ArchLinux - Install rTorrent and ruTorrent

Install rTorrent

As rTorrent package is always up-to-date on Arch repository, it's not needed to compile it.

1
# pacman -S rtorrent

Install ruTorrent

  • Create the web server root directory if it doesn't already exist:

1
# mkdir -p /usr/share/nginx/html/

  • Go to the web server folder and clone the ruTorrent git repository into it:

1
2
$ cd /usr/share/nginx/html/
# git clone https://github.com/Novik/ruTorrent.git rutorrent

Install Nginx

1
# pacman -S nginx-mainline

  • Enable and start nginx:

1
2
# systemctl enable nginx.service
# systemctl start nginx.service

Install and configure PHP

1
# pacman -S php

1
# pacman -S php-fpm

  • Open php configuration:

1
# vim /etc/php/php.ini

1
expose_php = Off

1
file_uploads = On

1
post_max_size = 15M

1
upload_max_filesize = 15M

1
open_basedir = /usr/share/nginx/html/rutorrent

  • Enable and start php-fpm:

1
2
# systemctl enable php-fpm
# systemctl start php-fpm

Configure Nginx

  • Change the default conf:

1
2
3
# mkdir /etc/nginx/auth
# mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.default
# vim /etc/nginx/nginx.conf

  • And add this conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
user http;
worker_processes auto;
# PID error: https://bugs.archlinux.org/task/46500
# pid /run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
charset UTF-8;
##
# Basic Settings
##
server_names_hash_bucket_size 64;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/servers-enabled/*;
}

  • Create following directories:

1
2
# mkdir /etc/nginx/servers-available
# mkdir /etc/nginx/servers-enabled

  • Create the server domain config:

1
# vim /etc/nginx/servers-available/seedbox.conf

  • And add the conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
server {
listen 80;
listen [::]:80;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
##
# BLOCK SERVEUR HTTPS
##
server {
listen 443 ssl http2;
server_name seedbox.domain.example.org;
root /usr/share/nginx/html/rutorrent;
index index.php index.html index.htm;
##
# SSL
##
ssl_certificate /etc/nginx/ssl/seedbox.crt;
ssl_certificate_key /etc/nginx/ssl/seedbox.key;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
# ssl optimizations
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets on;
##
# SECURITY
##
add_header X-XSS-Protection "1; mode=block";
auth_basic "Restricted Area";
auth_basic_user_file "/etc/nginx/auth/seedbox_auth";
##
# PHP
##
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params; }
location ^~ /conf/ {
deny all;
}
location ^~ /share/ {
deny all;
}
}

  • Don't forget to change server_name seedbox.domain.example.org; with your own domain and create a CNAME entry in your DNS configuration.
  • Enable the server:

1
# ln -s /etc/nginx/servers-available/seedbox.conf /etc/nginx/servers-enabled/seedbox.conf

Configure SSL

We will both view self-signed certificate and Let's Encrypt ones.

Self-signed

  • Add certificate folder:

1
# mkdir /etc/nginx/ssl

  • Generate self-signed certificate:

1
2
3
4
# cd /etc/nginx/ssl
# openssl ecparam -genkey -name secp384r1 -out seedbox.key
# openssl req -new -key seedbox.key -sha256 -out seedbox.csr
# openssl req -x509 -days 3650 -sha256 -key seedbox.key -in seedbox.csr -out seedbox.crt

  • Modify files rights:

1
2
# chmod 644 /etc/nginx/ssl/*.crt
# chmod 640 /etc/nginx/ssl/*.key

Let's Encrypt

TODO

Add an user

  • Create an user:

1
2
# useradd --shell /bin/bash --create-home sdbox
# passwd sdbox

  • Create needed folder for rtorrent:

1
# mkdir -p /home/sdbox/{torrents,watch,.session}

  • Create rtorrent config file:

1
# vim /home/sdbox/.rtorrent.rc

  • Paste the config:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
scgi_port = 127.0.0.1:5001
encoding_list = UTF-8
port_range = 45000-65000
port_random = no
check_hash = no
directory = /home/sdbox/torrents
session = /home/sdbox/.session
encryption = allow_incoming, try_outgoing, enable_retry
schedule = watch_directory,1,1,"load_start=/home/sdbox/watch/*.torrent"
schedule = untied_directory,5,5,"stop_untied=/home/sdbox/watch/*.torrent"
use_udp_trackers = yes
dht = off
peer_exchange = no
min_peers = 40
max_peers = 100
min_peers_seed = 10
max_peers_seed = 50
max_uploads = 15
execute = {sh,-c,/usr/bin/php /usr/share/nginx/html/rutorrent/php/initplugins.php sdbox &}
schedule = espace_disque_insuffisant,1,30,close_low_diskspace=500M

  • Give user permissions:

1
2
3
# chown --recursive sdbox:sdbox /home/sdbox
# chown root:root /home/sdbox
# chmod 755 /home/sdbox

  • Edit the virtual server conf:

1
# vim /etc/nginx/servers-available/seedbox.conf

  • Add the conf:

1
2
3
4
5
6
7
location /SDBOX
{
include scgi_params;
scgi_pass 127.0.0.1:5001;
auth_basic "Restricted Area";
auth_basic_user_file "/etc/nginx/auth/seedbox_auth sdbox";
}

  • In order to do not install apache-tools, manually generate the auth file for sdbox user (it will write over the file and don't forget to change the password in the command):

1
$ echo -n "sdbox:" | sudo tee /etc/nginx/auth/seedbox_auth && openssl passwd -apr1 password | sudo tee -a /etc/nginx/auth/seedbox_auth

  • Protect the authentification file:

1
2
# chmod 600 /etc/nginx/auth/seedbox_auth
# chown http:http /etc/nginx/auth/*

  • Create ruTorrent config file:

1
2
# mkdir /usr/share/nginx/html/rutorrent/conf/users/sdbox
# vim /usr/share/nginx/html/rutorrent/conf/users/sdbox/config.php

  • And add the content:

1
2
3
4
5
6
7
8
<?php
$pathToExternals['curl'] = '/usr/bin/curl';
$topDirectory = '/home/sdbox';
$scgi_port = 5001;
$scgi_host = '127.0.0.1';
$XMLRPCMountPoint = '/SDBOX';
$tempDirectory = '/usr/share/nginx/html/rutorrent/tmp/';

  • Correct permissions:

1
2
3
# chown -R http:http /usr/share/nginx/html/rutorrent
# chmod 0777 /usr/share/nginx/html/rutorrent/share/{settings,torrents,users}
# systemctl restart nginx.service

Create a rTorrent service

  • Create the file /etc/systemd/system/rtorent.service (because /etc/systemd/user/ doesn't work) containing:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[Unit]
Description=rTorrent Daemon
After=network.target
[Service]
Type=forking
KillMode=none
User=sdbox
ExecStart=/usr/bin/tmux new-session -c /mnt/storage/rtorrent -s rtorrent -n rtorrent -d rtorrent
ExecStop=/usr/bin/bash -c "/usr/bin/tmux send-keys -t rtorrent C-q && while pidof rtorrent > /dev/null; do sleep 0.5; done"
WorkingDirectory=/home/sdbox/
Restart=on-failure
[Install]
WantedBy=multi-user.target

  • Enable rtorrent at boot time and manually start it:

1
2
$ systemctl enable rtorrent
$ systemctl start rtorrent

Source: sdbox, wiki archlinux

Troubleshooting

mediainfo

1
mediainfo: Plugin will not work. rTorrent user can't access external program (mediainfo).

You may need to install mediainfo: pacman -S mediainfo.

unrar

1
Unpack plugin: rTorrent user can't access 'unrar' program.

You may need to install unrar: pacman -S unrar.

screenshots

1
screenshots: Plugin will not work. rTorrent user can't access external program (ffmpeg).

I don't use it and don't want to install ffmpeg and all its dependencies (224 MB) so I disabled it.

To do so:

  • Edit the plugin config file (global) vim /usr/share/nginx/html/rutorrent/conf/plugins.ini.
  • And add this lines at the end:

1
2
[screenshots]
enabled = no

Or if you want to use screenshots plugin just install ffmpeg: pacman -S ffmpeg.

rss

1
rss: Some functionality will be unavailable. Webserver user can't access external program (curl).

I didn't find how to cleanly resolve that. Some tells to add /urb/bin in the open_basedir or php.ini but this is a security issue and that doesn't work in our case. So I just disabled rss plugin:

  • Edit the plugin config file (global) vim /usr/share/nginx/html/rutorrent/conf/plugins.ini.
  • And add this lines at the end:

1
2
3
4
5
[rss]
enabled = no
[rssurlrewrite]
enabled = no

rutracker_check

1
rutracker_check: Plugin will not work. Webserver user must have execute access to the rtorrent session directory (/home/sdbox/.session/).

Add /home/sdbox/.session/ into open_basedir of /etc/php/php.ini.

Share