linuxopensuse

OpenSUSE : Install rTorrent and ruTorrent

noraj (Alexandre ZANNI)
, ,
🇬🇧
  • Install rTorrent, git ang nginx:
1
# zypper install rtorrent git nginx

Warning: rtorrent package in official openSUSE repository is not compiled with xmlrpc so you won't be able to use it with rutorrent.

  • Add the php devel repository to be able to install php7:
1
2
3
# zypper addrepo http://download.opensuse.org/repositories/devel:languages:php/openSUSE_Leap_42.1/devel:languages:php.repo
# zypper refresh
# zypper install php7 php7-fpm
  • Go to the default web folder and clone the ruTorrent git repository:
1
2
$ cd /srv/www/htdocs/
# git clone https://github.com/Novik/ruTorrent.git rutorrent
  • Enable and start nginx:
1
2
# systemctl enable nginx.service
# systemctl start nginx.service
  • Open php configuration:
1
# vim /etc/php7/cli/php.ini
1
expose_php = Off
1
file_uploads = On
1
upload_max_filesize = 15M
1
post_max_size = 15M
1
open_basedir = /srv/www/htdocs/rutorrent
  • Change the value of cgi.fix_pathinfo to zero for security reasons:
1
cgi.fix_pathinfo=0
  • Save and quit php.ini.
  • Create the php-fpm.conf and www.conf files:
1
2
# cp /etc/php7/fpm/php-fpm.conf.default /etc/php7/fpm/php-fpm.conf
# cp /etc/php7/fpm/php-fpm.d/www.conf.default /etc/php7/fpm/php-fpm.d/www.conf
  • Edit the php-fpm configuration:
1
# vim /etc/php7/fpm/php-fpm.conf
  • To enable php-fpm log, uncomment this line (the default prefix is /var):
1
error_log = log/php-fpm.log
  • Edit the php-fpm pool file:
1
# vim /etc/php7/fpm/php-fpm.d/www.conf
  • Configure the owner of the nginx process to the Nginx user:
1
2
user = nginx
group = nginx
  • Configure php-fpm to run under a socket file, not a port:
1
listen = /var/run/php-fpm.sock
  • Change the permissions for the unix socket to the nginx user, group and mode:
1
2
3
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
  • Enable and start php-fpm:
1
2
# systemctl enable php-fpm
# systemctl start php-fpm
  • Create an authentification folder for nginx:
1
# mkdir /etc/nginx/auth
  • Create the virtual servers directories:
1
2
# mkdir /etc/nginx/servers-available
# mkdir /etc/nginx/servers-enabled
  • Edit the nginx configuration file:
1
# vim /etc/nginx/nginx.conf
  • And add this config:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
user nginx;
worker_processes auto;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
    multi_accept on;
    use epoll;
}

http {

    charset UTF-8;

    ##
    # Basic Settings
    ##
    server_names_hash_bucket_size 64;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;

    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Logging Settings
    ##
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##
    include /etc/nginx/servers-enabled/*;
}
  • Save and quit.
  • Create the server domain config:
1
# vim /etc/nginx/servers-available/seedbox.conf
  • And add the config:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
server {
    listen 80;
    listen [::]:80;
    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;
}

##
# BLOCK SERVEUR HTTPS
##
server {
    # http2 not supported by nginx 1.8.1
    listen 443 ssl;
    server_name seedbox.domain.example.org;
    root /srv/www/htdocs/rutorrent;
    index index.php index.html index.htm;

##
# SSL
##
    ssl_certificate /etc/nginx/ssl/seedbox.crt;
    ssl_certificate_key /etc/nginx/ssl/seedbox.key;

    ssl_protocols TLSv1.2;
    ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;

    # ssl optimizations
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:20m;
    ssl_session_tickets on;

##
# SECURITY
##

    add_header X-XSS-Protection "1; mode=block";
    auth_basic "Restricted Area";
    auth_basic_user_file "/etc/nginx/auth/seedbox_auth";

##
# PHP
##
    location / {
    index index.php index.html index.htm;
    try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    }

    location ^~ /conf/ {
    deny all;
    }

    location ^~ /share/ {
    deny all;
    }
}
  • Don’t forget to change server_name seedbox.domain.example.org; with your own domain and create a CNAME entry in your DNS configuration.
  • Enable the server:
1
# ln -s /etc/nginx/servers-available/seedbox.conf /etc/nginx/servers-enabled/seedbox.conf
  • To configure a self-signed certificate, add the certificate folder:
1
# mkdir /etc/nginx/ssl
  • Generate self-signed certificate:
1
2
3
4
# cd /etc/nginx/ssl
# openssl ecparam -genkey -name secp384r1 -out seedbox.key
# openssl req -new -key seedbox.key -sha256 -out seedbox.csr
# openssl req -x509 -days 3650 -sha256 -key seedbox.key -in seedbox.csr -out seedbox.crt
  • Modify files rights:
1
2
# chmod 644 /etc/nginx/ssl/*.crt
# chmod 640 /etc/nginx/ssl/*.key
  • Create an user:
1
2
# useradd --shell /bin/bash --create-home sdbox
# passwd sdbox
  • Create needed folder for rtorrent:
1
# mkdir -p /home/sdbox/{torrents,watch,.session}
  • Create rtorrent config file:
1
# vim /home/sdbox/.rtorrent.rc
  • Paste the config:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
scgi_port = 127.0.0.1:5001
encoding_list = UTF-8
port_range = 45000-65000
port_random = no
check_hash = no
directory = /home/sdbox/torrents
session = /home/sdbox/.session
encryption = allow_incoming, try_outgoing, enable_retry
schedule = watch_directory,1,1,"load_start=/home/sdbox/watch/*.torrent"
schedule = untied_directory,5,5,"stop_untied=/home/sdbox/watch/*.torrent"
use_udp_trackers = yes
dht = off
peer_exchange = no
min_peers = 40
max_peers = 100
min_peers_seed = 10
max_peers_seed = 50
max_uploads = 15
execute = {sh,-c,/usr/bin/php /srv/www/htdocs/rutorrent/php/initplugins.php sdbox &}
schedule = espace_disque_insuffisant,1,30,close_low_diskspace=500M
  • Give user permissions:
1
2
3
# chown --recursive sdbox:users /home/sdbox
# chown root:root /home/sdbox
# chmod 755 /home/sdbox
  • Edit the virtual server config:
1
# vim /etc/nginx/servers-available/seedbox.conf
  • Add the config:
1
2
3
4
5
6
7
location /SDBOX
{
    include scgi_params;
    scgi_pass 127.0.0.1:5001;
    auth_basic "Restricted Area";
    auth_basic_user_file "/etc/nginx/auth/seedbox_auth sdbox";
}
  • In order to do not install apache-tools, manually generate the auth file for sdbox user (it will write over the file and don’t forget to change the password in the command):
1
$ echo -n "sdbox:" | sudo tee /etc/nginx/auth/seedbox_auth && openssl passwd -apr1 password | sudo tee -a /etc/nginx/auth/seedbox_auth
  • Protect the authentification file:
1
2
# chmod 600 /etc/nginx/auth/seedbox_auth
# chown nginx:nginx /etc/nginx/auth/*
  • Create ruTorrent config file:
1
2
# mkdir /srv/www/htdocs/rutorrent/conf/users/sdbox
# vim /srv/www/htdocs/rutorrent/conf/users/sdbox/config.php
  • And add the content:
1
2
3
4
5
6
7
8
<?php

$pathToExternals['curl'] = '/usr/bin/curl';
$topDirectory = '/home/sdbox';
$scgi_port = 5001;
$scgi_host = '127.0.0.1';
$XMLRPCMountPoint = '/SDBOX';
$tempDirectory = '/srv/www/htdocs/rutorrent/tmp/';
  • Correct permissions:
1
2
3
# chown -R nginx:nginx /srv/www/htdocs/rutorrent
# chmod 0777 /srv/www/htdocs/rutorrent/share/{settings,torrents,users}
# systemctl restart nginx.service
  • Enable user lingering:
1
# loginctl enable-linger sdbox
  • To create a rTorrent service, create the file /etc/systemd/system/rtorrent.service containing:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[Unit]
Description=rTorrent Daemon
After=network.target

[Service]
Type=forking
KillMode=none
User=sdbox
ExecStart=/usr/bin/tmux new-session -c /mnt/storage/rtorrent -s rtorrent -n rtorrent -d rtorrent
ExecStop=/usr/bin/bash -c "/usr/bin/tmux send-keys -t rtorrent C-q && while pidof rtorrent > /dev/null; do sleep 0.5; done"
WorkingDirectory=/home/sdbox/
Restart=on-failure

[Install]
WantedBy=multi-user.target
  • Enable rtorrent at boot time and manually start it:
1
2
# systemctl enable rtorrent
# systemctl start rtorrent
  • To allow web traffic trought the firewall, create this file:
1
# vim /etc/sysconfig/SuSEfirewall2.d/services/httpd
  • And add this config:
1
2
3
4
5
## Name: Web server
## Description: opens ports for web servers in order to allow http and https traffic

# space separated list of allowed TCP ports
TCP="80 443"
  • Now add the httpd config in the global settings:
1
# vim /etc/sysconfig/SuSEfirewall2

  • And add httpd to FW_CONFIGURATIONS_EXT, for example FW_CONFIGURATIONS_EXT="sshd httpd".

  • Now restart the firewall:

1
2
3
# systemctl restart SuSEfirewall2.service
or
# rcSuSEfirewall2 restart
Share