1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
|
#+date: <2024-09-23 Monday 19:52:20>
#+title: Setup of Transmission BitTorrent Client with Remote Access via Nginx Proxy
#+description: Comprehensive setup instructions for installing and configuring the Transmission BitTorrent client on a Linux server, including securing remote access through Nginx reverse proxy.
#+slug: self-hosting-transmission
#+filetags: :self-hosting:transmission:tutorial:
#+begin_quote
If you're torrenting anything sensitive, I *highly* recommend you use a VPN.
Something like mullvad-cli is incredibly simple to use and can be configured to
have a "killswitch" or "lockdown mode" to ensure that if the VPN disconnects,
your traffic won't be leaked to your ISP.
#+end_quote
* Transmission
[[https://transmissionbt.com/][Transmission]] is a cross-platform bittorrent client that supports running a
[[https://linux.die.net/man/1/transmission-remote][remote control utility]], a [[https://linux.die.net/man/1/transmission-daemon][daemon service]] for running as a background service,
and a [[https://linux.die.net/man/1/transmission-cli][command-line client]].
Since I love torrenting Linux ISOs and providing them back to the community,
let's walk through a tutorial of setting up Transmission on a headless server
and connecting it to a domain name (=transmission.example.com=) so that we can
manage our torrents remotely.
This tutorial assumes you have a Linux machine, have Nginx installed, and have a
domain name pointing at your Linux machine.
** Installation
First, let's install a couple Transmission packages on the system. We don't need
the GUI components, so we'll only install the daemon and command line interface
utilities.
#+begin_src sh
sudo apt install transmission-cli transmission-common transmission-daemon
#+end_src
You will need to run the program to initialize the files before you can edit the
configurations, so let's run it and end the process.
#+begin_src sh
# Run the program
transmission-daemon -e ~/.local/log/transmission.log
# End the program after it finishes running
transmission-remote --exit
#+end_src
** Configuration
Now that we've run the program for the first time and initialized the relevant
files, let's edit those files.
#+begin_quote
If you edit the files while Transmission is running, your changes won't be
saved! Make sure to end the service, update the configuration files, and restart
the service.
#+end_quote
To start, let's edit the main configuration file.
#+begin_src sh
nano ~/.config/transmission-daemon/settings.json
#+end_src
Within this file, I suggesting skimming *every* option and determining if you
want to change any of those options.
For remote access, we will focus on the following =rpc= options. This
configuration will not require authentication, will allow any device with access
(I suggest that you have a firewall restricting access) to access the service
(="rpc-bind-access": "0.0.0.0"=), will open the service on port =9091=, and will
whitelist a few LAN IPs (="rpc-whitelist":
"127.0.0.1,::1,192.168.0.98,192.168.0.97"=).
#+begin_src json
{
...
"rpc-authentication-required": false,
"rpc-bind-address": "0.0.0.0",
"rpc-enabled": true,
"rpc-host-whitelist": "",
"rpc-host-whitelist-enabled": true,
"rpc-password": "{7fc02520b97e054f7a15274c7cfafe3cd7330169.OQUAUS4",
"rpc-port": 9091,
"rpc-socket-mode": "0750",
"rpc-url": "/transmission/",
"rpc-username": "",
"rpc-whitelist": "127.0.0.1,::1,192.168.0.98,192.168.0.97",
"rpc-whitelist-enabled": true,
...
}
#+end_src
Once you've finished configuring the service, start the service up again.
#+begin_src sh
transmission-daemon -e ~/.local/log/transmission.log
#+end_src
At this point, you should be able to access the website at =localhost:9091= (if
you're browsing on the machine where Transmission is running) or
=$server_ip:9091= (if you're browsing from a different LAN device).
If you want to make further changes to Transmission's configuration, I suggest
doing so now. Once you start working on remote access via a reverse proxy,
you'll be adding an additional layer of complexity that bring in more confusion
when errors occur.
#+begin_quote
NOTE: If you are trying to initialize =transmission-daemon= via =systemd=
instead of using the manually-executed command above, you may notice that the
service will timeout and fail to start.
#+end_quote
To fix this timeout issue, you need to edit the service file and change
=Type=notify= to =Type=simple=.
#+begin_src shell
# Command to edit the service file:
sudo systemctl edit --full transmission-daemon.service
# Make the edit noted above and then reload the service file with this command:
sudo systemctl daemon-reload
sudo systemctl enable transmission-daemon.service
sudo systemctl start transmission-daemon.service
#+end_src
* Reverse Proxy
Now that the service is running and configured properly, let's work on remote
access.
This tutorial will use Nginx, but you can use any reverse proxy or something
like Cloudflare Tunnels if that's your thing.
** Configuration
If you have Nginx installed, you should have either the =/etc/nginx/conf.d= or
=/etc/nginx/sites-available= directories available to create website
configuration files. This tutorial assumes the =conf.d= structure, but it's
essentially the same except using the =sites-available= structure requires you
to symlink your files into the =sites-enabled= directory.
Let's start by creating the website configuration file.
#+begin_src sh
sudo nano /etc/nginx/conf.d/transmission.conf
#+end_src
Within the file, you will need a configuration similar to the code below. Note
that this uses SSL and requires a valid TLS/SSL certificate. You can use [[https://letsencrypt.org/][Let's
Encrypt]] if you don't have a certificate yet.
#+begin_src conf
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name transmission.example.com;
# SSL
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
# reverse proxy
location / {
set $upstream_transmission http://localhost:9091;
proxy_pass $upstream_transmission;
proxy_pass_header X-Transmission-Session-Id;
}
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name transmission.example.com;
if ($host ~ ^[^.]+\.example\.com) {
return 301 https://$host$request_uri;
}
}
#+end_src
Once you've saved the configuration file, restart the Nginx web server to enable
the remote access connection.
#+begin_src sh
sudo systemctl restart nginx.service
#+end_src
At this point, Transmission should now be available at
=transmission.example.com=, same as it's available on the LAN.
#+begin_quote
Pro Tip: If you dislike something about the website UI, you can edit the
website's files in the =/usr/share/transmission/public_html/= directory. You can
modify the HTML, CSS, and JS files in this directory.
#+end_quote
|
