aspera.conf for Nodes

In your aspera.conf file, use the <server> section (shown below) to configure your node machines. The aspera.conf file is found in the following location:

/opt/aspera/etc/aspera.conf

Note: Each of the settings below requires certain services to be restarted in order for any changes to take effect. The services to restart are noted in the To Activate Changes column in the table below, and the commands to restart these services are given at the end of this topic.

<server>
   <server_name>your_hostname</server_name>  
                         <!-- hostname or IP address -->
   <http_port>9091</http_port>
                         <!-- integer (1 - 65535) -->
   <https_port>9092</https_port>
                         <!-- integer (1 - 65535) -->
   <enable_http>false</enable_http>
                         <!-- true | false -->
   <enable_https>true</enable_https>
                         <!-- true | false -->
   <cert_file>           <!-- full path; .chain file same /path/filename -->
      /opt/aspera/etc/aspera_server_cert.pem
   </cert_file>
   <max_response_entries>1000</max_response_entries> 
                         <!-- max entries to return in response -->
   <max_response_time_sec>10</max_response_time_sec> 
                         <!-- max seconds to wait for long operation -->
   <db_dir>/opt/aspera/var</db_dir>
                         <!-- path to dir where DB file will be saved -->
   <db_port>31415</db_port>
                         <!-- integer (1 - 65535) -->
   <proxy>
      ...
   </proxy>
   <enable_sslv2>true</enable_sslv2>
                         <!-- boolean true or false -->
   <ssl_ciphers>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:...</ssl_ciphers>
                         <!-- ssl_ciphers: see full default list in table below -->
   <ssl_protocol>sslv23</ssl_protocol>
                         <!-- sslv3, sslv23, tlsv1, tlsv1.1, or tlsv1.2 -->
   <transfers_retry_duration>20m</transfers_retry_duration>
			    <!–- how long transfers will be retried (default 20 min)-->
   <transfers_retry_all_failures>false</transfers_retry_all_failures>
			    <!–- true | false -->
</server>

Setting Description Default Value To Activate Changes...
<server_name> Hostname or IP address. hostname Restart node service
<http_port> HTTP service port. 9091 Restart node service
<https_port> HTTPS service port. 9092 Restart node service
<enable_http> Enable HTTP for the Node API services. false Restart node service
<enable_https> Enable HTTPS for the Node API services. true Restart node service
<cert_file> Full pathname of SSL certificate (.pem and existing support for .chain). /opt/aspera/etc/aspera_server_cert.pem Restart node service
<max_response_entries> Maximum number of entries to return in a response.. 1000 Reload node configuration.
<max_response_time> Maximum amount of time to wait for a long-running operation. 10 Reload node configuration.
<db_dir> Path to the directory where the database file is saved. Before changing this value, you should back up your database. See Redis DB Backup/Restore. /opt/aspera/var Restart the node and DB services.
<db_port> Database service port. Before changing this value, you should back up your database. See Redis DB Backup/Restore. 31415 Restart the node and DB services.
<ssl_ciphers> The SSL encryption ciphers that the server will allow, each separated by a colon (:). This option may also be set in the <client> section, in which case, when this machine functions as a client, the specified ciphers are requests to the server. If any of the ciphers in the server's allow list coincide with those in the client's request list, communication is allowed; otherwise it is denied.

If you override this setting, the override is always used. However, if you do not override it, the default setting depends on the settings for <ssl_protocol>. If <ssl_protocol> is set to sslv23, then a large, relatively weak selection of suites is allowed. If the protocol is anything else, then a smaller, stronger selection of suites is allowed. Many older web browsers cannot handle the stronger set of suites, in which case you may encounter compatibility issues.

All of the following:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
DHE-RSA-AES256-SHA
DHE-DSS-AES256-SHA
AES256-SHA
AES128-SHA256
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA
RC2-CBC-MD5
Restart node service.
<ssl_protocol> The SSL protocol versions that the server will allow. This option may also be set in the <client> section, in which case, when this machine is a client, the specified protocols function as requests to the server. If any of the protocols in the server's allow list coincide with those in the client's request list, communication is allowed; otherwise it is denied.

Supported values: sslv3, tlsv1, tlsv1.1, tlsv1.2, and sslv23. Despite its name, specifying sslv23 (the default) allows all supported protocols, including all TLS versions.

sslv23 Restart node service.
<enable_sslv2> Setting to true (default) enables SSLv2. If <ssl_protocol> is not set (or is explicitly set to its default sslv23), setting <enable_sslv2> to false allows only SSLv3 and TLSv1.x—that is, all protocols except SSLv2. If <ssl_protocol> is set to any value other than sslv23, settings for <enable_sslv2> settings have no effect. true Restart node service.
<transfers_retry_duration> If a transfer fails, node will try to restart it for the specified time. If a transfer restarts and makes some progress, then the retry timer is reset and the next time if fails, it will again try to restart it for 'retry_duration'. 20m Restart node service.
<transfers_retry_all_failures> Setting to true will retry all transfers, including transfers otherwise considered unretriable. false Restart node service.
Note: Running the commands below requires root privileges.

Restarting the Node Service

$ sudo /etc/init.d/asperanoded restart

Reloading the Node Configuration

$ sudo /opt/aspera/bin/asnodeadmin --reload

Restarting the Node and DB Services

$ sudo /etc/init.d/asperanoded stop 
$ sudo /opt/aspera/bin/asnodeadmin --db-shutdown
$ sudo /etc/init.d/asperanoded start
Note: The DB service is started automatically when you restart the node service.