Nginx + Letsencrypt + Aria2

Most websites supports HTTPS right now. So I decided to re-configure my download server to HTTPS in weekend, and update aria2 to latest version.

Components:

  • VPS
    • OpenVZ VPS
  • OS
    • Debian 9.12
    • Kernel 2.6.32
  • Softwares
    • aria2 1.35.0
    • AriaNg 1.1.4
    • Letsencrypt/certbot 0.28.0
    • Nginx 1.10.3

Static build aria2

Download aria2 source code

The latest aria2 release v1.35.0 is available from github.

Install dependencies

* Caution
It seems that libgnutl is *NOT* compartible with aria2, and it caused the error:
**/usr/bin/ld: cannot find -lp11-kit**

Remove libgnutl

1
# apt remove --purge libgnutls30 libgnutls28-dev

Install necessary packages

1
2
3
# apt install -y libcurl4-openssl-dev libevent-dev ca-certificates libssl-dev pkg-config \
build-essential intltool libgcrypt-dev libssl-dev libxml2-dev libc-ares-dev libssl-dev \
libsqlite3-dev lzma liblzma-dev libicu-dev zlib1g-dev

Compile aria2 source code

1
2
3
4
5
$ cd aria2
$ autoreconf -i
$./configure ARIA2_STATIC=yes
$ make
# make install

This installs aria2c to /usr/local/bin.

Install nginx and AriaNG

Install nginx

1
# apt install nginx

Download AriaNg

The latest AriaNg is available from github. Here I use the AriaNg-1.1.4.zip file.

After de-compress the zip file, mv the whole directory to /var/www:

1
# mv AiraNg /var/www/ariang

Configure an Nginx server conf file

Create a configuration file: /etc/nginx/sites-available/ariang, and its content is:

1
2
3
4
5
6
server {
server_name <your-domain>;
location / {
root /var/www/ariang;
}
}

Enable this website by create a symbolic link:

1
2
# cd /etc/nginx/sites-enabled
# ln -s /etc/nginx/sites-available/ariang .

Restart nginx server, you would see the website online.

1
# systemctl restart nginx

Enable HTTPS by certbot (Let’s Encrypt)

1
2
# apt-get install certbot python-certbot-nginx
# certbot --nginx

Now the ariang configuration file has been modified by certbot:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
server {
server_name <your-domain>;
location / {
root /var/www/ariang;
}


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/<your-domain>/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/<your-domain>/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = <your-domain>) {
return 301 https://$host$request_uri;
} # managed by Certbot


server_name <your-domain>;
listen 80;
return 404; # managed by Certbot


}

Restart nginx service:

1
# systemctl restart nginx

It would be better to test automatic renewer:

1
# certbot renew --dry-run

Enable certificate for aria2

Detailed aria2.conf file is available at 通过 frp 穿透内网访问树莓派的 aria2.

Simple insert these lines:

1
2
3
4
5
rpc-secure=true

rpc-certificate=/etc/letsencrypt/live/<your-domain>/fullchain.pem

rpc-private-key=/etc/letsencrypt/live/<your-domain>/privkey.pem

Then restart aria2:

1
# aria2c --conf-path=$HOME/aira2/aria2.conf

Now everything is OK! Have fun!

References

  1. aria2 manual
  2. https://github.com/aria2/aria2/issues/1194
  3. nginx documentation
  4. certbot instructions
  5. Linux部署最新版Aria2+AriaNG