Configure Nginx reverse proxy and server certificates
You must protect your Aspera on Cloud tethered transfer nodes with an Nginx reverse proxy.
This is step 5 in tethering a node
Before you begin step 5, be sure you have completed step 4: Configure your transfer server as a tethered node.

- Download and install Nginx.
- Set the HTTPS port to
9092.
# /opt/aspera/bin/asconfigurator -x "set_server_data;https_port,9092"
- Open the Nginx configuration file in a text editor.
Open /etc/nginx/nginx.conf and ensure the following include directive is present in the http section. If it is not present, add it to the file:
http { ... include /etc/nginx/conf.d/*.conf; }
- Create a file named aspera_node_proxy.conf and save it in /etc/nginx/conf.d/.
- Paste the following content into aspera_node_proxy.conf:
# # Aspera configuration - reverse proxy for asperanoded # server { listen 443; server_name your.servername.com; ssl_certificate /opt/aspera/etc/aspera_server_cert.pem; ssl_certificate_key /opt/aspera/etc/aspera_server_key.pem; ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1.2; ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH; ssl_prefer_server_ciphers on; access_log /var/log/nginx/node-api.access.log; location / { proxy_pass https://127.0.0.1:9092; proxy_read_timeout 60; proxy_redirect https://127.0.0.1:9092 https://your.servername.com; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
Note: Configure SSL ciphers as required. The preceding sample is not configured for backwards compatibility, and the recommended list of secure ciphers might change. Aspera recommends reviewing and staying current with the list provided in https://cipherli.st/. - Restart the Aspera NodeD service
(asperanoded).
# systemctl restart asperanoded
- Restart Nginx.
# systemctl restart nginx
Next step in tethering a node
You've completed the HTTPS proxy configuration for your tethered node. For step 6 in tethering the HSTS node to your AoC organization, go to Create the transfer user for your tethered node.