Bravo List
Register
Go Back   > Bravo List > P2P > Forum > Community Cafe
Reply
  #1  
Old 2nd November 2019, 22:05
madness85 madness85 is offline
Senior Member
 
Join Date: Jun 2017
Posts: 17
Default Xbt backend ssl
Xbt doesn't support ssl by default and I know it can be done with nginx. I've been trying for days now to configure this correctly, but the IPs of peers is showing the proxy IP and not the users.

Can anyone please share an example of nginx conf for xbt, that also shows real IP.

Regards ~
Reply With Quote
  #2  
Old 2nd November 2019, 23:20
Napon Napon is offline
Banned
 
Join Date: Feb 2016
P2P
Posts: 522
Default
https://certbot.eff.org/instructions
Reply With Quote
  #3  
Old 2nd November 2019, 23:34
madness85 madness85 is offline
Senior Member
 
Join Date: Jun 2017
Posts: 17
Default
Quote:
Originally Posted by Napon View Post
That's a free ssl certificate. It has nothing to do with xbt working on ssl with nginx reverse proxy.
Reply With Quote
  #4  
Old 2nd November 2019, 23:47
rio rio is offline
Senior Member
 
Join Date: May 2019
P2P
Posts: 55
Default
can you please share your nginx conf file here others will get a better idea of how to help you fix it ;)
Reply With Quote
  #5  
Old 2nd November 2019, 23:55
madness85 madness85 is offline
Senior Member
 
Join Date: Jun 2017
Posts: 17
Default
Quote:
Originally Posted by rio View Post
can you please share your nginx conf file here others will get a better idea of how to help you fix it ;)
My example:

events {
worker_connections 4096; ## Default: 1024
}
http {
server {
listen test.site.me:2083 ssl ;
ssl_certificate /etc/apache2/ssl/apache.crt;
ssl_certificate_key /etc/apache2/ssl/apache.key;
location / {
proxy_pass http://test.site.me:2710/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
error_log /var/log/nginx/error.log;
}
}
}


Xbt is running is running on 2710 as default. Proxy to secure 2083 works, but all peers have the server IP.
Reply With Quote
  #6  
Old 3rd November 2019, 00:00
rio rio is offline
Senior Member
 
Join Date: May 2019
P2P
Posts: 55
Default
remove everything to do with ssl and just run certbot it will take are of things for you
Reply With Quote
  #7  
Old 3rd November 2019, 00:03
madness85 madness85 is offline
Senior Member
 
Join Date: Jun 2017
Posts: 17
Default
Quote:
Originally Posted by rio View Post
remove everything to do with ssl and just run certbot it will take are of things for you
So if I have xbt running on 2710 can you give me an example of nginx config with cerbot please.
Reply With Quote
  #8  
Old 3rd November 2019, 00:13
rio rio is offline
Senior Member
 
Join Date: May 2019
P2P
Posts: 55
Default
it will look something like this



Quote:
server {
listen 2087 ssl;
root /var/www/html;
server_name tracker.mysite.com;

index index.html index.php;

ssl_certificate /etc/letsencrypt/live/mysite.tk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.tk/privkey.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aEC DH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

error_log /var/log/nginx/tracker.mysite.com_error.log notice;
access_log /var/log/nginx/tracker.mysite.com_access.log main;

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
real_ip_header X-Forwarded-For;
include fastcgi.conf;
proxy_pass http://localhost:6670;
}

}


certbot will take care of adding the ssl
Reply With Quote
The Following User Says Thank You to rio For This Useful Post:
madness85 (3rd November 2019)
  #9  
Old 3rd November 2019, 00:24
madness85 madness85 is offline
Senior Member
 
Join Date: Jun 2017
Posts: 17
Default
Will get back to you guys on progress.
Reply With Quote
  #10  
Old 3rd November 2019, 00:25
rio rio is offline
Senior Member
 
Join Date: May 2019
P2P
Posts: 55
Default
k good luck ;)
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 17:13. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.