Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
cloudappliance/sftpsetup [2018_09_25 00:12] – [FTP custom FQDN] stevencloudappliance/sftpsetup [2019_10_08 09:26] dan
Line 1: Line 1:
-Introduction+FTP/SFTP Configuration 
 +##### last updated: Oct. 8, 2019
  
 The File Fabric Appliance and SaaS support a number of protocol gateways allowing applications to natively access the File Fabric using FTP/FTPS, SFTP or WebDAV. These are ideal for retrofitting existing applications for object storage. The File Fabric Appliance and SaaS support a number of protocol gateways allowing applications to natively access the File Fabric using FTP/FTPS, SFTP or WebDAV. These are ideal for retrofitting existing applications for object storage.
Line 31: Line 32:
  
 All firewall settings are already configured for the default basic configuration. All firewall settings are already configured for the default basic configuration.
 +
 +## Enabling the Service
 +
 +The File Fabric's FTP/FTPS/SFTP service may not be enabled on installation.  To ensure that it is turned on and enabled, log in as smeconfiguser then become root and start and enable and start the service:
 +
 +```
 +su -
 +systemctl enable cloudftp
 +systemctl start cloudftp 
 +```
 +## Using an Additional Subdomain
 +
 +CloudFTP can be accessed using the File Fabric's FQDN.  Some customers may choose to create an additional FQDN for use by FTP clients, for example //ftp.myfilefabric.com//
 +
 +Since version 1901, File Fabric license keys have been bound to the FQDNs by which the File Fabric is accessed.  Before client programs can use the additional FQDN, you must obtain from SME Support a license key in which the FQDN has been encoded, and install that key on your File Fabric. 
  
 ## FTP Services ## FTP Services
Line 73: Line 89:
 | port=21                                |Default port for FTP| | port=21                                |Default port for FTP|
 | FTPISport=990                          |Default port for FTPS| | FTPISport=990                          |Default port for FTPS|
-|serversme= perf.smestorage.com          |FQDN of File Fabric|+|serversme=perf.smestorage.com          |FQDN of File Fabric|
 |debug=100                               |Debug level| |debug=100                               |Debug level|
 |countprocesses=20                       |Max processes| |countprocesses=20                       |Max processes|
Line 84: Line 100:
 ### Changing Domain Name ### Changing Domain Name
  
-To access the ftp server via a custom domain name instead of the one configured for the appliance create A or CNAME DNS records pointing to the IP address of the File FabricThe File Fabric FTP services do not check the referring domain name and thus any fully-qualified domain name can be used.+To access the ftp server via a custom domain name instead of the one configured for the appliance create an A or CNAME DNS record pointing to the IP address or domain name of the applianceAny fully-qualified domain name can be used - the File Fabric FTP services do not validate.
  
-### FTP custom Certificates+### Custom Certificates
  
 FTP w/TLS and FTPS clients are not as strict as web browsers when using FTP w/TLS and FTPS clients are not as strict as web browsers when using
-self signed certificates. Regardless, if a client desires to use a+self signed certificates. Regardless, if a client needs to use a
 properly signed certificate the process is as follows: properly signed certificate the process is as follows:
  
Line 100: Line 116:
 2.  Update ftpserver.conf entries 2.  Update ftpserver.conf entries
        
-   a. pathToSSLkey should point to private key   +   a. pathToSSLkey should point to the private key   
-   b. pathToSSLcert should point to public certificate  +   b. pathToSSLcert should point to the public certificate  
  
 3.  Restart CloudFTP service 3.  Restart CloudFTP service
Line 107: Line 123:
 ### FTP Passive Mode through NAT/PAT ### FTP Passive Mode through NAT/PAT
  
-FTP Passive Mode requires that the FTP server sends to client the port and IP address of File Fabric. When File Fabric is secured behind a public firewall the internal IP address will most likely not match the public IP address. Setup as follows:+FTP Passive Mode requires that the FTP server sends the client the port and IP address of File Fabric. When File Fabric is secured behind a public firewall the internal IP address will most likely not match the public IP address. Set up passive mode as follows:
  
 1.  Add the following entry to ftpserver.conf 1.  Add the following entry to ftpserver.conf
Line 214: Line 230:
 |ftp\_server\_ip=0.0.0.0|Interface addresses listening for sftp| |ftp\_server\_ip=0.0.0.0|Interface addresses listening for sftp|
 |port=2200 |Default port for SFTP| |port=2200 |Default port for SFTP|
-|serversme=localhost|FQDN of File Fabric or localhost|+|serversme=perf.smestorage.com|FQDN of File Fabric|
 |pathToKey=/etc/pki/tls/private/localhost.key|RSA Private Key| |pathToKey=/etc/pki/tls/private/localhost.key|RSA Private Key|
 |pathToCert=/etc/pki/tls/certs/localhost.crt|RSA Public Cert| |pathToCert=/etc/pki/tls/certs/localhost.crt|RSA Public Cert|
Line 241: Line 257:
 ``` ```
 cd /var/www/smestorage/ftpserver/sftpserver/ cd /var/www/smestorage/ftpserver/sftpserver/
-ssh-keygen -t rsa -f "./ssh_host_rsa_key"    (don't enter any passphrase)+ssh-keygen -t rsa -f "./ssh_host_rsa_key"    #(don't enter any passphrase)
 chown smestorage:smestorage ssh_host_* chown smestorage:smestorage ssh_host_*
 ``` ```
  
-This will generate 2 files ssh\_host\_rsa\_key and ssh\_host\_rsa\_key.pub+This will generate 2 files ssh_host_rsa_key and ssh_host_rsa_key.pub
 Edit sftpserver.conf file and change the 2 lines as below: Edit sftpserver.conf file and change the 2 lines as below:
 ``` ```
 pathToKey=ssh_host_rsa_key pathToKey=ssh_host_rsa_key
-pathToCert=ssh\_host\_rsa\_key.pub+pathToCert=ssh_host_rsa_key.pub
 ``` ```
  
© Copyright 2024 Nasuni.