Difference between revisions of "Transmission"
m (fix todo) |
(→Firewall: use template) |
||
(10 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
In this guide, we will install the BitTorrent client transmission an use it through the web interface. | In this guide, we will install the BitTorrent client transmission an use it through the web interface. | ||
+ | |||
+ | == Prerequisite == | ||
+ | For this guide, you will need to have [[Nginx]] and [[nftables]] installed. | ||
== Install == | == Install == | ||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
# apt install transmission-daemon | # apt install transmission-daemon | ||
− | </syntaxhighlight>{{ | + | </syntaxhighlight> |
+ | == Configure == | ||
+ | |||
+ | === Listen Address === | ||
+ | By default transmission listen on all addresses. Let’s change that and make it listen only on local address. | ||
+ | |||
+ | Edit file <code>/etc/transmission-daemon/settings.json</code> and change this line:<syntaxhighlight lang="json"> | ||
+ | "rpc-bind-address": "127.0.0.1", | ||
+ | </syntaxhighlight>And make sure that the change is taken into account<syntaxhighlight lang="console"> | ||
+ | # service transmission-daemon reload | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | === Password === | ||
+ | Edit file <code>/etc/transmission-daemon/settings.json</code> and change these lines:<syntaxhighlight lang="json"> | ||
+ | "rpc-username": "username", | ||
+ | "rpc-password": "mySuperPassword", | ||
+ | </syntaxhighlight>And make sure that the change is taken into account<syntaxhighlight lang="console"> | ||
+ | # service transmission-daemon reload | ||
+ | # service transmission-daemon restart | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | === Btrfs === | ||
+ | Torrent software download random chunks of files and write them to files. This causes a lot of fragmentation on COW filesystems. | ||
+ | |||
+ | To prevent COW on transmission download folder, use<syntaxhighlight lang="console"> | ||
+ | # chattr -R -C /var/lib/transmission-daemon/downloads/ | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | === Firewall === | ||
+ | {{nftables/config|category = Transmission|tcp_port_out = |udp_port_out = |user_out = debian-transmission|tcp_port_in = 51413|udp_port_in = 51413}} | ||
+ | |||
+ | === Webserver === | ||
+ | Add the following rules to <code>/etc/nftables/main_config.conf</code><syntaxhighlight lang="sh"> | ||
+ | # Transmission | ||
+ | add element inet main tcp_port_in { 51413 } | ||
+ | add element inet main udp_port_in { 51413 } | ||
+ | add element inet main user_out { debian-transmission } | ||
+ | </syntaxhighlight>and activate them with<syntaxhighlight lang="console"> | ||
+ | # /etc/nftables/reload_main.conf | ||
+ | </syntaxhighlight>{{Nginx/New Site|domain = transmission.example.org|config = server { | ||
+ | include snippets/listen-http.conf; | ||
+ | server_name transmission.example.org; | ||
+ | |||
+ | access_log /var/log/nginx/transmission.example.org.access.log; | ||
+ | error_log /var/log/nginx/transmission.example.org.error.log info; | ||
− | == | + | include snippets/acme-challenge.conf; |
− | [[ | + | include snippets/https-permanent-redirect.conf; |
+ | } | ||
+ | |||
+ | server { | ||
+ | include snippets/listen-https.conf; | ||
+ | server_name transmission.example.org; | ||
+ | |||
+ | access_log /var/log/nginx/transmission.example.org.access.log; | ||
+ | error_log /var/log/nginx/transmission.example.org.error.log info; | ||
+ | |||
+ | include snippets/acme-challenge.conf; | ||
+ | #include snippets/ssl.conf; | ||
+ | #ssl_certificate /etc/letsencrypt/live/transmission.example.org/fullchain.pem; | ||
+ | #ssl_certificate_key /etc/letsencrypt/live/transmission.example.org/privkey.pem; | ||
+ | #include snippets/hsts.conf; | ||
+ | |||
+ | location / { | ||
+ | include proxy_params; | ||
+ | proxy_request_buffering off; | ||
+ | proxy_http_version 1.1; | ||
+ | proxy_pass http://127.0.0.1:9091; | ||
+ | } | ||
+ | location /downloads { | ||
+ | auth_basic "You shall not pass!"; | ||
+ | auth_basic_user_file /etc/nginx/generic.htpasswd; | ||
+ | root /var/lib/transmission-daemon; | ||
+ | autoindex on; | ||
+ | } | ||
+ | } }}[[Category:Linux Server]] | ||
+ | |||
+ | == Backup == | ||
+ | Transmission is capable of downloading a ton of data. It is likely to cause issues with your backup system. | ||
+ | |||
+ | As data downloaded by transmission is usually quite easy to re-download in case of a data loss, I recommend just excluding transmission folder from backups. | ||
+ | |||
+ | Assuming you are on a [[Btrfs]] filesystem an use [[btrbk]] for backup, this is as easy as<syntaxhighlight lang="console"> | ||
+ | # service transmission-daemon stop | ||
+ | # mv /var/lib/transmission-daemon/ /var/lib#/transmission-daemon-tmp | ||
+ | # btrfs subvolume create /var/lib/transmission-daemon | ||
+ | Create subvolume '/var/lib/transmission-daemon' | ||
+ | # shopt -s dotglob | ||
+ | # cp -a --reflink=auto /var/lib/transmission-daemon-tmp/* /var/lib/transmission-daemon/ | ||
+ | # rm -rf /var/lib/transmission-daemon-tmp/ | ||
+ | # service transmission-daemon start | ||
+ | </syntaxhighlight> |
Latest revision as of 22:29, 30 May 2016
Warning: | These instructions were only tested on Debian. It will probably work for other Linux distributions, but you might need to adapt the provided instructions. |
In this guide, we will install the BitTorrent client transmission an use it through the web interface.
Prerequisite
For this guide, you will need to have Nginx and nftables installed.
Install
# apt install transmission-daemon
Configure
Listen Address
By default transmission listen on all addresses. Let’s change that and make it listen only on local address.
Edit file /etc/transmission-daemon/settings.json
and change this line:
"rpc-bind-address": "127.0.0.1",
And make sure that the change is taken into account
# service transmission-daemon reload
Password
Edit file /etc/transmission-daemon/settings.json
and change these lines:
"rpc-username": "username",
"rpc-password": "mySuperPassword",
And make sure that the change is taken into account
# service transmission-daemon reload
# service transmission-daemon restart
Btrfs
Torrent software download random chunks of files and write them to files. This causes a lot of fragmentation on COW filesystems.
To prevent COW on transmission download folder, use
# chattr -R -C /var/lib/transmission-daemon/downloads/
Firewall
Assuming that you configured nftables as described, you can edit file /etc/nftables/main_config.conf
and add
# Transmission
add element inet main tcp_port_in { 51413 }
add element inet main udp_port_in { 51413 }
add element inet main user_out { debian-transmission }
and activate it using
$ sudo /etc/nftables/reload_main.conf
Webserver
Add the following rules to /etc/nftables/main_config.conf
# Transmission
add element inet main tcp_port_in { 51413 }
add element inet main udp_port_in { 51413 }
add element inet main user_out { debian-transmission }
and activate them with
# /etc/nftables/reload_main.conf
- Create the config file
/etc/nginx/sites-available/transmission.example.org
server { include snippets/listen-http.conf; server_name transmission.example.org; access_log /var/log/nginx/transmission.example.org.access.log; error_log /var/log/nginx/transmission.example.org.error.log info; include snippets/acme-challenge.conf; include snippets/https-permanent-redirect.conf; } server { include snippets/listen-https.conf; server_name transmission.example.org; access_log /var/log/nginx/transmission.example.org.access.log; error_log /var/log/nginx/transmission.example.org.error.log info; include snippets/acme-challenge.conf; #include snippets/ssl.conf; #ssl_certificate /etc/letsencrypt/live/transmission.example.org/fullchain.pem; #ssl_certificate_key /etc/letsencrypt/live/transmission.example.org/privkey.pem; #include snippets/hsts.conf; location / { include proxy_params; proxy_request_buffering off; proxy_http_version 1.1; proxy_pass http://127.0.0.1:9091; } location /downloads { auth_basic "You shall not pass!"; auth_basic_user_file /etc/nginx/generic.htpasswd; root /var/lib/transmission-daemon; autoindex on; } }
- Activate the configuration with
$ sudo nginx_modsite -e transmission.example.org Would you like to reload the Nginx configuration now? (Y/n) Y
- Edit file
/usr/local/etc/certmanage/main.json
and add the following to the list{ "domains": ["transmission.example.org"], "reload": [["/bin/systemctl", "reload", "nginx.service"]] }
- Get your certificate
$ sudo /usr/local/sbin/certmanage Renewing certificate for transmission.example.org that will expire on 0001-01-01 Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for transmission.example.org Using the webroot path /var/www/acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/transmission.example.org/fullchain.pem. Your cert will expire on 2025-02-21. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le Restarting services: systemctl reload nginx.service
- Uncomment the ssl related lines in
/etc/nginx/sites-available/transmission.example.org
and run$ sudo systemctl reload nginx.service
Backup
Transmission is capable of downloading a ton of data. It is likely to cause issues with your backup system.
As data downloaded by transmission is usually quite easy to re-download in case of a data loss, I recommend just excluding transmission folder from backups.
Assuming you are on a Btrfs filesystem an use btrbk for backup, this is as easy as
# service transmission-daemon stop
# mv /var/lib/transmission-daemon/ /var/lib#/transmission-daemon-tmp
# btrfs subvolume create /var/lib/transmission-daemon
Create subvolume '/var/lib/transmission-daemon'
# shopt -s dotglob
# cp -a --reflink=auto /var/lib/transmission-daemon-tmp/* /var/lib/transmission-daemon/
# rm -rf /var/lib/transmission-daemon-tmp/
# service transmission-daemon start