How to Add SSL to qBittorrent on Synology

by Rian

One of the main reasons why I chose qBittorrent was its web UI. However, if you are using qBittorrent from SynoCommunity, chances are, each and every browsers are raising alarms about lack of secure (https) connection. While the risk is negligible if the web UI is correctly set to be accessible only by local users, it’s can be annoying to see the popup every time. But simply adding the path to the certificate didn’t quite do the trick for me.

The purpose of this how-to post is mainly on documenting what needs to be done. You may choose change some to your liking. In order to create a ssl certificate, we do need to ssh into the NAS. Do be sure to enable it.

  1. From Terminal, ssh into the NAS.
  2. We will keep the certificates with the rest of qBittorrent configuration files. Run following command, where [MyVolume] is where qBittorrent is installed*:

cd /[MyVolume]/@appdata/qbittorrent/qBittorrent/config

* If you are unsure, in the Package Center, under Installed, check qBittorrent’s Installed Volume. If it says volume 1, likely value is “volume1” for the variable.

  1. Create a folder for the ssl certificate with following command. It will ask for a password:

sudo mkdir ssl

  1. Run the following command to create certificates:

sudo openssl req -new -x509 -nodes -out ssl/server.crt -keyout ssl/server.key

  1. Run the following command to change owner for the certificate:

sudo chown -R sc-qbittorrent:synocommunity ssl

  1. Run the following command to set permissions for the certificate:

sudo chown -R sc-qbittorrent:synocommunity ssl

  1. From the qBittorrent web ui, Options > WebUI, copy the paths like following, where [MyVolume] should be the same value from step 1. 
Certificate:
/[MyVolume]/@appdata/qbittorrent/qBittorrent/config/ssl/server.crt
Key:
/[MyVolume]/@appdata/qbittorrent/qBittorrent/config/ssl/server.key
  1. Enable the option ‘Use HTTPS instead of HTTP’.
  2. Don’t forget to clear the cache, refresh the page fully, and re-login to https web UI.

Depending on the browsers, self-signed certificate will not be enough. On Firefox, for example, you can add the self-signed certificate as an exception. The connection would still be encrypted with this method. I’ll be frank though, I did it because I didn’t want to wait for the browsers’ warnings to disappear. And I don’t see many good reasons to expose web UI into the wild for encryption to matter.

How-to / /

Leave a comment

Comments will be automatically closed after 30 days.