Install and setup vsftpd on AWS server
When developing websites, frequently we may need to upload source codes to the remote server. To ease of thew work, many website developers set up FTPs to upload the files. This post is a tutorial on how to install and setup vsftpd on a server. vsftpd is a very popular FTP service on Unix-like systems.
Open command terminal, then install the vftpd by issuing command
yum install vsftpd
sudo apt-get install vsftpd
After installing the vsftpd, the config file needs to be updated based on the operating mode preferred.
The first thing to be done is to disable the anonymous login in vsftpd.conf
# Disable anonymous_enable is optional. anonymous_enable=NO
And also update whom to be allowed to access the server, usually local access is allowed, so update below
Next, you need to create a local FTP user to access specified folders on the server. This can be achieved by specifying command
useradd [username] passwd [password]
When you connect using a FTP client, this username and password can be used to connect to the server. You can also constraint the directory accessed by this user. You can specify the home directory for the FTP user by issuing below command
usermod -d [home_directory] [username]
Then, more updates to be done in vsftpd.conf. There are two operating modes for FTP : Passive mode and active mode. For the differences of these two, please refer to FTP active mode and passive mode.
Passive mode is recommended when performing FTP connection. To enable passive mode, below settings need to be added in the /etc/vsftpd/vsftpd.conf:
pasv_enable=YES pasv_min_port=41361 pasv_max_port=65534 pasv_address=xxx.xxx.xxx.xxx
The pasv_min_port and pasv_max_port restricts the port range which can be used for data connection. In some firewall settings, not all ports are allowed. So consult with the firewall policies before setting the correct port range. As for the pasv_address, it is the IP address for the public facing IP address of the server for servers behind Network Address Translation (NAT) firewalls. This enables vsftpd to hand out the correct return address for passive mode connections.
If somehow active mode is preferred, need to enable active mode by updating vsftpd.conf.
After updating the vsftpd.conf, the service needs to be restarted.
sudo service vsftpd restart
If you have configured the FTP server to allow connecting with passive mode and if your FTP client is using passive mode(which is default for many FTP clients), please ensure the port range between pasv_min_port and pasv_max_port in vsftpd.conf are open on the AWS server where the FTP server is configured. Otherwise, you would see director listing error.