使用树莓派搭建离线下载器 中介绍了使用 Aria2 搭建下载器,但是由于 Aria2 可以进行伪装,一些 PT 站禁用了 Aria2。本文将介绍 在树莓派上使用 Transmission ,更方便地下载 BT 资源。
安装 Transmission
sudo apt install transmission-daemon
一些文章中安装了 transmission-web
,但是我在没有安装的情况下仍能正常使用所需功能。
这时从局域网环境中直接访问 Transmission 会出现错误
403: Forbidden Unauthorized IP Address. Either disable the IP address whitelist or add your address to it. If you're editing settings.json, see the 'rpc-whitelist' and 'rpc-whitelist-enabled' entries. If you're still using ACLs, use a whitelist instead. See the transmission-daemon manpage for details.
这是因为默认情况下,Transmission 仅允许本机访问。在软件配置小节中修改白名单即可访问。
用户权限配置
默认 Transmission 使用的是用户为 debian-transmission
,这可能会造成文件访问时产生访问权限的相关问题。打开文件 Transmission 的服务配置文件 /etc/init.d/transmission-daemon
和 /etc/systemd/system/multi-user.target.wants/transmission-daemon.service
,可根据需求将 USER 配置成 pi
或 www-data
。
配置文件位置
Transmission 在程序路径 /etc/transmission-daemon/
下包含一个配置文件 settings.json
,在用户的配置路径 ~/.config/transmission-daemon/
下还有一个配置文件。使用两个位置的文章都有。我的两个配置文件同时存在,但是仅用户配置路径下的配置文件有效。
软件配置
配置文件中,常用的选项有:
download-dir 完成路径 incomplete-dir 未完成路径 incomplete-dir-enable 未完成路径使能 rpc-authentication-required 要求RPC验证 rpc-enable RPC使能 rpc-password RPC密码 rpc-username RPC用户名 rpc-whitelist RPC访问白名单 rpc-whitelist-enabled RPC白名单使能
需要注意的是修改配置文件前需要先停止 Transmission 的服务,否则修改会被撤回。
sudo systemctl stop transmission-daemon.service
此外,RPC密码在输入时使用明文存储,程序运行后会自动加密。
NGINX 反向代理
本节将介绍通过 NGINX 反向代理 Transmission,使我们可以通过域名进行访问。
在 /etc/nginx/sites-enabled/
新建文件 transmission.conf
,加入下面内容
upstream transmission {
server 127.0.0.1:9091;
}
server {
listen 80;
listen [::]:80;
server_name pt.beekc.top;
# Enforce HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name pt.beekc.top;
auth_basic "Server Restricted";
### SSL cert files ###
ssl_certificate /etc/nginx/ssl/beekc.crt;
ssl_certificate_key /etc/nginx/ssl/beekc.key;
### Add SSL specific settings here ###
ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
return 301 https://$server_name/transmission/;
}
location ^~ /transmission {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass_header X-Transmission-Session-Id;
add_header Front-End-Https on;
location /transmission/rpc {
proxy_pass http://transmission;
}
location /transmission/web/ {
proxy_pass http://transmission;
}
location /transmission/upload {
proxy_pass http://transmission;
}
location /transmission/web/style/ {
alias /usr/share/transmission/web/style/;
}
location /transmission/web/javascript/ {
alias /usr/share/transmission/web/javascript/;
}
location /transmission/web/images/ {
alias /usr/share/transmission/web/images/;
}
location /transmission/ {
return 301 https://$server_name/transmission/web;
}
}
}
这时通过域名访问,可能会报错:
Connection Failed Could not connect to the server. You may need to reload the page to reconnect.
具体错误信息为:
421: Misdirected RequestTransmission received your request, but the hostname was unrecognized.To fix this, choose one of the following options:Enable password authentication, then any hostname is allowed.Add the hostname you want to use to the whitelist in settings.If you're editing settings.json, see the 'rpc-host-whitelist' and 'rpc-host-whitelist-enabled' entries.This requirement has been added to help prevent DNS Rebinding attacks.
使用 NGINX 反向代理访问 Transmission 时,前面的访问白名单不生效,需要开启 RPC 验证的方式进行访问。在配置文件中,将 rpc-authentication-required
配置为 true
,这时访问时会要求输入用户名密码进行验证。他们分别在配置文件中通过 rpc-username
、rpc-password
选项进行配置。