settings.json for SSL connection to webclient

Discussion of the Web Interface for Transmission, formerly known as Clutch. This applies to all version of Transmission
Post Reply
enedene
Posts: 4
Joined: Wed Nov 23, 2011 12:20 am

settings.json for SSL connection to webclient

Post by enedene »

I have transmission-daemon 2.42 and I have no problem accessing the web interface via unencrypted http connection. But I can't access the https connection. I see no option in settings.json to change that.
What needs to be done to enable the https?
rb07
Posts: 1400
Joined: Sun Aug 24, 2008 3:14 am

Re: settings.json for SSL connection to webclient

Post by rb07 »

There is no such option. The daemon doesn't use https, the only way to do that is putting a proxy in front of the daemon (and obviously the proxy receives & responds https and communicates with the daemon using http).
enedene
Posts: 4
Joined: Wed Nov 23, 2011 12:20 am

Re: settings.json for SSL connection to webclient

Post by enedene »

https://trac.transmissionbt.com/wiki/Ch ... rsion-2.40
"Daemon ¶

SSL support in transmission-remote"
rb07
Posts: 1400
Joined: Sun Aug 24, 2008 3:14 am

Re: settings.json for SSL connection to webclient

Post by rb07 »

What that really means is that transmission-remote can use SSL while using the RPC communication (https://ip-address:9091/transmission/rpc/) which is different from the Web client.

The option is not well documented. Looking at the code it appears to mean that transmission-remote can talk to the proxy I mentioned above, not to the daemon directly. Let's see if the developers correct me on this.
enedene
Posts: 4
Joined: Wed Nov 23, 2011 12:20 am

Re: settings.json for SSL connection to webclient

Post by enedene »

To make things worst they use basic apache authorization. Every time I log in from a remote location when after that I change my password, that really defeats the purpose of a remote option, I was really hopping that they've put ssl as an option.
rb07
Posts: 1400
Joined: Sun Aug 24, 2008 3:14 am

Re: settings.json for SSL connection to webclient

Post by rb07 »

enedene wrote:they use basic apache authorization
By "Apache authorization" you mean the password is sent unencrypted?

As I said the --ssl option just changes the http for https on the URL, if it still sends passwords unencrypted then you are right, and its a bug which should be reported (New bug reports).
jason404
Posts: 6
Joined: Mon Jan 30, 2012 1:30 am

Re: settings.json for SSL connection to webclient

Post by jason404 »

I'm using transmission-daemon 2.03 on Debian.

I already have HTTPS running on it, for a website which has a few admin things, like phpMyadmin.

How can I make the transmission web interface work through the apache HTTPS site, which is protected by HTTP Basic Authentication through HTTPS? I would also like to disable access on http://mydomain:9091.
jason404
Posts: 6
Joined: Mon Jan 30, 2012 1:30 am

Re: settings.json for SSL connection to webclient

Post by jason404 »

Okay, I have used a reverse proxy in the apache vhost file, in a similar way used for Shellinabox, but now I get 409: Conflict. This is incredibly frustrating!
daenney
Posts: 3
Joined: Thu Feb 02, 2012 10:03 am

Re: settings.json for SSL connection to webclient

Post by daenney »

The 409 is a bit of a weird issue you run into when proxy'ing from Apache, nginx or lighttpd to Clutch. Some people have managed to make it work, others get the 409 and have to manually go to /transmission/web and then back to /transmission for it to work.

As far as the SSL feature for remote clients go, most of them support it. The universal Remote GUI does, so does GTK and most mobile clients.

My setup looks like this:

Code: Select all

        location /transmission {                                                                                                                                
                satisfy any;                                                                                                                                    
                allow IPv4/subnet;                                                                                                                            
                allow IPv6/subnet;                                                                                                                      
                auth_basic "Transmission Authentication Required";                                                                                              
                auth_basic_user_file /etc/nginx/auth/transmission;                                                                                                 
                proxy_pass http://127.0.0.1:9091/transmission;                                                                                                  
       }   
In my settings.json rpc is bound to 127.0.0.1 with no authentication or whitelisting enabled.

Now, when my Remote GUI connects it connects to https://my-secret-server.tld:443/transmission and takes it from there. This works with the ATG Torrentlist client on Android, Transroid, the universal Remote GUI and a few other remote applications that have support for SSL.

Otherwise you could always loop it through stunnel should you not want to proxy it like this.
jason404
Posts: 6
Joined: Mon Jan 30, 2012 1:30 am

Re: settings.json for SSL connection to webclient

Post by jason404 »

Amazing, I got it working. daenney's web server configuration didn't appear to be any different to my Apache vhost file, but I just removed the trailing slashes from the ProxyPass and ProxyPassReverse directive addresses and it started working!
killemov
Posts: 533
Joined: Sat Jul 31, 2010 5:04 pm

Re: settings.json for SSL connection to webclient

Post by killemov »

For lighttpd just must first enable the secure socket by generating keys and such (See: https) and then just add the following to the configuration. ( /etc/lighttpd/lighttpd.conf for Debian )

Code: Select all

server.modules = (
...
        "mod_proxy"
)

...
$HTTP["url"] =~ "^/transmission/" {
        proxy.server = ( "" => ( (
                "host" => "127.0.0.1",
                "port" => 9091
        ) ) )
}
Oh, and use the regular https portnumber (usually portless, meaning 443) and not the portnumber configured for transmission.
mturgeonferland
Posts: 1
Joined: Sun Mar 24, 2013 7:36 pm

Re: settings.json for SSL connection to webclient

Post by mturgeonferland »

Finally made it with Nginx as a SSL Proxy and because it was so much trouble and nobody had made proper documentation I thought I had to help you guys :P

Here my 2 configuration files Ngninx/Transmission. Don't hesite to ask questions they were modified to remove personal configurations and informations so maybe they do not work anymore but I can assure you that mine is working just fine.

http://pastebin.com/gHsHB2Ce

http://pastebin.com/KQaaeJ9X
Post Reply