Transmission BT + Nginx as reverse proxy SSL

In the last revision of transmission, I couldn’t get the user/password for the RPC of transmission work.

To resolve this problem, I decided to use Nginx as reverse proxy to provide an SSL connection and also a way to secure the access to the RPC and the web interface.

I compiled myself transmission and it’s installed in /usr/local/. In case you are using the packaged version of Debian/Ubuntu you need to change the /usr/local/ by /usr/.

Here is my configuration for Nginx:

upstream transmission  {
      server 127.0.0.1:9091; #Transmission
}
server {
      listen 443 ssl http2;
      server_name example.com;
      auth_basic            "Server Restricted";
      auth_basic_user_file  /var/www/myWebSite/web/.htpasswd;
      
      # Path to the root of your installation
      error_log /var/www/myWebSite/logs/error.log;
      access_log /var/www/myWebSite/logs/access.log;
      
      ### SSL cert files ###
      ssl_certificate /var/www/myWebSite/ssl/advert.crt;
      ssl_certificate_key /var/www/myWebSite/ssl/advert.key;

      ### Add SSL specific settings here ###
      ssl_session_timeout 10m;
      
      ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
      ssl_prefer_server_ciphers on;
      
      location / {
          return 301 https://$server_name/transmission/;
      }
      
      location ^~ /transmission {
      
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $http_host;
          proxy_set_header X-NginX-Proxy true;
          proxy_http_version 1.1;
          proxy_set_header Connection "";
          proxy_pass_header X-Transmission-Session-Id;
          add_header   Front-End-Https   on;
      
          location /transmission/rpc {
              proxy_pass http://transmission;
          }
      
          location /transmission/web/ {
              proxy_pass http://transmission;
          }
      
          location /transmission/upload {
              proxy_pass http://transmission;
          }
      
          location /transmission/web/style/ {
              alias /usr/share/transmission/web/style/;
          }
      
          location /transmission/web/javascript/ {
              alias /usr/share/transmission/web/javascript/;
          }
      
          location /transmission/web/images/ {
              alias /usr/share/transmission/web/images/;
          }
          
          location /transmission/ {
              return 301 https://$server_name/transmission/web;
          }
      }

}
Antoine Aflalo Written by:

4 Comments

  1. Mike
    25th October 2015
    Reply

    Does this config still work? It’s the closest thing to working for me, expect the page doesn’t load properly. The graphics (the menu bar and visuals) do not appear but if I go to the non-ssl link, the graphics load properly.

    I’m suspicious of the forward slash inconsistency and wonder if that is the cause?

    Thanks!

    • Mike
      25th October 2015
      Reply

      *shrug* I checked the error log, and it was looking somewhere else for the javascript and style files. I found that the problem was fixed with:

      ln -s /usr/share/transmission /usr/local/share/transmission

      I guess my transmission build was not configured properly.

      • Antoine Aflalo
        25th October 2015
        Reply

        Glad it worked for you.

        In fact, you pointed out a mistake in my configuration. For the raspberry pi where I installed transmission, I compiled transmission and didn’t change where to install the package (default /usr/local/) which explain the problem you got.

        I’m going to correct this. Thanks for the report.

  2. Walter Dworak
    12th January 2016
    Reply

    So this is a bit of a necro post, but this one really helped me figure out how to get my proxy config down perfect. This one has worked for me to solve the tricky 409 conflict as well as allow /transmission and /transmission/ to load to the web interface correctly so I thought I’d share. One note: the t-proxy.conf is just lists the proxy header configs in a separate file, but are the same.

    *outside of the server block*
    upstream transmission {
    server 127.0.0.1:9091;
    }
    *inside server block*
    location /transmission {
    include t-proxy.conf;
    try_files $uri $uri/;
    location /transmission/rpc {
    proxy_pass http://transmission;
    }
    location /transmission/web/ {
    proxy_pass http://transmission;
    }
    location /transmission/upload {
    proxy_pass http://transmission;
    }
    location /transmission/web/style/ {
    alias /usr/share/transmission/web/style/;
    }
    location /transmission/web/javascript/ {
    alias /usr/share/transmission/web/javascript/;
    }
    location /transmission/web/images/ {
    alias /usr/share/transmission/web/images/;
    }
    location /transmission/ {
    return 301 https://$server_name/transmission/web;
    }
    }

Leave a Reply

Your email address will not be published. Required fields are marked *