nginx.conf SSL Proxy Transmission

1. # Standard server configuration nothing to do in this part
2. user nginx;
3. worker_processes 1;
4.  
5. error_log /var/log/nginx/error.log warn;
6. pid /var/run/nginx.pid;
7.  
8.  
9. events {
10. worker_connections 1024;
11. }
12.  
13.  
14. http {
15. include /etc/nginx/mime.types;
16. default_type application/octet-stream;
17.  
18. log_format main '$remote_addr - $remote_user [$time_local] "$request" '
19. '$status $body_bytes_sent "$http_referer" '
20. '"$http_user_agent" "$http_x_forwarded_for"';
21.  
22. access_log /var/log/nginx/access.log main;
23.  
24. sendfile on;
25. #tcp_nopush on;
26.  
27. keepalive_timeout 65;
28.  
29. #gzip on;
30.  
31. # this if to rewrite all addresses going to my server in http into https
32. server {
33. listen 80;
34. server_name p2p.example.net;
35. rewrite ^ https://$server_name$request_uri? permanent;
36. }
37.  
38. server {
39. listen 443; # here you can also specifie the ip or ips to listen to, if a lot of NICs ex. 192.168.1.1:443
40. server_name p2p.example.net; # hostname
41.  
42. access_log off; # Enable of disable Logs
43.  
44. auth_basic "Please login"; # Message that will be shown when login
45. # you must disable auth on the transmission daemon server, otherwise, you'll
46. # have to login twice. basically nginx proxy takes care of auth from now and on
47. # you can create this file by htpasswd command line tool, that comes with apache
48. auth_basic_user_file /.ProxyUsers; # remove the . to be visible
49.  
50. # setup self signed SSL, there was a tutorial i followed online
51. # it's generic for all servers, just make sure file paths are right and
52. # that nginx can read the files (proper permission)
53. ssl on;
54. ssl_certificate /root/server.crt;
55. ssl_certificate_key /root/server.key;
56.  
57. ssl_session_timeout 5m;
58.  
59. ssl_protocols SSLv2 SSLv3 TLSv1;
60. ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
61. ssl_prefer_server_ciphers on;
62.  
63. # Thats the important part. Most of the tutorial on the net are not Transmission specific
64. # and don't pass the Transmission-Session Header
65. location / {
66. proxy_read_timeout 300;
67. proxy_pass_header X-Transmission-Session-Id;
68. proxy_set_header X-Forwarded-Host $host;
69. proxy_set_header X-Forwarded-Server $host;
70. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
71.  
72. # if you changed the port number for transmission daemon, then adjust the
73. # folllowing line
74. proxy_pass http://127.0.0.1:9091/transmission/web/;
75. }
76.  
77. # Also Transmission specific
78. location /rpc {
79. proxy_pass http://127.0.0.1:9091/transmission/rpc;
80. }
81.  
82. location /upload {
83. proxy_pass http://127.0.0.1:9091/transmission/upload;
84. }
85.  
86. }
87.  
88. }