QBittorrent access it in https

[smokerlolilol 0]

Hi,
I want to access qbittorrent webui in https. I am of course connected to the vpn

First of all, I will explain you how I did to access to the synology in https, because I am able to connect to synology in https.

For this, I created a DDNS in synology.


It created automatically an https certificate.


After that, I created a forwarded ports in airvpn



So, when I write https://MY_DDNS.synology.me:FORWARDED_PORT, it work without any problem !


Now, for qbittorrent, I also fowarded the port


After that, I export the certificate.



It gave me a .zip file of these files



I put the file ECC-cert.pem and the file ECC-privkey.pem in my qbittorrent config folder.



Finally, when I try to access https://MY_DDNS.synology.me:FORWARDED_PORT, it does not work.

Do you know what I did wrong?

Thank you
 

 

[OpenSourcerer 1435]

1 hour ago, smokerlolilol said:

it does not work.

You omitted the most important information in that whole post – the resulting error message. Or at least a description of what is not working. Is it reachable? If yes, do the browsers give you cert warnings?
Did Synology give you two certificates with different ciphers, or what's the difference between the RSA and ECC sets?

What I'm also seeing is that you've got an additional chain certificate for verification of intermediate CAs. It must be verified, too, otherwise any browser will have trust issues. You've got two options: Join the cert and the chain into one file, or let a reverse proxy handle HTTPS.
If you want to try joining them, paste the contents of -chain.pem directly after -cert.pem and save it as something like -fullchain.pem. Use the new file as the certificate. Keep to one cipher, don't mix ECC and PEM. If it doesn't work, try reversing the order.
If you want to try reverse proxying, have a look at the wiki. More involved, though.

[smokerlolilol 0]

Quote

You omitted the most important information in that whole post – the resulting error message.

Sorry, your right.
I get the error on chrome: ERR_CONNECTION_CLOSED


So, in brief, it is not reachable.

Quote

 Did Synology give you two certificates with different ciphers, or what's the difference between the RSA and ECC sets?

I have only one certificate.
I have no idea what is the difference between RSA and ECC 😕

Quote

If you want to try joining them, paste the contents of -chain.pem directly after -cert.pem and save it as something like -fullchain.pem. Use the new file as the certificate. Keep to one cipher, don't mix ECC and PEM. If it doesn't work, try reversing the order.

I search where the certificate was store on the nas. I found it here: /usr/syno/etc/certificate/_archive/qKH5Xm/ECC-fullchain.pem and it already have fullchain


I try with fullchain.pem + privkey.pem, ECC-fullchain.pem + ECC.privkey.pem and RSA-fullchain.pem + RSA.privkey.pem, but I have the same result.

[OpenSourcerer 1435]

22 minutes ago, smokerlolilol said:

So, in brief, it is not reachable.

So you shouldn't have bothered with trying all these combinations – qB doesn't seem to even come to send them to the browser. The question is: Only when trying to access it via AirVPN, or even in the local network? So please verify that qB web can be viewed from the machine it's running on, and if that works, verify qB web working from your local network.

Next, the qB log will probably help a great deal. Paste it here.

Then, please refrain from making screenshots – always copy text. Unless you are explicitly asked to provide a screenshot.

And last, in other news, this is slowly turning into a qB support request – moved to Off-Topic.

[smokerlolilol 0]

Qbittorrent work on my local network when it is in http.

Logs (yes, it is only one line):

(C) 2021-09-13T16:21:12 - Web UI: HTTPS setup failed, fallback to HTTP

I will try to make an reverse proxy, because I think it will be more simple.

[OpenSourcerer 1435]

According to the source, this message is thrown after key and cert are read. The setupHttps function uses these two and returns a false (= failure) if either cert or key file are empty. Which leads me to believe that one or both of the files you enter there cannot be read due to permissions or something. Make sure those certs are present at the path /XXX/ and readable by the user running qB. Best change the owner (chown <user>) instead of making the file readable by other (chmod o+r).

[smokerlolilol 0]

Hi,
You are probably right, but I found a way that like that, I am no longer obligate to remember the port !

First of all, you will need to reproduce the step made here: https://mariushosting.com/synology-how-to-enable-https-on-dsm-7/ (Do not do the step 3!!!)

Then, you will need to reproduce the step made here: https://mariushosting.com/synology-how-to-add-wildcard-certificate/

Finally, you will need to add an forwarded ports on the local port 443.
So, basically this (sorry, I know you don't like image, but I think it is really usefull in this case):


Now, you should be able to access to: https://NAME_OF_THE_APPLICATION.YOUR_DDNS.synology.me:YOUR_FORWARDED_PORT/

I hope it can help some people.

Thank you for your help @OpenSourcerer

[OpenSourcerer 1435]

Ah, well, you chose the reverse proxy way. It's valid.
Enjoy!