rTorrent XML-RPC over HTTP #931
-
|
It seems that the only way to connect to rTorrent is via SCGI file socket or SCGI TCP sockets. This is at odds with how other tools (Radarr, Sonarr) try to communicate with rTorrent XML-RPC, over HTTP. Is there a configuration I'm missing to connect over HTTP? Or will that require a PR? (I started one and started some development there, but I wasn't sure if there was a reason why it didn't exist.) |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 4 replies
-
|
rTorrent only exposes RPC interface through SCGI. This is the dominant mode of communication. Where do we see HTTP? I don’t think that’s possible without some proxy / compatibility layer. This additional layer would also create additional issues, leading to performance and security degradation. I’d advise not to expose rTorrent remotely. Given the flexibility of rTorrent, this could easily lead to arbitrary remote code execution, unprotected. |
Beta Was this translation helpful? Give feedback.
-
|
I have rTorrent with an nginx server in front of it on a container in a kubernetes cluster. The idea was that nginx fronting the SCGI socket would improve connections from multiple clients within the cluster. A network policy prevents unexpected containers from sending traffic to the XML-RPC service. Is the thinking then that supporting this would encourage unsafe configurations? Or it's too uncommon a configuration? |
Beta Was this translation helpful? Give feedback.
-
That won’t improve connections from multiple clients. I would say it is pure overhead. Try exposing SCGI directly via TCP if it is for internal connection. However, do be aware that rTorrent RPC = remote code execution. |
Beta Was this translation helpful? Give feedback.
-
the rtorrent itself is a single threading application ( at least on handling scgi connection ) |
Beta Was this translation helpful? Give feedback.
-
|
I exposed the SCGI TCP socket into the cluster as well. With both the HTTP XML-RPC and the SCGI TCP socket, both flood and Radarr/Sonarr are happy. Thanks for the feedback! |
Beta Was this translation helpful? Give feedback.
-
|
Sonarr should support Flood API as well. It might be safer to use that for other applications when available, since Flood APIs have authentication (unless you explicitly disable that) and are designed with remote access in mind. I would be very careful about exposing rTorrent RPC, since getting access to it = remote code execution. |
Beta Was this translation helpful? Give feedback.
rTorrent only exposes RPC interface through SCGI. This is the dominant mode of communication. Where do we see HTTP? I don’t think that’s possible without some proxy / compatibility layer. This additional layer would also create additional issues, leading to performance and security degradation.
I’d advise not to expose rTorrent remotely. Given the flexibility of rTorrent, this could easily lead to arbitrary remote code execution, unprotected.