Transmission RPC via ssl (installed on NAS Qnap)

[Dimovey]

Dears,

I did searched the QNAP and Transmission forums and it still unclear form me how I can protect traffic to Transmission WebUI when I connect remotely. As the first option I considered use of reverse proxy on qnap embedded Apache server. I have done the following config for Transmission WebUI virtual host:

Code: Select all

[~] # vi /etc/config/apache/extra/httpd-ssl-vhosts-user.conf
NameVirtualHost *:80

<VirtualHost _default_:80>
        DocumentRoot "/share/Web"
</VirtualHost>
<VirtualHost *:3030>
        ServerName servername.com

        ProxyPreserveHost On
        ProxyRequests Off
        ProxyVia Off

        <Location /transmission/web>
                order deny,allow
               #     Redirect permanent /torrents https://127.0.0.1/transmission/web
                ProxyPass http://127.0.0.1:9091/transmission/web
                ProxyPassReverse http://127.0.0.1:9091/transmission/web
        </Location>

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        DocumentRoot "/share/Web"
        <Directory "/share/Web">
                Options FollowSymLinks MultiViews
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>

I also changed proxy parameters and removed /web in the end for

Code: Select all

ProxyPass http://127.0.0.1:9091/transmission
ProxyPassReverse http://127.0.0.1:9091/transmission

In the end reversing works fine, and if I go to https://my_external_IP:3030/transmission/ but I get to Transmission Administrator Center instead of Transmission WebUI where I can manage torrents. In QNAP Web and Transmission folder structure looks as following:

Code: Select all

[/] # ls /share/MD0_DATA/Web/ -l
lrwxrwxrwx    1 admin    administ       27 Jul 11 00:07 Optware -> /home/httpd/html/Management/
lrwxrwxrwx    1 admin    administ       34 Jul 11 00:07 airplay -> /share/MD0_DATA/.qpkg/QAirplay/api/
-rw-rw----    1 admin    administ     1003 Jul 10 16:51 customized.bak
-rw-rw----    1 admin    administ      715 Jul 10 17:10 customized.conf
lrwxrwxrwx    1 admin    administ       27 Jul 11 00:07 gt -> /mnt/ext/opt/DSv3/gt/www/gt/
lrwxrwxrwx    1 admin    administ       32 Jul 11 00:07 gt_test -> /mnt/ext/opt/DSv3/gt/www/gt_test/
lrwxrwxrwx    1 admin    administ       23 Jul 11 00:07 hc -> /mnt/ext/opt/DSv3/gt/hc/
-rwxrwx---    1 admin    administ     1139 Jul  2 20:20 index.php*
lrwxrwxrwx    1 admin    administ       33 Jul  2 23:21 istat -> /share/MD0_DATA/.qpkg/iStat/istat/
lrwxrwxrwx    1 admin    administ       48 Jul  2 21:58 transmission -> /share/MD0_DATA/.qpkg/Transmission/web-gui/admin/
-rw-rw----    1 admin    administ     1182 Jul 10 18:14 trbox.conf
[/] # ls -l /share/MD0_DATA/.qpkg/Transmission/
drwxr-xr-x    2 admin    administ     4096 Dec 30  2012 bin/
drwxr-xr-x    5 admin    administ     4096 Jul 11 11:28 conf/
drwxr-xr-x    2 admin    administ     4096 Dec 30  2012 lib/
drwxr-xr-x    4 admin    administ     4096 Oct 21  2011 scripts/
drwxr-xr-x    4 admin    administ     4096 Nov  9  2011 tmp/
-rwxr-xr-x    1 admin    administ    18349 Dec 30  2012 transmission.sh*
lrwxrwxrwx    1 admin    administ       50 Jul  2 21:58 web -> /share/MD0_DATA/.qpkg/Transmission/web-gui/default/
drwxr-xr-x    7 admin    administ     4096 Jul  2 21:57 web-gui/

So when I connect from outside I reach ... web-gui/admin/ but not web-gui/default/

I know I have got confused by trivial thing, shame on me, but what's wrong with reversing?

[rb07]

The files are not important, the port is, and it looks like your NAS uses the 9091 port to show their "Administrator Center".

What you have to do is find the daemon configuration file (settings.json), and see which port they put for the Web client (the line with "rpc-port"), that is the port you want to reverse proxy.

[Dimovey]

rpc-port is the same, 9091. In the meantime if I connect localy to transmission http://nas_ip:9091/ I see WebUI and not Admin Center.

PS: changing rpc-port does not help, again I see Admin Center. Apache and Transmission services were restarted after changes in conf.

[rb07]

Transmission services were restarted after changes in conf.

That sounds wrong, restarting is not enough, you have to stop the daemon first, then change the configuration, then start the daemon.

I don´t know your NAS, but if the reverse proxy configuration you showed is actually the SSL configuration of Apache (it doesn´t look like it, except for the file name you used), then are you using https instead of http as you showed?

[Dimovey]

yes, I use https:// header in the url and when I see admin Center page it is also covered by https. About restarting it is not an issue because whet I returned to WebUI I cannot connect to the same port as 9091 has been before, thus Transmission daemon gets new settings well.

[rb07]

Two ideas:

1. Is the port mapping (on the router) going to the proxy, or something else (Admin Center, or the daemon is doing automatic port mapping)?
2. How is the "Admin Center" configured in Apache? The details are not important, but perhaps it prevents the reverse proxy from working.

[Dimovey]

1. On the router there is a port forwarding rule like my_external_ip:1234 pass to nas_ip:1234 where 1234 is https port opened on the Apache web server. Then I assumed should work reverse proxy.
2. I did not get your question, what did you mean if details are not important?:)

I have another idea - replace admin center web folder content by WebUI, heh

[rb07]

what did you mean if details are not important?

I meant we don't want to see details of the Apache configuration (which looks weird to me, for instance what is port 80 doing on the SSL configuration? Apache usually has port 443 there, not 80), it has nothing to do with Transmission, except the reverse proxy.

replace admin center web folder content by WebUI

Not a good idea, my guess is that "Admin Center" does a lot more than whatever it does with Transmission.

Maybe looking at Apache's logs (it has 2, one with access, the other with errors) can show you what is happening when an external connection to Transmission is done.