After showing you how to configure SABnzbd, Sonarr and Radarr to use Let’s Encrypt’s free SSL-certificates via Reverse Proxy in OpenMediaVault, I’ll do the same with Transmission. What’s cool about this torrent application, is that it’s incredibly easy to configure for this purpose. Let’s begin.
How to Configure a Let’s Encrypt SSL-Secured Reverse Proxy for Transmission using Nginx
I assume you’ve installed Transmission using the OMV-Extras.org Repository. Transmission’s Web Interface is very limited when it comes to options, etc. So the settings you must configure are located inside OpenMediaVault. Make sure you’re logged in to OMV’s Web Interface and follow the steps below:

- Located underneath ‘Services‘ should be a menu-item, called ‘BitTorrent‘. Open it.
- Inside the ‘Settings‘-tab is a section, titled ‘RPC/Web Interface Settings‘. Take note of the ‘port‘ inside it (default: 9091).
- Change the value in the ‘URL‘-field to ‘transmission‘. This will act as the prefix to all requests to the above port.
- Click ‘Save‘.
Now Transmission will prefix any requests to its local port with ‘/transmission/‘. All we need to do now is make Nginx listen to all requests containing that URI.
Configuring a Nginx Reverse Proxy for Transmission in OpenMediaVault (OMV)
Transmission is configured to prefix all requests to its application. Now we need to tell Nginx where it needs to forward these requests. I.e. where (which port) Transmission is located.
- Open a terminal and connect to your NAS using SSH.
- Edit the following .conf file using your favorite terminal text editor, e.g.
nano /etc/nginx/openmediavault-webgui.d/apps.conf
(if it doesn’t exist yet it will be created!) - Insert the following snippet:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characterslocation /transmission { proxy_pass http://localhost:9091/transmission; }
If the server_name-node already exists and it contains the webadress (e.g. nas.yourdomain.com) and local IP-address (e.g. 192.168.xxx.xxx) of your OpenMediaVault-server, don’t replace it. Skip that and only add the location-node to the list of rewrites. Make sure the port after localhost is the same as the SSL-port you saw earlier in Transmission’s SSL settings (default: 9091). - Save the file and restart Nginx:
service nginx restart[/shell]
The settings should be effective immediately. To confirm if Transmission is reachable using your brand-new Let’s Encrypt SSL Reverse Proxy, go to https://nas.yourdomain.com/transmission. If you updated your DNS-configuration to forward to your NAS within the last few hours, it might take a while before your NAS is reachable from outside your LAN. Your new DNS-settings need to be propagated across all internet providers worldwide.
There you go! You can now access Transmission‘s Web Interface through a Reverse Proxy using a Let’s Encrypt SSL-Certificate and Nginx. As you can see it’s not that difficult to set this up in OpenMediaVault.
You don’t need Sonarr’s “Enable SSL” if you’re implementing the HTTPS encryption with Let’s Encrypt at the reverse proxy level, I assume.
You’re right. I guess I enabled that setting without thinking. Just make sure you’re directing the proxy to the non-ssl port, but that’s all!
While I appreciate the time you took to write this article, the title is incredibly misleading. I came here for info on sonarr reverse proxying yet I can only find sabnzbd, with a configuration that will result in a imperfect configuration at that.
What are you talking about? It’s on page 3 of this article…
This tutorial is outdated. You should consider revising it as certain things changed in Letsencrypt interface.
Al right. Thanks for the feedback. I’ll add it to my to-do list!
Hi Daan,
Thanks so much for your useful guide! I set this up months ago and it’s been working perfectly up until yesterday. I haven’t changed any settings but it’s just stopped working 🙁 I rebooted my router, double checked the port forwarding was still in place, checked the certificate was still valid etc and nada 🙁 I can see that DuckDNS is working correctly also, it’s correctly obtaining my WAN IP.
Do you have any ideas?
I’m a bit confused when you say that the NAS needs to be accessible from outside. So if I want to access OMV, I need to type for example mydomain.com:portToMyNAS. Then my router will forward this request to my NAS and the login page will be displayed. Is this what you mean?
Also isn’t this a security risk – shouldn’t we use an VPN service instead of leaving it directly open to the public internet?
If you want to use a VPN, then using a reverse proxy isn’t relevant IMO. You can just access your NAS from inside your VPN.
But to answer your question. It’s not necessarily a security risk if OMV (your NAS’s IP, on port 443/80) is accessible over WAN.