Configuring the Proxy Server for Forward Proxy

The configuration steps below require setting values in the proxy server's aspera.conf file, which is found in the following location:.

/opt/aspera/proxy/etc/aspera.conf

You can edit the file manually or by using the asconfigurator utility. Both methods are described below.

The asconfigurator command is located in /opt/aspera/proxy/bin. The examples below assume that the command is already on the path. You can either add it to root's path or prefix the command with the path each time you execute it.

  1. Enable HTTP and/or HTTPS.
    Run the following commands:
    # asconfigurator -x "set_server_data;enable_http,true"
    # asconfigurator -x "set_server_data;enable_https,true"

    These commands create the following lines in aspera.conf, which can also be added to the <server> section manually:

    <server>
      ...
        <enable_http>true</enable_http>        <!-- true | false -->
        <enable_https>true</enable_https>      <!-- true | false -->
      ...
    </server>
  2. Enable the proxy server.
    Run the following command:
    # asconfigurator -x "set_server_data;proxy_enabled,true"

    This command creates the following lines in aspera.conf, which can also be added to the <server> section manually:

    <server>
      ...
        <proxy>        
          <enabled>true</enabled>         <!-- Proxy server is enabled -->        
        </proxy>
      ...
    </server> 

    This is the only setting on the proxy server that's required to begin using forward proxy. However, you may need to change other <proxy> settings based on your unique network configuration.

  3. Update additional forward proxy settings, as needed.
    To use asconfigurator to set proxy options, use the following syntax:
    # asconfigurator -x "set_server_data;parameter,value"

    The table below shows the parameters and options used in the <server> / <proxy> section of aspera.conf. To also view all forward-proxy configuration options and the asconfigurator command to set them, run the asuserdata command as follows:

    # /opt/aspera/proxy/bin/asuserdata -+
    Note: The asuserdata -+ command displays the default values for the server setup, not the currently set values.

    asconfigurator parameter
    aspera.conf option

    Description

    Default Value

    proxy_enabled
    <enabled>

    Disable or enable the proxy server. Must be set to true to turn on the service. false

    proxy_authentication
    <authentication>

    Disable or enable the authentication requirement for the proxy server. false

    proxy_bind_ip_address
    <bind_ip_address>

    The IP address that the proxy server binds to (also the IP address that the client connects to). The default value, 0.0.0.0, allows the proxy server to bind to all available interfaces. 0.0.0.0

    proxy_bind_ip_netmask
    <bind_ip_netmask>

    The netmask for the proxy_bind_ip_address. blank (null)

    proxy_port_range_low
    <port_range_low>

    The lower bound of the port range. Ensure that the firewall allows the port range you specify. 5000

    proxy_port_range_high
    <port_range_high>

    The upper bound of the port range. Ensure that the firewall allows the port range you specify. 10000

    proxy_cleanup_interval
    <cleanup_interval>

    The interval, in seconds, at which the proxy server scans and cleans up expired sessions. 0

    proxy_session_timeout
    <session_timeout>

    The interval, in seconds, after which a session times out if no keep-alive updates have been received. 0

    proxy_keepalive_interval
    <keepalive_interval>

    The interval, in seconds, at which an ascp client sends keep-alive requests. This option is propagated to the client. 0

    Below is an example of the <proxy> portion of the <server> section in aspera.conf:

    <server>
      ...
      <proxy>
        <enabled>true</enabled>
        <authentication>false</authentication>
        <bind_ip_address>0.0.0.0</bind_ip_address>
        <bind_ip_netmask></bind_ip_netmask>
        <port_range_low>5000</port_range_low>
        <port_range_high>10000</port_range_high>
        <cleanup_interval>0</cleanup_interval>
        <keepalive_interval>0</keepalive_interval>
        <session_timeout>0</session_timeout>
      </proxy>
      ...
    <server

    If you have manually edited aspera.conf, save your changes and validate the syntax and XML tags by running:

    # /opt/aspera/proxy/bin/asuserdata -v 
  4. Restart the proxy node service.
    $ sudo /etc/init.d/asperaproxy restart 

    If you receive the following error when attempting to start the node service, check to see if iptables is installed on your machine:

    ERR Failed to initialize proxy service

    If iptables is not installed, run the following command (based on your Linux distribution):

    Red Hat Linux:

    $ sudo yum install iptables 

    Debian-based Linux:

    $ sudo apt-get install iptables 
  5. Check log entries for startup.
    After starting up the asperaproxy service, check the system log-file entries:
    Red Hat Linux: /var/log/messages
    Debian-based Linux: /var/log/syslog

    The only proxy entries that should be displayed are similar to the following:

    LOG proxy service ready (port range 5000-10000)
    LOG Started on port(s) 9091,9092s ...

    The port range (lower and upper bounds) can be modified by changing the <port_range_low> and <port_range_high> options in the <proxy> section of aspera.conf; whereas, the default node service ports (9091 and 9092) can be modified by changing the <http_port> and <https_port> options in the <server> section.

  6. Create a node API user. (Only necessary if authentication is required.)
    On the proxy machine, create a node API user by running asnodeadmin command:
    $ sudo /opt/aspera/proxy/bin/asnodeadmin -au node_api_user -p password -x transfer_user 

    The transfer user must be an existing user on the proxy server.