Configuring the proxy server for forward proxy

When you are using a proxy server for a forward proxy, you need to configure the proxy server.

About this task

The following configuration steps require setting values in the proxy server's aspera.conf file, which is found in the following location: 

/opt/aspera/proxy/etc/aspera.conf

You can edit the file manually or by using the asconfigurator utility. Both methods that are described in the Procedure section.

The asconfigurator command is located in /opt/aspera/proxy/bin. The following examples assume that the command is already on the path. You can either add it to root's path or prefix the command with the path each time you run it.

Procedure

  1. Enable HTTP or HTTPS.
    Run the following commands: 
    # asconfigurator -x "set_server_data;enable_http,true"
# asconfigurator -x "set_server_data;enable_https,true"

    These commands create the following lines in aspera.conf, which can also be added to the <server> section manually: 

    <server>
  ...
    <enable_http>true</enable_http>        <!-- true | false -->
    <enable_https>true</enable_https>      <!-- true | false -->
  ...
</server>
  2. Enable the proxy server.
    Run the following command: 
    # asconfigurator -x "set_server_data;proxy_enabled,true"

    This command creates the following lines in aspera.conf, which can also be added to the <server> section manually:

    <server>
  ...
    <proxy>        
      <enabled>true</enabled>         <!-- Proxy server is enabled -->        
    </proxy>
  ...
</server>

    This is the only setting on the proxy server that is required to begin using forward proxy. However, you might need to change other <proxy> settings based on your unique network configuration. You can disable the proxy by using asconfigurator, change the value true with the false.

  3. Update additional forward proxy settings, as needed.
    To use asconfigurator to set proxy options, use the following syntax: 
    # asconfigurator -x "set_server_data;parameter,value"

    The following table shows the parameters and options that are used in the <server> / <proxy> section of aspera.conf. To also view all forward-proxy configuration options and the asconfigurator command to set them, run the asuserdata command as follows:

    # /opt/aspera/proxy/bin/asuserdata -+
    Note: The asuserdata -+ command displays the default values for the server setup, not the currently set values.

    asconfigurator parameter
    aspera.conf option

    Description

    Default Value
    proxy_enabled

    <enabled>

    		 Disable or enable the proxy server. Must be set to true to turn on the service. false
    proxy_authentication

    <authentication>

    		 Disable or enable the authentication requirement for the proxy server. true
    proxy_bind_ip_address

    <bind_ip_address>

    		 The IP address that the proxy server binds to (also the IP address that the client connects to). The default value, 0.0.0.0, allows the proxy server to bind to all available interfaces. 0.0.0.0
    proxy_bind_ip_netmask

    <bind_ip_netmask>

    The number of 1 bits set in the netmask for the network interface specified by the <bind_ip_address> setting. The valid range is 1-31.

    		 32
    proxy_port_range_low

    <port_range_low>

    		 The lower bound of the port range. Ensure that the firewall allows the port range you specify. 5000
    proxy_port_range_high

    <port_range_high>

    		 The upper bound of the port range. Ensure that the firewall allows the port range you specify. 10000
    proxy_cleanup_interval

    <cleanup_interval>

    		 The interval, in seconds, at which the proxy server scans and cleans up expired sessions. 0
    proxy_session_timeout

    <session_timeout>

    		 The interval, in seconds, after which a session times out if no keep-alive updates have been received. 0
    proxy_keepalive_interval

    <keepalive_interval>

    		 The interval, in seconds, at which an ascp client sends keep-alive requests. This option is propagated to the client. 0

    The following is an example of the <proxy> portion of the <server> section in aspera.conf:

    <server>
  ...
  <proxy>
    <enabled>true</enabled>
    <authentication>true</authentication>
    <bind_ip_address>0.0.0.0</bind_ip_address>
    <bind_ip_netmask>32</bind_ip_netmask>
    <port_range_low>5000</port_range_low>
    <port_range_high>10000</port_range_high>
    <cleanup_interval>0</cleanup_interval>
    <keepalive_interval>0</keepalive_interval>
    <session_timeout>0</session_timeout>
  </proxy>
  ...
<server

    If you have manually edited aspera.conf, save your changes and validate the syntax and XML tags by running:

    # /opt/aspera/proxy/bin/asuserdata -v
  4. Restart the proxy node service.
    Daemon Commands
    systemd 

    # systemctl restart asperaproxy
    init 

    # service asperaproxy restart

    If you receive the following error when attempting to start the node service, iptables might not be installed on your machine: 

    ERR Failed to initialize proxy service

    For more information, see

  5. Check log entries for startup.
    After starting up the asperaproxy service, check the system log-file entries:
    Operating system Path
    Red Hat® Linux®: /var/log/messages
    Debian-based Linux: /var/log/syslog

    The only proxy entries that must be displayed are similar to the following:

    LOG proxy service ready (port range 5000-10000)
LOG Started on port(s) 9091,9092s ...

    The port range (lower and upper bounds) can be modified by changing the <port_range_low> and <port_range_high> options in the <proxy> section of aspera.conf; whereas, the default node service ports (9091 and 9092) can be modified by changing the <http_port> and <https_port> options in the <server> section.

  6. Create a node API user. (Only necessary if authentication is required).
    On the proxy machine, create a node API user by running asnodeadmin command: 
    $ sudo /opt/aspera/proxy/bin/asnodeadmin -au node_api_user -p password -x transfer_user

    The transfer user must be an existing user on the proxy server.