Antoine Aflalo

My journey in the computer world

Transmission BT + Nginx as reverse proxy SSL

In the last revision of transmission, I couldn’t get the user/password for the RPC of transmission work.

To resolve this problem, I decided to use Nginx as reverse proxy to provide an SSL connection and also a way to secure the access to the RPC and the web interface.

I compiled myself transmission and it’s installed in /usr/local/. In case you are using the packaged version of Debian/Ubuntu you need to change the /usr/local/ by /usr/.

Here is my configuration for Nginx:

upstream transmission  {
      server 127.0.0.1:9091; #Transmission
}
server {
      listen 443 ssl http2;
      server_name example.com;
      auth_basic            "Server Restricted";
      auth_basic_user_file  /var/www/myWebSite/web/.htpasswd;
      
      # Path to the root of your installation
      error_log /var/www/myWebSite/logs/error.log;
      access_log /var/www/myWebSite/logs/access.log;
      
      ### SSL cert files ###
      ssl_certificate /var/www/myWebSite/ssl/advert.crt;
      ssl_certificate_key /var/www/myWebSite/ssl/advert.key;

      ### Add SSL specific settings here ###
      ssl_session_timeout 10m;
      
      ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
      ssl_prefer_server_ciphers on;
      
      location / {
          return 301 https://$server_name/transmission/;
      }
      
      location ^~ /transmission {
      
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $http_host;
          proxy_set_header X-NginX-Proxy true;
          proxy_http_version 1.1;
          proxy_set_header Connection "";
          proxy_pass_header X-Transmission-Session-Id;
          add_header   Front-End-Https   on;
      
          location /transmission/rpc {
              proxy_pass http://transmission;
          }
      
          location /transmission/web/ {
              proxy_pass http://transmission;
          }
      
          location /transmission/upload {
              proxy_pass http://transmission;
          }
      
          location /transmission/web/style/ {
              alias /usr/share/transmission/web/style/;
          }
      
          location /transmission/web/javascript/ {
              alias /usr/share/transmission/web/javascript/;
          }
      
          location /transmission/web/images/ {
              alias /usr/share/transmission/web/images/;
          }
          
          location /transmission/ {
              return 301 https://$server_name/transmission/web;
          }
      }

}
« »

© 2020 Antoine Aflalo. Theme by Anders Norén.