Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
cloudappliance/sftpsetup [2018_09_25 00:12] – [FTP custom FQDN] steven | cloudappliance/sftpsetup [2019_09_18 13:49] – [SFTP configuration files] doug | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | # Introduction | + | # FTP/SFTP Configuration |
The File Fabric Appliance and SaaS support a number of protocol gateways allowing applications to natively access the File Fabric using FTP/FTPS, SFTP or WebDAV. These are ideal for retrofitting existing applications for object storage. | The File Fabric Appliance and SaaS support a number of protocol gateways allowing applications to natively access the File Fabric using FTP/FTPS, SFTP or WebDAV. These are ideal for retrofitting existing applications for object storage. | ||
Line 73: | Line 73: | ||
| port=21 | | port=21 | ||
| FTPISport=990 | | FTPISport=990 | ||
- | |serversme= perf.smestorage.com | + | |serversme=perf.smestorage.com |
|debug=100 | |debug=100 | ||
|countprocesses=20 | |countprocesses=20 | ||
Line 84: | Line 84: | ||
### Changing Domain Name | ### Changing Domain Name | ||
- | To access the ftp server via a custom domain name instead of the one configured for the appliance create A or CNAME DNS records | + | To access the ftp server via a custom domain name instead of the one configured for the appliance create |
- | ### FTP custom | + | ### Custom |
FTP w/TLS and FTPS clients are not as strict as web browsers when using | FTP w/TLS and FTPS clients are not as strict as web browsers when using | ||
- | self signed certificates. Regardless, if a client | + | self signed certificates. Regardless, if a client |
properly signed certificate the process is as follows: | properly signed certificate the process is as follows: | ||
Line 100: | Line 100: | ||
2. Update ftpserver.conf entries | 2. Update ftpserver.conf entries | ||
- | a. pathToSSLkey should point to private key | + | a. pathToSSLkey should point to the private key |
- | b. pathToSSLcert should point to public certificate | + | b. pathToSSLcert should point to the public certificate |
3. Restart CloudFTP service | 3. Restart CloudFTP service | ||
Line 107: | Line 107: | ||
### FTP Passive Mode through NAT/PAT | ### FTP Passive Mode through NAT/PAT | ||
- | FTP Passive Mode requires that the FTP server sends to client the port and IP address of File Fabric. When File Fabric is secured behind a public firewall the internal IP address will most likely not match the public IP address. | + | FTP Passive Mode requires that the FTP server sends the client the port and IP address of File Fabric. When File Fabric is secured behind a public firewall the internal IP address will most likely not match the public IP address. |
1. Add the following entry to ftpserver.conf | 1. Add the following entry to ftpserver.conf | ||
Line 214: | Line 214: | ||
|ftp\_server\_ip=0.0.0.0|Interface addresses listening for sftp| | |ftp\_server\_ip=0.0.0.0|Interface addresses listening for sftp| | ||
|port=2200 |Default port for SFTP| | |port=2200 |Default port for SFTP| | ||
- | |serversme=localhost|FQDN of File Fabric | + | |serversme=perf.smestorage.com|FQDN of File Fabric| |
|pathToKey=/ | |pathToKey=/ | ||
|pathToCert=/ | |pathToCert=/ | ||
Line 241: | Line 241: | ||
``` | ``` | ||
cd / | cd / | ||
- | ssh-keygen -t rsa -f " | + | ssh-keygen -t rsa -f " |
chown smestorage: | chown smestorage: | ||
``` | ``` | ||
- | This will generate 2 files ssh\_host\_rsa\_key | + | This will generate 2 files ssh_host_rsa_key |
Edit sftpserver.conf file and change the 2 lines as below: | Edit sftpserver.conf file and change the 2 lines as below: | ||
``` | ``` | ||
pathToKey=ssh_host_rsa_key | pathToKey=ssh_host_rsa_key | ||
- | pathToCert=ssh\_host\_rsa\_key.pub | + | pathToCert=ssh_host_rsa_key.pub |
``` | ``` | ||