Configuration for WebUI base url for use in reverse proxy

[Fastjur]

This issue seems to be getting quite some thumbs up's from people who would like to see this added
Please, to keep the mailboxes of everyone clean, do not +1 this as a comment, but rather click the thumbs up icon beneath this very first message.

For the people landing here from Google:

A workaround can be found here: https://github.com/qbittorrent/qBittorrent/wiki/NGINX-Reverse-Proxy-for-Web-UI

---

I have searched for this and it appears to not be possible as of yet.

It would be really useful if there is an option to specify the base URL path for use in reverse proxies. This way one can circumvent having to type the port number into the URL.

For instance, when the qBittorent web UI is running on port 8080, and the base url is set to /qbt. Then the complete URL would become 127.0.0.1:8080/qbt. One can then use, per example, nginx to reverse proxy this to a more friendly url like so:

server {
  listen  80;
  server_name jt.REDACTED.net localhost 192.168.1.6;

  location /qbt {
    proxy_pass http://127.0.0.1:8080;
    proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

Thus allowing one to goto jt.REDACTED.net/qbt and land on the qBittorrent page.

---

There is a $50 open bounty on this issue. Add to the bounty at Bountysource. DISCLAIMER: There are trustworthiness and solvency issues with BountySource. qBittorrent is not affiliated with them. Use them at your own risk.

[ghost]

I'm in the same boat. I would LOVE this feature.

[sruon]

Since this is pretty much the only result that comes up when searching for reverse proxy support in QBittorrent, here's a workaround that I'm using and appears to work fine.

location ~ /qbt/(?<url>.*) {
         proxy_pass  http://127.0.0.1:8080/$url;
<insert other directives..>
}

[MichaelHub]

The above configuration worked for me. The only issue was that when navigating to the URL (ex. domain.com/qbt) Nginx would return a 404 error, but when a trailing slash was added (ex. domain.com/qbt/) it would work fine. I ended up just configuring a redirect to the trailing slash URL.

location /qbt {
    rewrite ^(.*[^/])$ $1/ permanent;
}

[jdmag00]

Would love to see a base URL, or root folder option added for reverse proxy.

[pozemka]

Both @sruon and @MichaelHub workarounds work, but when I select "Peers" tab it shows empty list and displays something like "qbittorrent client inaccessible". However using direct connection via ip:port works fine. Another thing is that reverse-proxied interface have no favicon.

[MichaelHub]

@asc7uni Oh, I hadn't used the WebUI before setting it up and thought it was just flakey like that. I'll take a look at my configuration this week and see if I can find a fix.

[WarriorXK]

I'd love to have this feature.

[ztaale]

i would love this feature to!

[Quiksmage]

+1 would love this

[klara31]

+1 for this feature!

[blackley]

+1 for this feature!

[ghost]

+1

[arebokert]

+1

[thalieht]

This looks like a popular request, tagging @Chocobo1 if he's interested.

[mky]

+1

[umm7yass]

+1

[ghost]

+1

[scytalezero]

+1

[ghost]

+1

[SuperTrembler]

+1 Current nginx config in wiki breaks bypass authentication for clients in subnet as it wont pass real ip I believe

[bdelwood]

+1

[Fastjur]

As stated in the original feature request:

This issue seems to be getting quite some thumbs up's from people who would like to see this added
Please, to keep the mailboxes of everyone clean, do not +1 this as a comment, but rather click the thumbs up icon beneath this very first message.

[kurosh]

Another +1 for this, not working for me behind Nginx. Login screen appears (without any images strangely) then when I submit the password appears in the URL and goes to blank screen :|

[kurosh]

ok... so looking at this page.... https://github.com/qbittorrent/qBittorrent/wiki/NGINX-Reverse-Proxy-for-Web-UI and this forum I'm not getting the page inital page to load correct (with qBittorrent logo) but when type in the user/pass it says "Invalid Username or Password." even though they're definately correct as I'v tried logging in over http using the same credentials.

Any ideas?

[kurosh]

Working :)

[boywiz]

+1

[IIIdefconIII]

+1

[Xx-Ness-xX]

I follow the instructions from https://github.com/qbittorrent/qBittorrent/wiki/Linux-WebUI-HTTPS-with-Let's-Encrypt-certificates-and-NGINX-SSL-reverse-proxy and everything works without any issues

EDIT (@FranciscoPombal): fixed broken wiki link.

[kmlucy]

@asc7uni @MichaelHub Did you ever find a solution to the qBittorrent client is not reachable error? I am having the same issue:

When I click on a torrent in the list, none of the information in the lower panel populates aside from 'Torrent Hash'. None of the other tabs have any data. In addition, I get the qBittorrent client is not reachable error message in red in the bottom left.

Chrome debugger information:

VM811:1 GET https://<FQDN>/qbittorrent/api/v2/torrents/properties?hash=<HASH>&jq8mgtj9 400 (Bad Request)
(anonymous) @ VM811:1
send @ mootools-1.2-core-yc.js:485
i.extend.$owner @ mootools-1.2-core-yc.js:141
loadTorrentData @ prop-general.js:163
updateTorrentData @ prop-general.js:168
updatePropertiesPanel @ client.js?locale=en:595
(anonymous) @ client.js?locale=en:612
e @ mootools-1.2-core-yc.js:368
VM811:1 GET https://<FQDN>/qbittorrent/api/v2/torrents/trackers?hash=<HASH>&jq8mgtjb 400 (Bad Request)
(anonymous) @ VM811:1
send @ mootools-1.2-core-yc.js:485
i.extend.$owner @ mootools-1.2-core-yc.js:141
loadTrackersData @ prop-trackers.js:103
updateTrackersData @ prop-trackers.js:108
updatePropertiesPanel @ client.js?locale=en:597
(anonymous) @ client.js?locale=en:622
e @ mootools-1.2-core-yc.js:368
VM811:1 GET https://<FQDN>/qbittorrent/api/v2/sync/torrentPeers?rid=0&hash=<HASH>&jq8mgtjc 404 (Not Found)
(anonymous) @ VM811:1
send @ mootools-1.2-core-yc.js:485
i.extend.$owner @ mootools-1.2-core-yc.js:141
loadTorrentPeersData @ client.js?locale=en:781
updateTorrentPeersData @ client.js?locale=en:786
updatePropertiesPanel @ client.js?locale=en:599
(anonymous) @ client.js?locale=en:632
e @ mootools-1.2-core-yc.js:368
VM811:1 GET https://<FQDN>/qbittorrent/api/v2/torrents/webseeds?hash=<HASH>&jq8mgtje 400 (Bad Request)
(anonymous) @ VM811:1
send @ mootools-1.2-core-yc.js:485
i.extend.$owner @ mootools-1.2-core-yc.js:141
loadWebSeedsData @ prop-webseeds.js:100
updateWebSeedsData @ prop-webseeds.js:105
updatePropertiesPanel @ client.js?locale=en:601
(anonymous) @ client.js?locale=en:642
e @ mootools-1.2-core-yc.js:368
VM811:1 GET https://<FQDN>/qbittorrent/api/v2/torrents/files?hash=<HASH>&jq8mgtjf 400 (Bad Request)
(anonymous) @ VM811:1
send @ mootools-1.2-core-yc.js:485
i.extend.$owner @ mootools-1.2-core-yc.js:141
loadTorrentFilesData @ prop-files.js:345
updateTorrentFilesData @ prop-files.js:350
updatePropertiesPanel @ client.js?locale=en:603
(anonymous) @ client.js?locale=en:652
e @ mootools-1.2-core-yc.js:368

NGINX logs:

192.168.1.1 - - [28/Dec/2018:17:50:18 -0500] "GET /qbittorrent/api/v2/torrents/properties?hash=<HASH>&jq8mgtlx HTTP/1.1" 400 0 "https://<FQDN>/qbittorrent/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
192.168.1.1 - - [28/Dec/2018:17:50:18 -0500] "GET /qbittorrent/api/v2/torrents/trackers?hash=<HASH>&jq8mgtly HTTP/1.1" 400 0 "https://<FQDN>/qbittorrent/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
192.168.1.1 - - [28/Dec/2018:17:50:20 -0500] "GET /qbittorrent/api/v2/sync/torrentPeers?rid=0&hash=<HASH>&jq8mgtm0 HTTP/1.1" 404 0 "https://<FQDN>/qbittorrent/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
192.168.1.1 - - [28/Dec/2018:17:50:21 -0500] "GET /qbittorrent/api/v2/torrents/webseeds?hash=<HASH>&jq8mgtm1 HTTP/1.1" 400 0 "https://<FQDN>/qbittorrent/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
192.168.1.1 - - [28/Dec/2018:17:50:22 -0500] "GET /qbittorrent/api/v2/torrents/files?hash=<HASH>&jq8mgtm3 HTTP/1.1" 400 0 "https://<FQDN>/qbittorrent/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"

NGINX reverse proxy location block:

location /qbittorrent {
        rewrite ^(.*[^/])$ $1/ redirect;
}
location ~ ^/qbittorrent/(?<url>.*) {
        proxy_pass http://qbittorrent.nginx:8080/$url;

        proxy_set_header X-Forwarded-Host $server_name:$server_port;
        proxy_hide_header Referer;
        proxy_hide_header Origin;
        proxy_set_header Referer '';
        proxy_set_header Origin '';
}

[pozemka]

@kmlucy No, sorry. Since then I am connecting to qbt using ip and port.

[FranciscoPombal]

Working fine on my end, unless I misunderstood the issue. My configuration:

• relevant part of NGINX config:

    location /qbt/ {
        proxy_pass              http://localhost:30000/;
        proxy_set_header        X-Forwarded-Host            $server_name:$server_port;
        proxy_hide_header       Referer;
        proxy_hide_header       Origin;
        proxy_set_header        Referer                     '';
        proxy_set_header        Origin                      '';
        proxy_http_version 1.1;
        add_header              X-Frame-Options             "SAMEORIGIN"; # see note
    }

• On qbittorrent's webui options:

Server domains: localhost Port: 30000

With these configs I can acess my webui at https://mydomain.com/qbt

---

Check out these articles in the wiki: https://github.com/qbittorrent/qBittorrent/wiki/NGINX-Reverse-Proxy-for-Web-UI https://github.com/qbittorrent/qBittorrent/wiki/Linux-Web-UI-HTTPS-with-Let's-Encrypt-certificates-and-NGINX-SSL-reverse-proxy

[kmlucy]

What version are you using? With the exact same location block mine loads, but all the css, images, and js are broken. Also, I have this issue: https://github.com/qbittorrent/qBittorrent/issues/10068

[dsv591]

Mine is working like this:

location /torrent/ { proxy_pass http://127.0.0.1:9999/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; proxy_pass_header Set-Cookie; }

[kmlucy]

@dsv591 That gives the same problem as the config by @FranciscoPombal. The css, images, js, etc. don't load. What version of qBittorrent are you using?

[dsv591]

@kmlucy, I will take a look when I get home. In the meantime, make sure you have the trailing slash in your location line.

I had the same issue as you, and that stupid thing was the solution

[kmlucy]

Yeah, I have the trailing slash. I tried literally copy/pasting your location block and it had the same behavior. The only thing that works for me is this:

location /qbittorrent {
    rewrite ^(.*[^/])$ $1/ redirect;
}
location ~ ^/qbittorrent/(?<url>.*) {
    proxy_pass http://<IP>:<PORT>/$url;
    include /config/proxy.conf;
    proxy_hide_header Referer;
    proxy_hide_header Origin;
    proxy_set_header Referer '';
    proxy_set_header Origin '';
}

proxy.conf is my standard proxy config options with things like Host, X-Real-IP, etc. set. The issue with this is I get the client not reachable error I posted about above.

[DannyMac]

I am for having a base url option in qBittorrent. I've gone through all these nginx gymnastics and I am still having the same issue as @kmlucy. Anything trying to pull data from https://example.com/qbittorrent/api/v2/torrents/ returns an error 400 and https://example.com/qbittorrent/api/v2/sync/torrentPeers? returns 404.

Please implement an alternate base url. Thanks!

[lozbrown]

This still seems to be an issue for me too. @Piccirello you seem to be the WebUI expert, is there anything that can be done here to make the underlying API calls work correctly?

[lozbrown]

@Chocobo1 Is there anyway to add additional web-server logging for the internal web-server? it might be easier to work out why this doesn't work if we could see what requests are being rejected.

[qtips]

I ended up using subdomain together with nginx to make it work.

server {
   listen 80;
   listen [::]:80;
   server_name sub.mydomain.com;
   location / {
       proxy_pass http://localhost:8081/;
   }
}

[lozbrown]

@qtips have you tried this with SSL Additonally can you demonstraight the lower tab working over reverse proxy

[qtips]

@lozbrown I don't use ssl. Information in lower tabs is visible. I use qbittorrent v3.1.9.2

[DannyMac]

A base url would make setup much easier and is a feature in every other web app that I use and other torrent clients. This would put it on par with everyone else. I don't understand why this cannot be implemented unless it's too difficult for the effort--I'm not a developer. ¯_(ツ)_/¯

[Piccirello]

In my testing qBittorrent v4 is fully able to run behind a base url. All assets are loaded in the webui via relative path.

I believe the issue people are experiencing is due to a failing CORS check. The reason these nginx options below fix the problem is because they clear the Origin and Referer, triggering a special "allow" condition in qBittorrent.

proxy_hide_header 
proxy_hide_header 
proxy_set_header Origin '';
proxy_set_header Referer '';

Can anyone else confirm this theory? If so maybe the real solution is allowing people to specify a custom Host/Port for CORS (and then getting rid of Host header validation).

[lozbrown]

@Piccirello I don't think that does work. I have those and still have issues with the stuff on bottom ribbon when proxied

[Piccirello]

@lozbrown Can you post a screenshot of the Network tab within your browser's Developer tools? I'd like to get to the bottom of this issue. What's strange is I wouldn't expect those items to work/load any differently than qBittorrent's other assets and apis.

[onedr0p]

I am trying to get this to work on Traefik 2.0.x if anyone has any ideas let me know :)

For now I am running qBittorrent under a sub domain but it is not ideal. Here is my compose that I am working on in order to get qBittorrent to work under a Base URL, sadly it does not work. This almost same config works for nzbget so I highly doubt Traefik is the issue here.

version: '3.7'
services:
  app:
    image: linuxserver/qbittorrent:latest
    healthcheck:
      test: curl --fail http://localhost:8521 || exit 1
      interval: 30s
      timeout: 10s
      retries: 3
    environment:
      PGID: 1000
      PUID: 1000
      UMASK: 1000
      TZ: America/New_York
      WEBUI_PORT: 8521
    volumes:
      - /config:/config
      - /media:/media
    ports:
      - 50222:50222/tcp
      - 50222:50222/udp
      - 8521:8521/tcp
    networks:
      - traefik
    deploy:
      placement:
        constraints:
          - node.role == worker
      resources:
        limits:
          memory: 2048m
        reservations:
          memory: 256m
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik"
        - "traefik.http.services.qbittorrent.loadbalancer.server.scheme=http"
        - "traefik.http.services.qbittorrent.loadbalancer.server.port=8521"
        - "traefik.http.routers.qbittorrent.entrypoints=https"
        - "traefik.http.routers.qbittorrent.tls.certresolver=cloudflare"
        - "traefik.http.routers.qbittorrent.rule=Host(`my.website.net`) && PathPrefix(`/qbittorrent`)"
        - "traefik.http.middlewares.qbittorrent.stripPrefix.prefixes=/qbittorrent"

networks:
  traefik:
    name: traefik
    external: true

Edit I was able to fix this so it works with Traefilk 2.0.x see my updated labels below:

...
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik"
        - "traefik.http.services.qbittorrent.loadbalancer.server.scheme=http"
        - "traefik.http.services.qbittorrent.loadbalancer.server.port=8521"
        - "traefik.http.routers.qbittorrent.entrypoints=https"
        - "traefik.http.routers.qbittorrent.middlewares=qbittorrent-stripprefix"
        - "traefik.http.routers.qbittorrent.tls.certresolver=cloudflare"
        - "traefik.http.routers.qbittorrent.rule=Host(`my.website.net`) && PathPrefix(`/qbittorrent/`)"
        - "traefik.http.middlewares.qbittorrent-stripprefix.stripPrefix.prefixes=/qbittorrent"
...

[kurosh]

Has anyone fixed the issue quite a few have reported on this thread with regards to the bottom tab not displaying in qbittorrent over HTTPS? I've tried swapping out various lines in my nginx.conf file with no luck!

[Piccirello]

@kurosh Can you post a screenshot of the Network tab within your browser's Developer tools?

[yeliex]

the same to me. some apis returns 400 with empty body after nginx

/api/v2/app/networkInterfaceAddressList
/api/v2/torrents/files
/api/v2/torrents/properties
/api/v2/torrents/trackers
/api/v2/sync/torrentPeers
/api/v2/torrents/webseeds

@Piccirello the behavior is the same as https://github.com/qbittorrent/qBittorrent/issues/5693#issuecomment-450439679