faspex.yml Configurations Reference
The faspex.yml configuration file provides configuration options not available in the Faspex web UI. You can find the file at /opt/aspera/faspex/config/faspex.yml.
- Modifying faspex.yml is for advanced administrative users only.
- Be sure to back up faspex.yml before modifying.
The following tables describe hidden options, along with their default values, that can be added
to the production section of faspex.yml. For example, to
require newly created users to reset their passwords the first time they log in, add
ForcePasswordResetForNewUsers: true to the production
section of faspex.yml.
production:
...
ForcePasswordResetForNewUsers: true
...# asctl faspex:restartWeb Server Configuration
| Option | Description | Default |
|---|---|---|
|
UseApachePortsForHttpFallback |
Forces Faspex to use its own Apache ports (usually 80/443) for the HTTP Fallback service. |
false |
Directory Services
| Option | Description | Default |
|---|---|---|
| CanonicalizeLdapGroupMemberSearch | Causes Faspex to strip spaces out of DNs during comparisons that can prevent Faspex from properly identifying DS users. You should only set this option to true if it your LDAP server returns DNs with inconsistent spacing (for example, inserting or omitting spaces when user info is queried as part of an LDAP group vs. individually). Valid values: true, false. | false |
| DsCheckPeriod | Specifies check period for synchronization operations. It is during these checks that the DsSyncPeriod parameter is used to determine if synchronization is necessary. | 600 (seconds) / 10 minutes |
| DsSyncActiveState | Determines whether to sync the active state. Valid values: true, false. | true |
| DsSyncPeriod | Specifies how much time must pass since the last synchronization operation in order for a group or user to be judged in need of another. | 3600 (seconds) / 1 hour |
| DsUsernameAttribute | Specifies the DS attribute to use as the Faspex username. The chosen attribute should be
unique. Note: Set this option before importing any DS users. Do not change this option after
importing users. Examples: mail, saml_account_name (Active
Directory). |
Depends on attributes returned by directory service |
| SearchPrimaryDNs | Use an alternative method to import AD users in a non-standard primary group (any group that is not called "Domain Users"). | false |
Security
| Option | Description | Default |
|---|---|---|
| StrongPasswordRegex | A regular expression that can be used to customize strong password requirements. Changing this setting does not affect existing passwords, but any new password must match with this regular expression. Example: (?=.*[A-Z])(?=.*(\d|\W|_)).{7,} | (?=.*\d)(?=.*([a-z]|[A-Z]))(?=.*(\W|_)).{6,} |
| StrongPasswordRequirements | An explanation of the strong password requirements defined by StrongPasswordRegex. Example: “Must be at least seven characters long, with at least one capital letter and one number or symbol.” | “Must be at least six characters long, with at least one letter, one number, and one symbol.” |
| ForcePasswordResetForNewUsers | Setting this option to true requires newly created users to reset their passwords the first time they log in. | false |
| SSLCAFile | Specify the path to the CA certificates to use to verify peer certificates (such as the certificates on a node when connecting to the Node API). false. | Path to the system's built-in certificates. |
Self-Registered and External Users
| Option | Description | Default |
|---|---|---|
| EnforceSelfRegisteredUserEmailUniqueness | Prevents registering for an account using an email address that is already used by a full Faspex user (for example. not merely in use by an external email user record). Valid values: true, false. | false (not enforced) |
| SelfRegistrationUsesEmailAsLogin | Forces self-registering users to choose a login name that is in the format of an email address. This makes entering email address redundant but it is still required. Valid values: true, false. | false (not enforced) |
| RequireExternalRecipientsToRegister | When a package is sent to an external email address, the recipient is required to
self-register with that email address as the account name in order to access the package. Valid
values: true, false. Important: You must enable self-registration or
the recipient is redirected to "Page not Found". For more information, see Configuring Security Settings. Tip: You can require admin moderation for users
creating new accounts with self-registration. For more information on self-registration settings,
see Enabling Self-Registration. |
false (not enforced) |
| HideSenderUsernameToExternalRecipients |
When external users download a package, the Connect logs and Connect manifests do not show the sender's username. |
false |
Metadata
| Option | Description | Default |
|---|---|---|
| SaveMetadataInPackage | Whenever this option is set to true and the Save metadata to
file option is enabled on the Metadata Profiles page, the Create New Dropbox page, or
the Edit Dropbox page, the metadata file is included inside packages, instead of being deposited in
a package's root directory. Set the SaveMetadataInPackage option in the "Production" section of the faspex.yml file. For more information, see Applying Metadata Profile to Normal Packages. |
false |
| ExcludeMetadataFromCookie | This setting excludes metadata from Faspex cookies. It also relaxes the length requirements
on metadata from 2,000 characters per profile to 30,000 characters. Note: This option prevents IBM
Aspera Console from reporting the metadata of Faspex transfers. |
false |
|
HideRelayInformation |
This setting hides relay information on the Package Details page. | false |
Timeouts
| Option | Description | Default |
|---|---|---|
| PackageUploadTimeout | The timer starts when a user sends a new package. Even if queued, if a package does not start within the package upload timeout, Faspex marks the package as "Upload never started" and sends a failure notification to the Upload CC list. Extend the duration to account for transfers that may stay queued longer than the default duration. | 60 |
| LiveUpdateInterval | The interval sets the frequency in seconds that Faspex updates package
or relay lists on these pages:
By default, Faspex refreshes the lists every 5 seconds. |
5 |
Accepted Hosts
| Option | Description | Default |
|---|---|---|
| AcceptedHosts |
The AcceptedHosts configuration defines a list of hostnames users can access Faspex through. If you try to log in to the web application from an unlisted hostname or perform a GET request with an unlisted hostname, Faspex returns the error, "Invalid hostname". To access Faspex from an alternate hostname, whitelist alternate hostnames by following the instructions in Configuring the Faspex Web Server. |
No whitelist defined |