Google Cloud

Setup FTP on Google Cloud/AWS with VSFTP on Ubuntu 18.04

Setup FTP on Google Cloud with VSFTP on Ubuntu 18.04. In this guide you are going to learn how to setup a FTP server and provide access to particular directory as chroot for a user.

This setup is tested on Google Compute Engine VM Instance running Ubuntu 18.04 LTS. This post also works fine for AWS EC2 Instance or DigitalOcean Droplet or Kamatera or Vultr or any other cloud hosting servers or VPS or Dedicated.

Become a Google Cloud Professional Cloud Architect and get your certificate now.

Prerequisites

If you are using Google Cloud Platform to setup FTP you need the following steps to be done.

  1. A running Compute Engine, see the Setting up Compute Engine Instance with Ubuntu 18.04.
  2. Completed the initial Ubuntu server setup.

Steps to setup FTP on Google Cloud

  1. Setup you Virtual Machine Instance
  2. Completing the initial server setup
  3. Configure Firewall rules
  4. Create a new user
  5. Install VSFTP FTP server
  6. Configure FTP
  7. Verify the setup

I assume you have your server setup and configured.

Setup Firewall rules

You can configire FTP on any port you wish, now you will configure it in the default port 21, so you need to create a firewall rule to provide access to these ports.

We also open ports 40000 – 50000 for passive mode connections.

Go to VPC Network >> Firewall rules and click Create Firewall rules.

In Name enter ftp

In Targets select All instances in the network

In Source filter select IP ranges

In Source IP ranges enter 0.0.0.0/0

In Protocols and ports check TCP and enter 20, 21, 990, 40000-50000.

Click Create.

Allow FTP ports in UFW

If you are using UFW in your server make sure to open the port to allow connections to your server otherwise you cannot connect.

sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp

Create a new user

Now you can create a new user using the following command to test the FTP.

sudo useradd -m -c "Name, Role" -s /bin/bash username

Setup a password for that user.

sudo passwd username

Install VSFTP server

VSFTP is a Very Secure File Transfer Protocol for Linux based systems. By default AWS or Google Cloud won’t allow password based authentication to the Virtual Machine instances.

With VSFTP you can run your own FTP server and create users and assign them to any directory and prevent access to other directories using chroot also.

Now you can install VSFTP using the following command.

sudo apt install vsftpd

Once the installation is completed you can configure VSFTP.

Configure VSFTP

Start by creating a backup of the original VSFTP configuration file.

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

Edit the vsftpd.conf file and make the following changes.

sudo nano /etc/vsftpd.conf

Modify the following directives.

listen=YES
listen_ipv6=NO

Uncomment the following directives.

write_enable=YES
local_umask=022
chroot_local_user=YES

Add these configurations to the last.

seccomp_sandbox=NO
allow_writeable_chroot=YES
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
tcp_wrappers=YES
user_sub_token=$USER
user_config_dir=/etc/vsftpd/user_config_dir
pasv_min_port=40000
pasv_max_port=50000

Here you have configured a userlist_file which holds the list of FTP users and user_config_dir to hold the user specific configurations.

Add the user you have created before in the userlist file.

echo "username" | sudo tee -a /etc/vsftpd.userlist

This command will create a file with the name vsftpd.userlist and add the user to it and outputs the added user in the terminal.

Create a directory with the name user_config_dir to hold the user specific configurations.

sudo mkdir -p /etc/vsftpd/user_config_dir

Create a new file with the name same as the username inside this directory.

sudo nano /etc/vsftpd/user_config_dir/username

Add the following line to that file.

local_root=/path/to/your/directory

Save the file and exit the editor.

Finally restart VSFTP.

sudo systemctl restart vsftpd

Verify the Setup

Now open your FTP client and enter your server external IP address as hostname, Port as 21, username with the username you created before and with the password.

Now you will be logged in to the server and you can only access the folder that is assigned to you.

Conclusion

Now you have learned how to setup FTP on your VM instance on Google Cloud Platform.

Thanks for your time. If you face any problem or any feedback, please leave a comment below.

Cloudbooklet builds a large collection of Linux based guides and tutorials on Cloud platforms like Google Cloud, AWS, Azure, DigitalOcean and more

Write A Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.