Webserver using HTTPS

Added in version 0.5

Please note you might not be able to operate SABnzbd from behind a Apache of LightTpd server when using HTTPS
Requires: pyopenssl (listed as python-openssl under apt-get)

To make the communication between SABnzbd and your web browser private, you can enable HTTPS (secured HTTP). The purpose of a certificate is two-fold; one is to give you encrypted communication, the other is to authenticate the server. The certificate authority guarantees that you are actually talking to the website of your bank or similar service. Web browsers are very fussy about the authentication part, and by default will complain unless you buy your own certificate.

By default SABnzbd will create self signed certificates for you to use. These however will give browser warnings when you try to connect however it is usually easy to make an exception for these certificates.

The default key and certs are located inside your admin folder of the folder where your sabnzbd.ini is. For example:

WinXP:
%localappdata%/sabnzbd/admin/server.cert
%localappdata%/sabnzbd/admin/server.key
Linux:
~/.sabnzbd/admin/server.cert
~/.sabnzbd/admin/server.key

You can change the location of these files by entering the full path to both in config>general (or https_cert and https_key in the ini)

If you want trouble-free communication you need to buy a certificate from one of the many Certificate Authorities, for example from Verisign.
Be warned that certificates come with different capabilities and hence, different prices. You probably only need a basic certificate, but even these are expensive not worth the price for just accessing SABnzbd.

To turn on access using HTTPS, you need enable https and specify what port to listen on, this can be done using the web-ui, or at commandline using the —https command
Usage:

--https <port>

This will listen on the same host as specified in -s host:port, and also enable https. Please make sure the port is different from the one that is set for normal http access.

You will then be able to access sabnzbd like so:

https://host:sslport/

If you expose SABnzbd to the Internet you can use 443 as port number, as this is the official number for HTTPS and allows you to not specify the port when accessing. Please note using a port number below 1024 requires running as root under linux.

Create a self-signed certificate with OpenSSL.

From a command prompt type:

openssl genrsa 1024 > host.key
openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License