Deploy One Aria2 Docker To Download Files to Cloud Drives (Google Drive, One Drive etc) - NETSEC

Latest

NETSEC

Learning, Sharing, Creating

Cybersecurity Memo

Saturday, October 8, 2022

Deploy One Aria2 Docker To Download Files to Cloud Drives (Google Drive, One Drive etc)

One thing you can use your Cloud VPS to do is to set up downloading site for yourself. My previous posts have showed a way you can create your own downloading site to integrate with your cloud drivers using Aria2, AriaNG, Rclone, FileBrowser, etc. 

There are lots of components to achieve that purpose in those posts, although it is already simplified by using one docker to host all application services. To make it simpler, I found another Github project to achieve this same purpose, but the process is much simpler. Please find out all related steps below and let me know if there is any question. 


Diagram




Simplified Version:



Pre-requisites

In this lab, I am using Ubuntu 20.04 VM in Oracle Cloud Free tier as an example. All following commands are based on this Ubuntu 20.04 version Oracle Cloud platform. Please adjust it accordingly if you are using different system or platform. 

For more details about docker, Portainer, NPM configuration, please check following posts:
Commands list after run "sudo -i":
System update:
apt update -y && apt upgrade -y
Increase SWAP size to at least 1024MB

wget https://raw.githubusercontent.com/51sec/swap/main/swap.sh && bash swap.sh


Install Docker and Docker-Compose:

apt install docker.io -y 
apt install docker-compose -y


Install Portainer (Optional):

docker volume create portainer_data

docker run -d -p 9000:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

Install NPM (Nginx Proxy Manager) (Optional)

docker run -d -p 80:80 -p 81:81 -p 443:443 --name npm --restart unless-stopped -v ./letsencrypt:/etc/letsencrypt -v ./data:/data  jc21/nginx-proxy-manager:latest


Firewall Ports 

It is important for the firewall to open follwoing ports:
  • tcp 9000 - Portainer (Optional)
  • tcp 80 - NPM (Optional)
  • tcp 443 - NPM (Optional)
  • tcp 81 - NPM (Optional)
  • tcp 6800 - RPC port for AriaNG to connect
  • tcp/udp 6888 - BT port
  • tcp 6880 - AriaNG port

Create Folder Structure 

sudo -i
mkdir aria2-config
mkdir aria2-downloads


Simple command to run. Only thing to do is to set up RPC_SECRET Token:

docker run -d \
    --name aria2-pro \
    --restart unless-stopped \
    --log-opt max-size=1m \
    -e PUID=$UID \
    -e PGID=$GID \
    -e UMASK_SET=022 \
    -e RPC_SECRET=<Token> \
    -e RPC_PORT=6800 \
    -p 6800:6800 \
    -e LISTEN_PORT=6888 \
    -p 6888:6888 \
    -p 6888:6888/udp \
    -v $PWD/aria2-config:/config \
    -v $PWD/aria2-downloads:/downloads \
    -e SPECIAL_MODE=rclone \
    p3terx/aria2-pro

Configure Rclone connecting to your Cloud Drives



docker exec -it aria2-pro rclone config


Croot@ubuntu-docker-1:~# docker exec -it aria2-pro rclone config
Current remotes:
Name                 Type
====                 ====
gd                   drive
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> e
Select remote.
Choose a number from below, or type in an existing value.
 1 > gd
remote>
This value is required and it has no default.
remote> 1
Editing existing "gd" remote with options:
- type: drive
- client_id: 84976948510-dd3808r8omub1bum92uan52hdhg6pjsu.apps.googleusercontent.com
- client_secret: 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
- scope: drive
Option client_id.
Google Application Client Id
Setting your own is recommended.
See https://rclone.org/drive/#making-your-own-client-id for how to create your own.
If you leave this blank, it will use an internal key which is low performance.
Enter a string value. Press Enter for the default (84976948510-dd3808r8omub1bum92uan52hdhg6pjsu.apps.googleusercontent.com).
client_id> 84976948510-dd3808r8omub1bum92uan52hdhg6pjsu.apps.googleusercontent.com
Option client_secret.
OAuth Client Secret.
Leave blank normally.
Enter a string value. Press Enter for the default (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).
client_secret> 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
Option scope.
Scope that rclone should use when requesting access from drive.
Choose a number from below, or type in your own string value.
Press Enter for the default (drive).
 1 / Full access all files, excluding Application Data Folder.
   \ (drive)
 2 / Read-only access to file metadata and file contents.
   \ (drive.readonly)
   / Access to files created by rclone only.
 3 | These are visible in the drive website.
   | File authorization is revoked when the user deauthorizes the app.
   \ (drive.file)
   / Allows read and write access to the Application Data folder.
 4 | This is not visible in the drive website.
   \ (drive.appfolder)
   / Allows read-only access to file metadata but
 5 | does not allow any access to read or download file content.
   \ (drive.metadata.readonly)
scope> 1
Option service_account_file.
Service Account Credentials JSON file path.
Leave blank normally.
Needed only if you want use SA instead of interactive login.
Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
Enter a value. Press Enter to leave empty.
service_account_file>
Edit advanced config?
y) Yes
n) No (default)
y/n>
Use auto config?
 * Say Y if not sure
 * Say N if you are working on a remote or headless machine
y) Yes (default)
n) No
y/n> n
Option config_token.
For this to work, you will need rclone available on a machine that has
a web browser available.
For more help and alternate methods see: https://rclone.org/remote_setup/
Execute the following on the machine with the web browser (same rclone
version recommended):
        rclone authorize "drive" "eyJjbGllbnRfaWQiOiI4NDk3Njk0ODUxMC1kZDM4MDhyOG9tdWIxYnVtOTJ1YW41MmhkaGc2cGpz"
Then paste the result.
Enter a value.
config_token> eyJ0b2tlbiI6IntcImFjY2Vzc190b2tlblwiOlwieWEyOS5hMEFhNHhyWE9Jc2t2V0lSQkQ3NmFIMGpBNEdwN0REMlRBT1pEbVhsRXFINFV5YkRsS1dpeHI0LUhkN1d6WTg3YnVORHZaQ2I0OUo3bV9ibm1DT0JoeXRXSFZoMVBwdExNY1N6elZTVUZoWFNaczFucWNXYTVlSUlZbUF1SkZ5TDJBUkNWLXFCYlZKeTB0N3dEdlF6eG53TXZVYkxuSmFDZ1lLQVRBU0FSSVNGUUVqRHZMOVNodVg5ZFdtSFJ2NU5wYUZiTkxmZGcwMTYzXCIsXCJ0b2tlbl90eXBlXCI6XCJCZWFyZXJcIixcInJlZnJlc2hfdG9rZW5cIjpcIjEvLzA0TDB2V2VQU2xHVDBDZ1lJQVJBQUdBUVNOd0YtTDlJckMwNC1vSWRvZlVaODVwTVBnbnZQWjR3WVdFemZMLXFsamVDV2xmMG9rZnk2bk9aY3FnSUVKbUtUc0htRE4yVlgzejBcIixcImV4cGlyeVwiOlwiMjAyMi0xMC0wMVQxNjowMToxOC41NjI3NDQ1MjcrMDI6MDcIn0ifQ
Configure this as a Shared Drive (Team Drive)?
y) Yes
n) No (default)
y/n> y^H^H^[[D^[[D^[[D
This value must be a single character, one of the following: y, n.
y/n> y
Option config_team_drive.
Shared Drive
Choose a number from below, or type in your own string value.
Press Enter for the default (0AEZdJ516op5fUk9PVA).
 1 / Private
   \ (0AEZdJ516op5fUk9PVA)
config_team_drive>
Configuration complete.
Options:
- type: drive
- client_id: 84976948510-dd3808r8omub1bum92uan52hdhg6pjsu.apps.googleusercontent.com
- client_secret: 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
- scope: drive
- token: {"access_token":"ya29.a0Aa4xrXOIskvWIRBD76aH0jA4Gp7DD2TAOZDmXlEqH4UybDlKWixr4-Hd7WzY87buNDvZCb49J7m_bnmCOBhytWHVh1PptLMcSzzVSUFhXSZs1nqcWa5eIIYmAuJFyL2ARCV-qBbVJy0t7wDvQzxnwMvUbLnJaCgYKATASARISFQEjDvL9ShuX9dWmHRv5NpaFbNLfdg0163","token_type":"Bearer","refresh_token":"1//04L0vWePSlGT0CgYIARAAGAQSNwF-L9IrC04-oIdofUZ85pMPgnvPZ4wYWEzfL-qljeCWlf0okfy6nOZcqgIEJmKTsHmDN2VX3z0","expiry":"2022-10-01T16:01:18.562744527+02:00"}
- team_drive: 0AEZdJ516op5fUk9PVA
- root_folder_id:
Keep this "gd" remote?
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:
Name                 Type
====                 ====
gd                   drive
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q>


To get proper token: 
From one of your desktop machine which has Rclone and Browser installed to do this


rclone authorize "drive"
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
Paste the following into your remote machine --->
SECRET_TOKEN
<---End paste

Then back to the aria2 box, paste in the code.

Last step is to change two settings in docker's /config/script.conf:

  • drive-name
  • drive-dir

Log into Aria2-pro docker to check service or commands:

docker exec -it aria2-pro bash


vi /config/script.conf




Refresh token



root@ubuntu-docker-1:~/aria2-config# cat rclone.conf
[yyyjjjj]
type = drive
client_id = 1036860883959-oon5ud5p5itpjne7uakrktlhg72sda4t.apps.googleusercontent.com
client_secret = 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
scope = drive
token = {"access_token":"ya29.a0AX9GBdWB5v5BB5fWlpxC99dgLchk8zaZw8ymr8R3OwBtz11SofkXGQ0163","token_type":"Bearer","refresh_token":"1//01XjaHlJ1ym-TCgYIARAAGAESNwF-LvS-k9hn9_aNfR7jtUGnAL0t4","expiry":"2022-12-20T13:18:19.8346558-05:00"}
team_drive =

[od-jyan]
type = onedrive
token = {"access_token":"eyJ0eXAiOiJKV1QiLCJub25jZSI6ImVndHdhbDR4VGNtR2drNk9DOEQ5anRKTVVHUlQ0NlZWNEdYcktGcVdETmciLCJhbGciOiJSUzI1NiIsIng1dCI6Ii1LSTNROW5OUjdiUm9meG1lWm9YcWJIWkdldyIsImtpZCI6Ii1LS...............................................BhU0hrcks4MFdTTk9DYUllVUFmc0haUFVTQUVTRVYyUnJTaFpLSUR4YyIsInRlbmFudF9yZWdpb25fc2NvcGUiOiJOQSIsInRpZCI6IjhlZDg2MTdhLTVkZTMtNDRkOC1hOGY0LTczN2M4OWZhOWJiYyIsInVuaXF1ZV9uYW1lIjoibmV0c2VjQDUxc2VjLmV1Lm9yZyIsInVwbiI6Im5ldHNlY0A1MXNlYy5ldS5vcmciLCJ1dGkiOiJTOTVORmVjS29rdW03ejdZeFZzcEFBIiwidmVyIjoiMS4wIiwid2lkcyI6WyI3Mjk4MjdlMy05YzE0LTQ5ZjctYmIxYi05NjA4ZjE1NmJiYjgiLCI2OTA5MTI0Ni0yMGU4LTRhNTYtYWE0ZC0wNjYwNzViMmE3YTgiLCIyOTIzMmNkZi05MzIzLTQyZmQtYWRlMi0xZDA5N2FmM2U0ZGUiLCI2MmU5MDM5NC02OWY1LTQyMzctOTE5MC0wMTIxNzcxNDVlMTAiLCJmMmVmOTkyYy0zYWZiLTQ2YjktYjdjZi1hMTI2ZWU3NGM0NTEiLCJmMjhhMWY1MC1mNmU3LTQ1NzEtODE4Yi02YTEyZjJhZjZiNmMiLCJmMDIzZmQ4MS","expiry":"2023-06-30T06:50:33.904588246+08:00"}
drive_id = b!N1gkmy8wjEiBQV4n_R5MYMzvMrxgNf9GBKaPZON4_835fPvNnxF
drive_type = business




$ ./upload.sh


Checking RCLONE connection ...

2024/06/09 01:38:12 Failed to create file system for "od-jyan:/sharing/P3TERX.COM": failed to get root: Get "https://graph.microsoft.com/v1.0/drives/b!N1gkmy8wjEiBQV4n_R5MYMzvMrxgNf9LmQPlqO9GBKaPZON4_835QKWrkfPvNnxF/root": couldn't fetch token: invalid_grant: maybe token expired? - try refreshing with "rclone config reconnect od-jyan:"


$ rclone config reconnect od-jyan
Error: backend doesn't support reconnect or authorize
Usage:
  rclone config reconnect remote: [flags]

Flags:
  -h, --help   help for reconnect

Use "rclone [command] --help" for more information about a command.
Use "rclone help flags" for to see the global flags.
Use "rclone help backends" for a list of supported services.

2024/06/09 01:42:35 Fatal error: backend doesn't support reconnect or authorize



Delete existing OneDrive Remote then add a new one in:

$ rclone config
Current remotes:
Name                 Type
====                 ====
od-jyan              onedrive
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> d
Select remote.
Choose a number from below, or type in an existing value.
 1 > od-jyan
remote> 1

No remotes found, make a new one?
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
Enter name for new remote.
name> od-jyan
Option Storage.
Type of storage to configure.
Choose a number from below, or type in your own value.
 1 / 1Fichier
   \ (fichier)

31 / Microsoft Azure Blob Storage
   \ (azureblob)
32 / Microsoft Azure Files
   \ (azurefiles)
33 / Microsoft OneDrive
   \ (onedrive)
34 / OpenDrive
   \ (opendrive)

53 / Zoho
   \ (zoho)
54 / premiumize.me
   \ (premiumizeme)
55 / seafile
   \ (seafile)
Storage> 33
Option client_id.
OAuth Client Id.
Leave blank normally.
Enter a value. Press Enter to leave empty.
client_id>
Option client_secret.
OAuth Client Secret.
Leave blank normally.
Enter a value. Press Enter to leave empty.
client_secret>
Option region.
Choose national cloud region for OneDrive.
Choose a number from below, or type in your own string value.
Press Enter for the default (global).
 1 / Microsoft Cloud Global
   \ (global)
 2 / Microsoft Cloud for US Government
   \ (us)
 3 / Microsoft Cloud Germany
   \ (de)
 4 / Azure and Office 365 operated by Vnet Group in China
   \ (cn)
region>
Edit advanced config?
y) Yes
n) No (default)
y/n> n
Use web browser to automatically authenticate rclone with remote?
 * Say Y if the machine running rclone has a web browser you can use
 * Say N if running rclone on a (remote) machine without web browser access
If not sure try Y. If Y failed, try N.
y) Yes (default)
n) No
y/n> n
Option config_token.
For this to work, you will need rclone available on a machine that has
a web browser available.
For more help and alternate methods see: https://rclone.org/remote_setup/
Execute the following on the machine with the web browser (same rclone
version recommended):
        rclone authorize "onedrive" "eyJkZXNjcmlwdGlvbiI6IiJ9"
Then paste the result.
Enter a value.
config_token> {"access_token":"eyJ0eXAiOiJKV1QiLCJub25jZSI6Im92eVI3YnZUeWEyTmlXeXNRSzRkMW44NXFsa2k0MDlYOGtuMXNKX1JiQW8iLCJhbGciOiJSUzI1NiIsIng1dCI6IkwxS2ZLRklfam5YYndXYzIyeFp4dzFzVUhIMCIsImtpZCI6IkwxS2ZLRklfam5YYndXYzIyeFp4dzFzVUhIMCJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDAiLCJpc3MiOiJodHRwczovL3N0cy53FtZSI6Im5ldHNlY0A1MXNlYy5ldS5vcmciLCJ1cG4iOiJuZXRzZWNANTFzZWMuZXUub3JnIiwidXRpIjoiREpvTFBjMWYwMGlJTUVjcXhJY1JBQSIsInZlciI6IjEuMCIsIndpZHMiOlsiNzI5ODI3ZTMtOWMxNC00OWY3LWJiMWItOTYwOGYxNTZiYwF3R0rz_l9IKZ7DYGJtJmzkI6XN1IbP4z2iRh5bp8bNkp7bxQZgPLZahI8FmarHsXkQ","expiry":"2024-06-08T15:39:05.077350707-04:00"}
Option config_type.
Type of connection
Choose a number from below, or type in an existing string value.
Press Enter for the default (onedrive).
 1 / OneDrive Personal or Business
   \ (onedrive)
 2 / Root Sharepoint site
   \ (sharepoint)
   / Sharepoint site name or URL
 3 | E.g. mysite or https://contoso.sharepoint.com/sites/mysite
   \ (url)
 4 / Search for a Sharepoint site
   \ (search)
 5 / Type in driveID (advanced)
   \ (driveid)
 6 / Type in SiteID (advanced)
   \ (siteid)
   / Sharepoint server-relative path (advanced)
 7 | E.g. /teams/hr
   \ (path)
config_type> 1
Option config_driveid.
Select drive you want to use
Choose a number from below, or type in your own string value.
Press Enter for the default (b!N1gkmy8wjEiBQV4n_R5MYMzvMrxgNf9LmQPlqO9GBKaPZON4_835QKWrkfPvNnxF).
 1 / OneDrive (business)
   \ (b!N1gkmy8wjEiBQV4n_R5MYMzvMrxgNf9LmQPlqO9GBKaPZON4_835QKWrkfPvNnxF)
config_driveid> 1
Drive OK?
Found drive "root" of type "business"
URL: https://51sec-my.sharepoint.com/personal/netsec_51sec_eu_org/Documents
y) Yes (default)
n) No
y/n> y
Configuration complete.
Options:
- type: onedrive
- token: {"access_token":"eyJ0eXAiOiJKV1QiLCJub25jZSI6Im92eVI3YnZUeWEyTmlXeXNRSzRkMW44NXFsa2k0MDlYOGtuMXNKX1JiQW8iLCJhbGciOiJSUzI1NiIsIng1dCI6IkwxS2ZLRklfam5YYndXYzIyeFp4dzFzVUhIMCIsImtpZCI6IkwxSr7x8n6Q9kyB1CCUAcCtarboV4Fa5RIPev9SLUN1Hw4VakCshAmTYoeUfHqfI4Vyaobte0sAHfwF3R0rz_l9IKZ7DYGJtJmzkI6XN1IbP4z2iRh5bp8bNkp7bxQZgPLZahI8FmarHsXkQ","expiry":"2024-06-08T15:39:05.077350707-04:00"}
- drive_id: b!N1gkmy8wjEiBQV4n_R5MYMzvMrxgNf9LmQPlqO9GBKaPZON4_835QKWrkfPvNnxF
- drive_type: business
Keep this "od-jyan" remote?
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:
Name                 Type
====                 ====
od-jyan              onedrive
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q>



From a machine which has browser installed (novnc.51sec.org):


root:~# rclone authorize "onedrive"
2024/06/08 14:12:33 NOTICE: Config file "/root/.config/rclone/rclone.conf" not found - using defaults
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=jittsg-JNUPC-a6a0C7anw
Log in and authorize rclone for access
Waiting for code...
Got code
Paste the following into your remote machine --->
{"access_token":"eyJ0eXAiOiJKV1QiLCJub25jZSI6Im92eVI3YnZUeWEyTmlXeXNRSzRkMW44NXFsa2k0MDlYOGtuMXNKX1JiQW8iLCJhbGciOiJSUzI1NiIr7x8n6Q9kyB1CCUAcCtarboV4Fa5RIPev9SLUN1Hw4VakCshAmTYoeUfHqfI4Vyaobte0sAHfwF3R0rz_l9IKZ7DYGJtJmzkI6XN1IbP4z2iRh5bp8bNkp7bxQZgPLZahI8FmarHsXkQ","expiry":"2024-06-08T15:39:05.077350707-04:00"}
<---End paste


You will need to open a url from your browser. After successfully logged in, you will be asked to go back to rclone. 



Checking the connection from docker:

# root @ 836e195a6759 in /config/script [02:33:40]
$ ./upload.sh

Checking RCLONE connection ...

success
# root @ 836e195a6759 in /config/script [02:33:45]
$



Deploy AriaNG (Optional)


Then you need a WebUI for control, such as AriaNg. This link is provided by the developer and can be used directly. Or use Docker to deploy it yourself:

docker run -d \
    --name ariang \
    --log-opt max-size=1m \
    --restart unless-stopped \
    -p 6880:6880 \
    p3terx/ariang

Online AriaNG Site:
You can use either of them to connect to your Aria2 RPC port to control your downloading. 

The Aria2 RPC configuration including RPC password will not be saved on AriaNG server. All those settings are cached into your local browser. AriaNG is just used to send the commands to Aria2 to execute. 

Maintenance

Reboot:
  • docker restart aria2-pro

Re-deploy: 

  • docker rm -f aria2-pro
  • docker rmi p3terx/aria2-pro
  • rm -rf ~/aria2-config
  • docker pull p3terx/aria2-pro
  • docker run <...>

Check Logs
  • Realtime logs:
    • docker logs -f --tail 30 aria2-pro
  • Export logs
    • docker logs aria2-pro > ~/aria2-pro.log

Video




References

Read more

Subscribe via email

Author Image

About Netsec
Netsec - Learning, Sharing, Creating!

-
Tags:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)