SonicBoxes.com

How to Set Up Deluge with Nginx on a VPS for a Seedbox

Deluge Seedbox Featured Image

Written by

nunim

in

If you want a lightweight, self-hosted seedbox, Deluge is a great option.

It’s a Python-based BitTorrent client with a simple Web UI and solid community support.

In this guide, we’ll set up Deluge with Nginx as a reverse proxy on an Ubuntu VPS, and secure it with HTTPS using Let’s Encrypt.

Step 1: Install Deluge

By default, Ubuntu’s repositories often lag behind the latest Deluge releases. To ensure you get the newest stable version, add the official PPA.

sudo apt-get update
sudo apt-get upgrade -yV
sudo add-apt-repository -y ppa:deluge-team/stable
sudo apt-get install deluged deluge-web -y

If you get an error like:

add-apt-repository: command not found

install the software-properties-common package first (older articles may reference python-software-properties).

After installing, confirm the versions:

deluged --version

You should see something like Deluge 2.2.0 rather than the outdated 2.1.x from the default repo.

# deluged --version
deluged 2.2.0
libtorrent: 2.0.10.0
Python: 3.12.3
OS: Linux Ubuntu 24.04 noble

Step 2: Create a Dedicated Deluge User

For security, run Deluge under its own system account.

sudo adduser --system --gecos "Deluge Service" --disabled-password --group --home /var/lib/deluge deluge

If you want to manage downloads with another user (e.g., myftp), add them to the deluge group:

sudo adduser --ingroup deluge --gecos "Deluge Download User" myftp

Create the downloads directory, and symlink your personal files folder to Deluge’s download directory to make it easier to access via SFTP:

sudo -u deluge mkdir /var/lib/deluge/Downloads
sudo -u deluge touch /var/lib/deluge/Downloads/first-file

sudo -u myftp ln -s /var/lib/deluge/Downloads/ /home/myftp/files

Step 3: Set Up Systemd Services

Deluge provides service templates in its documentation.

In this case, I’ve opted to enable warning level logging with a dedicated log file for earch service.

Create these two files:

/etc/systemd/system/deluged.service

[Unit]
Description=Deluge Bittorrent Daemon
After=network-online.target

[Service]
Type=simple
User=deluge
Group=deluge
ExecStart=/usr/bin/deluged -d -l /var/lib/deluge/deluged.log -L warning
Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target

/etc/systemd/system/deluge-web.service

[Unit]
Description=Deluge Bittorrent Web UI
After=network-online.target

[Service]
Type=simple
User=deluge
Group=deluge
ExecStart=/usr/bin/deluge-web -d -l /var/lib/deluge/deluge-web.log -L warning
Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target

Reload the daemon, then enable and start the new services:

sudo systemctl daemon-reload
sudo systemctl enable deluged deluge-web
sudo systemctl start deluged deluge-web

Check the status to make sure everything launched:

sudo systemctl status deluged deluge-web

Step 4: Test Deluge [Optional]

If both services are actively running, Deluge is now fully functional and ready to start downloading files, so it’s fine to queue something up for download while we work on the final configruation steps.

To access Deluge-Web, open your Web Browser and access the Server IP’s using HTTP via Port 8112.

http://your-ip-add-ress:8112

The default password is deluge

Once logged in, connect to the local Deluge daemon running on 127.0.0.1.

Step 4: Install Nginx and Certbot

Now that the basics are setup, it’s time to make Deluge more user friendly by adding a Reverse Proxy to access Deluge-Web securely via HTTPS and adding a directory-based file browser to make downloading files from the server easier.

We’ll use Nginx as a reverse proxy to serve Deluge securely under HTTPS, and use CertBot to provide the SSL certificate.

Install Nginx

sudo apt-get install nginx  snapd -y

Install CertBot

sudo snap install --classic certbot

Finally with Certbot installed, we can request a Let’s Encrypt certificate (replace my.domain.net with your (sub)domain):

sudo certbot --nginx -d my.domain.net --non-interactive --agree-tos  --email admin@my.domain.net

Step 5: Configure Nginx

Create your new Nginx config (e.g., /etc/nginx/sites-available/deluge.conf):

server {
    listen 80;
    listen [::]:80;
    server_name my.domain.net;

    # Redirect HTTP to HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name my.domain.net;

    root /var/www/html;

    ssl_certificate /etc/letsencrypt/live/my.domain.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/my.domain.net/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    # Public file listing
    location /files {
        alias /var/lib/deluge/Downloads/;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
    }

    # Deluge Web UI
    location /deluge {
        proxy_pass http://localhost:8112/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Deluge-Base "/deluge/";
        add_header X-Frame-Options SAMEORIGIN;
    }
}

Replace all instances of my.domain.net with your actual (sub)domain.

Remove the default site, and enable our new config file with a symlink:

rm -fv /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/deluge.conf /etc/nginx/sites-enabled/

Wipe the default nginx Index file:

sudo rm -fv  /var/www/html/index.nginx-debian.html
sudo echo > /var/www/html/index.nginx-debian.html

Add nginx to the Deluge group so it can access the files written by Deluge, allowing HTTP download capability via /files/.

The default username for Nginx on Ubuntu is www-data.

sudo usermod -aG deluge www-data

Now we can verify the config file, and reload Nginx:

sudo nginx -t
sudo systemctl reload nginx

If Nginx reloaded succcessfully, you can now access your Deluge Reverse-Proxy, and /files/ download directory via HTTPS.

  • Deluge Web UIhttps://my.domain.net/deluge/
  • Download directoryhttps://my.domain.net/files/

Step 6: Secure and Maintain

  • Change the default Deluge Web password immediately (Preferences → Interface).
  • Add your SSH key(s) to the root, and download users.
  • Restrict SSH access to keys-only by updating ssh_config to include:
    • PermitRootLogin without-password
    • PasswordAuthentication no
    • systemctl restart ssh
  • Wipe the default Nginx HTML file]
    • `
  • Keep your system updated:
sudo apt-get update && sudo apt-get upgrade -y

Troubleshooting

Nginx shows 502 Bad Gateway

  • Check if the Deluge Web service is running: systemctl status deluge-web
  • If not, restart it: sudo systemctl restart deluge-web
  • Verify it’s listening on port 8112: netstat -tulpn | grep 8112

Permission errors with downloads

  • Ensure your user is part of the deluge group: sudo usermod -aG deluge yourusername
  • Log out and back in for group changes to take effect.

Deluge Web UI not loading properly under /deluge/

  • Make sure the proxy_set_header X-Deluge-Base "/deluge/"; line is included in your Nginx config.
  • Clear browser cache or try incognito mode to rule out cached redirects.

SSL certificate issues

  • Ensure your domain’s DNS points to your VPS before running Certbot.
  • If renewal fails, you can manually renew: sudo certbot renew --dry-run

Conclusion

You now have a Deluge seedbox running behind Nginx with HTTPS. This setup is secure, easy to manage, and lets you remotely control your torrents while also serving completed downloads via the web.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts