Enable FTP for EasyEngine Website

To Enable FTP for EasyEngine web sites, we need to install pure-ftpd. On Ubuntu/Debian, run

apt install -y pure-ftpd

Enable virtial FTP users

ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/PureDB
touch /etc/pure-ftpd/pureftpd.pdb

In EasyEngine, we sites files are owned by www-data user, this user have a UID of 33. By default pure-ftpd won’t allow this. To enable users with UD 33 to login, run

echo 1 > /etc/pure-ftpd/conf/MinUID

Now lets create FTP user for a web site running in EasyEngine.

pure-pw useradd  FTP_USER_HERE -u www-data -g www-data -d /opt/easyengine/sites/DOMAIN_NAME_HERE/app/

In above command replace

FTP_USER_HERE = FTP user for the web site, this can be any name, no space

DOMAIN_NAME_HERE = the domain name of the web site that is hosted in EasyEngine, that you need FTP access.

When you run above command, you will be asked to select password for the FTP user, this can be used to login to FTP server.

Before you can login to FTP server with newly created virtual FTP user, you need to run

pure-pw mkdb
systemctl restart pure-ftpd

Change FTP Password

If you want to change FTP user for a user, you can run

pure-pw passwd FTP_USER_HERE
pure-pw mkdb
systemctl restart pure-ftpd

Passive FTP Configuration

Many cloud hosting providers like AWS, Google Cloud, Oracle Cloud, AliCloud servers use NAT networking. That is your VM have private IP and your public IP is routed to your VM. In such case, you need to enable Passive FTP, for this run

echo "30000 50000" > /etc/pure-ftpd/conf/PassivePortRange
echo "YOUR_PUBLIC_IP" > /etc/pure-ftpd/conf/ForcePassiveIP

YOUR_PUBLIC_IP = replace this with your public IP address.

Restart pure-ftpd

systemctl restart pure-ftpd

Firewall configuration

For Passive FTP, you need to open following ports in your firewall

tcp 21
tcp 30000:50000

On Oracle Cloud server, i edited file

vi /etc/iptables/rules.v4

Find

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

Replace with

-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 30000:50000 -j ACCEPT

Now restore firewall rules with

iptables-restore < /etc/iptables/rules.v4

Now FTP will work.

See EasyEngine

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *