Nginx + Letsencrypt + Aria2
Most websites supports HTTPS right now. So I decided to re-configure my download server to HTTPS in weekend, and update aria2 to latest version.
Components:
- VPS
- OpenVZ VPS
- OS
- Debian 9.12
- Kernel 2.6.32
- Softwares
- aria2 1.35.0
- AriaNg 1.1.4
- Letsencrypt/certbot 0.28.0
- Nginx 1.10.3
1. Static build aria2
1.1 Download aria2 source code
The latest aria2 release v1.35.0 is available from github.
1.2 Install dependencies
* Caution
It seems that libgnutl is *NOT* compartible with aria2, and it caused the error:
**/usr/bin/ld: cannot find -lp11-kit**
1.2.1 Remove libgnutl
# apt remove --purge libgnutls30 libgnutls28-dev
1.2.2 Install necessary packages
# apt install -y libcurl4-openssl-dev libevent-dev ca-certificates libssl-dev pkg-config \
build-essential intltool libgcrypt-dev libssl-dev libxml2-dev libc-ares-dev libssl-dev \
libsqlite3-dev lzma liblzma-dev libicu-dev zlib1g-dev
1.3 Compile aria2 source code
$ cd aria2
$ autoreconf -i
$./configure ARIA2_STATIC=yes
$ make
# make install
This installs aria2c to /usr/local/bin.
2. Install nginx and AriaNG
2.1 Install nginx
# apt install nginx
2.2 Download AriaNg
The latest AriaNg is available from github. Here I use the AriaNg-1.1.4.zip file.
After de-compress the zip file, mv the whole directory to /var/www:
# mv AiraNg /var/www/ariang
2.3 Configure an Nginx server conf file
Create a configuration file: /etc/nginx/sites-available/ariang, and its content is:
server {
server_name <your-domain>;
location / {
root /var/www/ariang;
}
}
Enable this website by create a symbolic link:
# cd /etc/nginx/sites-enabled
# ln -s /etc/nginx/sites-available/ariang .
Restart nginx server, you would see the website online.
# systemctl restart nginx
3. Enable HTTPS by certbot (Let’s Encrypt)
# apt-get install certbot python-certbot-nginx
# certbot --nginx
Now the ariang configuration file has been modified by certbot:
server {
server_name <your-domain>;
location / {
root /var/www/ariang;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/<your-domain>/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/<your-domain>/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = <your-domain>) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name <your-domain>;
listen 80;
return 404; # managed by Certbot
}
Restart nginx service:
# systemctl restart nginx
It would be better to test automatic renewer:
# certbot renew --dry-run
4. Enable certificate for aria2
Detailed aria2.conf file is available at 通过 frp 穿透内网访问树莓派的 aria2.
Simple insert these lines:
rpc-secure=true
rpc-certificate=/etc/letsencrypt/live/<your-domain>/fullchain.pem
rpc-private-key=/etc/letsencrypt/live/<your-domain>/privkey.pem
Then restart aria2:
# aria2c --conf-path=$HOME/aira2/aria2.conf
Now everything is OK! Have fun!