# Aria2
My Raspi-4B is installed with the official Rasbian, and the flashing process is very simple, download, unzip, and dd three steps to get it done, you can refer to Pi official website. Aria2 downloader is believed to be familiar to everyone, simply install it using apt (remember to change the source).
sudo apt update && sudo apt install aria2
After installation, create various files for aria2 as usual.
Since we need to manage downloaded files through SFTP, SMB, we set aria2 to run under the low privilege user aria.
groupadd -r aria # Add user group aria
useradd -r -g aria -s /usr/sbin/nologin -c "Aria 2" aria # Add user aria
sudo mkdir -p /home/aria/aria2 # Create working directory
touch /home/aria/aria2/aria2.session # Create aria2 progress file
touch /home/aria/aria2/aria2.log # Create aria2 log file
touch /home/aria/aria2/aria2.config # Create aria2 configuration file
chown aria:aria /home/aria/* # Transfer files under the working directory to the aria user
Then edit the configuration file by nano /home/aria/aria2/aria2.config
.
Configuration Example
Then create an auto-startup file sudo touch /etc/systemd/system/aria2.service
Update on 2021/02/21: It seems that modifying the permissions of the aria2c binary file cannot guarantee that downloaded files can be modified by other users. I found that using
UMask=
in the service file can ensure that the permissions of downloaded files in the future are 777.
# /etc/systemd/system/aria2.service
[Unit]
Description=Aria2 Service
After=network.target
[Service]
User=aria
Group=aria
UMask=0000
ExecStart=/usr/bin/aria2c --conf-path=/home/pi/.config/aria2/aria2.config
ExecStop=/bin/kill $MAINPID
[Install]
WantedBy=multi-user.target
Use the following systemctl commands to start aria2 auto-startup:
sudo systemctl daemon-reload # Reload modified service files
sudo systemctl enable aria2 # Enable auto-startup
sudo systemctl start aria2 # Start the service
sudo systemctl status aria2 # Check the logs
Notes: If any issues occur while checking the logs, you can debug using
sudo -u aria aria2c /home/aria/aria2/aria2.config
.
Aria2 is now configured.
# AriaNG
Download Aria2’s frontend AriaNG from GitHub. At this point, on a computer with a graphical interface, you can open the downloaded index.html and try connecting to 127.0.0.1:6800/jsonrpc
to check if Aria2 is configured correctly.
If you want to set up a management interface directly on the Raspberry Pi, you will need a wrapper like AriaNG to work with an HTTP server. However, I do not recommend this approach because ISPs may block HTTP/HTTPS ports, making the configuration especially complex, and it becomes difficult to obtain domain certificates, making it hard to use a secure HTTPS connection to the Raspberry Pi; furthermore, hosting an HTTP server without filing may entail the risk of ISPs closing ports.
# Caddy 2
Firstly, use wget
to download AriaNG to the Raspberry Pi.
wget https://github.com/mayswind/AriaNg/releases/download/1.2.1/AriaNg-1.2.1-AllInOne.zip # Download AriaNG example
sudo apt install unzip
unzip AriaNg-1.2.1-AllInOne.zip # Unzip
Here, we will use /path/containing/arianghtml
to replace the extracted directory.
The HTTP server we will use, Caddy, has been updated to 2.0 (hurray!), so here we will also keep up with the times.
# Install Caddy following the official guide
Download the
*linux_armv7*
version of caddy from GitHub, after extraction, copy it to /usr/bin usingsudo mv caddy /usr/bin
.Use
caddy version
to verify that the installation was successful.Add the user group
caddy
.
groupadd --system caddy
- Create a user named caddy and assign a working directory to them.
useradd --system \
--gid caddy \
--create-home \
--home-dir /var/lib/caddy \
--shell /usr/sbin/nologin \
--comment "Caddy web server" \
caddy
- Download the caddy.service file and copy it to the target directory using
sudo mv caddy.service /etc/systemd/system/caddy.service
.
# Ah, you've got yourself a triple!
sudo systemctl daemon-reload
sudo systemctl enable caddy
sudo systemctl start caddy
Run the above commands to keep caddy running in the background permanently. Some other useful commands include:
systemctl status caddy # Check the running status
journalctl -u caddy # Check all logs
sudo systemctl reload caddy # Reload Caddy configuration files
sudo systemctl stop caddy # Stop the service
- Caddy 2’s operation can be controlled through a Caddyfile configuration file or API, here we will use the simpler Caddyfile. The built-in service caddy.service provided by the official invokes the Caddyfile under
/etc/caddy/
.
sudo touch /etc/caddy/Caddyfile
sudo nano /etc/caddy/Caddyfile
Edit the content as follows:
Your.Raspberry.Pi.IP{
root * /path/containing/arianghtml
file_server
reverse_proxy /jsonrpc 127.0.0.1:6800
}
Your.Raspberry.Pi.IP
is the address of your Raspberry Pi on the home network./path/containing/arianghtml
is the directory where you just unpacked index.html.reverse_proxy /jsonrpc 127.0.0.1:6800
indicates reverse proxying the aria2 port to port 443, solving the issue of aria2 not having a certificate and being unable to use it on an https page.
sudo systemctl reload caddy # Reload Caddyfile
Now, open a browser and visit https://Your.Raspberry.Pi.IP
, in AriaNG Settings
enter Your.Raspberry.Pi.IP:443/jsonrpc
, and you can connect to your Raspberry Pi download station.
# Building Aria2 + Caddy 2 Download Station with RaspberryPi
# External Access
For external access, I will just briefly touch on it here. For implementation details, please refer to other resources.
# Solution 1: Public IP + DDNS + Domain Name
Configure DDNS on your router to convert the dynamic IP into a static one through DNS services. Since ISPs tend to block ports 443 and 80 on home networks, you’ll need to host AriaNG on different ports.
A challenge you’ll face is that Caddy requires at least port 443 for automatic certificate acquisition, which isn’t possible. Therefore, you’ll have to manually use DNS Challenge with Certbot to get the certificate.
Note that if you use Cloudflare, the Raspberry Pi Certbot plugin doesn’t support Zone Key yet, so you’ll have to use CF’s Global Key.
Once you have the certificate, you can configure the Caddyfile like this:
Your.Raspberry.Pi.IP, Your.Domain:OtherPorts{
tls /path/to/fullchain.pem /path/to/privkey.pem
root * /path/containing/arianghtml
file_server
reverse_proxy /jsonrpc 127.0.0.1:6800
}
# Solution 2: ZeroTier
Utilize ZeroTier to create a virtual LAN, allowing you to access the Raspberry Pi using the IP provided by ZeroTier. You can also install it on your router, enabling access to the Raspberry Pi using the home network’s IP. The setup process is quite straightforward.
# Other Solutions
There are other solutions such as FRP, Peanut Shell, etc., which you can explore if interested.
# Conclusion
In reality, I don’t download much nowadays. The tinkering is just for the sake of tinkering. Nevertheless, tinkering can still be enjoyable…