Protect Transmission WEB GUI with nginx and HTTPS
I have this small Odroid-U3 board hooked to a 2 TB USB HDD that every once in a while is also used to download torrents.
Since quite often I manage it with a device connected to the LAN via wi-fi I am definitely a bit more confortable if the web interface of transmission is encrypted.
Like many other times nginx come in our help.
– Arch Linux ARM is the OS used –
First of all, edit the following two lines of transmission config file:
[root@arch ~]# vi /var/lib/transmission/.config/transmission-daemon/settings.json
"rpc-bind-address": "127.0.0.1",
"rpc-enabled": true,
Edit nginx config file as follow (assuming the default port used by Transmission WEB GUI is 9091 and hostname/transmission
is the url we want to be bind to the WEB GUI):
server {
listen 80;
server_name localhost;
access_log logs/access.log;
error_log logs/error.log;
location /transmission {
rewrite ^(.*) https://localhost/transmission$1 permanent;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443;
ssl on;
server_name localhost;
access_log logs/ssl-access.log;
error_log logs/ssl-error.log;
ssl_certificate ssl/server.crt;
ssl_certificate_key ssl/server.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location /transmission {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:9091/transmission;
}
}
To create the needed certificates take a look at this post: SSL nginx
This is it.