Configuring the IBM Aspera NodeD service

Edit online

The IBM® Aspera® NodeD Service handles HTTP/HTTPS requests to HSTS. You can configure server settings that include the hostname, HTTP/HTTPS ports, the address and port of the Redis database, and SSL certificates.

Configuration methods

The server can be configured for the Node API by using the asconfigurator command line tool or by editing the <server> section of aspera.conf:

Asconfigurator: Use the following syntax, substituting option with the option from the following table and value with the wanted value:
```
# /opt/aspera/bin/asconfigurator -x "set_server_data;option,value"
```
To view the current settings, run the following command:
```
# /opt/aspera/bin/ asuserdata -a
```
Aspera.conf: Open it in a text editor with administrative privileges from the following location:
```
/opt/aspera/etc/aspera.conf
```
After manually editing aspera.conf, validate your XML by running the following command:
```
# /opt/aspera/bin/asuserdata -v
```

Node API configuration options

Important configuration considerations:

Certain services must be restarted for changes in the settings to take effect, as described in the To Activate Changes column. The commands to restart these services are given following the table.
In addition to the Aspera server configuration, if you plan to transfer many small files with the Node API, you might need to increase the number of file descriptors available on your system. If too few descriptors are available, the Redis database and the transfer fail. For instructions, see Node API transfers of many small files fails.

asconfigurator option aspera.conf setting	Description and Values	To Activate Changes...
`server_name <server_name>`	Hostname or IP address. Default: `hostname`	Restart asperanoded.
`http_port <http_port>`	HTTP service port. Value is an integer 1 - 65535, default `9091`. This setting is overridden by `<listen>`.	Restart asperanoded.
`https_port <https_port>`	HTTPS service port. Value is an integer 1 - 65535, default `9092`. This setting is overridden by `<listen>`.	Restart asperanoded.
`enable_http <enable_http>`	Enable HTTP for the Node API services by setting to `true`. Default: `false`. This setting is overridden by `<listen>`.	Restart asperanoded.
`enable_https <enable_https>`	Enable HTTPS for the Node API services by setting to `true`. Default: `true`. This setting is overridden by `<listen>`.	Restart asperanoded.
`workers <workers>`	Number of worker threads. Default: `20`.	Restart asperanoded.
`transfers_multi_session_default <transfers_multi_session_default>`	Number of ascp workers per transfer. Default: `1`.	Restart asperanoded.
`listen` `<listen>`	To bind asperanoded on a specific address (or addresses), specify a comma-delimited list of listening ports. Ports have the format `[ip_address:]port[s]`. To specify a secure port, add 's' to the end of the port number, for example `127.0.0.1:9092s`. The IP address is optional; however, if no IP address is specified then the port binds to all network interfaces on the server, rather than to the single address. Setting this option overrides `<http_port>`, `<https_port>`, `<enable_http>`, and `<enable_https>`.	Restart asperanoded.
`cert_file <cert_file>`	Full path name of the SSL certificate, which must be in .pem format. Default: /opt/aspera/etc/aspera_server_cert.pem	Restart asperanoded.
`max_response_time <max_response_time>`	Maximum amount of time to wait for a long-running operation. Default: 10.	Reload node configuration.
`db_dir <db_dir>`	Path to the directory where the database file is saved. Before changing this value, you must back up your database. See Backing up and restoring the node user database records. Default:	Restart asperanoded and the Redis database.
`db_port <db_port>`	Database service port. Value is an integer 1 - 65535, default: `31415`. Before changing this value, you must back up your database. See Backing up and restoring the node user database records.	Restart asperanoded and the Redis database.
`ssl_ciphers <ssl_ciphers>`	The SSL encryption ciphers that the server allows, each separated by a colon (:). Default: all of the following values: TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-CCM8 ECDHE-ECDSA-AES256-CCM ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-CCM8 ECDHE-ECDSA-AES128-CCM ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-CCM8 AES256-CCM AES128-CCM8 AES128-CCM AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA Note that for every OpenSSH version update, the supported ciphers change. To check the supported ciphers, run: `/opt/aspera/bin/openssl ciphers` By running the command, the list of supported ciphers that use secure encryption algorithms compatible with the SSL protocol (TLSv1.2, TLSv1.3) displays. This option might also be set in the `<client>` section, in which case, when this machine functions as a client, the specified ciphers are requests to the server. If any of the ciphers in the server's allowlist coincide with those in the client's request list, communication is allowed; otherwise, it is denied. If you override this setting, the override is always be used. If you do not override it, the default setting depends on the value of `<ssl_protocol>`. If `<ssl_protocol>` is set to TLSv1.2, a wide range of cipher suites is available, including some that may be considered weaker if not configured properly. If the protocol is TLSv1.3, only a smaller set of stronger cipher suites is supported. Some older web browsers or clients might not be able to handle the stronger suites, potentially leading to compatibility issues.	Restart asperanoded.
`ssl_protocol <ssl_protocol>`	The SSL protocol versions that the server allows. This option might also be set in the `<client>` section, in which case, when this machine is a client, the specified protocols function as requests to the server. If any of the protocols in the server's allowlist coincide with those in the client's request list, communication is allowed; otherwise, it is denied. Supported values: `tlsv1.2`, `tlsv1.3`. Default: `tlsv1.2`.	Restart asperanoded.
`activity_logging <activity_logging>`	If true, enable querying transfers by using GET /ops/transfers or to retrieve usage data by using GET /usage. Default is `false`.	Restart asperanoded.
`activity_event_logging <activity_event_logging>`	If true, allow the Node API to query transfers that are associated with this access key through the /events endpoint. The server configuration can be overridden by the access key configuration. This option must be enabled for event reporting to IBM Aspera on Cloud. Default is `false`.	Restart asperanoded.
`files_recursive_counts_enabled <files_recursive_counts_enabled>`	If true, enable recursive counts. This option must be enabled for event reporting to IBM Aspera on Cloud. The server configuration can be overridden by the access key configuration. Default is false.	Restart asperanoded.
`aej_logging <aej_logging>`	If true, enable reporting to the IBM Aspera on Cloud Activity app. The server configuration can be overridden by the access key configuration. Default is false.	Restart asperanoded.

Restarting the Redis service

Note: Running the commands requires root privileges.

Restart the Redis service. Run the following commands:
Run the following commands to restart the Aspera Redis service:
```
systemctl restart asperaredisd
```
For Linux® systems that use init.d:
```
# service asperanoded restart
```