Install and configure aria2c with aria-ng and SSL on Ubuntu 16.04.5

Aria2 is an extremely powerful command line download manager capable of handing a wide range of protocolls including torrents. Aria-ng is a webui for aria2c, which is hooked into via RPC on port 6800.

This guide will cover everything including a simple nginx install and configuration with SSL, installing aria2c and making some simple adjustments as well as creating a systemd service for aria2c.

Firstly we need to install nginx and a firewall.

# apt install nginx ufw

For SSL use the EFF's PPA for the Let's Encrypt certbot.

# add-apt-repository ppa:certbot/certbot
# apt update; sudo apt upgrade
# apt install python-certbot-nginx
# certbot --nginx certonly

Cert and Key locations:

/etc/letsencrypt/live/domainname.tld/fullchain.pem

/etc/letsencrypt/live/domainname.tld/privkey.pem

Download and install the latest aria2 release for the repos

# apt install aria2

We need to verify that we have a version that is >= v1.19 in order for core features of aria-ng to function:

# aria2c -v

Now we download and extract the aria-ng webui, which is a simple process, as it it only consists of HTML5 and JavaScript.

 # cd /var/www/html
# mkdir aria-ng & cd aria-ng
# wget https://github.com/mayswind/AriaNg/releases/download/0.4.0/aria-ng-0.4.0.zip
# unzip aria-ng-0.4.0.zip & rm aria-ng-0.4.0.zip

We will be running aria2c as root, so its configuration file will need to be created under /root/.aria2/

First create the directory:

$ sudo su
# mkdir /root/.aria2

Then write the following configuration file:

Create /root/.aria2/aria2.conf

continue
daemon=true
dir=/PATH/TO/DIR
file-allocation=falloc
log-level=warn
max-connection-per-server=4
max-concurrent-downloads=3
max-overall-download-limit=0
min-split-size=5M
enable-http-pipelining=true

enable-rpc=true
rpc-allow-origin-all=true
rpc-listen-all=true

rpc-secret=YOUR_PASSWORD

rpc-certificate=/root/.aria2/cert.pem
rpc-private-key=/root/.aria2/private.key
rpc-secure=true

It is vital that you replace rpc-certificate and rpc-private-key with the exact same certs and keys that the nginx server is using.

The download location is set by the dir= option. This also needs to be changed.

Make sure to set a secret token, or password, in the rpc-sectret= option.

You can test your aria2 config by setting the daemon=true option to false in the conf file, and running:

$ sudo /usr/bin/aria2c --conf-path=/root/.aria2/aria2.conf

This will give you any output to monitor for errors before continuing.

Now we can create a systemd service. First create the .service file:

Create /etc/systemd/system/aria2.service

[Unit]
 Description=Aria2c Download Manager
 Requires=network.target
 After=dhcpcd.service

 [Service]
 Type=forking
 User=root
 RemainAfterExit=yes
 ExecStart=/usr/bin/aria2c --conf-path=/root/.aria2/aria2.conf
 ExecReload=/usr/bin/kill -HUP $MAINPID
 RestartSec=1min
 Restart=on-failure

 [Install]
 WantedBy=multi-user.target

Now reload the systemd configuration files:

# systemctl daemon-reload

Start (and optionally enable at boot) the aria2 systemd service:

# systemctl start aria2
# systemctl enable aria2 

You will need to restart to start ufw and enable the rules.

# ufw allow "Nginx Full"
# ufw allow "OpenSSH"

We will also need to allow port 6800 for the aria2c RPC connection:

# ufw allow 6800
# ufw enable
# reboot

At this point the server should be

There are various reasons why one may want to set-up a file share for accessing the downloaded files from aria2, preferably securely and without overhead, and a jailed SFTP server comes in handy for this. This will create a separate user, with which one can connect to the Download directory, and only that directory, through a secure SSH connection.

A guide on how to set this up can be found here: Create Secure SFTP Server with User Jails

Simply make sure that the ChrootDirectory points to the correct folder in your /etc/ssh/sshd_config. Since we are running the aria2 service as root, it will be able to download into the chrooted folder.

As of Firefox version 61, you may run into a few graphical glitches and will experience large troubles when attempting to use a self-signed cert with it.

A self-signed cert will result in Firefox not allowing a connection over SSL at all with aria-ng. There are a few complicated workarounds for this.