August 30, 2013

Remote Access to qBitTorrent WebUI on ReadyNAS102

I own a ReadyNAS 102 on which I installed the BitTorrent Client qBittorrent. This client comes with a web interface and offers some nice features, like email notification and/or file copy on finished downloads. But the best is that it runs on the NAS 24/7 at relatively low energy consumption (about 35W). I thought it would be very cool to access the WebUI from my work or my phone, so that I could monitor and add new torrents remotely.

My network setup at home is quite simple. I have that common Telefônica Modem that is connected to my TP-Link WLAN-Router (WL1043ND). The router leads to an 8-Port-Switch, where my NAS is plugged in.

Setting up Dynamic DNS

First of all, I established an automatic update of the (dynamic) IP provided by my ISP in the DNS using NoIP. My Router already provides automatic update for services like DynDNS, NoIP and Comexe. As far I can see, DynDNS is not free (maybe it was) and Comexe is somewhat chinese. So, I just created an account at NoIP and chose a domain name. Afterwards I registered the account in the administration panel of my router and enabled the DDNS feature. After the activation I checked at NoIP, if the IP update was successful. Beleza, so far no probs.

Forwarding Port of Bittorrent Client

In a second step, I forwarded the port of the Torrent Client in my LAN to be accessible from the outside. I mapped the external port to the same of the internal port, i.e. 9000. Now, it is already possible to access the client from everywhere using the URL

Securing the connection

My client is protected with a password, but using only HTTP is truly no protection, as the credentials are transferred in clear text. I need to secure my connection. The qBittorrent client already offers the option for encrypted connection via HTTPS, but I need to provide a key and certificate. I do not own a SSL certificate, so I need to create one - for free. To create such a certificate I use OpenSSL, which is usually already shipped with Linux Distributions. If you are on Windows you may download OpenSSL here. In the following I describe how to create such self-signed certificate manually. Much easier creation offers this webservice.

Create a private key

The first step (after eventual installation of OpenSSL) is creating a private key. Here, I am going to generate a 2048-Bit strong RSA key and store into file 'torrent.key'
>openssl genrsa -out torrent.key 2048
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)

Create a Certificate Signing Request (CSR)

Now, I am going to create a CSR, which I could send to a Certificate Authority (CA), but I won't. For my purpose a self-signed certificate is sufficient. I pass the recently generate private key to the request. As a result I'll obtain 'torrent.csr'.
> openssl req -new -key torrent.key -out torrent.csr
Enter pass phrase for torrent.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:SP
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Devbutze
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:Oliver Hager
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Self-signing the certificate

As I do not verify the certificate by a CA, I sign the certificate by myself. The resulting file 'torrent.crt' will be used on Bittorrent client in the next step
>openssl x509 -req -days 365 -in torrent.csr -signkey torrent.key -out torrent.crt
Signature ok
subject=/C=BR/ST=SP/O=Devbutze/CN=Oliver Hager
Getting Private key

Setting certificate in qBittorrent

Finally, I enter the private key and the certificate in qBittorrent under Options->WebUi

Accessing qBittorrent securely

And last but not least I can access the client using HTTPS.