Setup FTP on Google Cloud with VSFTP on Ubuntu 18.04. In this guide you are going to learn how to setup a FTP server and provide access to particular directory as chroot for a user.
This setup is tested on Google Compute Engine VM Instance running Ubuntu 18.04 LTS. This post also works fine for AWS EC2 Instance or DigitalOcean Droplet or Kamatera or Vultr or any other cloud hosting servers or VPS or Dedicated.
Become a Google Cloud Professional Cloud Architect and get your certificate now.
Prerequisites
If you are using Google Cloud Platform to setup FTP you need the following steps to be done.
- A running Compute Engine, see the Setting up Compute Engine Instance with Ubuntu 18.04.
- Completed the initial Ubuntu server setup.
Steps to setup FTP on Google Cloud
- Setup you Virtual Machine Instance
- Completing the initial server setup
- Configure Firewall rules
- Create a new user
- Install VSFTP FTP server
- Configure FTP
- Verify the setup
I assume you have your server setup and configured.
Setup Firewall rules
You can configire FTP on any port you wish, now you will configure it in the default port 21, so you need to create a firewall rule to provide access to these ports.
We also open ports 40000 – 50000 for passive mode connections.
Go to VPC Network >> Firewall rules and click Create Firewall rules.
In Name enter ftp
In Targets select All instances in the network
In Source filter select IP ranges
In Source IP ranges enter 0.0.0.0/0
In Protocols and ports check TCP and enter 20, 21, 990, 40000-50000.
Click Create.
Allow FTP ports in UFW
If you are using UFW in your server make sure to open the port to allow connections to your server otherwise you cannot connect.
sudo ufw allow 20/tcp sudo ufw allow 21/tcp sudo ufw allow 990/tcp sudo ufw allow 40000:50000/tcp
Create a new user
Now you can create a new user using the following command to test the FTP.
sudo useradd -m -c "Name, Role" -s /bin/bash username
Setup a password for that user.
sudo passwd usernameInstall VSFTP server
VSFTP is a Very Secure File Transfer Protocol for Linux based systems. By default AWS or Google Cloud won’t allow password based authentication to the Virtual Machine instances.
With VSFTP you can run your own FTP server and create users and assign them to any directory and prevent access to other directories using chroot also.
Now you can install VSFTP using the following command.
sudo apt install vsftpd
Once the installation is completed you can configure VSFTP.
Configure VSFTP
Start by creating a backup of the original VSFTP configuration file.
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
Edit the vsftpd.conf file and make the following changes.
sudo nano /etc/vsftpd.confModify the following directives.
listen=YES listen_ipv6=NO
Uncomment the following directives.
write_enable=YES local_umask=022 chroot_local_user=YES
Add these configurations to the last.
seccomp_sandbox=NO allow_writeable_chroot=YES userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO tcp_wrappers=YES user_sub_token=$USER user_config_dir=/etc/vsftpd/user_config_dir pasv_min_port=40000 pasv_max_port=50000
Here you have configured a userlist_file which holds the list of FTP users and user_config_dir to hold the user specific configurations.
Add the user you have created before in the userlist file.
echo "username" | sudo tee -a /etc/vsftpd.userlist
This command will create a file with the name vsftpd.userlist and add the user to it and outputs the added user in the terminal.
Create a directory with the name user_config_dir to hold the user specific configurations.
sudo mkdir -p /etc/vsftpd/user_config_dirCreate a new file with the name same as the username inside this directory.
sudo nano /etc/vsftpd/user_config_dir/usernameAdd the following line to that file.
local_root=/path/to/your/directorySave the file and exit the editor.
Finally restart VSFTP.
sudo systemctl restart vsftpd
Verify the Setup
Now open your FTP client and enter your server external IP address as hostname, Port as 21, username with the username you created before and with the password.
Now you will be logged in to the server and you can only access the folder that is assigned to you.
Conclusion
Now you have learned how to setup FTP on your VM instance on Google Cloud Platform.
Thanks for your time. If you face any problem or any feedback, please leave a comment below.
