How To Install rTorrent & ruTorrent (using Socket + SSL + Authentication) on Ubuntu or Debian

February 13, 2010 by sharky

There are plenty of tutorials out there that explain how to install rTorrent + ruTorrent, but this one’s a little different. This tutorial will guide you through the steps of installing rTorrent+libTorrent and ruTorrent on a Ubuntu or Debian server; with sockets, SSL, and authentication. The end product is a very secure rTorrent/ruTorrent installation that uses sockets (instead of ports); a password-protected GUI; and even an encrypted SSL (https) ruTorrent browse & login page.

UPDATE: This guide is now badly outdated and thus not recommended. While some segments can still be used, we highly recommend users to refer to Subsy’s Guide:

Subsy’s Seedbox Setup Guide at ruTorrent’s official Forum.

What You’ll need:

  • A VPS (or dedi) with root access. (Most providers will offer root access to the server or VPS, but it’s never a bad idea to ask first.)
  • A clean install of Debian 5 or Ubuntu 9x. (This tut is aimed to work with a ‘fresh’ *nux installation, one that doesn’t already have rTorrent/libtorrent).
  • An SSH/shell client such as PuTTY to connect to your server - necessary in order to enter all those exciting commands!

A Prelude:

This has been tested on Debian x86, Ubuntu x86, and Debian x64 and worked perfectly just copying and pasting from the guide. Since it seems more people use Ubuntu than Debian, although I prefer Debian, the commands in this guide are directed at Ubuntu. If you are using Debian, you’ll just have to be in root (type su then the root password) when you enter the commands (and omit the "sudo" part from the commands). All of these commands will need to be done in root if you are using Debian, unless otherwise stated.

A very special thanks goes out to http://SeedboxWorld.net, who allowed us to test this out on their 1gbps servers.

For the Pros: Anyone who’s already familiar with Linux commands through SSH/shell (nano, wget, etc) should find the entire process to take about 10 minutes. PuTTY Pros - ignore the images & tips.

For the Noobs: Even if you’ve never attempted to create your own do-it-yourself seedbox before, I’ve included a few screenshots & useful tips to show how it’s done. There’s no reason why anyone can’t follow this guide. Noobs, be sure to opt for a server that has Ubuntu installed (as opposed to Debian) since you’ll be copy/pasting these commands as-is.

Let’s get started!

Connecting to your Server:

Assuming you’ve already purchased a server (VPS/dedi) from OVH, Leaseweb, server.lu - or even a reseller/VPS hosting provider - you’ll have received a welcome email that contains your server credentials (ie. login details). Look for a section that says "SSH Root" or similar - you’ll need this info for connecting to your server through PuTTY.

Download putty.zip, extract the files to a folder, and run PUTTY.EXE. Enter the IP address of your server (this could be a numerical value or a URL - ie k06.kimsufi.com, either are acceptable). You can save your session and load it later; and lastly click Open to begin the session.

In the PuTTY shell, type in your username (default is "root") and hit Enter on your keyboard. Next copy/paste (or just type in) your password. The password will not be displayed here, but rest assured it has indeed been entered, so hit Enter again to login. Something similar to below is now what you should see:

Configure your Server / rTorrent-ruTorrent Installation:

Now you’re ready to begin. First we need to update apt, then install the tools and such that we will need later on. Copy & paste this line into PuTTY (at the green prompt) and hit Enter:

sudo apt-get update

Once it’s finished, copy & paste this line (and hit Enter):

sudo apt-get install -y build-essential pkg-config libcurl4-openssl-dev libsigc++-2.0-dev libncurses5-dev lighttpd nano screen subversion libterm-readline-gnu-perl php5-cgi apache2-utils

It is strongly recommended that you create another user (as opposed to using root). So now we’ll create the user that will run rTorrent - we’ll call the new user "rtor". TIP: Add each line at a time, and hit Enter after each:

sudo useradd rtor
sudo passwd rtor

Now, create a new password for the new user and enter it (do this twice). This password should be different than the PW you used to login as "root". Remember it, since you’ll need it in combination with the username "rtor" when logging into the ruTorrent WebGUI as well as for other parts of this guide.

Next, copy/paste:

sudo mkdir /home/rtor
sudo chown rtor:users /home/rtor

With our tools downloaded and our user created, we’ll now install rtorrent (+libtorrent) and ruTorrent. We’ll start with libTorrent:

cd /tmp
sudo wget http://libtorrent.rakshasa.no/downloads/libtorrent-0.12.6.tar.gz
sudo tar zxfv libtorrent-0.12.6.tar.gz
cd libtorrent-0.12.6
sudo ./configure
sudo make
sudo make install

Next is XMLRPC-C:

cd /tmp
sudo svn checkout http://xmlrpc-c.svn.sourceforge.net/svnroot/xmlrpc-c/stable xmlrpc-c
cd xmlrpc-c/
sudo ./configure
sudo make
sudo make install

Then rTorrent:

cd /tmp
sudo wget http://libtorrent.rakshasa.no/downloads/rtorrent-0.8.6.tar.gz
sudo tar zxfv rtorrent-0.8.6.tar.gz
cd rtorrent-0.8.6
sudo ./configure --with-xmlrpc-c
sudo make
sudo make install

In order for ruTorrent to communicate with rTorrent using xmlrpc, we need to add some settings in lighttpd, our webserver deamon. To do this, type:

sudo nano /etc/lighttpd/lighttpd.conf

You’ll have noticed that PuTTY has changed - the "nano" command is an editor, think of it similar to Notepad but done within PuTTY (shell). What you’re now seeing is the lighttpd.conf file, where you can edit it. Use the up/down & left/right arrow keys on your keyboard to manipulate (scroll) where you want to move the cursor.

Referring to the screenshots below, scroll down to the last " ) " in the server.modules section, and paste these lines underneath it:

server.modules += ( "mod_scgi" )
scgi.server = (
"/RPC2" =>
( "127.0.0.1" =>
(
"socket" => "/tmp/rpc.socket",
"check-local" => "disable",
"disable-time" => 0,  # don't disable scgi if connection fails
)
)
)

BEFORE (see below) — This is where you want to paste the above lines. Using the arrow keys, position the green cursor exactly here, and "paste" it in.

AFTER — This is what you want to end up with:

Exit and save using CTRL + X, enter Y when it asks if you are sure, followed by enter. Out of nano now, type the following to restart lighttpd:

sudo /etc/init.d/lighttpd force-reload

You’ll need to make one more configuration change:

If running Ubuntu, copy and paste this entire section directly into PuTTY (hit Enter only once):

if [ -e /etc/lighttpd/conf-available/10-fastcgi-php5.conf ]; then
sudo /usr/sbin/lighty-enable-mod fastcgi-php5
else
sudo /usr/sbin/lighty-enable-mod fastcgi
fi

If running Debian, copy and paste this entire section directly into PuTTY (hit Enter only once):

if [ -e /etc/lighttpd/conf-available/10-fastcgi-php5.conf ]; then
/usr/sbin/lighty-enable-mod fastcgi-php5
else
/usr/sbin/lighty-enable-mod fastcgi
fi

Then restart lighttpd again:

sudo /etc/init.d/lighttpd force-reload

Now we get ruTorrent:

cd /var/www/
sudo svn checkout http://rutorrent.googlecode.com/svn/trunk/rtorrent
cd rtorrent

ruTorrent needs to be configured to use the correct socket. Open config.php with nano:

sudo nano config.php

And change the values for $scgi_port to 0 and $scgi_host to unix:///tmp/rpc.socket

Before (these are the default settings)

After (this is what you want the changes to appear as)

Again, exit and save using CTRL + X, followed by Y then enter.

Now out of nano, we need to finalize a few things. Type each line in PuTTY:

sudo ldconfig
sudo chown www-data:www-data /var/www/rtorrent/settings
sudo chown www-data:www-data /var/www/rtorrent/torrents

Right now, you are still logged in as "root" user. Now we need to LOG IN AS THE USER “rtor” that we created. One way to do this is to end the PuTTY session and restart it - at the prompt, enter rtor (hit Enter) and then enter in your password that you created. (Note: there are other ways to switch users during the same PuTTY session - but for the purpose of the screenshot below, we exited & restarted PuTTY). As shown below, we are now logged in as our created user, rtor.

Once logged in, do the following commands:

mkdir /home/rtor/watch
mkdir /home/rtor/torrents

This next part will involve some custom configuring to get rTorrent working precisely how you want, this should be done when logged in as your user "rtor". Paste these commands into PuTTY:

wget http://libtorrent.rakshasa.no/export/1124/trunk/rtorrent/doc/rtorrent.rc -O ~/.rtorrent.rc
nano ~/.rtorrent.rc

The rtorrent.rc file is crucial for rTorrent, the backbone of ruTorrent. I highly suggest you read this file and get familiar with it - here you’ll be able to make any necessary changes. NOTE: By default everything is "commented out" (ie - features are deselected/not available as indicated by the # figure seen before each entry). Removing the # from the beginning of a line will then enable rTorrent to read that line.

This guide isn’t about how to make proper configuration settings to rtorrent.rc - "ideal" settings may vary depending on many factors (VPS vs. dedicated; server specs; connection; users per box, etc). But for this specific guide, you should use these settings:

directory = /home/rtor/torrents
schedule = watch_directory,5,5,load_start=/home/rtor/watch/*.torrent
schedule = untied_directory,5,5,stop_untied=/home/rtor/watch/*.torrent
schedule = low_diskspace,5,60,close_low_diskspace=100M
port_range = 51515-61234
port_random = no
use_udp_trackers = no
encryption = allow_incoming,try_outgoing
dht = off
peer_exchange = no
#The Following Are VERY Important
encoding_list = UTF-8
scgi_local = /tmp/rpc.socket
schedule = chmod,0,0,"execute=chmod,777,/tmp/rpc.socket"

IMPORTANT: The Last 3 Lines (above) You Need To Have In Your Configuration File!

Now, since all lines are # (commented) in rtorrent.rc, you are able to copy/paste the code from above into rtorrent.rc as-is. Be advised that if you later choose to go back and edit rtorrent.rc and uncomment identical options, you’ll end up with two similar entries that rTorrent will attempt to read (naturally, this will lead to errors). So take your time getting rtorrent.rc right the first time - you don’t need to copy/paste the above code (the other option is that this can be done line-by-line if preferred), but just make sure that they’re uncommented (remove the #) and you don’t have duplicates.

If you chose the quick method to just copy/paste it directly, you should now see something that appears similar to this:

Again, exit and save using CTRL + X, followed by Y then enter.

Security

Although this rTorrent + ruTorrent setup is using a socket, which makes it more secure than just an open port, there are a few more quick options that will protect you. These are not optional; it’s a continuation of the guide.

Security (Part I) - Password-Protect Using mod_auth

First we will password protect ruTorrent, that way only you can access it, preventing an unfortunate incident in the event that someone finds your ruTorrent unprotected. This needs to be done logged in as a user who can sudo (the user you used for the first chunk of this tutorial - which in this case is "root"). So, end your PuTTY session [or you can keep it running and type su - then hit the Enter key, and type in your password for the user "root". Once logged in, type this:

sudo htdigest -c /etc/lighttpd/.auth 'Authorized users only' rtor

Enter a password here (preferably the same password as you entered when we made the rtor account) - you'll need to enter it twice, just as before. This is the password we will use to log into ruTorrent. Now edit lighttpd.conf again:

sudo nano /etc/lighttpd/lighttpd.conf

And below what we added the last time, paste the following:

server.modules += ( "mod_auth" )
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/.auth"
auth.debug = 2
auth.require = ( "/rtorrent/" =>
(
"method" => "digest",
"realm" => "Authorized users only",
"require" => "valid-user"
)
)

Just to clarify, you should now see this below (click image for a full view of the server.modules section in lighttpd.

Again, exit and save using CTRL + X, followed by Y then enter.

Then restart lighttpd:

sudo /etc/init.d/lighttpd force-reload

Security (Part II) - Add SSL to ruTorrent

In Security (Part I) we added a user/pass combo to the login on the ruTorrent web GUI. Next we'll set up SSL - it will allow you to use https:// - this means all your traffic is encrypted. We're fairly sure you're only using rTorrent for legal torrents, but this is still a very good practice. What we're going to do here is create our own SSL certificate.

Assuming that you're still logged into PuTTY as the "root" (sudo) user, here's what you need to do. Copy/paste each of these 3 lines:

sudo mkdir /etc/lighttpd/certs
cd /etc/lighttpd/certs
sudo openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout lighttpd.pem -out lighttpd.pem

You'll now be prompted for some info about your certificate. NOTE: Everything you enter here is arbitrary - we suggest you don't use your real information, just to stay on the safe side :)

Now we'll need to edit lighttpd again to tell it to use https:

sudo nano /etc/lighttpd/lighttpd.conf

Paste the following code above the mod_auth section that we added previously (refer to image below for exact placement in lighttpd.conf).

$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
}

Again, exit and save using CTRL + X, followed by Y then enter.

Then restart lighttpd:

sudo /etc/init.d/lighttpd force-reload

…we’re almost done.

Using your New rTorrent/ruTorrent Installation:

Ok, you’ve gone through all this work so far, and you still don’t have those latest Ubuntu torrents downloading yet. Not to worry, it’ll only take a second and you’ll be ready to go.

Logout as "root" and back in as the user rtor that we created. Next, start rtorrent in screen. In PuTTY, type:

screen rtorrent

Screen is a cool program that allows you to keep a program running even after you disconnect from PuTTY, perfect for rTorrent. You can exit screen by pressing CTRL + A + D. - or even close the connection (close PuTTY). Now open FireFox (Or chrome, or… Internet Explorer, but please don’t) and go to https://MyIP/rtorrent or https://mydomain.com/rtorrent. You’ll have to accept the SSL certificate (surely you know how to do this) and then you’ll be presented with a login box where you enter your rTorrent name (in this case, rtor, followed by your password).

If you’ve followed the directions and everything worked, you should now have a completely functional ruTorrent GUI.

Happy ruTorrent Torrenting! If all else fails, you can get a preconfigured seedbox from SeedStorm, starting at $15/month: