Clear all

Setting up Cloudflare DDoS protection for your Qredit node  


Eminent Member
XQR: 14
Joined: 1 year ago
Posts: 33
May 25, 2019 2:25 am  

Here is a nice guide by @lemii delegate, I just want to add additional parts to get benefits from Cloudflare DDOS protection.

This guide will help you to enable SSL on your node, making all HTTP communication encrypted. We will make use of Nginx and Cloudflare SSL (free).

Nginx is a web server which can also be used as a reverse proxy, load balancer, mail proxy, and HTTP cache.

Cloudflare is one of the biggest networks on the Internet, people use Cloudflare for web application security and performance.
PLEASE NOTE: This guide is made as easy as possible and does not go in-depth in regards to each individual topic. I highly recommend visiting the resources below to learn more about using Nginx and Cloudflare.


  • Fully synced XQR relay node (Ubuntu 18.04 preferred)
  • A domain name (in this tutorial, we will use domain as example)
  • DNS records of domain pointing to the public IP address of your node (both with and without www.)

Step 1: Installing Nginx

Update local packages:

sudo apt-get update

Install Nginx

sudo apt-get install nginx

Edit Nginx config

sudo nano /etc/nginx/enabled-sites/default

Paste in the following config, making sure you edit the server_name and proxy_pass. You may need to change ssl_certificate and ssl_certificate_key if you name your files something different.

File: /etc/nginx/enabled-sites/default

server {
  listen 443;
  server_name;  #change to your domain name.
ssl on;
  ssl_certificate /etc/nginx/ssl/xqr.crt;
  ssl_certificate_key /etc/nginx/ssl/xqr.key;
  ssl_verify_client off;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass  http://localhost:4103/ ;
    proxy_ssl_session_reuse off;
    proxy_set_header Host $http_host;
    proxy_cache_bypass $http_upgrade;
    proxy_redirect off;

Press CTRL+X to exit the file, Y to save the file, and ENTER to write to the file and return to the command line. 

Allow traffic on port 80 to be able to set things up:

sudo ufw allow 'Nginx HTTP'

Verify firewall rules:

sudo ufw status

Step 2: Allow HTTPS through firewall

Follow step 3 @lemii guide > Link 

Step 3: Cloudflare/SSL setup

Login to your Cloudflare dashboard and click on the DNS button. 

Then go to Crypto.

Scroll down to Origin Certificates and click the Create Certificate button. Keep this window open after Cloudflare generates your two keys.

Open Terminal on your Qredit node server We need to create a new folder and copy our keys to our server.

mkdir /etc/nginx/ssl 
cd /etc/nginx/ssl
touch xqr.crt xqr.key

Copy the PRIVATE KEY to the file xqr.key and the CERTIFICATE to xqr.crt.

Start Nginx

sudo service nginx start

If everything started fine, you should be able to access your Qredit node API's behind SSL. Giving you the bonus of Cloudflare DDOS protection. Otherwise, if you get any errors run the following command to troubleshoot nginx.

sudo nginx -t -c /etc/nginx/nginx.conf



Parts of the steps above are taken from the excellent in-depth guides linked below. Check them out if you'd like to know more about these topics:

This topic was modified 1 year ago 12 times by arktoshi

Delegate arktoshi |99,99% Uptime | True Block Weight | 4 Qredit Nodes and counting..