FTP and FTPS server in Ubuntu Instance for transfer in and out of WordPress site’s directory
Step 1: Create an Ubuntu EC2 instance and set up WordPress using the bash script
The first step we take is to log into the AWS console with proper credentials. We need to find the EC2 service from the service catalogue. Then, we need to click the launch instance button, configure as needed(along with bash script in the User data section), and finalize by clicking the Launch Instance button again.
You can read this tutorial for hosting WordPress using Bash Script.
Or, if you want to custom configure the WordPress setup then you can follow:
Step 2: SSH into the instance and install the FTP server
I am using Windows local machine which is why I prefer to use Putty for performing SSH into the EC2 instance. We need to open Putty application and configure for SSH connection with the Hostname being user’s name in the EC2 instance and DNS
ubuntu@<Public DNS of EC2 instance>
Then, the private key need to be provided and connection can be established.
In the terminal, we put in following commands to install FTP server
sudo apt-get update
sudo apt-get install vsftpd
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original
The last command for copying the configuration is failsafe for bad situations.
Step 3: Create an FTP user in the instance
Now, we need to create a FTP user and put in password so that we can establish safe connection later on.
sudo adduser <ftp-username>
Step 4: Open necessary ports in the instance for successful FTP and FTPS transfer
For successful FTP transfer, we need to allow traffic through various ports in and out of the instance. Among those ports are: 20,21, 990, and a specified range of ports for data transfer which in here I have specified as 40000–50000. For this, we will need to edit the Inbound rules of the security group associated with the instance and add rules to allow traffic through these ports.
Step 5: Configure vsftpd.conf file
This is a very important step and we need to be careful while editing the configuration file.
First we need to open the vsftpd.conf file in a text editor.
sudo nano /etc/vsftpd.conf
Then we need to
local_enable=YES
uncomment
write_enable=YES
uncomment chroot to ensure that the FTP user only accesses files within the allowed directory. Change the NO value to YES, as well. Keep in mind that there are two lines like this, and you have to uncomment both of them.
chroot_local_user=YES
Change listen to YES and listen_ipv6 to NO
listen=YES
listen_ipv6=NO
Then add these lines at the end of the file
user_sub_token=$USER
local_root=/var/www/html
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000
pasv_address=<public IP of the instance>
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
Save and exit the nano editor with CTRL+S and CTRL+X
Then, create a file vsftpd.userlist in /etc directory and write a single word in there which is the FTP username and check the contents. Restart the server.
sudo nano /etc/vsftpd.userlist
cat /etc/vsftpd.userlist
sudo systemctl restart vsftpd
Step 6: Configure permissions to the directory and the FTP user pertaining transfer
We are almost there now. We just need to configure proper permissions to both be able to establish FTP connection and be able to transfer data both ways.
First of all, we have the information that permissions for /var/www/html/wordpress is to the user www-data and user group www-data which is Apache. But for being able to transfer data into the instance or in other words to be able to write into the instance’s particular directory we need the user msp also needs to have permissions.
For this purpose, we add the msp user to www-data user group. Next, we give read-write permissions for the directory.
One thing to note is that the local-root provided in the configuration should not be the directory we want to transfer data. The root directory needs to have ownership assigned to the root user. The directory we will be performing transfer should be inside the directory with ownership to the FTP user having proper permissions.
To add msp user to user group www-data and check whether it worked:
sudo usermod -aG www-data msp
groups msp
Permissions:
/var/www/html =root:root
/var/www/htmlWordPress= www-data:www-data
TO check permissions:
ls -l
If the permissions is not right, use following command:
sudo chown -R <username>:<usergroup-name> <path-to the directory>
At last to be able to transfer files into the directory:
sudo chmod -R 775 /var/www/html/WordPress/
Step 7: Test the server
We can test the FTP server using various third-party applications. In this particular case, we are using FileZilla. So, we select the option to set up a new connection, put in the necessary credentials and connect to the server. And, we just try the transfer by simple drag and drop in and out of the instance.
Step 8: Install SSL certificate
Now, if we want to user FTPS transfer for more security, first we need to download the ssl certificates.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
Step 9: Make changes to vsftpd.conf for FTPS transfer
Afterwards, we need to make additional changes to vsftpd.conf file.
sudo nano /etc/vsftpd.conf
And add:
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
Then restart the server:
sudo systemctl restart vsftpd
Step 10: Test the server again
Finally, test the server. This time we might have to make sure to specify this is FTPS transer in some third party applications.
To see errors in the configuration file:
sudo vsftpd /etc/vsftpd.conf