Adding Custom Apache Configs to Faspex 4

Introduction 

IBM Aspera Faspex is a popular self-managed web application that provides a user-friendly package sending interface for high-speed transfers with Aspera. Faspex is currently in the 5.x generation, a major overhaul of the application with a modern interface and new features. 

Some customers are still running the previous 4.x generation of Faspex and are looking to shift the web experience to Aspera on Cloud (AoC), the hybrid SaaS option that provides an IBM-managed front end to both SaaS and self-managed High-Speed Transfer Server (HSTS) nodes in the public cloud or on-premise. 

For customers running Faspex 4.x and HSTS on the same host, this article will describe a configuration to help with that transition. 

Scenario 

Faspex 4.x and HSTS running on the same host was a supported configuration. Typically, the HSTS Node API only needs to be exposed to the Faspex application itself. It can communicate on that default port tcp/9092 on localhost: 

When transitioning to AoC, we need to export Node API on tcp/443. 

Solution 

We will add a new DNS record pointing at the same host, then add an Apache httpd configuration to forward traffic coming into that hostname to Node API on tcp/9092, leaving the existing Faspex traffic untouched. 

Faspex 4.x bundles a version of Apache httpd, so there are no additional components to install. 

In this example, our Faspex 4 server has a DNS record of faspex4.example.com, and we have added a new DNS record of node.example.com pointing at the same host. 

Create a new file at /opt/aspera/common/apache/custom/node.conf with these contents: 

<IfModule mod_ssl.c> 

    <VirtualHost *:443> 

        ServerName node.example.com 

        # SSL Configuration 

        SSLEngine on 

        SSLCertificateFile      /opt/aspera/common/apache/conf/nodeserver.crt 

        SSLCertificateKeyFile   /opt/aspera/common/apache/conf/nodeserver.key 

        SSLCertificateChainFile /opt/aspera/common/apache/conf/server-ca.crt 

        # Reverse Proxy Configuration 

        ProxyRequests Off 

        ProxyPreserveHost On 

        # Forward requests to the backend HTTPS server 

        ProxyPass / http://127.0.0.1:9091/ 

        ProxyPassReverse / http://127.0.0.1:9091/ 

        CustomLog “|/opt/aspera/common/apache/bin/asrotatelogs /opt/aspera/common/apache/logs/node_access_log 10M 10” common 

        ErrorLog “|/opt/aspera/common/apache/bin/asrotatelogs /opt/aspera/common/apache/logs/node_error_log 10M 10” 

    </VirtualHost> 

</IfModule> 

Be sure to change the ServerName to match your new DNS record and that the SSL lines point to the certificate and key that matches. 

Run asctl apache:restart to apply the changes. 

In this new configuration, existing traffic to faspex4.example.com will continue to flow normally, and you can proceed with configuring your HSTS Node in AoC using your new node.example.com address. 

PacGenesis has a team of expert engineers and consultants that can assist with this configuration. Attaching a node to AoC requires additional steps on both the HSTS side and AoC. Please reach out to sales@pacgenesis.com to discuss options and how our team can help.