Torrust Tracker Configuration

A library to provide configuration to the Torrust Tracker.

Documentation

Crate documentation.

License

The project is licensed under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE.

lib.rs:

Configuration data structures for Torrust Tracker.

This module contains the configuration data structures for the Torrust Tracker, which is a BitTorrent tracker server.

The configuration is loaded from a TOML file tracker.toml in the project root folder or from an environment variable with the same content as the file.

When you run the tracker without a configuration file, a new one will be created with the default values, but the tracker immediately exits. You can then edit the configuration file and run the tracker again.

Configuration can not only be loaded from a file, but also from environment variable TORRUST_TRACKER_CONFIG. This is useful when running the tracker in a Docker container or environments where you do not have a persistent storage or you cannot inject a configuration file. Refer to Torrust Tracker documentation for more information about how to pass configuration to the tracker.

Table of contents

• Sections
• Port binding
• TSL support
  • Generating self-signed certificates
• Default configuration

Sections

Each section in the toml structure is mapped to a data structure. For example, the [http_api] section (configuration for the tracker HTTP API) is mapped to the HttpApi structure.

NOTICE: some sections are arrays of structures. For example, the [[udp_trackers]] section is an array of UdpTracker since you can have multiple running UDP trackers bound to different ports.

Please refer to the documentation of each structure for more information about each section.

• Core configuration
• HTTP API configuration
• HTTP Tracker configuration
• UDP Tracker configuration

Port binding

For the API, HTTP and UDP trackers you can bind to a random port by using port 0. For example, if you want to bind to a random port on all interfaces, use 0.0.0.0:0. The OS will choose a random port but the tracker will not print the port it is listening to when it starts. It just says Starting Torrust HTTP tracker server on: http://0.0.0.0:0. It shows the port used in the configuration file, and not the port the tracker is actually listening to. This is a planned feature, see issue 186 for more information.

TSL support

For the API and HTTP tracker you can enable TSL by setting ssl_enabled to true and setting the paths to the certificate and key files.

Typically, you will have a directory structure like this:

storage/
├── database
│   └── data.db
└── tls
    ├── localhost.crt
    └── localhost.key

where you can store all the persistent data.

Alternatively, you could setup a reverse proxy like Nginx or Apache to handle the SSL/TLS part and forward the requests to the tracker. If you do that, you should set on_reverse_proxy to true in the configuration file. It's out of scope for this documentation to explain in detail how to setup a reverse proxy, but the configuration file should be something like this:

For NGINX:

# HTTPS only (with SSL - force redirect to HTTPS)

server {
    listen 80;
    server_name tracker.torrust.com;

    return 301 https://$host$request_uri;
}

server {
    listen 443;
    server_name tracker.torrust.com;

    ssl_certificate CERT_PATH
    ssl_certificate_key CERT_KEY_PATH;

    location / {
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_pass http://127.0.0.1:6969;
    }
}

For Apache:

# HTTPS only (with SSL - force redirect to HTTPS)

<VirtualHost *:80>
    ServerAdmin webmaster@tracker.torrust.com
    ServerName tracker.torrust.com

    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTPS} off
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    </IfModule>
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin webmaster@tracker.torrust.com
        ServerName tracker.torrust.com

        <Proxy *>
            Order allow,deny
            Allow from all
        </Proxy>

        ProxyPreserveHost On
        ProxyRequests Off
        AllowEncodedSlashes NoDecode

        ProxyPass / http://localhost:3000/
        ProxyPassReverse / http://localhost:3000/
        ProxyPassReverse / http://tracker.torrust.com/

        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"

        ErrorLog ${APACHE_LOG_DIR}/tracker.torrust.com-error.log
        CustomLog ${APACHE_LOG_DIR}/tracker.torrust.com-access.log combined

        SSLCertificateFile CERT_PATH
        SSLCertificateKeyFile CERT_KEY_PATH
    </VirtualHost>
</IfModule>

Generating self-signed certificates

For testing purposes, you can use self-signed certificates.

Refer to Let's Encrypt - Certificates for localhost for more information.

Running the following command will generate a certificate (localhost.crt) and key (localhost.key) file in your current directory:

openssl req -x509 -out localhost.crt -keyout localhost.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

You can then use the generated files in the configuration file:

[[http_trackers]]
enabled = true
...
ssl_cert_path = "./storage/tracker/lib/tls/localhost.crt"
ssl_key_path = "./storage/tracker/lib/tls/localhost.key"

[http_api]
enabled = true
...
ssl_cert_path = "./storage/tracker/lib/tls/localhost.crt"
ssl_key_path = "./storage/tracker/lib/tls/localhost.key"

Default configuration

The default configuration is:

log_level = "info"
mode = "public"
db_driver = "Sqlite3"
db_path = "./storage/tracker/lib/database/sqlite3.db"
announce_interval = 120
min_announce_interval = 120
max_peer_timeout = 900
on_reverse_proxy = false
external_ip = "0.0.0.0"
tracker_usage_statistics = true
persistent_torrent_completed_stat = false
inactive_peer_cleanup_interval = 600
remove_peerless_torrents = true

[[udp_trackers]]
enabled = false
bind_address = "0.0.0.0:6969"

[[http_trackers]]
enabled = false
bind_address = "0.0.0.0:7070"
ssl_enabled = false
ssl_cert_path = ""
ssl_key_path = ""

[http_api]
enabled = true
bind_address = "127.0.0.1:1212"
ssl_enabled = false
ssl_cert_path = ""
ssl_key_path = ""

[http_api.access_tokens]
admin = "MyAccessToken"