Wednesday, March 9, 2011

Deluge bittorrent webUI behind reverse proxy

Maybe not strictly security related, but this might by handy for other people who also want to put their Deluge bittorrent webUI behind a reverse proxy. There are several tutorials available on the internet describing how to do this, but none of them work for the latest stable version (1.3.1) of Deluge. The webUI uses a lot of AJAX and gzip compression for some parts, which makes the use of a reverse proxy more complicated. I've used Apache (2.2.16) with the following enabled modules:

authz_host_module
deflate_module
dir_module
filter_module
headers_module
mime_module
proxy_module
proxy_http_module
rewrite_module
ssl_module
unique_id_module

Not all of them are needed, but most are needed for this setup. Here is the vhost I have configured:

<VirtualHost *:80="">

Servername dmz

ProxyRequests off
ProxyHTMLExtended on
ProxyPass /deluge http://127.0.0.1:8112/
ProxyHTMLURLMap http://127.0.0.1:8112 /deluge

Header unset Server

<location /deluge>
        ProxyPassReverse /
        ProxyPassReverseCookiePath / /deluge/
        SetOutputFilter INFLATE;proxy-html;DEFLATE
        ProxyHTMLURLMap / /deluge/ ec
        ProxyHTMLURLMap /deluge /deluge ec
        ProxyHTMLURLMap ([^*])(\/[^*].*) $1/deluge$2 hRxL
        #ProxyHTMLLogVerbose On
        Order allow,deny
        Allow from all
</Location>

</VirtualHost>

The webUI is running on a python based web server on port 8112.  The "Header unset Server" line will remove the following banner that is normally displayed by the web server:

Server: TwistedWeb/10.2.0

The SetOutputFilter line will inflate the gzip compressed data, modify it and deflate it again. If this configuration stops working for a new version of Deluge the ProxyHTMLLogVerbose option can be uncommented to debug. Also make sure the system running the webUI is able to make outbound connections to torrent trackers in the torrent file you are uploading or the webUI will take forever to load a new torrent file. Happy dowloading!

3 comments:

  1. Hey thanks for posting this! I've been trying to get it to work following your guide, but I get this error when I start apache:

    [error] (EAI 2)Name or service not known: Could not resolve host name *:80="" -- ignoring!

    And the webui doesn't work. Seems to be a problem with

    Any ideas?

    Cheers,

    Matt

    ReplyDelete
  2. It looks like your system is not able to resolve the host name. What have you configured as the Servername and is that host also in your DNS server?

    ReplyDelete
  3. This worked super cool. But only problem I'm facing is when adding torrents from web UI.

    ReplyDelete