faspex Installation Guide

RedHat, CentOS
Version 1.6.1
Chapter 1 Introduction
Chapter 2 Install faspex
2.1 Prepare the System
2.2 Installation
2.3 Generate the SSL Certificate
2.4 Configure the Web Server
Appendix 1 Restart faspex
2 The Log Files
3 Reset the faspex Admin Password
4 faspex Commands
5 Uninstall faspex
6 Backup faspex Database
Reference

1. Introduction

Aspera faspex is a file exchange application built upon Aspera Enterprise Server as a centralized transfer solution. With a web-based graphical user interface, faspex offers more advanced management options for fasp high-speed transfer to match your organization's workflow. faspex provides the following features:

Features
fasp™ transport server
Installed upon the Enterprise Server, a transport server that handles fasp™ connections.
Web/Email-based Interface
Simple web and email interface for exchanging files and directories.
Package Forwarding
Users can forward packages on the server to others without re-uploading.
Permission Management
Manage user permissions through workgroup assignment or direct-configuration.
Post-Processing
Execute custom scripts after a transfer when certain conditions are met.
Email Notification
Customizable Email Notification of faspex events such as receiving a package.
Active Directory
Integration of your organization's Active Directory users and groups with faspex.
Multi-Server
Multiple faspex servers can be configured to work together.

The most up-to-date documentation can be found at the Aspera website.
For further assistance, please contact us at http://asperasoft.com/support.

2. Install faspex

2.1 Prepare the System

To successfully install Aspera faspex, it is highly recommended to use a computer with a newly-installed operating system. The following is a list of requirements for your system before installing:

Preparation
Application
Firewall

2.2 Installation

If you have a previous version of faspex server installed, backup the database before upgrading faspex. Refer to Appendix 6. Backup faspex Database.

Follow these steps to set up the faspex:

Step 1 Set up the Aspera Enterprise Server version 2.5 or higher
Before installing faspex, you must already have Aspera Enterprise Server installed. Use the command to verify the Enterprise Server installation:
$ ascp -A
If the system cannot find the command, or the version is older that 2.5, download the latest Enterprise Server installer package. Use the login and password provided: http://asperasoft.com/downloads/ent-server
When the installer is downloaded, log in as root and execute the following command to install the Enterprise Server. Replace "[version]" with the actual version number on the rpm file:
$ rpm -Uvh aspera-entsrv-[version].rpm
After installing the Enterprise Server, create the following license file and paste your license key string:
/opt/aspera/etc/aspera-license
Step 2 Acquire the faspex installer
Go to the Aspera download page, find the installer for your platform and download. Use the user name and password provided by Aspera to access: http://www.asperasoft.com/downloads/faspex

To install or update faspex, execute the following commands with the proper permission (umask 022 or less restrictive) to install the downloaded packages. Replace "[version]" with the actual version number of the rpm file:
$ rpm -Uvh aspera-common-[version].rpm
$ rpm -Uvh aspera-faspex-[version].rpm
Step 3 Update the previous faspex (Update-only)
If you are installing upon a previous version of faspex, use the command to update faspex, including backup and migrate the database:
$ /opt/aspera/faspex/update_faspex.sh
Step 4 Fresh-install faspex (Fresh-install-only)
Warning: If you are updating faspex, DO NOT run the installer script (install_faspex.sh). The script will wipe out the existing database.
To fresh-install faspex, change directory into the main faspex directory to execute the remaining steps. After running the next command, you will be prompted to enter a new MySQL password. Enter a new MySQL password:

$ cd /opt/aspera/faspex
$ ./install_faspex.sh
After running the last command, you will be prompted for the following information. Follow the instructions:
faspex is run by the system user faspex and faspex_app. Make sure these system users' password never expire.
Step 5 Install the faspex License File
You should find the license key file in the authorization E-mail sent by Aspera. The key is stored in a file name that looks like: aspera.faspex.[something].license. Put the ".license" file you received from Aspera into the following directory:
/opt/aspera/faspex/config
When finished, execute the following command to ensure the license file is readable by faspex. Replace the underlined filename in the example below with the full filename and extension of your ".license" file:

$ chmod 644 /opt/aspera/faspex/config/your.license
Important: you must only have one license file at a time in the directory, otherwise you will not be allowed to log in. To keep a second license file in the same directory, rename it, for example, add ".bak" to the end of the filename.
Step 6 Start faspex Services and Aspera Central
Execute the command to start faspex:
$ sudo /opt/aspera/faspex/bin/asctl faspex:start
Use the following command to restart Aspera Central and apply the settings:
$ /etc/init.d/asperacentral restart
Step 7 Log in Aspera faspex
When successfully installed, you should be able to connect to the Aspera faspex through a web browser. For example:
  • URL:   https://10.0.0.10/aspera/faspex
  • Username:  admin
  • Password:  aspera

You can change the administrator's password in the faspex. Go to the Preferences from the faspex menu, update your password under Change Password section.

2.3 Generate the SSL Certificate

This section covers both regenerating a self-signed SSL certificate, and ordering a certificate from a certificate authority.

2.3.1 Regenerate the Self-Signed SSL Certificate

When the faspex is set up, a pre-generated self-signed SSL (Secure Sockets Layer) certificate is installed. To regenerate a self-signed certificate based on the current apache 'hostname' setting, execute the following command in Terminal, replace the HOSTNAME with the current apache's IP address or hostname. Answer yes when prompted to overwrite the existing certificate:

$ sudo /opt/aspera/faspex/bin/asctl faspex:shared:apache:make_ssl_cert HOSTNAME

The command will overwrite the existing certificate:

/opt/aspera/common/apache/conf/server.crt
/opt/aspera/common/apache/conf/server.key

2.3.2 Install the SSL Certificate Ordered from a Certificate Authority

To implement the SSL certificate ordered from a 3rd-party certificate authority, follow these steps:

Step 1 Order a signed certificate from a SSL certificate provider
Order a signed SSL key from a certificate authority, and follow the key provider's instructions to generate and submit both of your private key and the Certificate Signing Request (CSR) to acquire the certificate. Here is a list of the certificate authority.
Step 2 Replace the self-signed certificates with the new ones
Replace the pre-generated self-signed certificates with the ones that acquired from the certificate authority:
/opt/aspera/common/apache/conf/server.crt
/opt/aspera/common/apache/conf/server.key
Step 3 Install the Intermediate CA Certificate file (Optional)
Your certificate provider may require you to also install an Intermediate CA Certificate file. For example, if the Intermediate CA certificate is in the directory:
/opt/serv-certificate/int-ca.crt
Use a text editor to open the Apache's SSL configuration file :
/opt/aspera/common/apache/conf/extra/httpd-ssl.conf
In the file, add or edit the parameter SSLCACertificateFile to point to the intermediate CA certificate:
SSLCACertificateFile   "/opt/serv-certificate/int-ca.crt"
Step 4Restart Apache to apply the new settings
Use the command to restart Apache and apply the new settings:
$ /etc/init.d/aspera_httpd restart

2.4 Configure the Web Server

At this point, faspex should be set up and functional. For additional Apache web server settings, follow the steps:

Step 1 Navigate into the faspex directory
Enter the command to navigate into Console directory:
$ cd /opt/aspera/faspex/bin/
Step 2 Print and change the hostname
During the installation, you should have the faspex's hostname configured. First, use the command to print the current hostname:
>$ ./asctl faspex:shared:apache:hostname
To change the hostname, use the command and replace the underlined value with the hostname you want to use:
$ ./asctl faspex:shared:apache:hostname www.new-host.com
When changed, enter the new url to access the faspex. In this example, use the address:
https://www.new-host.com/aspera/faspex
Step 3 Print and change the faspex namespace
By default, faspex uses the namespace /aspera/faspex. To print the current namespace, use the command:
$ ./asctl faspex:uri_namespace
To set the namespace to, for example, /faspex, use the following command the change it and restart partial services to apply the settings. Notice that the namespace cannot be blank:
$ ./asctl faspex:uri_namespace /faspex
$ ./asctl faspex:restart
When changed, faspex's URL should be the server's address followed by the new namespace. In this example, use the address:
https://10.0.0.10/faspex
Step 4 Change the HTTP and HTTPS ports
By default, faspex's web servers are running on TCP/80 (HTTP) and TCP/443 (HTTPS). Use the following commands to update the ports, replace the underlined values with your port numbers:
HTTP
$ ./asctl faspex:shared:apache:http_port 7080
HTTPS
$ ./asctl faspex:shared:apache:https_port 7443
If you change these two ports, reflect the settings on the system firewall.
When the port numbers are changed, reflect them in the url. In this example, use the address:
https://10.0.0.10:7443/aspera/faspex

Appendix 1. Restart faspex

If faspex is not working properly, it is recommended to restart faspex services. Execute the command to restart all faspex-related services:

$ /opt/aspera/faspex/bin/asctl all:restart

If you have Aspera Console installed on the same machine, this command also restarts all Console services.

Appendix 2. The Log Files

The Aspera faspex log files are located in the directory:

/opt/aspera/faspex/log

In the log directory, faspex's Apache logs into the following files:

You can further configure the faspex's Apache log using the asctl commands. In terminal, navigate into the directory:

/opt/aspera/faspex/bin/

Use the following commands to modify the Apache logging settings:

faspex Log Commands
Specify an Apache log level. (e.g. error level)
$ ./asctl all:log_level error
Enable Apache log. (Set to notice)
$ ./asctl all:enable_logs
Disable Apache log. (Set to emerg level)
$ ./asctl all:disable_logs
Delete logs older than certain days (e.g. 30 days)
$ ./asctl all:delete_logs_older_than 30

Appendix 3. Reset the faspex Admin Password

If you lost the faspex admin's password, use the command to reset it:

$ /opt/aspera/faspex/bin/asctl faspex:reset_admin_password

Enter the new admin account password when prompted, enter again when prompted for confirmation. When the password is updated successfully, the admin should be able to log in faspex with the new password.

Appendix 4. faspex Commands

You can use the provided commands to control faspex. In terminal, execute the following to list all options for asctl command:

$ /opt/aspera/faspex/bin/asctl all:help

You can use the asctl command and the option in the following format:

asctl Commands
faspex-specific
$ /opt/aspera/faspex/bin/asctl faspex:option
All Components (faspex, MySQL, Apache)
$ /opt/aspera/faspex/bin/asctl all:option

For example, to display the faspex hostname, use the command:

$ /opt/aspera/faspex/bin/asctl faspex:hostname

Appendix 5. Uninstall faspex

To uninstall faspex, execute the following command:

$ /opt/aspera/faspex/uninstall_faspex.sh

Appendix 6. Backup faspex Database

To backup the faspex database, open terminal, and execute the command:

$ /opt/aspera/faspex/bin/asctl -v faspex:backup_databases

This command uses mysqldump to create the faspex MySQL databases backup in the directory:

/opt/aspera/faspex/db/backup

You should see the following backup files:

Reference