webui-aria2 icon indicating copy to clipboard operation
webui-aria2 copied to clipboard

Published 20 hours ago verified publisher icon ziahamza

What do I need to connect with WebUI?

Open embede12 opened this issue 5 years ago • 21 comments

Hi, do I need Apache on my Linux or something like that for connect with Aria2 WebUI? I installed uGet and aria2 using terminal. Then I type in the terminal aria2c --enable-rpc --rpc-listen-all Then I headed to https://ziahamza.github.io/webui-aria2 on my Linux, but It didn't works, but when I set adress to "localhost" and port to "6800" in the settings it was ok, and I have connection.

But how make this from other PC on my local network? When I type Linux PC adress in my browser like linux_ip:6800 it not works. I tried to unlock 6800 port with iptables -A FORWARD -p TCP --dport 6800 -j ACCEPT for FORWARD and INPUT, but it still don't work.

What else can I do?

embede12 avatar Jan 18 '20 20:01 embede12

I tried to install NodeJS. I started node-server.js and it works.

embede12 avatar Jan 20 '20 07:01 embede12

Just don't use https://. All modern browsers banned most interactives between HTTPS sites and HTTP-without-S services (if you don't go get a certificate for the S suffix, you can only HTTP to aria2).

no1xsyzy avatar Jan 20 '20 13:01 no1xsyzy

Just don't use https://.

Ok, I'm starting RPC and I get this:

01/21 08:13:14 [WARN] Neither --rpc-secret nor a combination of --rpc-user and --rpc-passwd is set. This is insecure. It is extremely recommended to specify --rpc-secret with the adequate secrecy or now deprecated --rpc-user and --rpc-passwd.

01/21 08:13:14 [NOTICE] IPv4 RPC: nasłuchiwanie na porcie TCP 6800

01/21 08:13:14 [NOTICE] IPv6 RPC: nasłuchiwanie na porcie TCP 6800

Now I'm starting a Firefox browser and typing "http://192.168.100.61:6800/", I see blank, white page.

Now I'm heading to other PC in my LAN, or for example, to my Android phone. I'm running Chrome browser, and typing "http://192.168.100.61:6800/" and I get error:

Can't find this page on 192.168.100.61 No webpage found at http://192.168.100.61:6800/ HTTP ERROR 404

On PC with Windows and Firefox browser I see blank, white page too.

And like I said before, when I'm trying to connect from this site https://ziahamza.github.io/webui-aria2 after setting a localhost and port 6800 it's working, but only on this PC where I'm doing this. On other PC in my LAN, after setting 192.168.100.61 and port 6800 I still get errors:

Oh Snap! Could not connect to the aria2 RPC server. Will retry in 10 secs. You might want to check the connection settings by going to Settings > Connection Settings

Here is a screenshot

Do you know where is the problem?

embede12 avatar Jan 21 '20 07:01 embede12

Could you please provide a screenshot on the tab Network in developer tools (F12 in that page should open it)?

By

Just don't use https://.

, I means use http://ziahamza.github.io/webui-aria2 instead of https://ziahamza.github.io/webui-aria2. Usually browsers bans HTTP resources from HTTPS sites. But I cannot see why it is available from localhost.

BTW, you can easily paste picture in the box to upload to github. Imgur sometimes sucks for me.

no1xsyzy avatar Jan 21 '20 12:01 no1xsyzy

http://ziahamza.github.io/webui-aria2 don't works too. Here is a proof: ziahamza_pc

And here is the network section from developer tools, but from 192.168.100.61, not ziahamza.github: adres_ip_pc

embede12 avatar Jan 21 '20 18:01 embede12

I almost forgot it, but you might find the solution from #534 helpful: add --rpc-allow-origin-all.

If that doesn't work, could you provide screenshot of http://ziahamza.github.io/webui-aria2 with Developer tools - Network tab and type jsonrpc as filter? That will show the connection between the application page and aria2 instance. In addition, you can choose some typical items in the list, the panel on the right might also help.

no1xsyzy avatar Jan 22 '20 10:01 no1xsyzy

This doesn't work. Here is a screenshot: Bez tytułu

embede12 avatar Jan 22 '20 11:01 embede12

It seems they are prohibited by browser, since no status value. You need http://ziahamza.github.io/webui-aria2 with --rpc-allow-origin-all. They are all just because browsers banned usage like these (Same-origin policy)

no1xsyzy avatar Jan 22 '20 16:01 no1xsyzy

It seems they are prohibited by browser, since no status value. You need http://ziahamza.github.io/webui-aria2 with --rpc-allow-origin-all. They are all just because browsers banned usage like these (Same-origin policy)

When I was taking this screenshot, aria2 RPC has been running with that option. I mean, this looks like that aria2c --enable-rpc --rpc-listen-all --rpc-allow-origin-all

embede12 avatar Jan 22 '20 16:01 embede12

@update, here is a possibility I forgot about -all Now it looks like that: Bez tytułu

embede12 avatar Jan 22 '20 16:01 embede12

Sorry I didn't make it very clear, you need HTTP instead of HTTPS while using --rpc-allow-origin-all. But your screenshot shows you are still at https://. If this combination wouldn't work, post a screenshot of Console Tab, including all red lines.

no1xsyzy avatar Jan 23 '20 10:01 no1xsyzy

But your screenshot shows you are still at https://.

Are you sure? rusure

If this combination wouldn't work, post a screenshot of Console Tab, including all red lines.

screen console

Here is translate from google:

Wczytywanie mieszanej (niezabezpieczonej) interaktywnej treści „http://192.168.100.61:6800/jsonrpc” na zabezpieczonej stronie

Loading mixed (unsecured) interactive content "http://192.168.100.61:6800/jsonrpc" on a secure page

Zablokowano żądanie do zasobu innego pochodzenia: zasady „Same Origin Policy” nie pozwalają wczytywać zdalnych zasobów z „http://192.168.100.61:6800/jsonrpc” (nieudane żądanie CORS).

Request for resource of another origin blocked: "Same Origin Policy" does not allow to load remote resources from "http://192.168.100.61:6800/jsonrpc" (failed CORS request).

embede12 avatar Jan 23 '20 13:01 embede12

I didn't even think about that can be ambiguous. It writes https:// means the page itself is transfered with HTTPS, but the strike line means the page is trying to access non-HTTPS sources (a.k.a. mixed-content). It is intended to tell you that you are not fully secured now.

no1xsyzy avatar Jan 25 '20 07:01 no1xsyzy

Is it a browser fault?

embede12 avatar Jan 25 '20 11:01 embede12

~~It should be browser's fault that causes your misunderstanding. However, I don't think Firefox adds strike line on https for mixed content. However, blocking active mixed content and same origin policy are WWW standards. Just try manually edit the URL to be verbatimly http://ziahamza.github.io/webui-aria2/ instead of https://. Strikethroughs don't count. If there is HSTS setting that keeps change it back, let browser forget it; if there is HTTPS Everywhere, disable it.~~

no1xsyzy avatar Jan 26 '20 14:01 no1xsyzy

TL;DR: It seems you have manually disabled the protect, but this disabling function seems broken or strange. What's more, it is not recommended to disable any protection. For normal users, http version will be useful enough. For advanced users, HTTPS the aria2 connection will not be a problem.

Full: After a long time research I finally found that Firefox adds strike line when you manually disabled the mixed content protection. When it is disabled, the whole CORS mechanism seems not working, but jQuery is still trying to use CORS requests, which wouldn't work. For example, as in this snippet:

hostURL = "http://192.168.1.173:6800/jsonrpc"; // Change to yours
mode = 'cors'; // 'cors' | 'no-cors'
fetch(hostURL , {
    method: "POST",
    headers: {
        "Accept": "*/*",
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({'jsonrpc':'2.0', 'id':'test', 'method':'aria2.getGlobalStat', 'params':["token:DataBack"]}),
    mode
});

Given page A: http://ziahamza.github.io/webui-aria2/; page B: https://ziahamza.github.io/webui-aria2/, with mixed content manually disabled. That snippet works only on A but not on B. Change the mode to 'no-cors' will make it work on both A and B. It seems CORS mechanism is disabled in page B, probably simultaneously with the mixed content protection.

Not responsive to the disabling of mixed content protection, jQuery always tries CORS requests as long as the origin is different from current origin.

no1xsyzy avatar Jan 26 '20 16:01 no1xsyzy

Than.. maybe the simplest way is get certificate and host this webui with Apache?

embede12 avatar Jan 27 '20 10:01 embede12

It needs skills though not many. With skills, yes, it is simplest. There are too many customizations so I cannot give a full instruction. You don't have to host this project by yourself, as long as you trust the owner and maintainers won't be evil.

no1xsyzy avatar Jan 28 '20 10:01 no1xsyzy

Thanks for your help, I'm much obliged to you. Because I can't make it work, better option for me is start using JDownloader. I waste too much time for Aria2, and it is still broken.

embede12 avatar Jan 31 '20 07:01 embede12

Just add into node-server.js:

    response.setHeader('Access-Control-Allow-Origin', '*');
    response.setHeader('Access-Control-Request-Method', '*');
    response.setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET');

just after http.createServer(function(request, response) {, so you get:

...
http
  .createServer(function(request, response) {
        response.setHeader('Access-Control-Allow-Origin', '*');
        response.setHeader('Access-Control-Request-Method', '*');
        response.setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET');

    var uri = url.parse(request.url).pathname,
      filename = path.join(process.cwd(), "docs", uri);
...

:)

jay-to-the-dee avatar May 08 '21 23:05 jay-to-the-dee

I currently get white screen on this with a Raspberry Pi 4 1GB installed via dietpi, how do I fix this?

nigiriemoji avatar Dec 04 '21 06:12 nigiriemoji