Transmission

Warning Warning: These instructions were only tested on Debian. It will probably work for other Linux distributions, but you might need to adapt the provided instructions.

In this guide, we will install the BitTorrent client transmission an use it through the web interface.

Prerequisite

For this guide, you will need to have Nginx and nftables installed.

Install

# apt install transmission-daemon

Configure

Listen Address

By default transmission listen on all addresses. Let’s change that and make it listen only on local address.

Edit file /etc/transmission-daemon/settings.json and change this line:

"rpc-bind-address": "127.0.0.1",

And make sure that the change is taken into account

# service transmission-daemon reload

Password

Edit file /etc/transmission-daemon/settings.json and change these lines:

"rpc-username": "username",
"rpc-password": "mySuperPassword",

And make sure that the change is taken into account

# service transmission-daemon reload
# service transmission-daemon restart

Btrfs

Torrent software download random chunks of files and write them to files. This causes a lot of fragmentation on COW filesystems.

To prevent COW on transmission download folder, use

# chattr -R -C /var/lib/transmission-daemon/downloads/

Firewall

Assuming that you configured nftables as described, you can edit file /etc/nftables/main_config.conf and add

# Transmission
add element  inet main  tcp_port_in { 51413 }
add element  inet main  udp_port_in { 51413 }
add element  inet main  user_out { debian-transmission }

and activate it using

$ sudo /etc/nftables/reload_main.conf

Webserver

Add the following rules to /etc/nftables/main_config.conf

# Transmission
add element  inet main  tcp_port_in { 51413 }
add element  inet main  udp_port_in { 51413 }
add element  inet main  user_out { debian-transmission }

and activate them with

# /etc/nftables/reload_main.conf
  1. Create the config file /etc/nginx/sites-available/transmission.example.org
    server {
        include snippets/listen-http.conf;
        server_name transmission.example.org;
    
        access_log /var/log/nginx/transmission.example.org.access.log;
        error_log /var/log/nginx/transmission.example.org.error.log info;
    
        include snippets/acme-challenge.conf;
        include snippets/https-permanent-redirect.conf;
    }
    
    server {
        include snippets/listen-https.conf;
        server_name transmission.example.org;
    
        access_log /var/log/nginx/transmission.example.org.access.log;
        error_log /var/log/nginx/transmission.example.org.error.log info;
    
        include snippets/acme-challenge.conf;
        #include snippets/ssl.conf;
        #ssl_certificate      /etc/letsencrypt/live/transmission.example.org/fullchain.pem;
        #ssl_certificate_key  /etc/letsencrypt/live/transmission.example.org/privkey.pem;
        #include snippets/hsts.conf;
    
        location / {
            include proxy_params;
            proxy_request_buffering off;
            proxy_http_version 1.1;
            proxy_pass http://127.0.0.1:9091;
        }
        location /downloads {
            auth_basic            "You shall not pass!";
            auth_basic_user_file  /etc/nginx/generic.htpasswd;
            root /var/lib/transmission-daemon;
            autoindex on;
        }
    }
    
  2. Activate the configuration with
    $ sudo nginx_modsite -e transmission.example.org
    Would you like to reload the Nginx configuration now? (Y/n) Y
    
  3. Edit file /usr/local/etc/certmanage/main.json and add the following to the list
    {
        "domains": ["transmission.example.org"],
        "reload": [["/bin/systemctl", "reload", "nginx.service"]]
    }
    
  4. Get your certificate
    $ sudo /usr/local/sbin/certmanage
    Renewing certificate for transmission.example.org that will expire on 0001-01-01
    
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for transmission.example.org
    Using the webroot path /var/www/acme-challenge for all unmatched domains.
    Waiting for verification...
    Cleaning up challenges
    Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem
    Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem
    
    IMPORTANT NOTES:
     - Congratulations! Your certificate and chain have been saved at
       /etc/letsencrypt/live/transmission.example.org/fullchain.pem. Your cert
       will expire on 2019-03-11. To obtain a new or tweaked version of
       this certificate in the future, simply run certbot again. To
       non-interactively renew *all* of your certificates, run "certbot
       renew"
     - If you like Certbot, please consider supporting our work by:
    
       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
       Donating to EFF:                    https://eff.org/donate-le
    
    Restarting services:
    systemctl reload nginx.service
    
  5. Uncomment the ssl related lines in /etc/nginx/sites-available/transmission.example.org and run
    $ sudo systemctl reload nginx.service
    

Backup

Transmission is capable of downloading a ton of data. It is likely to cause issues with your backup system.

As data downloaded by transmission is usually quite easy to re-download in case of a data loss, I recommend just excluding transmission folder from backups.

Assuming you are on a Btrfs filesystem an use btrbk for backup, this is as easy as

# service transmission-daemon stop
# mv /var/lib/transmission-daemon/ /var/lib#/transmission-daemon-tmp
# btrfs subvolume create /var/lib/transmission-daemon
Create subvolume '/var/lib/transmission-daemon'
# shopt -s dotglob
# cp -a --reflink=auto /var/lib/transmission-daemon-tmp/* /var/lib/transmission-daemon/
# rm -rf /var/lib/transmission-daemon-tmp/
# service transmission-daemon start