etc/letsencrypt/live/tracker.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/tracker.example.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/tracker.example.com/chain.pem; include snippets/ssl.conf; location ~ ^/(.*?)/announce$ { proxy_pass http://127.0.0.1:4000/$1/announce$is_args$args&ip=$remote_addr; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $remote_addr; proxy_pass_header Content-Type; proxy_pass_header Content-Disposition; proxy_pass_header Content-Length; proxy_buffering off; proxy_buffer_size 128k; proxy_busy_buffers_size 256k; proxy_buffers 4 256k; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; real_ip_recursive on; } } # END REV-PROXY CONF This is the copy of XBT that I'm currently using. wget https://github.com/OlafvdSpek/xbt/archive/master.zip Thanks again for always replying to my questions but I understand I'm asking for your time. I would be glad to toss a PayPal donation your way or repay the favor with my skills somehow. Last edited by protocolprowler; 13th April 2021 at 01:24. |
#23
|
|||
|
|||
The only difference that I see in what you are using compared with mine is you don't have
Code:
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; Code:
include snippets/ssl.conf; Code:
listen 8443 ssl http2; Also, I have recently change this to on Code:
proxy_buffering off; Just to be sure, you have XBT listening on port 4000? My debug page shows the real ip address of the clients. Otherwise, I don't see any issues. |
#24
|
||||
|
||||
Troubleshooting continued
Yes, my XBT is listening on port 4000 which is actively working correctly via HTTP.
I don't think it's the SSL config because I lose the real client IPs with SSL completely disabled, but here is my SSL config. vi /etc/nginx/snippets/ssl.conf Code:
# START SSL CONF ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 30s; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; # END SSL CONF Code:
mysql_host = localhost mysql_user = svc_account mysql_password = ********* mysql_database = mydatebase announce_interval=1800 anonymous_announce=0 anonymous_scrape=0 auto_register=0 clean_up_interval=15 daemon=1 debug=0 full_scrape=0 listen_ipa * listen_port=4000 log_access=0 log_announce=1 log_scrape=0 read_config_interval=20 read_db_interval=15 write_db_interval=15 scrape_interval=0 table_files=torrents query_log=query_log.txt Bump: I've now taken captures from my loopback on my XBT listening port 4000 so i can just see traffic forwarded from NGINX. Both config options show x-forwarded-for and others populated with the real client IP. (see images) Is there some mod version of XBT that understands forwarded header data? Last edited by protocolprowler; 14th April 2021 at 01:26. |
#25
|
|||
|
|||
XBT gets the ip address from the query parameter ip.
That's why I specifically add it to the query string here Code:
proxy_pass http://127.0.0.1:4000/$1/announce$is_args$args& => ip=$remote_addr <=; |
#26
|
||||
|
||||
parameter ip not processed by XBT tracker
I've deeply tested both NGINX configuration options and both successfully input the parameter ip into the /GET URL. However, I'm still seeing only the loopback IP on my debug page. Here is some output from my XBT access log (IP & PID masked).
Code:
1618364669 ::ffff:127.0.0.1 51354 GET /d005231e*****7fa30ff8bf0378/announce?info_hash=b%60%7F%FBw%E1%CD%CA%CC%12%29%00%82%06%D8%B6%CB%24%18y&peer_id=-lt0D60-%15l%DCj%3A%B7g%23%03%91%A0%86&key=29b87ff9&compact=1&port=20035&uploaded=0&downloaded=8952338711&left=0&ip=188.209.**.9 HTTP/1.0 What else could be preventing XBT from ingesting the IP in the URL? Do I need an XBT mod? Thanks for sticking with me on this subject. |
#27
|
|||
|
|||
What does the XBT access log show for the same connection?
Show 2 from each so we can compare. |
#28
|
||||
|
||||
Both NGINX configs with access logs from two clients
FOR REFERANCE WITHOUT NGINX (WORKING)
Code:
1618375670 ::ffff:188.209.**.9 44016 GET /d005231e8f5******a30ff8bf0378/announce?info_hash=%B82%B5%0A%A2%F8x%1CS%24%8E%A6%DC%2A%FA%40%E5%BFz%EB&peer_id=-lt0D60-%F6G%D3%0C%B1%9Bdz%A9%D6%1D%87&key=485194ee&compact=1&port=20035&uploaded=0&downloaded=0&left=0 HTTP/1.1 Code:
# START REV-PROXY CONF server { listen 8443 ssl; server_name tracker.******.club; ssl_certificate /etc/letsencrypt/live/tracker.******.club/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/tracker.******.club/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/tracker.******.club/chain.pem; include snippets/ssl.conf; location ~ ^/(.*?)/announce$ { proxy_pass http://127.0.0.1:4000/$1/announce$is_args$args&ip=$remote_addr; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $remote_addr; proxy_pass_header Content-Type; proxy_pass_header Content-Disposition; proxy_pass_header Content-Length; proxy_buffering on; proxy_buffer_size 128k; proxy_busy_buffers_size 256k; proxy_buffers 4 256k; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; real_ip_recursive on; } } # END REV-PROXY CONF Code:
1618375162 ::ffff:127.0.0.1 51474 GET /03260510******d7d0405e2b449/announce?info_hash=X8e%B0%838%7C%40%C4%A6%2C%29%A8%3B%BE%A31uH%EF&peer_id=-lt0D60-%D7ePZ%DA%93%23%7E%BF%12%2F%8B&key=726ad0f6&compact=1&port=20035&uploaded=0&downloaded=0&left=0&ip=188.209.**.9 HTTP/1.0 1618375695 ::ffff:127.0.0.1 51488 GET /d005231e8f*******0ff8bf0378/announce?info_hash=%f7%d1%19%ad%01(%7c%b0H%3a%ad%b0%11*%f6%8e%16%fb%8c%9a&peer_id=-qB4250-X5Is.YF9Il08&port=3999&uploaded=0&downloaded=0&left=0&corrupt=0&key=19C2643D&event=started&numwant=200&compact=1&no_peer_id=1&supportcrypto=1&redundant=0&ip=73.97.**.21 HTTP/1.0 Code:
# START REV-PROXY CONF server { listen 8443 ssl; server_name tracker.******.club; ssl_certificate /etc/letsencrypt/live/tracker.******.club/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/tracker.******.club/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/tracker.******.club/chain.pem; include snippets/ssl.conf; location / { rewrite ^(.*)$ $1?ip=$remote_addr break; proxy_pass http://127.0.0.1:4000/; proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; access_log off; log_not_found off; } } # END REV-PROXY CONF Code:
1618374805 ::ffff:127.0.0.1 51472 GET /03260510d*******7d0405e2b449/announce?ip=188.209.**.9&info_hash=X8e%B0%838%7C%40%C4%A6%2C%29%A8%3B%BE%A31uH%EF&peer_id=-lt0D60-%D7ePZ%DA%93%23%7E%BF%12%2F %8B&key=726ad0f6&compact=1&port=20035&uploaded=0&downloaded=0&left=0 HTTP/1.0 1618374597 ::ffff:127.0.0.1 51470 GET /d005231e8f********30ff8bf0378/announce?ip=73.97.**.21&info_hash=%f7%d1%19%ad%01(%7c%b0H%3a%ad%b0%11*%f6%8e%16%fb%8c%9a&peer_id=-qB4250-(E7w0(MtA5jP&port=3999&uploaded=0&downloaded=0&left=0&corrupt=0&key=D0A6C2B3&event=started&numwant=200&compact=1&no_peer_id=1&supportcrypto=1&redundant=0 HTTP/1.0 |
#29
|
|||
|
|||
The IP is being passed to XBT, so the issue is not your nginx config. I don't use a stock version of XBT so I can't say with certainty that there isn't an issue with XBT. But my version only differs slightly where it's checking for the IP address.
Maybe someone else can speak up and offer some insight? Are you running XBT on the same machine as the client you are testing with? |
#30
|
||||
|
||||
No my XBT tracker is cloud hosted with my custom front-end project. My clients are runnings on other seedboxes.
I'm dying to get my tracker secured...Any chance you could share your version of just XBT tracker? Or the modifications to make it process the IP parameter? |
Tags |
cloudflare , tracker , xbt |
|
|