OS: Ubuntu 18.04 Apache/2.4.18 1.0.2g-1ubuntu4.10
Aim: to install Aria2 with WebUI and secure Token.
IP Addr of your Aria2 server is 192.168.0.111
Your local IP network is 192.168.0.0/24
Install aria2 package:
sudo apt install aria2
a. create Token:
openssl rand -base64 32
b. Create and edit configuration file (I created it in user folder /home/user/.aria2/aria.conf file, at least few lines must be added:
# Or other directory to save downloads
dir=/home/user/torrents
rpc-secret=YOUR_TOKEN_FROM_ABOVE
enable-rpc=true
rpc-listen-all=true
daemon=true
# Your Certificate file
rpc-certificate=/usr/local/etc/aria2/aria2.pfx
# Enable encryption
rpc-secure=true
Optional:
# For Web UI
rpc-listen-port=6800
# For torrents
listen-port=6801
dht-listen-port=6801
c. Create PFX certificate. Please, leave "Password" field empty when it's prompted:
cd /usr/local/etc/aria2
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout aria2.pem -out aria2.pem
sudo openssl pkcs12 -export -out aria2.pfx -in aria2.pem -name "Aria2 Certificate"
sudo chmod 604 aria2.pfx
dir=/home/user/torrent
file-allocation=trunc
continue=true
daemon=true
## Logs
log=/home/user/.aria2/aria2.log
console-log-level=warn
log-level=notice
## Some Limits
max-concurrent-downloads=5
max-connection-per-server=5
min-split-size=20M
split=4
disable-ipv6=true
##
input-file=/home/user/.aria2/aria2.session
save-session=/home/user/.aria2/aria2.session
save-session-interval=30
## RPC
enable-rpc=true
rpc-allow-origin-all=true
rpc-listen-all=true
# Port for JSON RPC
rpc-listen-port=6800
rpc-secret=YOUR_TOKEN_FROM_ABOVE
# Your Certificate file
rpc-certificate=/usr/local/etc/aria2/aria2.pfx
# Enable encryption
rpc-secure=true
## Torrents Settings
follow-torrent=mem
follow-metalink=mem
enable-dht6=false
peer-id-prefix=-TR2770-
user-agent=Transmission/2.77
seed-time=0
#seed-ratio=1.0
bt-seed-unverified=true
bt-save-metadata=true
bt-force-encryption=true
# Torrent TCP port
listen-port=6801
# Torrent UDP port
dht-listen-port=6801
If you whant to use it, please create file /home/user/.aria2/aria2.session
with correct ownership otherwise Aria will not be able to start.
d. If you have iptables add something like this:
iptables -I INPUT -p tcp -m tcp --dport 6800:6801 -j ACCEPT
iptables -I INPUT -p udp -m udp --dport 6801 -j ACCEPT
e. Start Aria2 and set configuration location:
aria2c --conf-path="/home/user/.aria2/aria2.conf"
you have to add it to the trusted list. Point browser to https://YOUR_SERVER_IP:6800/jsonrpc, e.g.:
https://192.168.0.111:6800/jsonrpc
and click "add this site to trusted, permanently".
just make changes in config:
# Comment out your PFX if you created it as written above
# Your Certificate file
#rpc-certificate=/usr/local/etc/aria2/aria2.pfx
rpc-certificate=/etc/letsencrypt/live/YourDomain/fullchain.pem
rpc-private-key=/etc/letsencrypt/live/YourDomain/privkey.pem
rpc-secure=true
Please be aware that user set in point 7 below (or user that running Aria2) should have an access to those files. You can check if user has an access via command
sudo -u user ls -la /etc/letsencrypt/live/YourDomain/privkey.pem
#OR
sudo -u user test -r /etc/letsencrypt/live/YourDomain/privkey.pem && echo YES || echo NO
cd /tmp
wget https://github.com/ziahamza/webui-aria2/archive/master.zip
unzip master.zip -d /var/www/
sudo nano /var/www/webui-aria2-master/configuration.js
change following lines:
host: location.protocol.startsWith('https') ? location.hostname : '192.168.0.111',
path: '/jsonrpc',
port: 6800,
encrypt: true,
auth: { // either add the token field or the user and pass field, not both.
// token: '$YOUR_TOKEN_FROM_ABOVE$'
cd /etc/apache2/sites-available/
sudo nano 002-aria2.conf
with following text to enable you local LAN only:
<IfModule alias_module>
Alias /webui-aria2 /var/www/webui-aria2-master
<Directory "/var/www/webui-aria2-master">
AllowOverride None
Options None
Order deny,allow
Allow from 192.168.0.0/24 localhost 127.0.0.1
Deny from all
</Directory>
</IfModule>
sudo ln -s 002-aria2.conf ../sites-enabled
or
sudo a2ensite 002-aria2.conf
sudo service apache2 restart
You can call your Aria WebUI under e.g. http(s)://192.168.0.111/webui-aria2
Read how to enable reverse aria2 Proxy here https://gist.github.com/GAS85/d5ff9443a3b2fdb39b7b67fac2f7eff4
sudo nano /lib/systemd/system/aria2.service
with following text:
[Unit]
Description=Aria2c download manager
Requires=network.target
After=dhcpcd.service
[Service]
Type=forking
User=user
Group=samegroup
ExecStart=/usr/bin/aria2c --conf-path=/home/user/.aria2/aria2.conf
WorkingDirectory=/home/user/torrents
ExecReload=/usr/bin/kill -HUP $MAINPID
RestartSec=1min
Restart=on-failure
[Install]
WantedBy=multi-user.target
That's could be the case, those comments are only add for this gist. I do check my current configuration and there is no those comments.