Configuring HTTP and HTTPS Fallback

HTTP fallback serves as a secondary transfer method when the Internet connectivity required for Aspera FASP transfers (UDP port 33001, by default) is unavailable. When HTTP fallback is enabled and UDP connectivity is lost or cannot be established, the transfer will continue over the HTTP protocol.

The instructions below describe how to enable and configure HTTP/HTTPS fallback. These instructions assume that you have already configured your Connect Server's Web UI. For additional information on configuring different modes and testing, see the Aspera KB Article "HTTP fallback configuration, testing and troubleshooting."

To enable HTTP Fallback for IBM Aspera Faspex, you must configure the feature in both Faspex and the associated transfer node. The transfer node must be running an Aspera transfer server product (IBM Aspera Enterprise Server or IBM Aspera Connect Server) enabled with a Connect Server license. If Faspex and the transfer server are installed on the same machine, the Faspex installation process configures them automatically. In the case of a remote server, you must configure the transfer server and firewall ports in either of the following ways:
  • Set HTTP/HTTPS to defaults ports (8080 + 8443) and open firewall ports on 8080/8443.
  • Set HTTP/HTTPS to standard ports (80 + 443) and open firewall ports on 80/443.

Additionally, the transfer server fallback settings must match the Faspex fallback settings. If the settings don't match, Faspex returns a "Package creation failed" error. Ensure that transfer server has HTTP/HTTPS fallback enabled.

Note: Ensure that your HTTP daemon (Aspera HTTPD) is running with sufficient privileges, so that it can modify file ownership.
  1. Go to Server > Configuration > Transfer Options and select Enable HTTP Fallback.
  2. Go to Server > Configuration > Security and select Encrypt Transfers.
    Note: If HTTPS fallback is enabled on the transfer server, encrypted transfers must be enabled in Faspex.
  3. Confirm your HTTP fallback port number.
    To confirm your HTTP Fallback port number, run the following asctl command:
    # asctl faspex:http_fallback_port
    If you need to modify the Faspex HTTP port, add the port_number to the command:
    # asctl faspex:http_fallback_port port_number
    Important: Do not use this command if Faspex and your transfer server are on the same machine. If you modify the HTTP fallback port, HTTP fallback fails because Apache is hard-coded to route traffic to asperahttpd on port 8080.
  4. (In the transfer server) Configure HTTP/HTTPS fallback settings.
    You can configure HTTP/HTTPS Fallback from either the transfer server GUI or by editing aspera.conf.

    Configuring HTTP/HTTPS fallback from the GUI:

    Launch the transfer server and go to Configuration > Global > HTTP Fallback.

    Review the following settings:

    • In the Enable HTTP row, select Override and set to true.
    • If you want to allow fallback over HTTPS, in the Enable HTTPS row, select Override and set to true.

    Configuring HTTP/HTTPS fallback by editing aspera.conf:

    Run the following commands:

    • To view the current HTTP settings in aspera.conf:
      $ /opt/aspera/bin/asuserdata -b -t

    Confirm the HTTP fallback settings in aspera.conf as shown in the example below. enable_http should be set to true, while the value shown for http_port should match what was displayed when you ran the command asctl faspex:http_fallback_port (default: 8080).

    <CONF version="2">
      ...
      <http_server>
        ...
        <enable_http>true</enable_http>     <!-- Enable HTTP -->
        ...
        <http_port>8080</http_port>         <!-- HTTP port -->
        ...
      </http_server>
    </CONF>

    To manually inspectaspera.conf, open it from the following directory:

    /opt/aspera/etc/aspera.conf

  5. Review additional HTTP fallback settings.
    Additional HTTP fallback settings can be set in aspera.conf:
    Field Description Values Default
    Cert File The absolute path to an SSL certificate file. If left blank, the default certificate file that came with Enterprise Server is used. file path blank
    Key File The absolute path to an SSL key file. If left blank, the default certificate file that came with your Aspera Enterprise Server will be used. file path blank
    Bind Address The network interface address on which the HTTP Fallback server listens. The default value 0.0.0.0 allows the HTTP Fallback server to accept transfer requests on all network interfaces for this node. Alternatively, a specific network interface address may be specified. valid IPv4 address 0.0.0.0
    Restartable Transfers Set to true to allow interrupted transfers to resume from the point of interruption. true or false true
    Session Activity Timeout Any value greater than 0 sets the amount of time, in seconds, that the HTTP fallback server will wait without any transfer activity before canceling the transfer. This option cannot be set to 0,otherwise interrupted HTTP fallback sessions will get stuck until server or asperacentral is restarted. positive integer 20
    HTTP Port The port on which the HTTP server listens. Valid port numbers range between 1 and 65535.
    Note: Use asctl command to change HTTP port, so that Faspex can pick up the new value.
    positive integer 8080
    HTTPS Port The port on which the HTTPS server listens. Valid port numbers range between 1 and 65535.
    Note: Use asctl command to change HTTPS port, so that Faspex can pick up the new value.
    positive integer 8443
    Enable HTTP Enables the HTTP Fallback server that allows failed UDP transfers to continue over HTTP. true or false false
    Enable HTTPS Enables the HTTPS Fallback server that allows failed UDP transfers to continue over HTTPS. true or false false
    <CONF version="2">
     ...
      <http_server>
        <cert_file> </cert_file>
        <key_file> </key_file>
        <bind_address>0.0.0.0</bind_address>
        <restartable_transfers>true</restartable_transfers>
        <session_activity_timeout>1</session_activity_timeout>
        <enable_http>true</enable_http>
        <enable_https>true</enable_https>
        <http_port>8080</http_port>
        <https_port>8443</https_port>
      </http_server>
    </CONF>
  6. After enabling HTTP fallback and setting a token encryption key, restart the Aspera Central, Aspera NodeD, and Aspera HTTPD services.
    Run the following command in a Terminal window to restart asperacentral:
    # /etc/init.d/asperacentral restart
    Run the following commands to restart asperanoded:
    # /etc/init.d/asperanoded restart
    Run the following commands to restart asperahttpd:
    # /etc/init.d/asperahttpd restart