What is the easiest way to set this up, so you can access transmission remotely via a webpage with ssl?
The problem I am having following tutorials is everything is based on full unrestricted distros.
I am trying to get it all working on a Netgear R7000 using DD-WRT
Nothing seems to work, so I am looking for some advice. DD-WRT has lighttpd built in, I have tried making a custom config for that, but I can't make ssl certificates since openssl points to its config file thats non existant on a read only partition. I have tried altering the config files location but that also doesn't work.
My latest venture was using entware and installing apache, but again, I hit a brick wall. My config seems to be fine, but it just doesn't work. I can't use the command a2enmod to enable the proxy module and even a basic config just doesn't display when I test it.
I can't use ssh to tunnel, as I can't use a ssh client remotely.
webgui ssl reverse proxy
Re: webgui ssl reverse proxy
Why not piggy-back on the existing certificate DD-WRT uses for admin access?
Re: webgui ssl reverse proxy
Where would I find that? How do I link it in the config file?
Re: webgui ssl reverse proxy
Can anyone see whats wrong with my config?
Code: Select all
config {
var.PID = 5070
var.CWD = "/tmp/lighttpd"
debug.log-request-handling = "disable"
debug.log-request-header = "disable"
debug.log-response-header = "disable"
debug.log-condition-handling = "disable"
server.max-request-size = 65000
accesslog.filename = "/tmp/lighttpd/logs/lighttpd.access.log"
server.errorlog = "/tmp/lighttpd/logs/lighttpd.error.log"
server.breakagelog = "/tmp/lighttpd/logs/lighttpd.breakage.log"
server.dir-listing = "enable"
server.modules = (
"mod_indexfile",
"mod_rewrite",
"mod_setenv",
"mod_secdownload",
"mod_access",
"mod_alias",
"mod_expire",
"mod_webdav",
"mod_auth",
"mod_simple_vhost",
"mod_redirect",
"mod_fastcgi",
"mod_cgi",
"mod_compress",
"mod_accesslog",
"mod_proxy",
"mod_dirlisting",
"mod_staticfile",
# 18
)
server.indexfiles = ("index.php", "index.html", "index.htm")
mimetype.assign = (
".png" => "image/png",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".gif" => "image/gif",
".html" => "text/html",
# 5
".htm" => "text/html",
".pdf" => "application/pdf",
".swf" => "application/x-shockwave-flash",
".txt" => "text/plain",
".tar.gz" => "application/x-tgz",
# 10
".tgz" => "application/x-tgz",
".gz" => "application/x-gzip",
".css" => "text/css",
# 13
)
compress.cache-dir = "/tmp/lighttpd/cache/compress/"
compress.filetype = ("text/plain", "text/html")
fastcgi.debug = 0
fastcgi.server = (
".php" => (
"localhost" => (
"socket" => "/tmp/php-fcgi.sock",
"bin-path" => "/usr/bin/php-cgi",
"max-procs" => 1,
"bin-environment" => (
"PHP_FCGI_CHILDREN" => "2",
"PHP_FCGI_MAX_REQUESTS" => "500",
# 2
),
# 4
),
),
)
url.access-deny = ("~", ".inc")
auth.backend = "plain"
auth.backend.plain.userfile = "/tmp/lighttpd/lighttpd.user"
auth.backend.htpasswd.userfile = "/tmp/lighttpd/lighttpd.htpasswd"
server.bind = "127.0.0.0"
server.port = 81
server.document-root = "/jffs/www"
$HTTP["url"] =~ "^/transmission/web/" {
# block 1
proxy.server = (
"" => (
(
"host" => "127.0.0.0",
"port" => 9091,
# 2
),
),
)
} # end of $HTTP["url"] =~ "^/transmission/web/"
$SERVER["socket"] == ":443" {
# block 2
ssl.engine = "enable"
ssl.pemfile = "/etc/host.pem"
} # end of $SERVER["socket"] == ":443"
$HTTP["url"] =~ "^/owncloud/data/" {
# block 3
url.access-deny = ("")
} # end of $HTTP["url"] =~ "^/owncloud/data/"
$HTTP["url"] =~ "^/owncloud($|/)" {
# block 4
dir-listing.activate = "disable"
} # end of $HTTP["url"] =~ "^/owncloud($|/)"
$HTTP["url"] =~ "^/data/" {
# block 5
url.access-deny = ("")
} # end of $HTTP["url"] =~ "^/data/"
}Re: webgui ssl reverse proxy
So the entry point of your https server is right there.bsod wrote:Where would I find that? How do I link it in the config file?Code: Select all
config { ... $SERVER["socket"] == ":443" { # block 2 ssl.engine = "enable" ssl.pemfile = "/etc/host.pem" } # end of $SERVER["socket"] == ":443" ... }
Now enable mod-proxy and add something like this:
Code: Select all
$HTTP["url"] =~ "^/transmission/" {
proxy.server = ( "" => ( (
"host" => "127.0.0.1",
"port" => 9091
) ) )
}
Re: webgui ssl reverse proxy
Thanks a bunch! Really appreciate your help. It is the only help I have found on dd wrt and lighttpd forums too!killemov wrote:So the entry point of your https server is right there.bsod wrote:Where would I find that? How do I link it in the config file?Code: Select all
config { ... $SERVER["socket"] == ":443" { # block 2 ssl.engine = "enable" ssl.pemfile = "/etc/host.pem" } # end of $SERVER["socket"] == ":443" ... }
Now enable mod-proxy and add something like this:Code: Select all
$HTTP["url"] =~ "^/transmission/" { proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => 9091 ) ) ) }
I managed to get it working as you said. Since though I have been trying to also add my proftp server to the configuration, so that too can have SSL encryption.
Here is my working config:
Code: Select all
debug.log-request-handling = "disable"
debug.log-request-header = "disable"
debug.log-response-header = "disable"
debug.log-condition-handling = "disable"
server.max-request-size = 65000
accesslog.filename = "/tmp/lighttpd/logs/lighttpd.access.log"
server.errorlog = "/tmp/lighttpd/logs/lighttpd.error.log"
server.breakagelog = "/tmp/lighttpd/logs/lighttpd.breakage.log"
server.dir-listing = "enable"
server.modules = (
"mod_rewrite",
"mod_setenv",
"mod_secdownload",
"mod_access",
"mod_alias",
"mod_expire",
"mod_webdav",
"mod_auth",
"mod_simple_vhost",
"mod_redirect",
"mod_fastcgi",
"mod_cgi",
"mod_compress",
"mod_accesslog",
"mod_proxy"
)
server.indexfiles = ( "index.php", "index.html", "index.htm" )
mimetype.assign = (
".png" => "image/png",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".gif" => "image/gif",
".html" => "text/html",
".htm" => "text/html",
".pdf" => "application/pdf",
".swf" => "application/x-shockwave-flash",
".txt" => "text/plain",
".tar.gz" => "application/x-tgz",
".tgz" => "application/x-tgz",
".gz" => "application/x-gzip",
".css" => "text/css",
)
compress.cache-dir = "/tmp/lighttpd/cache/compress/"
compress.filetype = ("text/plain", "text/html")
fastcgi.debug = 0
fastcgi.server = (
".php" =>
( "localhost" =>
( "socket" => "/tmp/php-fcgi.sock",
"bin-path" => "/usr/bin/php-cgi",
"max-procs" => 1,
"bin-environment" =>
(
"PHP_FCGI_CHILDREN" => "2",
"PHP_FCGI_MAX_REQUESTS" => "500"
)
)
)
)
url.access-deny = ( "~", ".inc")
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/host.pem"
proxy.server = ( "" =>
(("host" => "127.0.0.1", "port" => 9091),
("host" => "127.0.0.1", "port" => 21)))
}
$HTTP["url"] =~ "^/owncloud/data/" {
url.access-deny = ("")
}
$HTTP["url"] =~ "^/owncloud($|/)" {
dir-listing.activate = "disable"
}
$HTTP["url"] =~ "^/data/" {
url.access-deny = ("")
}
auth.backend = "plain"
auth.backend.plain.userfile = "/tmp/lighttpd/lighttpd.user"
auth.backend.htpasswd.userfile = "/tmp/lighttpd/lighttpd.htpasswd"
server.bind = "0.0.0.0"
server.port = 83
server.document-root = "/jffs/www"
Accessing transmission on port 9091 now works with ssl fine, but how can I now make it so my ftp server on port 21 also works?
Re: webgui ssl reverse proxy
I don't know the exact landscape of applications on your router, but /etc/init.d is almost always the dir where the service scripts reside. So use something like /etc/init.s/lighttpd stop, /etc/init.s/lighttpd start.bsod wrote:Why does lighttpd keep saying I can't stop or start the server with warnings such as port 443 or port 81 in use? I don't understand why I can't stop the server without having to use the kill command. Surely stopping it means it no longer uses those ports?
Accessing transmission on port 9091 now works with ssl fine, but how can I now make it so my ftp server on port 21 also works?
And ftp != http. Why not have it down/upload files over http directly?
Re: webgui ssl reverse proxy
Thanks and sorry for the delay replying.killemov wrote:I don't know the exact landscape of applications on your router, but /etc/init.d is almost always the dir where the service scripts reside. So use something like /etc/init.s/lighttpd stop, /etc/init.s/lighttpd start.bsod wrote:Why does lighttpd keep saying I can't stop or start the server with warnings such as port 443 or port 81 in use? I don't understand why I can't stop the server without having to use the kill command. Surely stopping it means it no longer uses those ports?
Accessing transmission on port 9091 now works with ssl fine, but how can I now make it so my ftp server on port 21 also works?
And ftp != http. Why not have it down/upload files over http directly?
I tried looking for a start up script but I can't make out how DD-WRT have loaded it into their firmware. There is an init.d folder in /etc but it doesn't contain any scripts so the command you suggested doesn't work.
When I reboot the rooter and check running applications I can see lighttpd running using my config contained in /jffs/etc/lighttpd.conf but when i execute
Code: Select all
lighttpd -f stop /jffs/etc/lighttpd.confCode: Select all
2015-04-27 00:11:02: (configfile.c.1272) a default document-root has to be set
2015-04-27 00:11:02: (server.c.649) setting default values failedThen at other times it has returned can't stop or start ligghtpd because port 80 is already in use when I am not even using port 80 in the .conf! I just don't get it! I know there is a script somewhere, as lighttpd automatically loads my custom script from /jffs/etc/ rather than the default script which is in /tmp. Yet I thought the correct command was to stop and start the script using the -f option followed by its location, as that is what the router seems to do when it boots.
As for sharing files via ftp, I really have no knowledge on how to set up a http file server, hence I thought it would be easier to use the built in ftp server, that was unless you want to use ssl.
Re: webgui ssl reverse proxy
You're trying to start another lighttpd with "stop" as its config file. You need to kill the process. (Yes, with the kill command.)bsod wrote:When I reboot the rooter and check running applications I can see lighttpd running using my config contained in /jffs/etc/lighttpd.conf but when i executeit returnsCode: Select all
lighttpd -f stop /jffs/etc/lighttpd.confyet I am already running that conf fine and its working, at least the transmission part.Code: Select all
2015-04-27 00:11:02: (configfile.c.1272) a default document-root has to be set 2015-04-27 00:11:02: (server.c.649) setting default values failed
But now you know that lighttpd was running using that port all along. If you add a path to the lighttpd configuration OR add a symbolic link in the www root to your downloads location, you can make your torrent contents instantly downloadable with Shift. Go to Session / Shift.bsod wrote:Then at other times it has returned can't stop or start ligghtpd because port 80 is already in use when I am not even using port 80 in the .conf! I just don't get it! I know there is a script somewhere, as lighttpd automatically loads my custom script from /jffs/etc/ rather than the default script which is in /tmp. Yet I thought the correct command was to stop and start the script using the -f option followed by its location, as that is what the router seems to do when it boots.
As for sharing files via ftp, I really have no knowledge on how to set up a http file server, hence I thought it would be easier to use the built in ftp server, that was unless you want to use ssl.
Re: webgui ssl reverse proxy
I am a total noob when it comes to all this, but I will try and learn gradually how to set up this. I can't thank you enough for your help.
I may be a noob, but I can foresee where I am going to find the most trouble, running DD-WRT compared to a server is always going to have its limitations.
So next steps will be for me:
~Learning where transmission starts from so I download the shift files and place them in that directory.
~Learning how to make my torrents downloadable via shift
Btw
I think the warning is the DD-WRT web interface using port 80, but I just don't get why lighttpd is warning me its using port 80 when it isn't.
I may be a noob, but I can foresee where I am going to find the most trouble, running DD-WRT compared to a server is always going to have its limitations.
So next steps will be for me:
~Learning where transmission starts from so I download the shift files and place them in that directory.
~Learning how to make my torrents downloadable via shift
Btw
Even when I kill the lighttpd process using the killall command I get a warning about port 80 being used when trying to start it again using -f path_to_my_config.cfgYou're trying to start another lighttpd with "stop" as its config file. You need to kill the process. (Yes, with the kill command.)
I think the warning is the DD-WRT web interface using port 80, but I just don't get why lighttpd is warning me its using port 80 when it isn't.
Re: webgui ssl reverse proxy
Please keep posting your DD-WRT related questions here and Shift specific questions there.
If you can't write to the filesystem and you have no external storage available ( You can use TRANSMISSION_WEB_HOME to point to Shift. ) then you have to hack the image itself. This I found within a few seconds and should serve as your starting point quite well. http://www.dd-wrt.com/wiki/index.php/Development Good luck and remember that you only have to rebuild the image, NOT the executables.
You chose to use transmission on a very limited platform. The consequence is that YOU have to find out how to make any alterations work on that platform. I do not have specific DD-WRT knowledge. If you are not willing or able to invest the hours (at least 2 for me I guess) needed to solve this problem then just stop your quest now.bsod wrote:I'm trying to install this and have found where my transmission daemon starts using ls -l /proc/4137 | grep exe (4137 being my process id) but it starts in a directory I can't write too. (I am trying to do this on a DD-WRT build). Is there any way I can place the shift files elsewhere and load them?
Also, how can I find out how transmission is run on my build of DD-WRT? I can't find any start up scripts in the usual /etc/init.d so I am not sure how it runs in the first place to add the environment variable.
If you can't write to the filesystem and you have no external storage available ( You can use TRANSMISSION_WEB_HOME to point to Shift. ) then you have to hack the image itself. This I found within a few seconds and should serve as your starting point quite well. http://www.dd-wrt.com/wiki/index.php/Development Good luck and remember that you only have to rebuild the image, NOT the executables.
Re: webgui ssl reverse proxy
Thanks killemov, its not time that is the constraint here, its just learning how to get things working. I have spent lots of time already searching and looking through various forum threads and faq's. For someone starting up, some of the documentation really isn't clear.killemov wrote:Please keep posting your DD-WRT related questions here and Shift specific questions there.
You chose to use transmission on a very limited platform. The consequence is that YOU have to find out how to make any alterations work on that platform. I do not have specific DD-WRT knowledge. If you are not willing or able to invest the hours (at least 2 for me I guess) needed to solve this problem then just stop your quest now.bsod wrote:I'm trying to install this and have found where my transmission daemon starts using ls -l /proc/4137 | grep exe (4137 being my process id) but it starts in a directory I can't write too. (I am trying to do this on a DD-WRT build). Is there any way I can place the shift files elsewhere and load them?
Also, how can I find out how transmission is run on my build of DD-WRT? I can't find any start up scripts in the usual /etc/init.d so I am not sure how it runs in the first place to add the environment variable.
If you can't write to the filesystem and you have no external storage available ( You can use TRANSMISSION_WEB_HOME to point to Shift. ) then you have to hack the image itself. This I found within a few seconds and should serve as your starting point quite well. http://www.dd-wrt.com/wiki/index.php/Development Good luck and remember that you only have to rebuild the image, NOT the executables.
I can write to an external HDD which I have mounted, but It seems transmission starts on the internal memory in a location I can't write too. Is there any way to get transmission to load shift from a different location than next to where the daemon runs itself? For instance, if I add the environment variable, can I have it point to a different mount point such as my config directory /jffs/transmission and place the shift files there?