Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > xBTiT
Reply
  #21  
Old 12th April 2021, 12:35
darkalchemy darkalchemy is offline
Administrator
 
Join Date: Dec 2017
United States
Posts: 101
Default
You quote my post but you aren't using it. I don't use it with cloudflare, but I have been using that config for more than a year.

This line sends all of the query params and adds the ip, just in case, to XBT
Code:
proxy_pass http://127.0.0.1:2710/$1/announce$is_args$args&ip=$remote_addr;
I am not an expert with nginx, but I think this line just rewrites the incoming url and does nothing for XBT
Code:
rewrite ^(.*)$ $1?ip=$remote_addr break;
since this line is what is sent to XBT
Code:
proxy_pass http://127.0.0.1:4000/;
Maybe try getting SSL to works without Cloudflare. Once you have that working move on to Cloudflare.
Hope you get it sorted.
Reply With Quote
  #22  
Old 13th April 2021, 00:57
protocolprowler's Avatar
protocolprowler protocolprowler is offline
Member
 
Join Date: Aug 2020
Posts: 9
Default I should have been more clear, let me try that agian
I found both NGINX configurations listed in the feed to get client connections working. Like you, I'm not involving Cloudflare either my trouble is nether solution get the clients public IPs to my XBT.

Code:
# START REV-PROXY CONF
server {
    listen 8443 ssl http2;
    server_name tracker.example.com;

    ssl_certificate /etc/letsencrypt/live/tracker.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/tracker.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/tracker.example.com/chain.pem;
    include snippets/ssl.conf;

    location ~ ^/(.*?)/announce$ {
        proxy_pass http://127.0.0.1:4000/$1/announce$is_args$args&ip=$remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $remote_addr;
        proxy_pass_header Content-Type;
        proxy_pass_header Content-Disposition;
        proxy_pass_header Content-Length;
        proxy_buffering off;
        proxy_buffer_size 128k;
        proxy_busy_buffers_size 256k;
        proxy_buffers 4 256k;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;

        real_ip_recursive on;
    }
}
# END REV-PROXY CONF
I've even tried disabling all the SSL config and certs and just rev-proxy from 8443 to to 4000 I still lose my client IPs. I'm grasping at straws here...could it be my version of XBT or some requirement in my XBT config? (everything else about my XBT is working)

This is the copy of XBT that I'm currently using.
wget https://github.com/OlafvdSpek/xbt/archive/master.zip

Thanks again for always replying to my questions but I understand I'm asking for your time. I would be glad to toss a PayPal donation your way or repay the favor with my skills somehow.

Last edited by protocolprowler; 13th April 2021 at 01:24.
Reply With Quote
  #23  
Old 13th April 2021, 01:16
darkalchemy darkalchemy is offline
Administrator
 
Join Date: Dec 2017
United States
Posts: 101
Default
The only difference that I see in what you are using compared with mine is you don't have
Code:
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
which may be included in your
Code:
include snippets/ssl.conf;
and you can remove http2 from
Code:
listen 8443 ssl http2;
as you are not sending files, so is not any benefit, but I can't say it will improve connection speed or performance.

Also, I have recently change this to on
Code:
proxy_buffering off;
as I think it was a typo, originally.

Just to be sure, you have XBT listening on port 4000?

My debug page shows the real ip address of the clients.

Otherwise, I don't see any issues.
Reply With Quote
  #24  
Old 13th April 2021, 02:48
protocolprowler's Avatar
protocolprowler protocolprowler is offline
Member
 
Join Date: Aug 2020
Posts: 9
Default Troubleshooting continued
Yes, my XBT is listening on port 4000 which is actively working correctly via HTTP.



I don't think it's the SSL config because I lose the real client IPs with SSL completely disabled, but here is my SSL config.

vi /etc/nginx/snippets/ssl.conf
Code:
# START SSL CONF
ssl_dhparam /etc/ssl/certs/dhparam.pem;

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 30s;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
# END SSL CONF
Here is my current XBT config w/ private info cleared
Code:
mysql_host = localhost
mysql_user = svc_account
mysql_password = *********
mysql_database = mydatebase
announce_interval=1800
anonymous_announce=0
anonymous_scrape=0
auto_register=0
clean_up_interval=15
daemon=1
debug=0
full_scrape=0
listen_ipa *
listen_port=4000
log_access=0
log_announce=1
log_scrape=0
read_config_interval=20
read_db_interval=15
write_db_interval=15
scrape_interval=0
table_files=torrents
query_log=query_log.txt
I'm soooo close its too hard to give up now...

Bump: I've now taken captures from my loopback on my XBT listening port 4000 so i can just see traffic forwarded from NGINX. Both config options show x-forwarded-for and others populated with the real client IP. (see images)
Is there some mod version of XBT that understands forwarded header data?

Click the image to open in full size.Click the image to open in full size.

Last edited by protocolprowler; 14th April 2021 at 01:26.
Reply With Quote
  #25  
Old 13th April 2021, 23:53
darkalchemy darkalchemy is offline
Administrator
 
Join Date: Dec 2017
United States
Posts: 101
Default
XBT gets the ip address from the query parameter ip.

That's why I specifically add it to the query string here

Code:
proxy_pass http://127.0.0.1:4000/$1/announce$is_args$args& => ip=$remote_addr <=;
as some clients do not also include the ip.
Reply With Quote
  #26  
Old 14th April 2021, 04:48
protocolprowler's Avatar
protocolprowler protocolprowler is offline
Member
 
Join Date: Aug 2020
Posts: 9
Default parameter ip not processed by XBT tracker
I've deeply tested both NGINX configuration options and both successfully input the parameter ip into the /GET URL. However, I'm still seeing only the loopback IP on my debug page. Here is some output from my XBT access log (IP & PID masked).



Code:
1618364669    ::ffff:127.0.0.1    51354    GET /d005231e*****7fa30ff8bf0378/announce?info_hash=b%60%7F%FBw%E1%CD%CA%CC%12%29%00%82%06%D8%B6%CB%24%18y&peer_id=-lt0D60-%15l%DCj%3A%B7g%23%03%91%A0%86&key=29b87ff9&compact=1&port=20035&uploaded=0&downloaded=8952338711&left=0&ip=188.209.**.9 HTTP/1.0
I can't read C code so I'm not confident in my understanding of tracker_input.cpp.



What else could be preventing XBT from ingesting the IP in the URL? Do I need an XBT mod?



Thanks for sticking with me on this subject.
Reply With Quote
  #27  
Old 14th April 2021, 05:25
darkalchemy darkalchemy is offline
Administrator
 
Join Date: Dec 2017
United States
Posts: 101
Default
What does the XBT access log show for the same connection?

Show 2 from each so we can compare.
Reply With Quote
  #28  
Old 14th April 2021, 07:06
protocolprowler's Avatar
protocolprowler protocolprowler is offline
Member
 
Join Date: Aug 2020
Posts: 9
Default Both NGINX configs with access logs from two clients
FOR REFERANCE WITHOUT NGINX (WORKING)


Code:
1618375670    ::ffff:188.209.**.9    44016    GET /d005231e8f5******a30ff8bf0378/announce?info_hash=%B82%B5%0A%A2%F8x%1CS%24%8E%A6%DC%2A%FA%40%E5%BFz%EB&peer_id=-lt0D60-%F6G%D3%0C%B1%9Bdz%A9%D6%1D%87&key=485194ee&compact=1&port=20035&uploaded=0&downloaded=0&left=0 HTTP/1.1
OPTION 1 - NGINX CONFIG

Code:
# START REV-PROXY CONF
server {
    listen 8443 ssl;
    server_name tracker.******.club;

    ssl_certificate /etc/letsencrypt/live/tracker.******.club/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/tracker.******.club/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/tracker.******.club/chain.pem;
    include snippets/ssl.conf;

    location ~ ^/(.*?)/announce$ {
        proxy_pass http://127.0.0.1:4000/$1/announce$is_args$args&ip=$remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $remote_addr;
        proxy_pass_header Content-Type;
        proxy_pass_header Content-Disposition;
        proxy_pass_header Content-Length;
        proxy_buffering on;
        proxy_buffer_size 128k;
        proxy_busy_buffers_size 256k;
        proxy_buffers 4 256k;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;

        real_ip_recursive on;
    }
}
# END REV-PROXY CONF
OPTION 1 - ACCESS LOG FROM TWO CLIENTS
Code:
1618375162    ::ffff:127.0.0.1    51474    GET /03260510******d7d0405e2b449/announce?info_hash=X8e%B0%838%7C%40%C4%A6%2C%29%A8%3B%BE%A31uH%EF&peer_id=-lt0D60-%D7ePZ%DA%93%23%7E%BF%12%2F%8B&key=726ad0f6&compact=1&port=20035&uploaded=0&downloaded=0&left=0&ip=188.209.**.9 HTTP/1.0

1618375695    ::ffff:127.0.0.1    51488    GET /d005231e8f*******0ff8bf0378/announce?info_hash=%f7%d1%19%ad%01(%7c%b0H%3a%ad%b0%11*%f6%8e%16%fb%8c%9a&peer_id=-qB4250-X5Is.YF9Il08&port=3999&uploaded=0&downloaded=0&left=0&corrupt=0&key=19C2643D&event=started&numwant=200&compact=1&no_peer_id=1&supportcrypto=1&redundant=0&ip=73.97.**.21 HTTP/1.0
OPTION 2 - NGINX CONFIG
Code:
# START REV-PROXY CONF
server {
    listen 8443 ssl;
    server_name tracker.******.club;

    ssl_certificate /etc/letsencrypt/live/tracker.******.club/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/tracker.******.club/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/tracker.******.club/chain.pem;
    include snippets/ssl.conf;

    location / {
      rewrite ^(.*)$ $1?ip=$remote_addr break;
      proxy_pass http://127.0.0.1:4000/;
      proxy_redirect     off;
      proxy_set_header   Host             $http_host;
      proxy_set_header   X-Real-IP        $remote_addr;
      proxy_set_header   X-Forwarded-For  $remote_addr;
      access_log off;
      log_not_found off;
    }
}
# END REV-PROXY CONF
OPTION 2 - ACCESS LOG FROM TWO CLIENTS
Code:
1618374805    ::ffff:127.0.0.1    51472    GET /03260510d*******7d0405e2b449/announce?ip=188.209.**.9&info_hash=X8e%B0%838%7C%40%C4%A6%2C%29%A8%3B%BE%A31uH%EF&peer_id=-lt0D60-%D7ePZ%DA%93%23%7E%BF%12%2F
%8B&key=726ad0f6&compact=1&port=20035&uploaded=0&downloaded=0&left=0 HTTP/1.0

1618374597    ::ffff:127.0.0.1    51470    GET /d005231e8f********30ff8bf0378/announce?ip=73.97.**.21&info_hash=%f7%d1%19%ad%01(%7c%b0H%3a%ad%b0%11*%f6%8e%16%fb%8c%9a&peer_id=-qB4250-(E7w0(MtA5jP&port=3999&uploaded=0&downloaded=0&left=0&corrupt=0&key=D0A6C2B3&event=started&numwant=200&compact=1&no_peer_id=1&supportcrypto=1&redundant=0 HTTP/1.0
Thanks again for your help and time with this!
Reply With Quote
  #29  
Old 14th April 2021, 07:20
darkalchemy darkalchemy is offline
Administrator
 
Join Date: Dec 2017
United States
Posts: 101
Default
The IP is being passed to XBT, so the issue is not your nginx config. I don't use a stock version of XBT so I can't say with certainty that there isn't an issue with XBT. But my version only differs slightly where it's checking for the IP address.

Maybe someone else can speak up and offer some insight?


Are you running XBT on the same machine as the client you are testing with?
Reply With Quote
  #30  
Old 14th April 2021, 07:39
protocolprowler's Avatar
protocolprowler protocolprowler is offline
Member
 
Join Date: Aug 2020
Posts: 9
Default
No my XBT tracker is cloud hosted with my custom front-end project. My clients are runnings on other seedboxes.



I'm dying to get my tracker secured...Any chance you could share your version of just XBT tracker? Or the modifications to make it process the IP parameter?
Reply With Quote
Reply

Tags
cloudflare , tracker , xbt

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 13:22. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.