OS: Ubuntu 18.04 Apache/2.4.18+
Aim: to ensure Aria2 access via reverse proxy
IP Addr of your Aria2 server is 192.168.0.111
Your local IP network is 192.168.0.0/24
Your domain is YourDomain.com
Aria2 installed as descibed https://gist.github.com/GAS85/79849bfd09613067a2ac0c1a711120a6
If you want Apache to serve your Aria2 instance, you can add the following to your Apache configuration (usually located at /etc/apache2/sites-available/100-yourdomain.conf in Ubuntu):
<VirtualHost *:443>
...
ProxyPreserveHost On
ProxyRequests off
AllowEncodedSlashes NoDecode
ProxyPass /jsonrpc http://localhost:6800/jsonrpc nocanon
ProxyPassReverse /jsonrpc http://localhost:3000/jsonrpc
</VirtualHost>
Note: The following Apache mods must be enabled: proxy, proxy_http
If you wish to use Let’s Encrypt with webroot validation, add the line ProxyPass /.well-known ! before ProxyPass to disable proxying these requests to aria2.
In case you already have a site, and you want aria2 to share the domain name, you can setup Apache to serve aria2 under a sub-path by adding the following to you Apache configuration (usually located at /etc/apache2/sites-available/100-yourdomain.conf in Ubuntu):
<VirtualHost *:443>
...
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyRequests Off
AllowEncodedSlashes NoDecode
# Note: no trailing slash after either /jsonrpc or port
ProxyPass /jsonrpc http://localhost:6800/jsonrpc nocanon
ProxyPassReverse /jsonrpc http://localhost:6800/jsonrpc
</VirtualHost>
Note: The following Apache mods must be enabled: proxy, proxy_http
Now we will enable modules proxy, proxy_http:
sudo a2enmod proxy proxy_http
Please test Apache2 configuration before to restart the server
sudo apachectl configtest
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Now we can reload our server by command:
sudo service apache2 reload
Then disable encrypthion in your configuration aria2 configuration (e.g. under /etc/aria2.conf as per https://gist.github.com/GAS85/79849bfd09613067a2ac0c1a711120a6):
rpc-secure=false
#rpc-certificate=/usr/local/etc/aria2/aria2.pfx
#rpc-certificate=/usr/local/etc/aria2/fullchain.pem
#rpc-private-key=/usr/local/etc/aria2/privkey.pem
Test that aria2 works: http(s)://yourDomain.com/jsonrpc you should see message "File not found".
If you did everything per https://gist.github.com/GAS85/79849bfd09613067a2ac0c1a711120a6 then, please open webui configuration file:
sudo nano /var/www/webui-aria2-master/configuration.js
and do following changes, I comment changed lines by // to show difference:
//host: location.protocol.startsWith('https') ? location.hostname : '192.168.0.111',
host: location.protocol.startsWith('https') ? location.hostname : 'yourDomain.com',
path: '/jsonrpc',
//port: 6800,
port: 443,
encrypt: true,
auth: { // either add the token field or the user and pass field, not both.
// token: '$YOUR TOKEN FROM ABOVE$'
To disable access from the internet added following config to your apache2 site before ProxyPass /jsonrpc http://localhost:6800/jsonrpc nocanon:
#Aria2 Part
<Location "/jsonrpc">
Require ip 192.168.0.0/24 127.0.0.1
</Location>
Please test Apache2 configuration before to restart the server
sudo apachectl configtest
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Now we can reload our server by command:
sudo service apache2 reload or sudo service apache2 restart
Now you should be able to call your Aria2-webui via http(s)://192.168.0.111/webui-aria2 or http(s)://yourDomain.com/webui-aria2