The Chihaya project is an open source BitTorrent tracker that supports JWT-based authorization. It is the preferred tracker for making use of the secure BitTorrent-based distribution feature in Quay Enterprise.
Copy the following file as config.json
, replacing {QE LOCATION}
and {TRACKER LOCATION}
with
the reachable endpoint for the Quay Enterprise instance and the tracker itself, respectively.
{
"createOnAnnounce": true,
"purgeInactiveTorrents": true,
"announce": "15m",
"minAnnounce": "15m",
"reapInterval": "60s",
"reapRatio": 1.25,
"defaultNumWant": 50,
"torrentMapShards": 16,
"allowIPSpoofing": true,
"dualStackedPeers": true,
"realIPHeader": "X-Forwarded-For",
"respectAF": false,
"clientWhitelistEnabled": false,
"clientWhitelist": ["OP1011"],
"apiListenAddr": "0.0.0.0:6880",
"apiRequestTimeout": "4s",
"apiReadTimeout": "4s",
"apiWriteTimeout": "4s",
"apiListenLimit": 0,
"udpListenAddr": "0.0.0.0:6881",
"httpListenAddr": "0.0.0.0:6881",
"httpRequestTimeout": "4s",
"httpReadTimeout": "4s",
"httpWriteTimeout": "4s",
"httpListenLimit": 0,
"driver": "noop",
"statsBufferSize": 0,
"includeMemStats": true,
"verboseMemStats": false,
"memStatsInterval": "5s",
"jwkSetURI": "https://{QE LOCATION}/keys/services/quay/keys",
"jwkUpdateInterval": "60s",
"jwtAudience": "http://{TRACKER LOCATION}/announce",
"jwkTTL": "5m"
}
Run the following commands to start Chihaya under a Docker container with the specified configuration mounted, making sure to point the config.json
to the file created above.
$ docker pull quay.io/jzelinskie/chihaya:v1.0.1
$ docker run -p 6880-6882:6880-6882 -v $PWD/config.json:/config.json:ro quay.io/jzelinskie/chihaya:v1.0.1 -v=5
It is recommended to place the tracker behind an SSL-terminating proxy or load balancer of some kind, especially if publicly facing. If setup this way, make sure to update the jwtAudience
value in the configuration to have https
as its prefix, and to refer to the load balancer.
High Availability of the tracker can be handled by running 2 or more instances of the tracker, with one setup as primary and another as secondary, configured with automatic failover. A simple HTTP check can be used to ensure the health of each instance.