# Aria2

My Raspi-4B is installed with the official Rasbian, and the flashing process is very simple, download, unzip, and dd three steps to get it done, you can refer to Pi official website. Aria2 downloader is believed to be familiar to everyone, simply install it using apt (remember to change the source).

sudo apt update && sudo apt install aria2

After installation, create various files for aria2 as usual.

Since we need to manage downloaded files through SFTP, SMB, we set aria2 to run under the low privilege user aria.

groupadd -r aria # Add user group aria
useradd -r -g aria -s /usr/sbin/nologin -c "Aria 2" aria # Add user aria

sudo mkdir -p /home/aria/aria2 # Create working directory
touch /home/aria/aria2/aria2.session # Create aria2 progress file
touch /home/aria/aria2/aria2.log # Create aria2 log file
touch /home/aria/aria2/aria2.config # Create aria2 configuration file

chown aria:aria /home/aria/* # Transfer files under the working directory to the aria user

Then edit the configuration file by nano /home/aria/aria2/aria2.config.

Configuration Example
# Download path


# Enable disk cache, 0 to disable cache, requires 1.16 or above, default:16M


# File allocation method, effectively reduces disk fragments, default:prealloc

# Pre-allocation time: none < falloc ? trunc < prealloc

# falloc and trunc require file system and kernel support

# NTFS recommend using falloc, EXT3/4 recommend trunc, MAC needs to comment out this item



## Download connection related ##

# Maximum number of simultaneous download tasks, can be modified at runtime, default:5


# Number of connections per server, can be specified when adding, default:1


# Minimum file chunk size, can be specified when adding, range 1M-1024M, default:20M

# Assume size=10M, for a 20MiB file, use two sources for download; for a 15MiB file, use one source for download


# Maximum threads per task, can be specified when adding, default:5


# Overall download speed limit, can be modified at runtime, default:0


# Single task download speed limit, default:0


# Overall upload speed limit, can be modified at runtime, default:0


# Single task upload speed limit, default:0


# Disable IPv6, default:false

## Progress storage related ##

# Read download tasks from the session file


# Save `error/incomplete` download tasks to the session file when Aria2 exits


# Periodically save the session, 0 for saving only when exiting, requires 1.16.1 or above, default:0


## RPC related settings ##

# Enable RPC, default:false


# Allow all sources, default:false


# Allow non-external access, default:false


# Certificate file (.pem/.crt) used for SSL/TLS encryption in RPC service


# Private key file (.key) used for SSL/TLS encryption in RPC service


# Event polling method, values:[epoll, kqueue, port, poll, select], different default values for different systems


# RPC listening port, can be modified if the port is occupied, default:6800


# RPC authorization token, new function added in v1.18.4, instead of --rpc-user and --rpc-passwd options


# RPC access username, this option is deprecated in the newer version, recommend using --rpc-secret option


# RPC access password, this option is deprecated in the newer version, recommend using --rpc-secret option


## BT/PT download related ##

# Automatically start BT tasks when downloading a torrent file (ending in .torrent), default:true


# BT listening port, used when the port is blocked, default:6881-6999


# Maximum connections per single torrent, default:55


# Enable DHT function, disable for PT, default:true


# Enable IPv6 DHT function, disable for PT


# DHT network listening port, default:6881-6999


# Local node lookup, disable for PT, default:false


# Torrent exchange, disable for PT, default:true


# Speed limit for each torrent, useful for PT with few seeds, default:50K


# Client disguise, needed for PT



# Automatically stop seeding when the share ratio of a torrent reaches this number, 0 for always seeding, default:1.0


# Force save session, even if the task is completed, default:false

# Newer versions will retain .aria2 file after enabling


# BT hash check related, default:true


# When continuing previous BT tasks, no need to recheck, default:false


# Save magnet link metadata as torrent file (.torrent file), default:false



Then create an auto-startup file sudo touch /etc/systemd/system/aria2.service

Update on 2021/02/21: It seems that modifying the permissions of the aria2c binary file cannot guarantee that downloaded files can be modified by other users. I found that using UMask= in the service file can ensure that the permissions of downloaded files in the future are 777.

# /etc/systemd/system/aria2.service
Description=Aria2 Service

ExecStart=/usr/bin/aria2c --conf-path=/home/pi/.config/aria2/aria2.config
ExecStop=/bin/kill $MAINPID


Use the following systemctl commands to start aria2 auto-startup:

sudo systemctl daemon-reload # Reload modified service files
sudo systemctl enable aria2 # Enable auto-startup
sudo systemctl start aria2 # Start the service
sudo systemctl status aria2 # Check the logs

Notes: If any issues occur while checking the logs, you can debug using sudo -u aria aria2c /home/aria/aria2/aria2.config.

Aria2 is now configured.

# AriaNG

Download Aria2’s frontend AriaNG from GitHub. At this point, on a computer with a graphical interface, you can open the downloaded index.html and try connecting to to check if Aria2 is configured correctly.

If you want to set up a management interface directly on the Raspberry Pi, you will need a wrapper like AriaNG to work with an HTTP server. However, I do not recommend this approach because ISPs may block HTTP/HTTPS ports, making the configuration especially complex, and it becomes difficult to obtain domain certificates, making it hard to use a secure HTTPS connection to the Raspberry Pi; furthermore, hosting an HTTP server without filing may entail the risk of ISPs closing ports.

# Caddy 2

Firstly, use wget to download AriaNG to the Raspberry Pi.

wget https://github.com/mayswind/AriaNg/releases/download/1.2.1/AriaNg-1.2.1-AllInOne.zip # Download AriaNG example
sudo apt install unzip
unzip AriaNg-1.2.1-AllInOne.zip # Unzip

Here, we will use /path/containing/arianghtml to replace the extracted directory.

The HTTP server we will use, Caddy, has been updated to 2.0 (hurray!), so here we will also keep up with the times.

# Install Caddy following the official guide

  1. Download the *linux_armv7* version of caddy from GitHub, after extraction, copy it to /usr/bin using sudo mv caddy /usr/bin.

  2. Use caddy version to verify that the installation was successful.

  3. Add the user group caddy.

groupadd --system caddy
  1. Create a user named caddy and assign a working directory to them.
useradd --system \
	--gid caddy \
	--create-home \
	--home-dir /var/lib/caddy \
	--shell /usr/sbin/nologin \
	--comment "Caddy web server" \
  1. Download the caddy.service file and copy it to the target directory using sudo mv caddy.service /etc/systemd/system/caddy.service.
# Ah, you've got yourself a triple!
sudo systemctl daemon-reload
sudo systemctl enable caddy
sudo systemctl start caddy

Run the above commands to keep caddy running in the background permanently. Some other useful commands include:

systemctl status caddy # Check the running status
journalctl -u caddy # Check all logs
sudo systemctl reload caddy # Reload Caddy configuration files
sudo systemctl stop caddy # Stop the service
  1. Caddy 2’s operation can be controlled through a Caddyfile configuration file or API, here we will use the simpler Caddyfile. The built-in service caddy.service provided by the official invokes the Caddyfile under /etc/caddy/.
sudo touch /etc/caddy/Caddyfile
sudo nano /etc/caddy/Caddyfile

Edit the content as follows:

  root * /path/containing/arianghtml
  reverse_proxy /jsonrpc
  • Your.Raspberry.Pi.IP is the address of your Raspberry Pi on the home network.
  • /path/containing/arianghtml is the directory where you just unpacked index.html.
  • reverse_proxy /jsonrpc indicates reverse proxying the aria2 port to port 443, solving the issue of aria2 not having a certificate and being unable to use it on an https page.
sudo systemctl reload caddy # Reload Caddyfile

Now, open a browser and visit https://Your.Raspberry.Pi.IP, in AriaNG Settings enter Your.Raspberry.Pi.IP:443/jsonrpc, and you can connect to your Raspberry Pi download station.

# Building Aria2 + Caddy 2 Download Station with RaspberryPi

# External Access

For external access, I will just briefly touch on it here. For implementation details, please refer to other resources.

# Solution 1: Public IP + DDNS + Domain Name

Configure DDNS on your router to convert the dynamic IP into a static one through DNS services. Since ISPs tend to block ports 443 and 80 on home networks, you’ll need to host AriaNG on different ports.

A challenge you’ll face is that Caddy requires at least port 443 for automatic certificate acquisition, which isn’t possible. Therefore, you’ll have to manually use DNS Challenge with Certbot to get the certificate.

Note that if you use Cloudflare, the Raspberry Pi Certbot plugin doesn’t support Zone Key yet, so you’ll have to use CF’s Global Key.

Once you have the certificate, you can configure the Caddyfile like this:

Your.Raspberry.Pi.IP, Your.Domain:OtherPorts{
  tls /path/to/fullchain.pem /path/to/privkey.pem
  root * /path/containing/arianghtml
  reverse_proxy /jsonrpc

# Solution 2: ZeroTier

Utilize ZeroTier to create a virtual LAN, allowing you to access the Raspberry Pi using the IP provided by ZeroTier. You can also install it on your router, enabling access to the Raspberry Pi using the home network’s IP. The setup process is quite straightforward.

# Other Solutions

There are other solutions such as FRP, Peanut Shell, etc., which you can explore if interested.

# Conclusion

In reality, I don’t download much nowadays. The tinkering is just for the sake of tinkering. Nevertheless, tinkering can still be enjoyable…