Skip to content

Instantly share code, notes, and snippets.

@GAS85
Last active July 8, 2024 00:16
Show Gist options
  • Save GAS85/79849bfd09613067a2ac0c1a711120a6 to your computer and use it in GitHub Desktop.
Save GAS85/79849bfd09613067a2ac0c1a711120a6 to your computer and use it in GitHub Desktop.
Aria2 + Ubuntu 18.04 + Apache2 + Web UI
OS: Ubuntu 18.04 Apache/2.4.18 1.0.2g-1ubuntu4.10
Aim: to install Aria2 with WebUI and secure Token.
IP Addr of your Aria2 server is 192.168.0.111
Your local IP network is 192.168.0.0/24

Aria 2

1. Installation

Install aria2 package:

sudo apt install aria2

2.Configuration

a. create Token:

openssl rand -base64 32

b. Create and edit configuration file (I created it in user folder /home/user/.aria2/aria.conf file, at least few lines must be added:

# Or other directory to save downloads
dir=/home/user/torrents
rpc-secret=YOUR_TOKEN_FROM_ABOVE
enable-rpc=true
rpc-listen-all=true
daemon=true
# Your Certificate file
rpc-certificate=/usr/local/etc/aria2/aria2.pfx
# Enable encryption
rpc-secure=true

Optional:

# For Web UI
rpc-listen-port=6800
# For torrents
listen-port=6801
dht-listen-port=6801

c. Create PFX certificate. Please, leave "Password" field empty when it's prompted:

cd /usr/local/etc/aria2
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout aria2.pem -out aria2.pem
sudo openssl pkcs12 -export -out aria2.pfx -in aria2.pem -name "Aria2 Certificate"
sudo chmod 604 aria2.pfx

My full configuration looks as following:

dir=/home/user/torrent
file-allocation=trunc
continue=true
daemon=true
## Logs
log=/home/user/.aria2/aria2.log
console-log-level=warn
log-level=notice
## Some Limits
max-concurrent-downloads=5
max-connection-per-server=5
min-split-size=20M
split=4
disable-ipv6=true
##
input-file=/home/user/.aria2/aria2.session
save-session=/home/user/.aria2/aria2.session
save-session-interval=30
## RPC
enable-rpc=true
rpc-allow-origin-all=true
rpc-listen-all=true
# Port for JSON RPC
rpc-listen-port=6800
rpc-secret=YOUR_TOKEN_FROM_ABOVE
# Your Certificate file
rpc-certificate=/usr/local/etc/aria2/aria2.pfx
# Enable encryption
rpc-secure=true
## Torrents Settings
follow-torrent=mem
follow-metalink=mem
enable-dht6=false
peer-id-prefix=-TR2770-
user-agent=Transmission/2.77
seed-time=0
#seed-ratio=1.0
bt-seed-unverified=true
bt-save-metadata=true
bt-force-encryption=true
# Torrent TCP port
listen-port=6801
# Torrent UDP port
dht-listen-port=6801

If you whant to use it, please create file /home/user/.aria2/aria2.session with correct ownership otherwise Aria will not be able to start.

d. If you have iptables add something like this:

iptables -I INPUT -p tcp -m tcp --dport 6800:6801 -j ACCEPT
iptables -I INPUT -p udp -m udp --dport 6801 -j ACCEPT

e. Start Aria2 and set configuration location:

aria2c --conf-path="/home/user/.aria2/aria2.conf"

3 Firefox denies to use self-signed certificate

you have to add it to the trusted list. Point browser to https://YOUR_SERVER_IP:6800/jsonrpc, e.g.:

https://192.168.0.111:6800/jsonrpc

and click "add this site to trusted, permanently".

4. You can use Aria2 with Letsencrypt Certificate

just make changes in config:

# Comment out your PFX if you created it as written above
# Your Certificate file
#rpc-certificate=/usr/local/etc/aria2/aria2.pfx	
rpc-certificate=/etc/letsencrypt/live/YourDomain/fullchain.pem
rpc-private-key=/etc/letsencrypt/live/YourDomain/privkey.pem
rpc-secure=true

Please be aware that user set in point 7 below (or user that running Aria2) should have an access to those files. You can check if user has an access via command

sudo -u user ls -la /etc/letsencrypt/live/YourDomain/privkey.pem
#OR
sudo -u user test -r /etc/letsencrypt/live/YourDomain/privkey.pem && echo YES || echo NO

Web UI

1. Download it from Github:

cd /tmp
wget https://github.com/ziahamza/webui-aria2/archive/master.zip
unzip master.zip -d /var/www/

2. Edit configuration:

sudo nano /var/www/webui-aria2-master/configuration.js

change following lines:

host: location.protocol.startsWith('https') ? location.hostname : '192.168.0.111',
path: '/jsonrpc',
port: 6800,
encrypt: true,
auth: {                          // either add the token field or the user and pass field, not both.
// token: '$YOUR_TOKEN_FROM_ABOVE$'

3. Create Apache2 configuration for webIU:

cd /etc/apache2/sites-available/
sudo nano 002-aria2.conf

with following text to enable you local LAN only:

<IfModule alias_module>
    Alias /webui-aria2 /var/www/webui-aria2-master
    <Directory "/var/www/webui-aria2-master">
        AllowOverride None
        Options None
        Order deny,allow
        Allow from 192.168.0.0/24 localhost 127.0.0.1
        Deny from all
    </Directory>
</IfModule>

4. Enable config:

sudo ln -s 002-aria2.conf ../sites-enabled

or

sudo a2ensite 002-aria2.conf

5. Restart Apache2

sudo service apache2 restart

6 Use it

You can call your Aria WebUI under e.g. http(s)://192.168.0.111/webui-aria2

Read how to enable reverse aria2 Proxy here https://gist.github.com/GAS85/d5ff9443a3b2fdb39b7b67fac2f7eff4

7 You can create a service to make it easier:

sudo nano /lib/systemd/system/aria2.service

with following text:

[Unit]
Description=Aria2c download manager
Requires=network.target
After=dhcpcd.service

[Service]
Type=forking
User=user
Group=samegroup
ExecStart=/usr/bin/aria2c --conf-path=/home/user/.aria2/aria2.conf
WorkingDirectory=/home/user/torrents
ExecReload=/usr/bin/kill -HUP $MAINPID
RestartSec=1min
Restart=on-failure

[Install]
WantedBy=multi-user.target
@GAS85
Copy link
Author

GAS85 commented Mar 15, 2022

You Right, I made update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment