Zeymon
September 28, 2018, 10:16am
1
Hello and a big thank you for this wonderful project that I have been discovering for a few months.
So I have a problem with luci-app-aria2, when I enable the options
-- rpc-secure=true
-- rpc-certificate=/mnt/sda2/ssl/aria2.pfx
The Json RPC url refers me to: http://192.168.1.1:6800/jsonrpc , so no https.
So I can't connect with AriaNg in https, does anyone have any ideas?
Thank you in advance.
https://aria2.github.io/manual/en/html/aria2c.html#cmdoption-rpc-certificate
--rpc-certificate
=<FILE>
Use the certificate in FILE for RPC server. The certificate must be either in PKCS12 (.p12, .pfx) or in PEM format.
PKCS12 files must contain the certificate, a key and optionally a chain of additional certificates. Only PKCS12 files with a blank import password can be opened!
When using PEM, you have to specify the private key via --rpc-private-key
as well. Use --rpc-secure
option to enable encryption.
Zeymon
September 28, 2018, 12:26pm
3
Thank you for your quick answer, I used this method to create my certificate without a password : https://gist.github.com/GAS85/79849bfd09613067a2ac0c1a711120a6
Added options :
But impossible to access in https, I did a lot of research on the net before asking a question on the forum, I'm starting to despair
You should post the log after service restart.
It could be either a separate file or system log.
In case of system log it should be like this:
service log restart
service aria2 restart
sleep 10; logread -e aria2
Zeymon
September 28, 2018, 4:25pm
5
Fri Sep 28 18:01:06 2018 daemon.info aria2: Aria2 will run with uer 'aria2'.
Fri Sep 28 18:01:06 2018 daemon.info aria2: Please make sure user 'aria2' has write access to downlod dir: /mnt/sda2/download
That's all I have.
However, no connection problems when using aria2 through http.
Some use a reverse proxy to fix the problem as here :
https://github.com/ziahamza/webui-aria2/issues/108
Please show Aria2 configuration:
uci show aria2
Zeymon
September 28, 2018, 6:03pm
7
root@OpenWrt:~# uci show aria2
aria2.main=aria2
aria2.main.user='aria2'
aria2.main.config_dir='/var/etc/aria2'
aria2.main.bt_enable_lpd='true'
aria2.main.enable_dht='true'
aria2.main.follow_torrent='true'
aria2.main.save_session_interval='30'
aria2.main.header=''
aria2.main.enabled='1'
aria2.main.dir='/mnt/sda2/download'
aria2.main.disk_cache='32M'
aria2.main.file_allocation='falloc'
aria2.main.rpc_auth_method='none'
aria2.main.max_connection_per_server='4'
aria2.main.min_split_size='20M'
aria2.main.split='4'
aria2.main.overall_speed_limit='1'
aria2.main.max_overall_download_limit='0'
aria2.main.max_overall_upload_limit='0'
aria2.main.task_speed_limit='1'
aria2.main.max_download_limit='0'
aria2.main.max_upload_limit='0'
aria2.main.max_concurrent_downloads='5'
aria2.main.extra_settings='rpc-secure=true' 'rpc-certificate=/mnt/sda2/ssl/aria2.pfx'
aria2.main.enable_log='true'
aria2.main.log_level='debug'
Are you using desktop client or one of Web-UI?
# opkg list | grep -i aria2 | grep -i web
ariang - 2018-02-21-f71a67cb-1 - AriaNg is a web frontend making aria2 easier to use. AriaNg is written in pure html & javascript, thus it does not need any compilers or runtime environment.
webui-aria2 - 2017-05-21-d1ce5b99-1 - The aim for this project is to create the worlds best and hottest interface to interact with aria2. Very simple to use.
yaaw - 2017-04-11-1 - Yet Another Aria2 Web Frontend in pure HTML/CSS/Javascirpt.
Actually there's no point setting up secure connection if Daemon and Web-UI are on the same host.
Zeymon
September 28, 2018, 7:24pm
9
Yes, no interest for localhost, but the problem, as soon as I want to download a link in https, I receive this error this AriaNg:
ssl/handshake failure : unable to get local issuer certificate
The only solution I found, but not secure, is the option :
-- check-certificate=false
There's example using Aria2 + AriaNg:
https://hub.docker.com/r/wahyd4/aria2-ariang/
Notice
: The certificate file should be named aria2.crt
and the key file should be named aria2.key
Zeymon
September 28, 2018, 8:42pm
11
I had a glimmer of hope, but no, changing the name doesn't help.
I think I'm going to turn to a nginx reverse proxy, i've tested a lot of things, but nothing works.
Thank you for your patient anyway
Do not use PFX, only CRT and PEM.
Additional option for private key:
https://aria2.github.io/manual/en/html/aria2c.html#cmdoption-rpc-private-key
--rpc-private-key
=<FILE>
Use the private key in FILE for RPC server. The private key must be decrypted and in PEM format. Use --rpc-secure
option to enable encryption. See also --rpc-certificate
option.
Make sure your certificate and key look like this:
# cat aria2.crt
-----BEGIN CERTIFICATE-----
<base64_encoded_data>
-----END CERTIFICATE-----
# cat aria2.pem
-----BEGIN PRIVATE KEY-----
<base64_encoded_data>
-----END PRIVATE KEY-----
AriaNg should have some option to specify the directory with certificate and key:
I suspect you need to set this option explicitly:
/yoursslkeys/:/dir/with/ssl/keys
See the link above with Aria2+AriaNg@Docker example.
What is your problems.
Https url error.
Zeymon
September 29, 2018, 6:48am
14
It's moving forward this morning, install :
opkg install ca-certificates
cd /etc/ssl/
And run :
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
Add in luci-app-aria2 options :
rpc-certificate=/etc/ssl/server.crt
rpc-private-key=/etc/ssl/server.key
rpc-secure=true
ca-certificate=/etc/ssl/certs/ca-certificates.crt
I went to this link with firefox to sign the certificate and add an exception:
https://192.168.1.1:6800/jsonrpc
And the miracle, AriaNg connects it in https
I was on the wrong track
Thanks guys for helping out.
Ps : I change the title so as not to mislead future readers.
Ps1 : Edition 13 July 2019, simplified handling.
4 Likes
tmomas
Closed
October 9, 2018, 6:48am
15
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.