Setting up Cloudflare DDoS protection for your Qredit node  

  RSS

arktoshi
(@arktoshi)
Eminent Member
XQR:137
Joined: 2 months ago
Posts: 33
25/05/2019 2:25 am  

Here is a nice guide by @lemii delegate, I just want to add additional parts to get benefits from Cloudflare DDOS protection.

This guide will help you to enable SSL on your node, making all HTTP communication encrypted. We will make use of Nginx and Cloudflare SSL (free).

Nginx is a web server which can also be used as a reverse proxy, load balancer, mail proxy, and HTTP cache.

Cloudflare is one of the biggest networks on the Internet, people use Cloudflare for web application security and performance.
PLEASE NOTE: This guide is made as easy as possible and does not go in-depth in regards to each individual topic. I highly recommend visiting the resources below to learn more about using Nginx and Cloudflare.

Prerequisites

  • Fully synced XQR relay node (Ubuntu 18.04 preferred)
  • A domain name (in this tutorial, we will use qreditnode.com domain as example)
  • DNS records of domain pointing to the public IP address of your node (both with and without www.)

Step 1: Installing Nginx

Update local packages:

sudo apt-get update

Install Nginx

sudo apt-get install nginx

Edit Nginx config

sudo nano /etc/nginx/enabled-sites/default

Paste in the following config, making sure you edit the server_name and proxy_pass. You may need to change ssl_certificate and ssl_certificate_key if you name your files something different.

File: /etc/nginx/enabled-sites/default

# HTTPS
server {
  listen 443;
  server_name qreditnode.com www.qreditnode.com;  #change to your domain name.
ssl on;
  ssl_certificate /etc/nginx/ssl/xqr.crt;
  ssl_certificate_key /etc/nginx/ssl/xqr.key;
  ssl_verify_client off;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass  http://localhost:4103/ ;
    proxy_ssl_session_reuse off;
    proxy_set_header Host $http_host;
    proxy_cache_bypass $http_upgrade;
    proxy_redirect off;
  }
}

Press CTRL+X to exit the file, Y to save the file, and ENTER to write to the file and return to the command line. 

Allow traffic on port 80 to be able to set things up:

sudo ufw allow 'Nginx HTTP'

Verify firewall rules:

sudo ufw status

Step 2: Allow HTTPS through firewall

Follow step 3 @lemii guide > Link 

Step 3: Cloudflare/SSL setup

Login to your Cloudflare dashboard and click on the DNS button. 

cloudflare dns.95ec723c

Then go to Crypto.

cloudflare crypto.1882c130

Scroll down to Origin Certificates and click the Create Certificate button. Keep this window open after Cloudflare generates your two keys.

cloudflare certificate.c9e70cc3

Open Terminal on your Qredit node server We need to create a new folder and copy our keys to our server.

mkdir /etc/nginx/ssl 
cd /etc/nginx/ssl
touch xqr.crt xqr.key

Copy the PRIVATE KEY to the file xqr.key and the CERTIFICATE to xqr.crt.

Start Nginx

sudo service nginx start

If everything started fine, you should be able to access your Qredit node API's behind SSL. Giving you the bonus of Cloudflare DDOS protection. Otherwise, if you get any errors run the following command to troubleshoot nginx.

sudo nginx -t -c /etc/nginx/nginx.conf

DONE.

Sources

Parts of the steps above are taken from the excellent in-depth guides linked below. Check them out if you'd like to know more about these topics:

https://docs.ark.io/tutorials/node/secure.html#ssh-security

https://dpos.community/community/documentation/securing-a-node-with-nginx-and-certbot/

This topic was modified 2 months ago 12 times by arktoshi

Delegate arktoshi |99,99% Uptime | True Block Weight | 4 Qredit Nodes and counting..


Quote
Share:

  
Working

Please Login or Register