给Transmission的操作面板加上SSL

带https的Transmission可以有效的防止ISP劫持.以下步骤在Debian上通过测试.

Transmission配置部分:

---

bash /etc/init.d/transmission-daemon stop
# 停止Transmission进程.
sed -i 's/\"rpc-username\": .*/\"rpc-username\": \"MoeClub.org\",/g' /etc/transmission-daemon/settings.json;
# 修改配置中的用户名字段,修改为与nginx配置中相同.
sed -i 's/\"rpc-password\": .*/\"rpc-password\": \"Vicer\",/g' /etc/transmission-daemon/settings.json;
# 修改配置中的密码字段,修改为与nginx配置中相同.
sed -i 's/\"rpc-whitelist-enabled\": .*/\"rpc-whitelist-enabled\": true,/g' /etc/transmission-daemon/settings.json;
# 打开访问白名单.
sed -i 's/\"rpc-whitelist\": .*/\"rpc-whitelist\": \"127.0.0.1\",/g' /etc/transmission-daemon/settings.json;
# 添加本地访问白名单地址 127.0.0.1.
sed -i 's/\"rpc-bind-address\": .*/\"rpc-bind-address\": \"0.0.0.0\",/g' /etc/transmission-daemon/settings.json;
# 修改绑定地址为 0.0.0.0.
sed -i 's/\"rpc-port\": .*/\"rpc-port\": 9417,/g' /etc/transmission-daemon/settings.json;
# 修改绑定端口为 9417(可选,Nginx需做出相应更改).
sed -i 's/\"rpc-authentication-required\": .*/\"rpc-authentication-required\": true,/g' /etc/transmission-daemon/settings.json;
# 取消访问身份验证.
sed -i 's/\"rpc-url\": .*/\"rpc-url\": \"\/transmission\/\",|g' /etc/transmission-daemon/settings.json;
# 修改RPC监听地址(可选,Nginx需做出相应更改)
bash /etc/init.d/transmission-daemon start
# 启动Transmission进程.

在 Debain8+ 推荐使用传统的启动方式启动Transmission:

---

[ -e /etc/init.d/transmission-daemon ] && { 
[ -d /lib/systemd/system ] && { 
for DEL in `find /lib/systemd/system -name 'transmission*'`
 do
  rm -rf $DEL;
 done
}
sed -i 's/# Required-Start:.*/# Required-Start:\t\$all/g' /etc/init.d/transmission-daemon;
sed -i 's/# Required-Stop:.*/# Required-Stop:\t\$all/g' /etc/init.d/transmission-daemon;
update-rc.d -f transmission-daemon remove;
update-rc.d transmission-daemon defaults;
}

Nginx简易配置部分示例:

---

server {
 listen 443 ssl;
 server_name 你的域名;
 ssl_certificate /etc/nginx/server.cert.pem;   #域名证书.
 ssl_certificate_key /etc/nginx/server.key.pem;   #域名证书私钥.
 location ~* /track {
 auth_basic "\n";
 auth_basic_user_file /etc/nginx/password; # Nginx自带的用户认证.
 proxy_pass http://127.0.0.1:9417; # Nginx反代Transmission白名单地址和端口.
 }
}

创建Nginx用户认证:

---

#以用户名为MoeClub.org密码为Vicer为例
echo -n 'MoeClub.org:' >>/etc/nginx/password
openssl passwd Vicer >>/etc/nginx/password