Server configurations
General syntax
This collection of commands configures settings that are related to transfer server features such as the Aspera Node API service (asperanoded), Aspera Watch Service, Aspera Watchfolders, and Aspera Proxy.
The syntax for setting server parameters is the following:
$ asconfigurator -x "set_server_data;parameter,value"
Note: Not all available parameters are listed, only the most commonly used. To
view a complete list, run the following
command:
$ /Library/Aspera/bin/asuserdata -+
Transfer server
- server_name
- The hostname or IP address of this Aspera transfer server.
- transfers_multi_session_default
- The default value for the number of sessions in a multi-session transfer.
- transfers_retry_duration
- The time duration during which transfer retries are attempted.
- transfers_retry_all_failures
- Whether a transfer must be retried after all failures (
true
) or not (false
). If set to false, transfers are not retried for failured deemed unretryable, such as for permission failures. - http_port
- The HTTP port on which the asperanoded service listens.
- https_port
- The HTTPS port on which the asperanoded service listens.
- enable_http
- Whether HTTP is enabled for asperanoded on the port that is configured
for http_port (
true
) or not (false
). - enable_https
- Whether HTTPS is enabled for asperanoded on the port that is configured
for https_port (
true
) or not (false
). - cert_file
- The full path of the SSL certificate file for asperanoded.
- ssh_host_key_fingerprint
- The SSH key fingerprint used by Aspera clients to determine the server's authenticity. The client confirms a server's authenticity by comparing the server's fingerprint with the trusted fingerprint.
- ssh_host_key_path
- The path to the transfer server's public or private key file, from which the fingerprint is extracted automatically.
- ssh_port
- The port to use for SSH authentication of transfer users.
- max_response entries
- The maximum number of items the Node API returns on calls.
- max_response time_sec
- The time limit in seconds before an unresponsive Node API response times out.
- db_dir
- The path to the directory where the redis database file for the Node API is saved.
- db_port
- The port on which the redis database for the Node API listens.
- activity_logging
- Whether transfer logs must be queriable through the Node API (
true
) or not (false
). - watchd_enabled
- Whether the Watchfolder (asperawatchd) service is enabled
(
true
) or not (false
). - ssl_ciphers
- The list of SSL encryption ciphers that the server allows. Each cipher is separated by a colon (:). See the server documentation for the default list of ciphers.
- ssl_protocol
- The minimum allowed SSL protocol. Higher security protocols are always allowed.
Aspera proxy
- proxy_enabled
- Whether forward proxy is on (
true
) or off (false
). - proxy_authentication
- Whether to enable the authentication requirement for the forward proxy
server (
true
) or not (false
). - proxy_bind_ip_address
- The IP address that the forward proxy server binds to (also the IP address that the client
connects to).
0.0.0.0
allows the proxy server to bind to all available interfaces. - proxy_bind_ip_netmask
- The netmask that the forward proxy server binds to (also the netmask that the client connects to).
- proxy_port_range_low
- The lower bound of the port range for the forward proxy.
- proxy_port_range_high
- The upper bound of the port range for the forward proxy.
- proxy_cleanup_interval
- The interval in seconds at which the forward proxy server scans and cleans up expired sessions.
- proxy_keepalive_internal
- The interval in seconds at which the ascp client sends keep-alive requests. This option is propagated to the client.
- proxy_session_timeout
- The interval in seconds after which a session times out if no keep-alive updates were received.
- rproxy_rules_rule_proxy_port
- The reverse proxy server port that receives UDP traffic.
- rproxy_rules_rule_host
- The IP address and SSH port of the internal destination. If unspecified the default port is 22.
- rproxy_rules_rule_hosts
- The list of IP addresses and SSH ports for the load-balancing feature. The first character
is a separator (preferably a "
|
") which can be used to set multiple hosts. For example,|10.0.23.123:33001|10.0.23.124:33001|10.0.23.125:33001
. - rproxy_rules_rule_squash_user
- The account name that is used for authenticating with the internal server.
- rproxy_rules_rule_key_file
- The path to the SSH private key for authenticating with the internal server.
- rproxy_rules_rule_udp_port_reuse
- Whether the reverse proxy must reuse the UDP port (
true
) or not (false
). Setting this to false enables reverse proxy to create iptables rules that increment the UDP port number that clients connect to, and the internal server's UDP port to which transfers are routed to. - rproxy_rules_rule_balancing
- The method for distributing transfers as part of the load-balancing feature. Currently,
round-robin
is the only supported method. - rproxy_enabled
- Whether reverse proxy is on (true) or off (false).
- rproxy_log_level
- The level of debug messages to log for reverse proxy.
- rproxy_log_directory
- The reverse proxy server log file location. If no value is set, the proxy logs to syslog.