-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathOpentracker.ext
155 lines (116 loc) · 4.86 KB
/
Opentracker.ext
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
server {
listen 80;
server_name tracker.domain.tld;
root /var/www/opentracker;
access_log /var/log/nginx/opentracker.access.log;
error_log /var/log/nginx/opentracker.error.log;
location / {
#############################################
# If u want to use a passkey #
if ( $request_uri ~ ^/([0-9a-z]+)/(.*)$ ) {
set $apikey $1;
}
#############################################
if ( $args ~* ^(.*)&ip=[^&]+(.*)$ ) {
set $args $1$2;
}
set $arg_ip $remote_addr;
#############################################
# if u want to use a passkey #
set $auth_request_uri "http://ipserverauth";
auth_request /auth;
#############################################
#############################################
### Remove /([0-9a-z]+) for no passkey
rewrite /([0-9a-z]+)/scrape$ /scrape/?$args? break;
rewrite /([0-9a-z]+)/announce$ /announce/?$args&ip=$arg_ip? break;
#############################################
proxy_pass http://opentracker/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
##############################################
# if u want to use a passkey #
location /auth {
set $auri $auth_request_uri?apikey=$apikey;
proxy_pass $auri; #http://10.0.6.10?test=$apikey ;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
##############################################
##############################################
# Needed for LetsEncrypt SSL #
location ~ /\.well-known/acme-challenge {
allow all;
}
location ~ /\. {
deny all; access_log off;
log_not_found off;
}
##############################################
}
}
server {
listen 443;
server_name tracker.domain.tld;
location / {
##############################################
# if u want to use a passkey #
if ( $request_uri ~ ^/([0-9a-z]+)/(.*)$ ) {
set $apikey $1;
}
##############################################
if ($args ~* ^(.*)&ip=[^&]+(.*)$) {
set $args $1$2;
}
##############################################
# if u want to use a passkey #
set $arg_ip $remote_addr;
set $auth_request_uri "http://ipserverauth";
auth_request /authssl;
##############################################
##############################################
### Remove /([0-9a-z]+) for no passkey #
rewrite /([0-9a-z]+)/scrape$ /scrape/?$args? break;
rewrite /([0-9a-z]+)/announce$ /announce/?$args&ip=$arg_ip? break;
##############################################
proxy_pass http://opentracker/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
##############################################
# if u want to use a passkey #
location /authssl {
set $auri $auth_request_uri?apikey=$apikey;
proxy_pass $auri;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
##############################################
}
#### SSL
ssl on;
ssl_certificate /etc/letsencrypt/live/tracker.domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tracker.domain.tld/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/tracker.domain.tld/fullchain.pem;
resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 216.146.35.35 216.146.36.36 valid=300s;
resolver_timeout 3s;
ssl_session_cache shared:SSL:100m;
ssl_session_timeout 24h;
ssl_session_tickets on;
ssl_session_ticket_key /etc/nginx/ssl/ticket.key;
ssl_dhparam /etc/nginx/ssl/dhparam4.pem;
#### ECDH Curve
ssl_ecdh_curve secp384r1;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
}
################ Configure Opentracker IP:PORT ##########################
upstream opentracker {
server 0.0.0.0:6969; #Set ip port Opentracker
}