跳至正文
首页 » 在树莓派上使用 Transmission

在树莓派上使用 Transmission

使用树莓派搭建离线下载器 中介绍了使用 Aria2 搭建下载器,但是由于 Aria2 可以进行伪装,一些 PT 站禁用了 Aria2。本文将介绍 在树莓派上使用 Transmission ,更方便地下载 BT 资源。

Transmission Logo

安装 Transmission

sudo apt install transmission-daemon

一些文章中安装了 transmission-web,但是我在没有安装的情况下仍能正常使用所需功能。

这时从局域网环境中直接访问 Transmission 会出现错误

403: Forbidden
Unauthorized IP Address.
Either disable the IP address whitelist or add your address to it.
If you're editing settings.json, see the 'rpc-whitelist' and 'rpc-whitelist-enabled' entries.
If you're still using ACLs, use a whitelist instead. See the transmission-daemon manpage for details.

这是因为默认情况下,Transmission 仅允许本机访问。在软件配置小节中修改白名单即可访问。

用户权限配置

默认 Transmission 使用的是用户为 debian-transmission,这可能会造成文件访问时产生访问权限的相关问题。打开文件 Transmission 的服务配置文件 /etc/init.d/transmission-daemon/etc/systemd/system/multi-user.target.wants/transmission-daemon.service,可根据需求将 USER 配置成 piwww-data

配置文件位置

Transmission 在程序路径 /etc/transmission-daemon/ 下包含一个配置文件 settings.json ,在用户的配置路径 ~/.config/transmission-daemon/ 下还有一个配置文件。使用两个位置的文章都有。我的两个配置文件同时存在,但是仅用户配置路径下的配置文件有效。

软件配置

配置文件中,常用的选项有:

download-dir  完成路径
incomplete-dir 未完成路径
incomplete-dir-enable 未完成路径使能
rpc-authentication-required 要求RPC验证
rpc-enable RPC使能
rpc-password RPC密码
rpc-username RPC用户名
rpc-whitelist RPC访问白名单
rpc-whitelist-enabled RPC白名单使能

需要注意的是修改配置文件前需要先停止 Transmission 的服务,否则修改会被撤回。

sudo systemctl stop transmission-daemon.service

此外,RPC密码在输入时使用明文存储,程序运行后会自动加密。

NGINX 反向代理

本节将介绍通过 NGINX 反向代理 Transmission,使我们可以通过域名进行访问。

/etc/nginx/sites-enabled/ 新建文件 transmission.conf,加入下面内容

upstream transmission {
    server 127.0.0.1:9091;
}

server {
    listen 80;
    listen [::]:80;
    server_name pt.beekc.top;

    # Enforce HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name pt.beekc.top;
    auth_basic "Server Restricted";

    ### SSL cert files ###
    ssl_certificate     /etc/nginx/ssl/beekc.crt;
    ssl_certificate_key /etc/nginx/ssl/beekc.key;

    ### Add SSL specific settings here ###
    ssl_session_timeout 10m;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;

    location / {
        return 301 https://$server_name/transmission/;
    }

    location ^~ /transmission {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_pass_header X-Transmission-Session-Id;
        add_header Front-End-Https on;

        location /transmission/rpc {
            proxy_pass http://transmission;
        }

        location /transmission/web/ {
            proxy_pass http://transmission;
        }

        location /transmission/upload {
            proxy_pass http://transmission;
        }

        location /transmission/web/style/ {
            alias /usr/share/transmission/web/style/;
        }

        location /transmission/web/javascript/ {
            alias /usr/share/transmission/web/javascript/;
        }

        location /transmission/web/images/ {
            alias /usr/share/transmission/web/images/;
        }

        location /transmission/ {
            return 301 https://$server_name/transmission/web;
        }
    }
}

这时通过域名访问,可能会报错:

Connection Failed
Could not connect to the server. You may need to reload the page to reconnect.

具体错误信息为:

421: Misdirected RequestTransmission received your request, but the hostname was unrecognized.To fix this, choose one of the following options:Enable password authentication, then any hostname is allowed.Add the hostname you want to use to the whitelist in settings.If you're editing settings.json, see the 'rpc-host-whitelist' and 'rpc-host-whitelist-enabled' entries.This requirement has been added to help prevent DNS Rebinding attacks.

使用 NGINX 反向代理访问 Transmission 时,前面的访问白名单不生效,需要开启 RPC 验证的方式进行访问。在配置文件中,将 rpc-authentication-required 配置为 true,这时访问时会要求输入用户名密码进行验证。他们分别在配置文件中通过 rpc-usernamerpc-password 选项进行配置。

参考

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注