I am thinking about setting up torrent tracker on the same dedicated server where torrent related website will be located. I want to do that because my website and tracker will interact with each other and I want theese interactions to be smooth and don't want to mess with replication.
I will use cloudflare or other CDN to prevent DDOS attacks on my website. But I also want to secure my http torrent tracker (XBT tracker) running on different port. So I also want torrents to go through CDN like through proxy but without caching and captcha, because torrent software can't solve captcha. Is it possible to proxy http torrent-tracker via CDN like cloudflare or I have to order additional DDOSable server just for torrent-tracker?
Best Answer
I don't think you will gain anything by using CloudFlare or any other CDN for the Torrent Tracker.
The whole point of a CDN is to offload the work to it by caching the replies to requests.
With a torrent tracker each request is pretty much unique to each client.
So they cannot be cached (or it wouldn't make any difference if they where), making a CDN essentially useless for that specific type of workload.
Take for example TL. It's a huge private torrent tracker. Its website is on CloudFlare, but its tracker is on a server in Luxemburg. No CDN seems to be involved. There could be a cluster behind that IP to be able to handle all the requests, but my guess is, not a CDN.
Each request a client makes will be unique each time they make it.
https://wiki.theory.org/BitTorrent_Tracker_Protocol
More details: http://www.bittorrent.org/beps/bep_0003.html
Even if every parameter is the same for all clients (which isn't - peerid is unique per client, per torrent according to the BEP0003) you would still have unique stuff in there per request per client. Eg:
The above parameters change with each subsequent request of the torrent client depending on how much traffic has it done since the last request.
CDNs will usually cache content based on the request URI. So if the request is unique everytime, it won't be able to serve any cached content thus defeating their purpose.
Now that I think of it, if your tracker is anonymous you could, maybe, use a very custom configuration on a Varnish to be able to cache the replies for each info_hash, ignoring the requests' uniqueness. But this way your tracker will not be able to measure any real statistics (total up/down/peers/whatever) since only a small percentage of requests will reach the tracker.
And this way you will not be really protected for any DDoS (even though Varnish is an awesome piece of software that can handle an amazing amounts of requests!)
Update:
There are a few providers that have DDoS protection hardware (eg: Arbor Peakflow). Those could allow you to run your tracker without any CDN or caching and be able to block the DDoS attacks from reaching to your server. But of-course solutions like this have their own cost attached :)