-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add HTTPS support for remote session #1294
Comments
use nginx proxy |
The blocker on this is that we're using evhttp for serving web pages, and it doesn't support SSL. Doing a bit of Googling this morning, I see this exists and could work. https://github.com/yhirose/cpp-httplib could also work now that Transmission is written in C++ |
For clients like transmission-qt, I think "adding a checkbox" is probably the right thing to do, it's certainly the easiest thing to do. I know of no such way of detecting https without first timing out on 443, it's not a very good user experience, but even browsers do this so it's probably the only option. For the RPC server itself, that's a lot more complicated. For now, if you want https then you should be using a reverse proxy since something like nginx or haproxy will handle this much better than transmission could with its current http code. That being said, there are use cases where transmission's backend using https does make sense, such as a haproxy/nginx instance on a different machine for load balancing. I think, ultimately the right thing to do is to stop using libevent for http entirely, and stop assuming that the RPC server is http only. But if you're going to do that, you might as well do it intelligently:
These would likely give RPC a lot of performance boosts as well. In particular, a raw unix socket with JSON RPC entirely bypasses the network stack as well as http processing. Though, until #2462 is fixed, none of that will really matter as RPC blocks with disk I/O. |
FWIW, i have this exact use case here. i wrapper the rpc port behind a web proxy (Apache, in my case, but it would of course work as well if not better with nginx) that does the HTTPS and decapsulates it to pass it down to transmission-daemon. The problem, then is on the other end. I noticed it is hardcoded in Lines 328 to 345 in 096db96
notice the hardcoded i'm tempted to make a quick patch to hijack that code with an environment variable for a quick toggle, would that be an acceptable stopgap measure? i understand we want a checkbox (personnally, i'd just put the URL itself directly there, to simplify things), but that's a bit beyond how far i want to dig in here, as it involves touching the settings and so on... |
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. I would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
i actually went ahead and tried to add a checkbox since that seemed like a low-hanging fruit, see #4593 |
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
This is a rather naive implementation that copies parts of the SESSION_REMOTE_HOST settings and replaces HOST with HTTPS, basically. We pull some ideas from the SESSION_REMOTE_AUTH parameter as well (because it's a boolean) and we otherwise do not really know what we are doing here. In particular, we didn't add a new commandline flag for this, as I am not sure what it would be called. This explicitely does *not* add GUI elements as those were found to be too confusing, as the backend does not support HTTPS. See transmission#4593 for the details of that discussion. I actually would have much rather this be turned in a single URL instead of having flags, UI elements and settings for what is ultimately just a string, but that is yet another yak to shave... Closes: transmission#1294
so just to make things clear to people around here, the commit that was merged in #4622 is (unfortunately) a bit of a misnomer because while the Qt GUI will now have the capability of connecting to HTTPS remotes, the GUI elements itself will not offer that option. You will need to manually edit the configuration file (in, say,
The rationale of why the GUI elements were removed are in #4593 (comment) and that PR also has code to introduce those GUI elements if someone still wants to push that through. :) Thanks @ckerr for the hand-holding and the merge! :) |
I can't connect to my secure webgui transmission through transmission.
Could you please add a fonctionnality like a checkbox 'HTTPS connection' in the change session window?
The text was updated successfully, but these errors were encountered: