DEV Community

Ivan G
Ivan G

Posted on • Edited on

Setting up FTP server on Microsoft Azure

#microsoftazure #linux #ftp

Microsoft Azure doesn't have a managed FTP service, which I needed today to simulate integration with legacy systems. However, it's really easy to set up by yourself. All you need to do is create a Ubuntu VM, even A0 instance is enough, and it costs something like £8 a month. If you are cheap like me, you can even run more stuff on that VM to justify the costs.

The first thing you can do is create that VM, apparently.

Create a virtual machine Basics Disks Networking INSTANCE DETAILS Virtual machine name O Region O Availability options O Image O Size O Management Guest config Tags Review create West Europe NO infrastructure redundancy required ubuntu server 1804 ITS Browse all images and disks Basic AO I VCpu 075 GB memory Change size

You will get an IP address, but I like giving DNS labels to my machines, so if IP changes, I can not care about it. This can be changed in Configuration tab of a VM:

Dashboard Resource groups Configuration Public IP p Search Overview Activity log Access control IAM Tags Settings Configuration Propert Locks Automation script Support troubleshooting New support request Configuration X Discard Assignment Dynamic C Static IP address O 51144163203 Idle timeout minutes O DNS name label optiona Alias record sets Want to closely track this Public IP address Create an alias record in Azure ONS Learn more Create alias record SUBSCRIPTION No results x westeuropecloudappazurecom

In addition to that, you need to open firewall ports in Network Security Group configuration for your FTP service, the ports are the following:

  • 21 - command port
  • 20 - data port
  • 10000-10010 - for FTP passive mode. I chose these numbers randomly and you can customise them to different numbers.

Once done, SSH to your VM and it would be a good idea to run

 sudo apt update sudo apt upgrade
Enter fullscreen mode Exit fullscreen mode

before isnstalling anything. Then just install vsftpd (stands for Very Secure FTP Daemon):

 $ sudo apt install vsftpd
Enter fullscreen mode Exit fullscreen mode

After it's installed, you need to change it's configuration, because by default nothing works in Linux - sudo nano /etc/vsftpd.conf

Uncommend the following:

  • Allow local users to log in: local_enable=YES
  • Allow writing to FTP: write_enable=YES

Now we want to allow access for this machine's users to their home directory, therefore search for chroot_local_user and make sure it looks like this:

 chroot_local_user=YES user_sub_token=$USER local_root=/home/$USER/ftp
Enter fullscreen mode Exit fullscreen mode

It essentially says that local users are allowed to log in, and their home folder will be called ftp. Therefore you need to create one - mkdir ftp from your home folder.

Next, enable passive mode by inserting these lines anywhere in the config file:

 pasv_enable=YES pasv_min_port=10000 pasv_max_port=10010
Enter fullscreen mode Exit fullscreen mode

Also add seccomp_sandbox=NO because of a rare "feature" workaround in some linux distros. And allow user's home folder to be writeable - allow_writeable_chroot=YES

The whole custom section should look like this:

 pasv_enable=YES pasv_min_port=10000 pasv_max_port=10010 seccomp_sandbox=NO allow_writeable_chroot=YES
Enter fullscreen mode Exit fullscreen mode

The pasv settings are enabling FTP passive mode and specify allowed port ranges, which should be the ports you open in NSG:

FTP txcommonnsg Save X Discard Source O Any Source port ranges O Destination O Any Destination ort ran es O 2021 000010014 x Basic Delete GNU nano 293 Example config file etcvsftpd conf etcvsft The default compiled in settings are fairly paranoid This sample file loosens things up a bit to make the ftp daemon more usable Please see vsftpdconfS for all compiled in defaults READ THIS This example file is NOT an exhaustive list of vsftpd options Please read the vsftpdconf5 manual page to get a full idea of vsftpds capabilities Run standalone vsftpd can run either from an inetd or as a standalone daemon started from an initscript listenNO pasv enableVFS Protocol Any Action Allow priority O Name Description UDP Deny

Once it's all done, just restart vsftpd - sudo systemctl restart vsftpd.

You can now connect to your ftp server with a favourite FTP client, like WinSCP.

Tip

If during configuration you've screwed up the configuration file somehow and want to restore the original configuration, you can uninstall vsftpd by issuing command sudo apt remove vsftpd --purge. Note that purge flag is important - by default Ubuntu package manager doesn't remove configuration.

This article was originally published on isolineltd.com on February 18, 2019.

Top comments (0)