in ,

How to Setup a Reverse Proxy in OMV with Let’s Encrypt SSL for Sabnzbd, Radarr, Sonarr and Transmission

Setup a Reverse Proxy with Let's Encrypt SSL

After showing you how to configure SABnzbd, Sonarr and Radarr to use Let’s Encrypt’s free SSL-certificates via Reverse Proxy in OpenMediaVault, I’ll do the same with Transmission. What’s cool about this torrent application, is that it’s incredibly easy to configure for this purpose. Let’s begin.

How to Configure a Let’s Encrypt SSL-Secured Reverse Proxy for Transmission using Nginx

I assume you’ve installed Transmission using the OMV-Extras.org Repository. Transmission’s Web Interface is very limited when it comes to options, etc. So the settings you must configure are located inside OpenMediaVault. Make sure you’re logged in to OMV’s Web Interface and follow the steps below:

Configure Transmission to use Nginx Reverse Proxy and Let's Encrypt SSL-certificates
Configure Transmission to use Nginx Reverse Proxy and Let’s Encrypt SSL-certificates
  1. Located underneath ‘Services‘ should be a menu-item, called ‘BitTorrent‘. Open it.
  2. Inside the ‘Settings‘-tab is a section, titled ‘RPC/Web Interface Settings‘. Take note of the ‘port‘ inside it (default: 9091).
  3. Change the value in the ‘URL‘-field to ‘transmission‘. This will act as the prefix to all requests to the above port.
  4. Click ‘Save‘.

Now Transmission will prefix any requests to its local port with ‘/transmission/‘. All we need to do now is make Nginx listen to all requests containing that URI.

Configuring a Nginx Reverse Proxy for Transmission in OpenMediaVault (OMV)

Transmission is configured to prefix all requests to its application. Now we need to tell Nginx where it needs to forward these requests. I.e. where (which port) Transmission is located.

  1. Open a terminal and connect to your NAS using SSH.
  2. Edit the following .conf file using your favorite terminal text editor, e.g. nano /etc/nginx/openmediavault-webgui.d/apps.conf (if it doesn’t exist yet it will be created!)
  3. Insert the following snippet:
    location /transmission {
    proxy_pass http://localhost:9091/transmission;
    }
    view raw apps.conf hosted with ❤ by GitHub
    If the server_name-node already exists and it contains the webadress (e.g. nas.yourdomain.com) and local IP-address (e.g. 192.168.xxx.xxx) of your OpenMediaVault-server, don’t replace it. Skip that and only add the location-node to the list of rewrites. Make sure the port after localhost is the same as the SSL-port you saw earlier in Transmission’s SSL settings (default: 9091).
  4. Save the file and restart Nginx:service nginx restart[/shell]

The settings should be effective immediately. To confirm if Transmission is reachable using your brand-new Let's Encrypt SSL Reverse Proxy, go to https://nas.yourdomain.com/transmission. If you updated your DNS-configuration to forward to your NAS within the last few hours, it might take a while before your NAS is reachable from outside your LAN. Your new DNS-settings need to be propagated across all internet providers worldwide.

There you go! You can now access Transmission's Web Interface through a Reverse Proxy using a Let's Encrypt SSL-Certificate and Nginx. As you can see it's not that difficult to set this up in OpenMediaVault.

Written by Daan van den Bergh

Magento 2 Back-end Developer with a passion for trainlifting, airplane-gliding, hunting trees and creating fake hobbies.

12 Comments

Leave a Reply
  1. You don’t need Sonarr’s “Enable SSL” if you’re implementing the HTTPS encryption with Let’s Encrypt at the reverse proxy level, I assume.

  2. While I appreciate the time you took to write this article, the title is incredibly misleading. I came here for info on sonarr reverse proxying yet I can only find sabnzbd, with a configuration that will result in a imperfect configuration at that.

  3. This tutorial is outdated. You should consider revising it as certain things changed in Letsencrypt interface.

  4. Hi Daan,

    Thanks so much for your useful guide! I set this up months ago and it’s been working perfectly up until yesterday. I haven’t changed any settings but it’s just stopped working :( I rebooted my router, double checked the port forwarding was still in place, checked the certificate was still valid etc and nada :( I can see that DuckDNS is working correctly also, it’s correctly obtaining my WAN IP.

    Do you have any ideas?

  5. I’m a bit confused when you say that the NAS needs to be accessible from outside. So if I want to access OMV, I need to type for example mydomain.com:portToMyNAS. Then my router will forward this request to my NAS and the login page will be displayed. Is this what you mean?

    Also isn’t this a security risk – shouldn’t we use an VPN service instead of leaving it directly open to the public internet?

    • If you want to use a VPN, then using a reverse proxy isn’t relevant IMO. You can just access your NAS from inside your VPN.

      But to answer your question. It’s not necessarily a security risk if OMV (your NAS’s IP, on port 443/80) is accessible over WAN.

  6. Hi Daan,
    I’ve successfully installed the certificate, and installed sonarr – used your config for the ngnix. The problem is that i get the following web page when I try to load mydomain.com/sonarr: https://imgur.com/a/HUxfC16 (this image shows my internal IP, but the same thing happens if I use my domain)

    I’ve port forwarded port 80 and 443 in my router to my OMV server. Also the OMV server has ports 80 and 443 setup (in general settings > web administration).
    What am I doing wrong?
    Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.