Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
cloudappliance/sftpsetup [2018_09_25 00:12] – [FTP custom FQDN] stevencloudappliance/sftpsetup [2019_09_18 13:49] – [SFTP configuration files] doug
Line 1: Line 1:
-Introduction+FTP/SFTP Configuration
  
 The File Fabric Appliance and SaaS support a number of protocol gateways allowing applications to natively access the File Fabric using FTP/FTPS, SFTP or WebDAV. These are ideal for retrofitting existing applications for object storage. The File Fabric Appliance and SaaS support a number of protocol gateways allowing applications to natively access the File Fabric using FTP/FTPS, SFTP or WebDAV. These are ideal for retrofitting existing applications for object storage.
Line 73: Line 73:
 | port=21                                |Default port for FTP| | port=21                                |Default port for FTP|
 | FTPISport=990                          |Default port for FTPS| | FTPISport=990                          |Default port for FTPS|
-|serversme= perf.smestorage.com          |FQDN of File Fabric|+|serversme=perf.smestorage.com          |FQDN of File Fabric|
 |debug=100                               |Debug level| |debug=100                               |Debug level|
 |countprocesses=20                       |Max processes| |countprocesses=20                       |Max processes|
Line 84: Line 84:
 ### Changing Domain Name ### Changing Domain Name
  
-To access the ftp server via a custom domain name instead of the one configured for the appliance create A or CNAME DNS records pointing to the IP address of the File FabricThe File Fabric FTP services do not check the referring domain name and thus any fully-qualified domain name can be used.+To access the ftp server via a custom domain name instead of the one configured for the appliance create an A or CNAME DNS record pointing to the IP address or domain name of the applianceAny fully-qualified domain name can be used - the File Fabric FTP services do not validate.
  
-### FTP custom Certificates+### Custom Certificates
  
 FTP w/TLS and FTPS clients are not as strict as web browsers when using FTP w/TLS and FTPS clients are not as strict as web browsers when using
-self signed certificates. Regardless, if a client desires to use a+self signed certificates. Regardless, if a client needs to use a
 properly signed certificate the process is as follows: properly signed certificate the process is as follows:
  
Line 100: Line 100:
 2.  Update ftpserver.conf entries 2.  Update ftpserver.conf entries
        
-   a. pathToSSLkey should point to private key   +   a. pathToSSLkey should point to the private key   
-   b. pathToSSLcert should point to public certificate  +   b. pathToSSLcert should point to the public certificate  
  
 3.  Restart CloudFTP service 3.  Restart CloudFTP service
Line 107: Line 107:
 ### FTP Passive Mode through NAT/PAT ### FTP Passive Mode through NAT/PAT
  
-FTP Passive Mode requires that the FTP server sends to client the port and IP address of File Fabric. When File Fabric is secured behind a public firewall the internal IP address will most likely not match the public IP address. Setup as follows:+FTP Passive Mode requires that the FTP server sends the client the port and IP address of File Fabric. When File Fabric is secured behind a public firewall the internal IP address will most likely not match the public IP address. Set up passive mode as follows:
  
 1.  Add the following entry to ftpserver.conf 1.  Add the following entry to ftpserver.conf
Line 214: Line 214:
 |ftp\_server\_ip=0.0.0.0|Interface addresses listening for sftp| |ftp\_server\_ip=0.0.0.0|Interface addresses listening for sftp|
 |port=2200 |Default port for SFTP| |port=2200 |Default port for SFTP|
-|serversme=localhost|FQDN of File Fabric or localhost|+|serversme=perf.smestorage.com|FQDN of File Fabric|
 |pathToKey=/etc/pki/tls/private/localhost.key|RSA Private Key| |pathToKey=/etc/pki/tls/private/localhost.key|RSA Private Key|
 |pathToCert=/etc/pki/tls/certs/localhost.crt|RSA Public Cert| |pathToCert=/etc/pki/tls/certs/localhost.crt|RSA Public Cert|
Line 241: Line 241:
 ``` ```
 cd /var/www/smestorage/ftpserver/sftpserver/ cd /var/www/smestorage/ftpserver/sftpserver/
-ssh-keygen -t rsa -f "./ssh_host_rsa_key"    (don't enter any passphrase)+ssh-keygen -t rsa -f "./ssh_host_rsa_key"    #(don't enter any passphrase)
 chown smestorage:smestorage ssh_host_* chown smestorage:smestorage ssh_host_*
 ``` ```
  
-This will generate 2 files ssh\_host\_rsa\_key and ssh\_host\_rsa\_key.pub+This will generate 2 files ssh_host_rsa_key and ssh_host_rsa_key.pub
 Edit sftpserver.conf file and change the 2 lines as below: Edit sftpserver.conf file and change the 2 lines as below:
 ``` ```
 pathToKey=ssh_host_rsa_key pathToKey=ssh_host_rsa_key
-pathToCert=ssh\_host\_rsa\_key.pub+pathToCert=ssh_host_rsa_key.pub
 ``` ```
  
© Copyright 2024 Nasuni.