[GUIDE] Transmission web in SSL (https) - using nginx as a reverse proxy

nvdias · 14 February 2017 11:57

As many of you,
I’m using transmission to remotely connect to my osmc machine (Raspeberry Pi 3) and configure some downloads into an ÚSB attached HDD.

I’ve defined a user and password in:

~/.config/transmission-daemon/settings.json

And using a web browser to connect to
http:/my.ipadress.xxx:9091.
Also using the windows application “transmission remote gui” as a remote interface that runs in windows.
Unfortunately, all this is very nice but communicates openly with my Pi in pure http.

How to do it in https (SSL) ???

After some investigation I’ve opted to use nginx as a SSL REVERSE PROXY.

Install as simple as:

sudo apt-get install nginx

Generate some keys with openssl (pay attention to what will be requested):

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt

edit the config file:

/etc/nginx/sites-enabled/default

In this example I’ve opted to forward https requests in port 2443 to http 9091 and using server name my.ipaddress.com
You should replace for your choosen port and server name:

#
# Transmission ssl redirect
# https:2443 to http:9091
#
server {
    listen 2443;
    server_name my.ipaddress.com;
    ssl_certificate           /etc/nginx/cert.crt;
    ssl_certificate_key       /etc/nginx/cert.key;
    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;
    access_log            /var/log/nginx/nginx-2443.log;
    location / {
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # Fix the .It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://localhost:9091;
      proxy_read_timeout  90;
      proxy_redirect      http://localhost:9091 https://my.ipaddress.com:2443;
    }
}

Now, restart nginx service:

sudo service nginx restart

And try access trough:
https://my.ipaddress.com:2443

NOTE:
I’ve used many sources and tests to come to this, but as a cross reference I suggest a quick look into the following links:

https://www.carrier-lost.org/raspberry-pi-nginx-webserver-with-php-and-ssl/

NOTE:
You can easily edit
/etc/nginx/sites-enabled/default
to add a second server in order to also access kodi remote trough https.

[EDIT]
@admins @sam_nazarko : I’m sorry but It seems I’ve misplaced this topic in the wrong place, may you please move it to the correct category ? (“how-to” ???). Thanks

gmccauley · 15 March 2018 04:13

Thank you for this!

bbender716 · 21 January 2020 23:58

Shot in the dark here but any chance you could post your settings.json for transmission here? Trying to figure out if you took out /transmission/ from default URL and what your rpc-whitelist looks like.

Thanks this is awesome! @nvdias