Deluge
Deluge は Python 2 で書かれた軽量かつフル機能の BitTorrent アプリケーションです。以下のような様々な機能が揃っています: クライアント/サーバーモデル、DHT のサポート、マグネットリンク、プラグインシステム、UPnP のサポート、フルストリーム暗号、プロキシのサポート、3つの異なるクライアントアプリケーション。サーバーデーモンが動作している間、ユーザーはコンソールクライアントや GTK+ ベースの GUI、またはウェブベースの UI を使って接続することができます。完全な機能のリストは こちら から見れます。
目次
インストール
deluge は公式リポジトリからインストールできます。また、任意で python2-service-identity が必要になります。このパッケージがないと、長い警告を見ることになり、正しい証明者やホスト名のマッピングがクライアントによって拒否されることがあります。
GTK+ UI には Web UI と同じように別の依存パッケージがあります。pacman の出力をよく確認してどれが必要か判断してください:
python2-notify: libnotify notifications pygtk: needed for gtk ui librsvg: needed for gtk ui python2-mako: needed for web ui
デーモンのセットアップ
Deluge comes with a daemon called deluged
. If it is not running when one of the clients is run, it will be started. It is useful, however, to have it started with systemd to allow torrents to run without starting a client and/or Xorg. This can be accomplished in one of two ways: a system service or a user service.
システムサービス
A system service will allow deluged
to run at boot without the need to start Xorg or a client. Deluge comes with a system service called deluged.service
, which can be started and enabled without change:
# systemctl start deluged # systemctl enable deluged
This will run the deluge daemon as the deluge user, which is created by the package. To run the daemon as another user, copy /usr/lib/systemd/system/deluged.service
to /etc/systemd/system/deluged.service
and change the User parameter within the file, such as the torrent user:
User=torrent
In that case, create a user called torrent.
ユーザーサービス
A user service will allow deluged
to run when systemd --user
is started. This is accomplished by creating a user service file:
/etc/systemd/user/deluged.service
[Unit] Description=Deluge Daemon After=network.target [Service] ExecStart=/usr/bin/deluged -d -P %h/.config/deluge/deluge.pid [Install] WantedBy=default.target
The deluge user service can now be started and enabled by the user:
$ systemctl --user start deluged $ systemctl --user enable deluged
The deluged
user service can also be placed in $HOME/.config/systemd/user/
. See systemd/User for more information on user services.
設定
Deluge can be configured through any of the clients as well as by simply editing the JSON-formatted configuration files located in $HOME/.config/deluge/
. $HOME refers to the home directory of the user that deluged
is running as. This means that if the daemon is running as the deluge user, the default home directory is /srv/deluge/
.
ファイアウォール
Deluge requires at least one port open for TCP and UDP to allow incoming connections for seeding. If deluge complaining that it cannot open a port for incoming connections, users must open port(s) to be used. In this example, ports 56881 through 56889 are opened for TCP and UDP:
# iptables -A INPUT -p tcp --dport 56881:56889 -j ACCEPT # iptables -A INPUT -p udp --dport 56881:56889 -j ACCEPT
User who are behind a NAT router/firewall must setup the corresponding ports to be forwarded. UPnP may also be used, but that will not work with the local firewall on the system because it requires predefined ports.
On many default configurations, when using iptables with connection tracking (conntrack) set to drop "INVALID" packets, sometimes a great deal of legitimate torrent traffic (especially DHT traffic) is dropped as "invalid." This is typically caused by either conntrack's memory restrictions, or from long periods between packets among peers (see [1] towards the bottom and [2]). Symptoms of this problem include torrents not seeding, especially when the torrent client has been active for more than a day or two continuously, and consistently low overhead traffic (in one experience, less than 3KiB/s in either in or out) with DHT enabled, even when deluge/libtorrent has been continuously running for more than forty-eight hours and many torrents are active. For this reason, it may be necessary to disable connection tracking of all torrent traffic for optimal performance, even with the listening ports set to ACCEPT (as the causes for dropping INVALID packets, for instance conntrack's memory problems, may supercede any rules to accept traffic to/from those ports).
To fully turn off connection tracking for torrents, specify ports for both Incoming and Outgoing traffic in Deluge, for instance, 56881-56889 for incoming connections and 56890-57200 for outgoing connections. Then issue the following commands (after substituting the relevant port ranges):
# iptables -t raw -I PREROUTING -p udp --dport 56881:57200 -j NOTRACK # iptables -t raw -I OUTPUT -p udp --sport 56881:57200 -j NOTRACK # iptables -t raw -I PREROUTING -p tcp --dport 56881:57200 -j NOTRACK # iptables -t raw -I OUTPUT -p tcp --sport 56881:57200 -j NOTRACK # iptables -I INPUT -p icmp --icmp-type 3 -j ACCEPT # iptables -I INPUT -p icmp --icmp-type 4 -j ACCEPT # iptables -I INPUT -p icmp --icmp-type 11 -j ACCEPT # iptables -I INPUT -p icmp --icmp-type 12 -j ACCEPT
The ICMP allowances are desirable because once connection tracking is disabled on those ports, those important ICMP messages (types 3 (Destination Unreachable), 4 (Source Quench), 11 (Time Exceeded) and 12 (Parameter Problem)) would otherwise be declared INVALID themselves (as netfilter would not know of any connections that they are associated with), and they would potentially be blocked.
クライアント
コンソール
The console client can be run with:
$ deluge-console
Enter the help
command for a list of available commands.
GTK+
The GTK+ client can be run with:
$ deluge-gtk
or:
$ deluge
The GTK+ client has a number of useful plugins:
- AutoAdd - Monitors directories for .torrent files
- Blocklist - Downloads and imports an IP blocklist
- Execute - Event-based command execution
- Extractor - Extracts archived files upon completion (beware of random high disk I/O usage)
- Label - Allows labels to be assigned to torrents, as well as state, tracker, and keyword filters
- Notifications - Provides notifications (email, pop-up, blink, sound) for events as well as other plugins
- Scheduler - Limits active torrents and their speed on a per-hour, per-day basis
- WebUi - Allows the Web UI to be started via the GTK+ client
Web
The Web UI can be started by running deluge-web
, through a plugin in the GTK+ UI, or via systemd. It has many of the same features of the GTK+ UI, including the plugin system.
システムサービス
Deluge comes with a system service file called deluge-web.service
. The process for this is the same as starting deluged.service
, except with deluge-web
instead of deluged
. This service will also run as the deluge user unless the service file is modified in the same way as deluged.service
.
ユーザーサービス
A user service will allow deluge-web
to run when systemd --user
is started. This is accomplished by creating a user service file:
/etc/systemd/user/deluge-web.service
[Unit] Description=Deluge Web UI After=deluged.service [Service] ExecStart=/usr/bin/deluge-web --ssl [Install] WantedBy=default.target
The deluge user service can now be started and enabled by the user:
$ systemctl --user start deluge-web $ systemctl --user enable deluge-web
The deluge-web
user service can also be placed in $HOME/.config/systemd/user/
. See systemd/User for more information on user services.
セットアップ
When deluge-web
is initially started, it will create $HOME/.config/deluge/web.conf
. The password in this file is hashed with SHA1 and salted. The default password is "deluge".
Users may be greeted by a warning from the browser that the SSL certificate is untrusted. Add an exception to this in the browser to continue on. See the OpenSSL page for information on creating your own certificate.
ヘッドレスセットアップ
Deluge is quite useful on a headless system, often referred to as a seed box, because of its client/server model. To set up deluge on a headless system, set up the daemon as shown above.
ユーザーの作成
To allow interaction with the server remotely, create a user in $HOME/.config/deluge/auth
. For example:
$ echo "delugeuser:p422WoRd:10" >> $HOME/.config/deluge/auth
The number 10 corresponds to a level of Admin. Refer to the following table for additional values:
Level Name | Level Value |
---|---|
None | 0 |
Read Only | 1 |
Normal | 5 |
Admin | 10 |
リモートの許可
The default settings disallow remote connections. Change the "allow_remote" setting in $HOME/.config/deluge/core.conf
:
"allow_remote": true,
ファイアウォール
Open the port for remote access. The following example uses the default daemon port (58846):
# iptables -A INPUT -p tcp --dport 58846 -j ACCEPT
See iptables for more information on firewall rules.
Users behind a NAT router/firewall must forward the port to access the daemon from outside the network if this behavior is desired.
接続
In the console client:
connect <host>[:<port>] <user> <password>
In the GTK+ client, Edit > Connection Manager > Add.
In the Web client, Connection Manager > Add.
SSH トンネル
An SSH tunnel can be created to use an encrypted connection on any client. This requires an extra loopback address to be added, but this can be automated at boot. The actual command to establish an SSH tunnel cannot because it requires user input. There are a few possible ways to go about doing that.
/etc/systemd/system/extra_lo_addr.service
[Unit] Description=extra loopback address Wants=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/sbin/ip addr add 127.0.0.2/8 dev lo ExecStop=/sbin/ip addr del 127.0.0.2/8 dev lo [Install] WantedBy=multi-user.target
$ ssh -fNL 127.0.0.2:58846:localhost:58846 <ssh host>
The port 58846 should be replaced with the port the deluge server is running on and <ssh host> should be replaced with the server hosting both deluge and the SSH server.