Proxying Transmission Web interface with nginx

0. Why do this?

Easy for me : I use a PCH box as my torrent client.

It’s really nice, but it cannot :

• Use IPv6 (I don’t want to forward ports when it can be avoided)
• Protect the Transmission web interface with a password

On the other hand

• My macbook is always on (though I’ll replace this with a Guruplug… if I ever receive the one I ordered)
• I want to access the torrent administration interface when I’m not at home
• I wanted to tinker with nginx

1. The easy solution

server {
    listen       :8080;
    server_name  bt.coding-badger.net;
    location / {
        proxy_pass  http://192.168.0.2:9091/;
    }
}

Ok. We’re done. Redirect all requests to bt.coding-badger.net:8080 to the popcorn hour box on transmission’s port. KTHXBYE

2. Less subdirectories, moar fun!

Wait, of course we aren’t. It would be no fun at all. I don’t really like to have to access this page through /transmission/web/. We’re already on a special vhost, so I want my bt page at the root!

server {
        listen       :8080;
        server_name  bt.coding-badger.net;
	location /transmission {
    	    proxy_pass	http://192.168.0.2:9091/transmission;
	}
	location / {
    	    proxy_pass	http://192.168.0.2:9091/transmission/web/;
	}
}

What happens there? First you have to know what transmission does :

• “/” requests are redirected to “/transmission/web” with a 301 Error page
• /transmission/web/ contains javascript, css, pages, etc…
• /transmission/upload is used to upload a torrent
• /transmission/rpc is used to update the window

What we do is redirect all requests that hit / to /transmission/web/ on the transmission server (that way we can be on the / page and transmission will think we’re on /transmission/web and not attempt to redirect), and redirect all other /transmission/* requests to /transmission/*

You can tweak this to your liking, but you have to remember :

NEVER. EVER hit the “/” on the transmission web interface with your proxy, because it will redirect the browser to /transmission/web. You could probably handle this with a “proxy_redirect” command in the nginx configuration, but it’s a bit tricky to get right.

3. IPv6

On OSX, I use brew as the package manager for OSX. Unfortunately, it does not compile nginx with ipv6 support by default!

$ brew edit nginx

Go to the install function, and add –enable-ipv6 to the args array

$ brew install nginx

On debian, it should be compiled with ipv6 by default. You can check by running

$ nginx -V
nginx version: nginx/0.7.67
TLS SNI support enabled
configure arguments: --prefix=/usr/local/Cellar/nginx/0.7.67 --with-http_ssl_module --with-pcre --conf-path=/usr/local/etc/nginx/nginx.conf --pid-path=/usr/local/var/run/nginx.pid --lock-path=/usr/local/var/nginx/nginx.lock --with-ipv6

nginx version: nginx/0.7.67TLS SNI support enabledconfigure arguments: --prefix=/usr/local/Cellar/nginx/0.7.67 --with-http_ssl_module --with-pcre --conf-path=/usr/local/etc/nginx/nginx.conf --pid-path=/usr/local/var/run/nginx.pid --lock-path=/usr/local/var/nginx/nginx.lock --with-ipv6

If you’ve got –enable-ipv6 you’re all good!

Then we have to update the “listen” configuration of the server to tell it to use IPv4 and IPv6

server {
        listen       [::]:8080; # this enables ipv6
        server_name  bt.coding-badger.net;
        location /transmission {
                proxy_pass      http://192.168.0.2:9091/transmission;
        }
        location / {
                proxy_pass      http://192.168.0.2:9091/transmission/web/;
        }
}

4. Authentication

We don’t want our transmission client to be accessed by anyone! nginx can provide authentication through htpasswd files

$ sudo htpasswd -c /usr/local/etc/nginx/nginx.passwd <username>

Enter the password you wish, then setup nginx to request a password :

server {
        listen       [::]:8080;
        server_name  bt.coding-badger.net;
        location /transmission {
                proxy_pass      http://192.168.0.2:9091/transmission;
        }
        location / {
                proxy_pass      http://192.168.0.2:9091/transmission/web/;
        }
        auth_basic            "Restricted";
        auth_basic_user_file  /usr/local/etc/nginx/nginx.passwd;
}

Of course, if you are not using brew, you may want to use more “traditionnal” places for the passwd file, (like /etc/nginx instead of /usr/local/etc/nginx… use the same directory as your nginx config file)

Migrating a domain name from 1and1

I thought I would share this information, since the steps you have to follow are completely not obvious at all :

1. Allow the migration of your account

- log in to your account
- select your domain name
- set it to an “unlocked” state

2. Cancel your contract

Now, this feels completely idiotic, but to migrate your domain name, you have to follow the same workflow as a cancellation. And it’s called at every step a cancellation. Maybe 1and1 wants people to fear losing their domain name when they try to migrate, so they’ll just keep their contract with them?

- go to cancel.1and1.com (or contrat.1and1.fr if you use the french version)
- log in
- cancel your domain or pack. You will have to answer to a “customer satisfaction” poll
- at the end, just before confirming, you will have the ability to choose :
1. when to apply this action (10 days, 10 days + 1 month, 10 days + 2 months) – just pick whatever fits you
2. what you want to do. THIS IS THE IMPORTANT PART, choose the option to migrate your domain to another provider.
3. when to cancel – right now or wait the end of the contract. You don’t care about that since the migration option will replace it with As Soon As Possible.

Now, you’re going to get a code, keep it since it will be necessary to migrate.

You will now have to validate your cancellation to 1and1 by email.

3. Register with your new provider

- Follow the steps. You will be asked for the migration code you received when cancelling. This is used to ensure someone isn’t trying to steal your domain name.
-  your new provider will also probably ask for an email confirmation using the email in the whois
- now you just have to wait