Configuring Apache

Connect Server is a web-based file server that enables file access through a browser, and transfers files using the Aspera Connect Browser Plug-in. You can configure your system's Apache server to host Connect Server's Web UI. Additionally, you can set up HTTP fallback to establish HTTP- or HTTPS-based file transfers with clients that don't have FASP connectivity. The files described below may have different paths or your Apache server could require additional settings, depending on your operating system's distribution and configuration. For additional information, see your operating system documentation or contact Aspera Technical Support

  1. Locate and open your Apache configuration file.
    With administrative account access, open your Apache configuration file in a text editor from the following location, depending on your operating system:
    Version Path
    RedHat, Centos, Fedora /etc/httpd/conf/httpd.conf
    Ubuntu, Debian /etc/apache2/apache2.conf
    SLES /etc/apache2/httpd.conf
  2. Review the Apache ServerName setting.
    Locate the ServerName section in httpd.confand verify that the server's name resolves correctly. Use one of the following examples to set the Connect Server domain name or IP address, respectively:
    ServerName www.ConnectServerName.com
    ServerName 10.0.0.1
  3. Turn off Apache's UseCanonicalName setting.
    Locate the line for UseCanonicalName and verify that it is set to off.
    UseCanonicalName off
  4. Review or modify your Web UI settings.
    Add the following section at the end of the configuration file if it is not already there:
    #BEGIN_ASPERA
    <Directory /opt/aspera/var/webtools>
       AllowOverride All
       Allow from all
    </Directory>
    <Directory /opt/aspera/var/webtools/scripts>
       AddHandler cgi-script .pl
       SetHandler cgi-script
       Options +ExecCGI
       AllowOverride All
    </Directory>
    ScriptAlias /aspera/scripts/ "/opt/aspera/var/webtools/scripts/"
    Alias /aspera/ "/opt/aspera/var/webtools/"
    #END_ASPERA
  5. Enable Apache's cgi and the dir modules.
    Your Apache web server must have both the cgi and the dir modules enabled. To do so, run the commands listed in the table below for your version of Apache.
    Apache Version Instruction
    2.2 Run the following commands to enable the requisite modules:
    $ sudo a2enmod dir
    $ sudo a2enmod cgi
    $ sudo a2enmod cgid
    Important: These commands do not work on RHEL or CentOS. For these versions of Linux, you must edit the Apache configuration file as described below for Apache 1.3 and 2.0.
    1.3, 2.0 In Apache's configuration file, add or un-comment the following lines:
    LoadModule dir_module modules/mod_dir.so
    LoadModule cgi_module modules/mod_cgi.so

    After modifying the Apache configuration file, save and close it.

  6. Configure SSL. (Optional)
    For instructions on generating an RSA Private Key, Certificate Signing Request (CSR) and optional self-signed certificate using OpenSSL, see Create an SSL Certificate (Apache).

    Once you have created your private key and Certificate (or you are using the unsigned Certificate provided by Aspera), see Enable SSL (Apache) for instructions on enabling SSL on your system.

  7. Disable SELinux (RedHat, CentOS, and Fedora only).
    SELinux (Security-Enhanced Linux), an access control implementation, may affect web UI access. For information on how to disable SELinux, see Disabling SELinux.
  8. Restart your Apache web server.
    Run the following command, depending on your version of Apache:
    Version Command
    Apache 2.2
    $ /etc/init.d/apache restart 
    Note: This command does not work on RHEL or CentOS. You must use the command described below for Apache 1.3 and 2.0.
    Apache 1.3, 2.0
    $ /etc/init.d/httpd restart 
  9. Enable system-level security.
    Enabling system-level security allows the Web UI to accurately display users' files and show or hide controls depending on users' permissions (this includes the delete and make directory functions). To enable system-level security, run the following command (as root) in a Terminal window:
    $ sudo /opt/aspera/sbin/enablesecure enable

    Once the script is executed, you will be prompted to input the name of the Apache user.

    User running apache (default apache):

    Based on your input, the script generates text similar to the following. Use visudoers to copy and paste the generated text into your /etc/sudoers file. In the following example output, apache is the account that is running Apache and /opt/aspera is the Aspera installation directory.

    Important: Do not paste the example output shown below into your sudoers file. Paste the ouput generated when you ran the enablesecure script as described above.
    # BEGIN Aspera Connect Server
    # The user account that runs the web server will impersonate
    # the logged-in user to present that user's files and folders.
    Defaults env_keep += "SERVER_NAME REQUEST_URI REQUEST_METHOD REMOTE_USER QUERY_STRING CONTENT_LENGTH SESSION_ID CSRF_TOKEN"
    Defaults:apache !requiretty
    apache ALL=(ALL) NOPASSWD: /opt/aspera/var/webtools/scripts/aspera-dirlist.pl,
    SETENV: /opt/aspera/var/webtools/scripts/aspera-dirlist.pl
    # END Aspera Connect Server
    Note: Once secure permissions are enabled, users will see the Delete and Create Folder buttons, allowing then to remove files and create directories on the server (within their docroot). You may hide the Delete and Create Folder buttons by updating the Web UI configuration parameters EnableDelete and EnableCreateFolder, respectively. Please refer to Configuring your Web UI Settings for details.

    To disable the secure permissions, run the enablesecure script again with the argument disable.

    $ sudo /opt/aspera/sbin/enablesecure disable
  10. Verify that cookies are enabled in the Web browser. (On client computers)
    Note: Ensure that your client users have cookies enabled within their browsers before attempting to log in. Failure to do so may result in an error message as they attempt to access the Connect Server Web UI.