Proxying Transmission Web interface with nginx

0. Why do this?

Easy for me : I use a PCH box as my torrent client.

It’s really nice, but it cannot :

  • Use IPv6 (I don’t want to forward ports when it can be avoided)
  • Protect the Transmission web interface with a password

On the other hand

  • My macbook is always on (though I’ll replace this with a Guruplug… if I ever receive the one I ordered)
  • I want to access the torrent administration interface when I’m not at home
  • I wanted to tinker with nginx 😉

1. The easy solution

server {
    listen       :8080;
    server_name  bt.coding-badger.net;
    location / {
        proxy_pass  http://192.168.0.2:9091/;
    }
}

Ok. We’re done. Redirect all requests to bt.coding-badger.net:8080 to the popcorn hour box on transmission’s port. KTHXBYE

2. Less subdirectories, moar fun!

Wait, of course we aren’t. It would be no fun at all. I don’t really like to have to access this page through /transmission/web/. We’re already on a special vhost, so I want my bt page at the root!

server {
        listen       :8080;
        server_name  bt.coding-badger.net;
	location /transmission {
    	    proxy_pass	http://192.168.0.2:9091/transmission;
	}
	location / {
    	    proxy_pass	http://192.168.0.2:9091/transmission/web/;
	}
}

What happens there? First you have to know what transmission does :

  • “/” requests are redirected to “/transmission/web” with a 301 Error page
  • /transmission/web/ contains javascript, css, pages, etc…
  • /transmission/upload is used to upload a torrent
  • /transmission/rpc is used to update the window

What we do is redirect all requests that hit / to /transmission/web/ on the transmission server (that way we can be on the / page and transmission will think we’re on /transmission/web and not attempt to redirect), and redirect all other /transmission/* requests to /transmission/*

You can tweak this to your liking, but you have to remember :

NEVER. EVER hit the “/” on the transmission web interface with your proxy, because it will redirect the browser to /transmission/web. You could probably handle this with a “proxy_redirect” command in the nginx configuration, but it’s a bit tricky to get right.

3. IPv6

On OSX, I use brew as the package manager for OSX. Unfortunately, it does not compile nginx with ipv6 support by default!

$ brew edit nginx

Go to the install function, and add –enable-ipv6 to the args array

$ brew install nginx

On debian, it should be compiled with ipv6 by default. You can check by running

$ nginx -V
nginx version: nginx/0.7.67
TLS SNI support enabled
configure arguments: --prefix=/usr/local/Cellar/nginx/0.7.67 --with-http_ssl_module --with-pcre --conf-path=/usr/local/etc/nginx/nginx.conf --pid-path=/usr/local/var/run/nginx.pid --lock-path=/usr/local/var/nginx/nginx.lock --with-ipv6
nginx version: nginx/0.7.67TLS SNI support enabledconfigure arguments: --prefix=/usr/local/Cellar/nginx/0.7.67 --with-http_ssl_module --with-pcre --conf-path=/usr/local/etc/nginx/nginx.conf --pid-path=/usr/local/var/run/nginx.pid --lock-path=/usr/local/var/nginx/nginx.lock --with-ipv6

If you’ve got –enable-ipv6 you’re all good!

Then we have to update the “listen” configuration of the server to tell it to use IPv4 and IPv6

server {
        listen       [::]:8080; # this enables ipv6
        server_name  bt.coding-badger.net;
        location /transmission {
                proxy_pass      http://192.168.0.2:9091/transmission;
        }
        location / {
                proxy_pass      http://192.168.0.2:9091/transmission/web/;
        }
}

4. Authentication

We don’t want our transmission client to be accessed by anyone! nginx can provide authentication through htpasswd files

$ sudo htpasswd -c /usr/local/etc/nginx/nginx.passwd <username>

Enter the password you wish, then setup nginx to request a password :

server {
        listen       [::]:8080;
        server_name  bt.coding-badger.net;
        location /transmission {
                proxy_pass      http://192.168.0.2:9091/transmission;
        }
        location / {
                proxy_pass      http://192.168.0.2:9091/transmission/web/;
        }
        auth_basic            "Restricted";
        auth_basic_user_file  /usr/local/etc/nginx/nginx.passwd;
}

Of course, if you are not using brew, you may want to use more “traditionnal” places for the passwd file, (like /etc/nginx instead of /usr/local/etc/nginx… use the same directory as your nginx config file)

Join the Conversation

3 Comments

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: