SyncTillUSink Posted May 20, 2014 Report Share Posted May 20, 2014 Hi there.... Do anyone in here know how HTTPS should be configured for the BitTorrent WebUI? For tightened security that would be really great. Kind regards. Quote Link to comment Share on other sites More sharing options...
tuxpoldo Posted May 20, 2014 Report Share Posted May 20, 2014 Look: http://forum.bittorrent.com/topic/18974-debian-and-ubuntu-server-unofficial-packages-for-bittorrent-sync/?findpost=84221 Quote Link to comment Share on other sites More sharing options...
frater Posted May 22, 2014 Report Share Posted May 22, 2014 Modern Plesk servers already run nginx in front of Apache and I just investigated how I could add this to the existing setup without breaking their management shell. I didn't even have to stop any services. They have everything well organized in separate config folders that are included and the only thing I had to do was add a file in /etc/nginx/conf.d/I didn't even have to write the config file from scratch. First I modified /etc/btsync.conf so it will listen to 127.0.0.1 and not on all interfaces anymore.sed -i 's/0.0.0.0:57889/127.0.0.1:57889/g' /etc/btsync.confkillall -HUP btsyncnetstat -lntp | grep btsyncYou should see btsync only on 127.0.0.1 on port 57889 Don't forget to modify your firewall and stop it from opening port 57889 I copied the file /etc/plesk.conf.d/webmail.conf to /etc/nginx/conf.d/bittorrentsync.confcp -p /etc/nginx/plesk.conf.d/webmail.conf /etc/nginx/conf.d/bittorrentsync.confsed -i 's/proxy_pass.*/proxy_pass http://127.0.0.1:57889;/g' /etc/nginx/conf.d/bittorrentsync.confThen modify the file /etc/nginx/conf.d/bittorrentsync.conf by removing the complete section where it is listening on port 80 with http. Change the name to the FQDN you would like to use and maybe you also have a proper certificate.Then give:killall -HUP nginxThat's it For those that don't have Plesk but still would like to see the result.This is the file to add: # cat /etc/nginx/conf.d/bittorrentsync.confserver { listen 80.169.140.53:443 ssl; server_name my_fqdn.nl; ssl_certificate /root/.ssh/mycert.nl.pem; ssl_certificate_key /root/.ssh/mycert.nl-key.pem; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; client_max_body_size 128m; location / { proxy_pass http://127.0.0.1:57889; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }} Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.