How to Setup a Reverse Proxy in OMV with Let’s Encrypt SSL for Sabnzbd, Radarr, Sonarr and Transmission

After showing you how to configure SABnzbd, Sonarr and Radarr to use Let’s Encrypt’s free SSL-certificates via Reverse Proxy in OpenMediaVault, I’ll do the same with Transmission. What’s cool about this torrent application, is that it’s incredibly easy to configure for this purpose. Let’s begin.

  • The Wait is Over.

    Get the Newsletter you've always wanted, now!

    Sign up to receive Biweekly, Free Optimization Tips for WordPress.

    No spam. I promise.

  • How to Configure a Let’s Encrypt SSL-Secured Reverse Proxy for Transmission using Nginx

    I assume you’ve installed Transmission using the OMV-Extras.org Repository. Transmission’s Web Interface is very limited when it comes to options, etc. So the settings you must configure are located inside OpenMediaVault. Make sure you’re logged in to OMV’s Web Interface and follow the steps below:

    Configure Transmission to use Nginx Reverse Proxy and Let's Encrypt SSL-certificates
    Configure Transmission to use Nginx Reverse Proxy and Let’s Encrypt SSL-certificates
    1. Located underneath ‘Services‘ should be a menu-item, called ‘BitTorrent‘. Open it.
    2. Inside the ‘Settings‘-tab is a section, titled ‘RPC/Web Interface Settings‘. Take note of the ‘port‘ inside it (default: 9091).
    3. Change the value in the ‘URL‘-field to ‘transmission‘. This will act as the prefix to all requests to the above port.
    4. Click ‘Save‘.

    Now Transmission will prefix any requests to its local port with ‘/transmission/‘. All we need to do now is make Nginx listen to all requests containing that URI.

    Configuring a Nginx Reverse Proxy for Transmission in OpenMediaVault (OMV)

    Transmission is configured to prefix all requests to its application. Now we need to tell Nginx where it needs to forward these requests. I.e. where (which port) Transmission is located.

    1. Open a terminal and connect to your NAS using SSH.
    2. Edit the following .conf file using your favorite terminal text editor, e.g. nano /etc/nginx/openmediavault-webgui.d/apps.conf (if it doesn’t exist yet it will be created!)
    3. Insert the following snippet:
      location /transmission {
      proxy_pass http://localhost:9091/transmission;
      }
      view raw apps.conf hosted with ❤ by GitHub
      If the server_name-node already exists and it contains the webadress (e.g. nas.yourdomain.com) and local IP-address (e.g. 192.168.xxx.xxx) of your OpenMediaVault-server, don’t replace it. Skip that and only add the location-node to the list of rewrites. Make sure the port after localhost is the same as the SSL-port you saw earlier in Transmission’s SSL settings (default: 9091).
    4. Save the file and restart Nginx:service nginx restart[/shell]

    The settings should be effective immediately. To confirm if Transmission is reachable using your brand-new Let’s Encrypt SSL Reverse Proxy, go to https://nas.yourdomain.com/transmission. If you updated your DNS-configuration to forward to your NAS within the last few hours, it might take a while before your NAS is reachable from outside your LAN. Your new DNS-settings need to be propagated across all internet providers worldwide.

    There you go! You can now access Transmission‘s Web Interface through a Reverse Proxy using a Let’s Encrypt SSL-Certificate and Nginx. As you can see it’s not that difficult to set this up in OpenMediaVault.

    Daan van den Bergh

    Daan van den Bergh is a carefully seasoned web developer. His methods consist of thinly slicing your website’s beef and serve you with a platter of the best performance carpaccio on a bed of rocket — the only thing he’s more passionate about is food. Hire him at ffwp.dev.

    13 thoughts on “How to Setup a Reverse Proxy in OMV with Let’s Encrypt SSL for Sabnzbd, Radarr, Sonarr and Transmission”

    1. You don’t need Sonarr’s “Enable SSL” if you’re implementing the HTTPS encryption with Let’s Encrypt at the reverse proxy level, I assume.

      Reply
    2. While I appreciate the time you took to write this article, the title is incredibly misleading. I came here for info on sonarr reverse proxying yet I can only find sabnzbd, with a configuration that will result in a imperfect configuration at that.

      Reply
    3. This tutorial is outdated. You should consider revising it as certain things changed in Letsencrypt interface.

      Reply
    4. Hi Daan,

      Thanks so much for your useful guide! I set this up months ago and it’s been working perfectly up until yesterday. I haven’t changed any settings but it’s just stopped working :( I rebooted my router, double checked the port forwarding was still in place, checked the certificate was still valid etc and nada :( I can see that DuckDNS is working correctly also, it’s correctly obtaining my WAN IP.

      Do you have any ideas?

      Reply
    5. I’m a bit confused when you say that the NAS needs to be accessible from outside. So if I want to access OMV, I need to type for example mydomain.com:portToMyNAS. Then my router will forward this request to my NAS and the login page will be displayed. Is this what you mean?

      Also isn’t this a security risk – shouldn’t we use an VPN service instead of leaving it directly open to the public internet?

      Reply
      • If you want to use a VPN, then using a reverse proxy isn’t relevant IMO. You can just access your NAS from inside your VPN.

        But to answer your question. It’s not necessarily a security risk if OMV (your NAS’s IP, on port 443/80) is accessible over WAN.

        Reply

    Leave a Comment

    This site uses Akismet to reduce spam. Learn how your comment data is processed.