Page 1 of 1

settings.json for SSL connection to webclient

Posted: Mon Dec 12, 2011 7:31 pm
by enedene
I have transmission-daemon 2.42 and I have no problem accessing the web interface via unencrypted http connection. But I can't access the https connection. I see no option in settings.json to change that.
What needs to be done to enable the https?

Re: settings.json for SSL connection to webclient

Posted: Mon Dec 12, 2011 11:13 pm
by rb07
There is no such option. The daemon doesn't use https, the only way to do that is putting a proxy in front of the daemon (and obviously the proxy receives & responds https and communicates with the daemon using http).

Re: settings.json for SSL connection to webclient

Posted: Tue Dec 13, 2011 10:14 pm
by enedene
https://trac.transmissionbt.com/wiki/Ch ... rsion-2.40
"Daemon ΒΆ

SSL support in transmission-remote"

Re: settings.json for SSL connection to webclient

Posted: Tue Dec 13, 2011 10:41 pm
by rb07
What that really means is that transmission-remote can use SSL while using the RPC communication (https://ip-address:9091/transmission/rpc/) which is different from the Web client.

The option is not well documented. Looking at the code it appears to mean that transmission-remote can talk to the proxy I mentioned above, not to the daemon directly. Let's see if the developers correct me on this.

Re: settings.json for SSL connection to webclient

Posted: Wed Dec 14, 2011 2:25 pm
by enedene
To make things worst they use basic apache authorization. Every time I log in from a remote location when after that I change my password, that really defeats the purpose of a remote option, I was really hopping that they've put ssl as an option.

Re: settings.json for SSL connection to webclient

Posted: Wed Dec 14, 2011 5:45 pm
by rb07
enedene wrote:they use basic apache authorization
By "Apache authorization" you mean the password is sent unencrypted?

As I said the --ssl option just changes the http for https on the URL, if it still sends passwords unencrypted then you are right, and its a bug which should be reported (New bug reports).

Re: settings.json for SSL connection to webclient

Posted: Mon Jan 30, 2012 1:46 am
by jason404
I'm using transmission-daemon 2.03 on Debian.

I already have HTTPS running on it, for a website which has a few admin things, like phpMyadmin.

How can I make the transmission web interface work through the apache HTTPS site, which is protected by HTTP Basic Authentication through HTTPS? I would also like to disable access on http://mydomain:9091.

Re: settings.json for SSL connection to webclient

Posted: Mon Jan 30, 2012 9:51 am
by jason404
Okay, I have used a reverse proxy in the apache vhost file, in a similar way used for Shellinabox, but now I get 409: Conflict. This is incredibly frustrating!

Re: settings.json for SSL connection to webclient

Posted: Thu Feb 02, 2012 5:31 pm
by daenney
The 409 is a bit of a weird issue you run into when proxy'ing from Apache, nginx or lighttpd to Clutch. Some people have managed to make it work, others get the 409 and have to manually go to /transmission/web and then back to /transmission for it to work.

As far as the SSL feature for remote clients go, most of them support it. The universal Remote GUI does, so does GTK and most mobile clients.

My setup looks like this:

Code: Select all

        location /transmission {                                                                                                                                
                satisfy any;                                                                                                                                    
                allow IPv4/subnet;                                                                                                                            
                allow IPv6/subnet;                                                                                                                      
                auth_basic "Transmission Authentication Required";                                                                                              
                auth_basic_user_file /etc/nginx/auth/transmission;                                                                                                 
                proxy_pass http://127.0.0.1:9091/transmission;                                                                                                  
       }   
In my settings.json rpc is bound to 127.0.0.1 with no authentication or whitelisting enabled.

Now, when my Remote GUI connects it connects to https://my-secret-server.tld:443/transmission and takes it from there. This works with the ATG Torrentlist client on Android, Transroid, the universal Remote GUI and a few other remote applications that have support for SSL.

Otherwise you could always loop it through stunnel should you not want to proxy it like this.

Re: settings.json for SSL connection to webclient

Posted: Wed Feb 08, 2012 7:58 pm
by jason404
Amazing, I got it working. daenney's web server configuration didn't appear to be any different to my Apache vhost file, but I just removed the trailing slashes from the ProxyPass and ProxyPassReverse directive addresses and it started working!

Re: settings.json for SSL connection to webclient

Posted: Mon Feb 13, 2012 6:12 pm
by killemov
For lighttpd just must first enable the secure socket by generating keys and such (See: https) and then just add the following to the configuration. ( /etc/lighttpd/lighttpd.conf for Debian )

Code: Select all

server.modules = (
...
        "mod_proxy"
)

...
$HTTP["url"] =~ "^/transmission/" {
        proxy.server = ( "" => ( (
                "host" => "127.0.0.1",
                "port" => 9091
        ) ) )
}
Oh, and use the regular https portnumber (usually portless, meaning 443) and not the portnumber configured for transmission.

Re: settings.json for SSL connection to webclient

Posted: Sun Mar 24, 2013 7:42 pm
by mturgeonferland
Finally made it with Nginx as a SSL Proxy and because it was so much trouble and nobody had made proper documentation I thought I had to help you guys :P

Here my 2 configuration files Ngninx/Transmission. Don't hesite to ask questions they were modified to remove personal configurations and informations so maybe they do not work anymore but I can assure you that mine is working just fine.

http://pastebin.com/gHsHB2Ce

http://pastebin.com/KQaaeJ9X