From 14a8e683a6c31fc68ec3109f5c5e712d92d330dd Mon Sep 17 00:00:00 2001
From: Jett Scythe <37233887+JettScythe@users.noreply.github.com>
Date: Tue, 12 May 2020 03:35:25 -0300
Subject: [PATCH] Created
 Linux-WebUI-HTTPS-with-Let's-Encrypt-&-Caddy2-reverse-proxy.md (markdown)

---
 ...Let's-Encrypt-&-Caddy2-reverse-proxy.md.md | 61 +++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 Linux-WebUI-HTTPS-with-Let's-Encrypt-&-Caddy2-reverse-proxy.md.md

diff --git a/Linux-WebUI-HTTPS-with-Let's-Encrypt-&-Caddy2-reverse-proxy.md.md b/Linux-WebUI-HTTPS-with-Let's-Encrypt-&-Caddy2-reverse-proxy.md.md
new file mode 100644
index 0000000..df763ed
--- /dev/null
+++ b/Linux-WebUI-HTTPS-with-Let's-Encrypt-&-Caddy2-reverse-proxy.md.md
@@ -0,0 +1,61 @@
+# Introduction
+A very straightforward & easy way to add HTTPS to your FQDN pointing to qbittorrent.
+This guide assumes you have a working qbitorrent setup as well as:
+* you know how to and can forward ports on your router, to forward ports 80 and 443.
+* you have setup a FQDN pointing to the IP you are running the Web UI from.
+
+The overall architecture of the system will be:
+```
+                                 ________________________________________________
+Outside world (insecure)         |   Your machine (secure)                      |
+You <-------HTTPS (secure)-------|->  Caddy2 <----HTTP-----> qbittorrent WebUI  |
+                                 |                                              |
+                                 ------------------------------------------------
+```
+
+## Install Caddy2
+On arch based distros that's as easy as
+```
+yay -S caddy2
+```
+
+# Setup
+## Activate WebUI in qbittorrent
+1. Access your WebUI, and go to Tools -> Options -> WebUI
+2. Make note of the port specified, leave your IP set to *
+3. Deselect "Use UPnP / NAT-PMP to forward the port from my router."
+4. Deselect "Use HTTPS instead of HTTP."
+5. Enable clickjacking protection
+6. Enable CSRF protection
+7. Enable host header validaion. Confirm "*; example.domain" is in the "server domains" text box. 
+
+## Caddy2 Config
+Create a Caddyfile as a config. Assuming a standard HTTPS & reverse proxy setup, your Caddyfile can be as basic as
+```
+{
+    email example@email.com
+}
+
+example.domain {
+    reverse_proxy IP:port 
+}
+
+```
+
+## Run Caddy
+Forward ports 80 and 443 in your router.
+Allow ports 80 and 443 through your system firewall if you have one.
+Run one of the following commands
+```
+sudo caddy run -config /path/to/Caddyfile
+```
+or
+```
+sudo caddy start -config /path/to/Caddyfile
+```
+The difference between the two is minimal.
+run starts the Caddy process and blocks indefinitely while start starts the Caddy process in the background and then returns. 
+You can also run caddy as a systemd service.
+
+# Test
+Open up your favorite browser and enter your FQDN into the URL bar. You should see the qbittorrent Web UI and the indication that your connection is over HTTPS.
\ No newline at end of file