======Install and configure aria2c with aria-ng and SSL on Ubuntu 16.04.5======

Aria2 is an extremely powerful command line download manager capable of handing a wide range of protocolls including torrents.
Aria-ng is a webui for aria2c, which is hooked into via RPC on port 6800.

This guide will cover everything including a simple nginx install and configuration with SSL, installing aria2c and making some simple adjustments as well as creating a systemd service for aria2c. 

=====Nginx and SSL=====

Firstly we need to install nginx and a firewall.

<code># apt install nginx ufw</code>

===== Let's Encrypt =====

For SSL use the EFF's PPA for the Let's Encrypt certbot.

<code># add-apt-repository ppa:certbot/certbot
# apt update; sudo apt upgrade
# apt install python-certbot-nginx
# certbot --nginx certonly</code>

Cert and Key locations:

''/etc/letsencrypt/live/domainname.tld/fullchain.pem''

''/etc/letsencrypt/live/domainname.tld/privkey.pem''

=====Aria2======

Download and install the latest aria2 release for the repos

<code># apt install aria2</code>
We need to verify that we have a version that is >= v1.19 in order for core features of aria-ng to function:
<code># aria2c -v</code>

Now we download and extract the aria-ng webui, which is a simple process, as it it only consists of HTML5 and JavaScript.
<code> # cd /var/www/html
# mkdir aria-ng & cd aria-ng
# wget https://github.com/mayswind/AriaNg/releases/download/0.4.0/aria-ng-0.4.0.zip
# unzip aria-ng-0.4.0.zip & rm aria-ng-0.4.0.zip
</code>

We will be running aria2c as root, so its configuration file will need to be created under ''/root/.aria2/''

First create the directory:
<code>
$ sudo su
# mkdir /root/.aria2
</code>

Then write the following configuration file:

Create ''/root/.aria2/aria2.conf''

<code>
continue
daemon=true
dir=/PATH/TO/DIR
file-allocation=falloc
log-level=warn
max-connection-per-server=4
max-concurrent-downloads=3
max-overall-download-limit=0
min-split-size=5M
enable-http-pipelining=true

enable-rpc=true
rpc-allow-origin-all=true
rpc-listen-all=true

rpc-secret=YOUR_PASSWORD

rpc-certificate=/root/.aria2/cert.pem
rpc-private-key=/root/.aria2/private.key
rpc-secure=true
</code>

It is vital that you replace ''rpc-certificate'' and ''rpc-private-key'' with the exact same certs and keys that the nginx server is using.

The download location is set by the ''dir='' option. This also needs to be changed.

Make sure to set a secret token, or password, in the ''rpc-sectret='' option.

You can test your aria2 config by setting the ''daemon=true'' option to ''false'' in the conf file, and running:
<code>
$ sudo /usr/bin/aria2c --conf-path=/root/.aria2/aria2.conf
</code>
This will give you any output to monitor for errors before continuing.

====Systemd====

Now we can create a systemd service.
First create the .service file:

Create ''/etc/systemd/system/aria2.service''

<code>
[Unit]
 Description=Aria2c Download Manager
 Requires=network.target
 After=dhcpcd.service

 [Service]
 Type=forking
 User=root
 RemainAfterExit=yes
 ExecStart=/usr/bin/aria2c --conf-path=/root/.aria2/aria2.conf
 ExecReload=/usr/bin/kill -HUP $MAINPID
 RestartSec=1min
 Restart=on-failure

 [Install]
 WantedBy=multi-user.target
</code>

Now reload the systemd configuration files:

<code>
# systemctl daemon-reload
</code>

Start (and optionally enable at boot) the aria2 systemd service:
<code># systemctl start aria2
# systemctl enable aria2 </code>

===== UFW =====
You will need to restart to start ufw and enable the rules.
<code># ufw allow "Nginx Full"
# ufw allow "OpenSSH"</code>
We will also need to allow port 6800 for the aria2c RPC connection:
<code># ufw allow 6800
# ufw enable
# reboot</code>

At this point the server should be 
=====Use in conjunction with an SFTP jail=====
There are various reasons why one may want to set-up a file share for accessing the downloaded files from aria2, preferably securely and without overhead, and a jailed SFTP server comes in handy for this. This will create a separate user, with which one can connect to the Download directory, and only that directory, through a secure SSH connection.

A guide on how to set this up can be found here: [[server:sftp_jail|Create Secure SFTP Server with User Jails]]

Simply make sure that the ''ChrootDirectory'' points to the correct folder in your ''/etc/ssh/sshd_config''. Since we are running the aria2 service as root, it will be able to download into the chrooted folder.

=====Known Issues and Workarounds=====

As of Firefox version 61, you may run into a few graphical glitches and will experience large troubles when attempting to use a self-signed cert with it.\\

{{:documentation:aria-ng_firefox_vs_chromium.png?nolink&600|}}\\

A self-signed cert will result in Firefox not allowing a connection over SSL at all with aria-ng. There are a few complicated workarounds for this.