In this article, you are going to learn how to set up an FTP server on an Ubuntu VPS. We’ll be using a vsftpd server, which is widely regarded as the fastest and most secure FTP server for UNIX-like systems.
What is FTP?
FTP, or File Transfer Protocol, is a means to share files between computers over an internet connection using the TCP/IP protocol. It also makes use of a client-server framework and SSL/TLS security to ensure secure and reliable data transfer.
This is somewhat similar to HTTP (HypertText Transfer Protocol) or SMTP (Simple Mail Transfer Protocol). The difference is that FTP is responsible for transporting files through the internet while HTTP and SMTP handle the transfer of web pages and emails, respectively.
Before we begin, keep in mind that we will guide you through configuring an FTP server on Ubuntu 18.04. Therefore, you need to make sure your VPS is running on that particular OS.
How to Set Up an FTP Server on Ubuntu
Step 1 – Installing vsftpd
- First of all, we’ll have to get our package updates before we proceed with the vsftpd installation. To begin, run the following command:
sudo apt-get update
Wait for all the processes to complete, and you will see a confirmation as soon as the update finishes.
- Once it’s done, install the vsftpd daemon using the command below:
sudo apt-get install vsftpd
You will be prompted with a confirmation message, which will require you to type Y and hit Enter to continue with the installation.
- After the installation is completed, you should back up the original file so you can start with a blank configuration file:
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original
Now we are ready to configure the firewall.
Step 2 – Allowing FTP Traffic from the Firewall
- To allow the Ubuntu FTP server to communicate via the internet, it needs to make its way through the firewall. But first, let’s just see whether the firewall is already enabled on your machine or not. Simply run this command to verify the status:
sudo ufw status
If you see the following message:
ufw: command not found
It means that the firewall is not installed. You can install and enable it by typing:
sudo apt-get install ufw sudo ufw enable
- If it’s already active, you still need to make sure FTP traffic is allowed. To do that, execute the following commands one by one:
sudo ufw allow OpenSSH sudo ufw allow 20/tcp sudo ufw allow 21/tcp sudo ufw allow 990/tcp sudo ufw allow 40000:50000/tcp
This series of commands will open up several ports:
- OpenSSH is required if you still wish to access your server via SSH. Sometimes, this option is enabled by default.
- ports 20 and 21 for the FTP traffic.
- ports 40000:50000 will be reserved for the range of passive ports that will eventually be set in the configuration file.
- port 990 will be used when TLS is enabled.
- Now let’s look at the status again:
sudo ufw status
The output should look something like this:
Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere 990/tcp ALLOW Anywhere 20/tcp ALLOW Anywhere 21/tcp ALLOW Anywhere 40000:50000/tcp ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) 20/tcp (v6) ALLOW Anywhere (v6) 21/tcp (v6) ALLOW Anywhere (v6) 990/tcp (v6) ALLOW Anywhere (v6) 40000:50000/tcp (v6) ALLOW Anywhere (v6)
Step 3 – Creating the User Directory
- Once the firewall is set up, we must create the user who is going to use the FTP access. This is how to do it:
sudo adduser hostinger
Remember to change the username according to your own preference.
- Then, enter a password for the user and fill in all the required details.
Ideally, FTP should be restricted to one specific directory for security purposes. That is why vsftpd uses chroot jails, which limits a local user to their home directory by default.
However, it is possible that because of vsftpd security, a user might not be able to write to that directory. To fix this, we don’t have to remove write privileges from the home folder. Instead, we will make an ftp directory which acts as chroot. It contains a writable directory that will be responsible for holding the required files.
- Use the following command to create the FTP folder:
sudo mkdir /home/hostinger/ftp
Then, set the ownership using:
sudo chown nobody:nogroup /home/hostinger/ftp
Finally, remove the write permission:
sudo chmod a-w /home/hostinger/ftp
Now, use the following command to verify the permissions:
sudo ls -la /home/hostinger/ftp
The output should look something like:
total 8 dr-xr-xr-x 2 nobody nogroup 4096 Oct 8 11:32 . drwxr-xr-x 3 hostinger hostinger 4096 Oct 8 11:32 ..
- Next, we will create the file-holding directory and assign ownership:
sudo mkdir /home/hostinger/ftp/files sudo chown hostinger:hostinger /home/hostinger/ftp/files
Finally, add a test file to the directory which will be used when we test everything later on:
echo "vsftpd sample file" | sudo tee /home/hostinger/ftp/files/sample.txt
Step 4 – Configuring vsftpd
The next step is to configure vsftpd and our FTP access. In this example, we will allow a single user to connect using a local shell account. The two key configurations required for this are already set in the configuration (vsftpd.conf) file.
- To begin, use the nano command to open vsftpd configuration file.
sudo nano /etc/vsftpd.conf
Verify that the content has similar settings to this:
. . . # Allow anonymous FTP? (Disabled by default). anonymous_enable=NO # # Uncomment this to allow local users to log in. local_enable=YES . . .
In the same file, we will remove # (uncomment) and make sure we enable the write_enable.
. . . write_enable=YES . . .
- You also need to uncomment chroot to ensure that the FTP user only accesses files within the allowed directory. Change the NO value to YES, as well. Keep in mind that there are two lines like this, and you have to uncomment both of them.
. . . chroot_local_user=YES . . .
- There are a few new values that you should also add to the bottom of the file. The first one is user_sub_token in the local_root directory path. It will allow the configuration to work with the current user or any other users that are subsequently added:
- To ensure that a substantial amount of connections are available, we will limit the number of ports the configuration file:
- In this tutorial, we intend to allow access on a case by case basis. Therefore, we’ll set the configuration to grant access only to users that you have explicitly added to the list:
userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO
When you set userlist_deny flag to NO, only specified users will be allowed access. Once done, click CTRL+X followed by Y to save it, then Enter to confirm the file changes.
- Lastly, we will create a user list and add a user to the file:
echo "hostinger" | sudo tee -a /etc/vsftpd.userlist
Verify that the user is indeed active by running the following command:
The output should be “hostinger” as shown in this screenshot:
- Restart the daemon using the following command to load the configuration changes:
sudo systemctl restart vsftpd
Step 5 – Making FTP Secure
- By default, FTP doesn’t encrypt data, so we will be using SSL/TLS certificate to secure data transfer. The first step is we need to create the SSL certificate for the Ubuntu FTP server.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
The –days flag makes the certificate valid for a year and we have included a 2048-bit private RSA key in the same command.
- Once prompted, enter the corresponding personal details in the field provided.
- After you finish creating the certificate, open the configuration file again:
sudo nano /etc/vsftpd.conf
The end of the file should contain two lines that start with rsa.
# rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem # rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
Now, we will point the configuration file to the certificate that we just created. Add the following directories right below the previous lines:
- Next, we will enable SSL and ensure that only clients who have an active SSL can contact us. Simply enter this line:
Then, add the following lines to ban any anonymous connections over SSL:
allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES
Configure the server to use TLS using:
ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO
- Now we will change two more options. Firstly, disable SSL reuse to prevent FTP clients from breaking down. Secondly, we will use high encryption cipher suites, which make sure that key lengths are either equal to or greater than 128 bits.
Save the file again by pressing CTRL+X followed by Y, then hit Enter.
- Let’s restart vsftpd once again to apply the new configurations:
sudo systemctl restart vsftpd
Great work! You have now configured the FTP server on your Ubuntu VPS to work with SSL/TLS protocol.
Step 6 – Testing Connection with FileZilla
Nowadays, most FTP clients support TLS encryption configurations. It’s a great way to test whether your Ubuntu FTP server is working properly. To test out the connection, we will be using a FileZilla FTP Client.
- To start, launch FileZilla and click on the Site Manager icon. Then, click the New Site button in the prompted window to enter the Ubuntu FTP server details.
- Fill in all the required columns with your newly created Ubuntu FTP server information. Since we configured it to use TLS, we may also choose the Use explicit FTP over TLS option. The final configuration should look like this:
- Once ready, click Connect, and a screen asking to enter the FTP user’s password will appear. After that, hit OK.
- Finally, you will need to verify the SSL certificate of your FTP server on Ubuntu VPS. After confirming, the root directory with the test file should now appear on your screen.
That’s all! Now, you can perform various files transfers from your computer to the Ubuntu FTP server and vice versa.
Having an Ubuntu FTP server makes it easy for you to share files between your Ubuntu VPS/server and computer. It is a secure and reliable method of data transfer, thanks to SSL/TLS security and the TCP/IP protocol.
In this tutorial, you have learned how to set up an FTP server on Ubuntu 18.04 using vsftpd. There are five steps that you should follow. Let’s take a look at them once again.
- Install vsftpd on your Ubuntu server and back up the original configuration file.
- Allow FTP connections through the firewall.
- Create a user directory that can be accessed only by specified users.
- Configure vsftpd.
- Secure the FTP server.
- Test your FTP connection with FileZilla.
Good luck, and be sure to check our other VPS tutorials!