SSL and Transmission
with tags LetsEncrypt Transmission Nginx SSL -Transmission is a bittorrent client that just works and is piss easy to setup for remote management either using the web interface or RPC. However by default it is also piss easy for anyone to sniff your credentials so this is where nginx and Lets Encrypt come in.
First we’ll need the transmission-daemon installed and running (in fedora & ubuntu the package is transmission-daemon
).
In the settings.json file for transmission you’ll need to set a username, password and whitelist some IP addresses.
"rpc-password": "thisismypassword",
"rpc-username": "transmission",
"rpc-whitelist": "127.0.0.1,192.168.*.*",
If you’re feeling really brave you can turn off whitelisting
"rpc-whitelist-enabled": false,
Next we’ll want some SSL Certificates, you could always have messed about with self signed certs but this occasionally caused issues with certain transmission clients but now Lets Encrypt exists we can use fully verified ones for free
Once you’ve got the Lets Encrypt client up and running the command you need is
letsencrypt-auto certonly --webroot -w /usr/share/nginx/html -d foo.bar
Change foo.bar to what ever domain you have pointed at your server
This should spit out your certificate and privatekey to /etc/letsencrypt/live/foo.bar/
To make use of them we now need to setup nginx to listen on port 443 so throw the below block into nginx.conf
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name _;
root /usr/share/nginx/html;
ssl_certificate "/etc/letsencrypt/live/foo.bar/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/foo.bar/privkey.pem";
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
location /transmission {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:9091/transmission;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
Again you’ll want to change foo.bar
to the domain you’ve used
And once you restart nginx you should be able to hit https://foo.bar/transmission and login with the credentials set above