Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
cloudappliance/sftpsetup [2020_01_14 08:30] – dan | cloudappliance:sftpsetup [2024_02_28 01:03] – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | # FTP/ | + | # CloudFTP, CloudSFTP and CloudFTPS |
- | ##### last updated: | + | ##### last updated: |
- | The File Fabric Appliance and SaaS support a number | + | <WRAP center round important 100%> |
- | + | Starting with version 2106 of Access Anywhere, CloudFTP is provided as a containerised service. For updated documentation including migration instructions, | |
- | This document covers the configuration of the appliance FTP/SFTP and FTPS gateways. For information on the configuration of clients | + | </ |
- | Applies to: | ||
- | * Enterprise File Fabric | + | The Access Anywhere |
+ | This document covers the configuration of the appliance FTP/SFTP and FTPS gateways. For information on the configuration of clients see [[/ | ||
See also: | See also: | ||
- | * [[cloudftp]] | + | * [[/cloudftp]] |
- | * [[cloudappliance/ | + | * [[/cloudappliance/ |
<WRAP center round info 100%> | <WRAP center round info 100%> | ||
- | CloudFTP and the File Fabric's other protocol gateways allow your client program to work with the File Fabric | + | CloudFTP and Access Anywhere's other protocol gateways allow your client program to work with Access Anywhere |
- | For example, you may upload a file to SwiftStack through | + | For example, you may upload a file to SwiftStack through |
Continuing with our example, if the file you are uploading is larger than the storage' | Continuing with our example, if the file you are uploading is larger than the storage' | ||
Line 27: | Line 27: | ||
<WRAP center round info 100%> | <WRAP center round info 100%> | ||
- | Setting the domain name during | + | Setting the domain name during |
- | Additionally, | + | Additionally, |
</ | </ | ||
Line 51: | Line 51: | ||
## Enabling the Service | ## Enabling the Service | ||
- | The File Fabric's FTP/ | + | The Access Anywhere's FTP/ |
``` | ``` | ||
Line 57: | Line 57: | ||
systemctl enable cloudftp | systemctl enable cloudftp | ||
systemctl start cloudftp | systemctl start cloudftp | ||
+ | ``` | ||
+ | |||
+ | ## Disabling the Service | ||
+ | |||
+ | To disable Access Anywhere' | ||
+ | |||
+ | ``` | ||
+ | systemctl stop cloudftp | ||
+ | systemctl disable cloudftp | ||
+ | |||
``` | ``` | ||
## Using an Additional Subdomain | ## Using an Additional Subdomain | ||
- | CloudFTP can be accessed using the File Fabric's FQDN. Some customers may choose to create an additional FQDN for use by FTP clients, for example | + | CloudFTP can be accessed using Access Anywhere's FQDN. Some customers may choose to create an additional FQDN for use by FTP clients, for example ftp.myfilefabric.com. |
- | Since version 1901, File Fabric | + | Since version 1901, Access Anywhere |
## FTP Services | ## FTP Services | ||
Line 78: | Line 88: | ||
systemctl restart cloudftp | systemctl restart cloudftp | ||
``` | ``` | ||
+ | (Use stop, start or restart depending as appropriate.) | ||
## Advanced FTP/FTPS Setup | ## Advanced FTP/FTPS Setup | ||
- | Systems publicly exposing FTP based protocols might need additional setup to meet the needs of security administrators. Common changes are detailed below, for advanced changes contact | + | Systems publicly exposing FTP based protocols might need additional setup to meet the needs of security administrators. Common changes are detailed below, for advanced changes contact Support. |
+ | |||
+ | ### FTP configuration file | ||
+ | |||
+ | <WRAP center round info 100%> | ||
+ | This document may not list all of the supported variables for FTP configuration, | ||
+ | |||
+ | / | ||
+ | |||
+ | Depending on your requirements you may need to add variables to your configuration file. | ||
+ | </ | ||
- | ### FTP configuration files | ||
- | To access the ftp configuration files log into the File Fabric | + | To access the ftp configuration files log into Access Anywhere |
smeconfiguser and elevate to root using the command: | smeconfiguser and elevate to root using the command: | ||
Line 94: | Line 113: | ||
``` | ``` | ||
- | The file ftpserver.conf contains | + | The file ftpserver.conf contains |
It can be found at: | It can be found at: | ||
Line 102: | Line 121: | ||
^ Settings | ^ Settings | ||
- | | ftp\_server\_ip=xxx.xxx.xxx.xxx | + | | ftp\_server\_ip=xxx.xxx.xxx.xxx |
- | | ftp\_server\_host=perf.smestorage.com | + | |
| port=21 | | port=21 | ||
| FTPISport=990 | | FTPISport=990 | ||
- | |serversme=perf.smestorage.com | + | |serversme=perf.smestorage.com |
|debug=100 | |debug=100 | ||
|countprocesses=20 | |countprocesses=20 | ||
Line 114: | Line 132: | ||
|pathToSSLkey=/ | |pathToSSLkey=/ | ||
|pathToSSLcert=/ | |pathToSSLcert=/ | ||
+ | |maximumlimitsizeupload=10737418240|Size limit in bytes for uploads| | ||
+ | |||
+ | ### Log File | ||
+ | |||
+ | The Activity Log for CloudFTP and CloudFTPS can be found at: | ||
+ | |||
+ | / | ||
### Changing Domain Name | ### Changing Domain Name | ||
- | To access the ftp server via a custom domain name instead of the one configured for the appliance create an A or CNAME DNS record pointing to the IP address or domain name of the appliance. Any fully-qualified domain name can be used - the File Fabric | + | To access the ftp server via a custom domain name instead of the one configured for the appliance create an A or CNAME DNS record pointing to the IP address or domain name of the appliance. Any fully-qualified domain name can be used - Access Anywhere |
### Custom Certificates | ### Custom Certificates | ||
Line 125: | Line 150: | ||
properly signed certificate the process is as follows: | properly signed certificate the process is as follows: | ||
- | 1. Upload certificate public and private key to File Fabric, preferably | + | 1. Upload certificate public and private key to Access Anywhere, preferably |
in the following directories | in the following directories | ||
Line 140: | Line 165: | ||
### FTP Passive Mode through NAT/PAT | ### FTP Passive Mode through NAT/PAT | ||
- | FTP Passive Mode requires that the FTP server sends the client the port and IP address of File Fabric. When File Fabric | + | FTP Passive Mode requires that the FTP server sends the client the port and IP address of Access Anywhere. When Access Anywhere |
1. Add the following entry to ftpserver.conf | 1. Add the following entry to ftpserver.conf | ||
Line 221: | Line 246: | ||
### FTP / FTPS Scratch Space | ### FTP / FTPS Scratch Space | ||
- | FTP & FTPS sometimes require scratch space. | + | FTP and FTPS uploads |
+ | |||
+ | |||
+ | Available | ||
Scratch space defaults to the temp folder in / | Scratch space defaults to the temp folder in / | ||
Line 231: | Line 259: | ||
## Advanced SFTP Setup | ## Advanced SFTP Setup | ||
- | Systems publicly exposing SFTP based protocols might need additional setup to meet the needs of security administrations. | + | ### Log File |
+ | |||
+ | The Activity Log for CloudSFTP can be found at: | ||
+ | |||
+ | / | ||
+ | |||
+ | Systems publicly exposing SFTP based protocols might need additional setup to meet the needs of security administrations. | ||
### SFTP configuration files | ### SFTP configuration files | ||
+ | <WRAP center round info 100%> | ||
+ | This document may not list all of the supported variables for SFTP configuration, | ||
+ | |||
+ | / | ||
+ | |||
+ | Depending on your requirements you may need to add variables to your configuration file. | ||
+ | </ | ||
- | To access the ftp configuration files log into the File Fabric | + | To access the sftp configuration files log into Access Anywhere |
``` | ``` | ||
su - | su - | ||
``` | ``` | ||
- | The file sftpserver.conf contains | + | The file sftpserver.conf contains |
/ | / | ||
Line 247: | Line 288: | ||
|ftp\_server\_ip=0.0.0.0|Interface addresses listening for sftp| | |ftp\_server\_ip=0.0.0.0|Interface addresses listening for sftp| | ||
|port=2200 |Default port for SFTP| | |port=2200 |Default port for SFTP| | ||
- | |serversme=perf.smestorage.com|FQDN of File Fabric| | + | |serversme=perf.smestorage.com|FQDN of Access Anywhere| |
|pathToKey=/ | |pathToKey=/ | ||
|pathToCert=/ | |pathToCert=/ | ||
Line 264: | Line 305: | ||
### SFTP custom FQDN | ### SFTP custom FQDN | ||
- | To access the SFTP server via a custom FQDN instead of the system FQDN nothing needs to be done other than registering A or CNAME DNS records to point to the IP address of the File Fabric. The File Fabric | + | To access the SFTP server via a custom FQDN instead of the system FQDN nothing needs to be done other than registering A or CNAME DNS records to point to the IP address of Access Anywhere. The Access Anywhere |
### Regenerate SFTP RSA Keys | ### Regenerate SFTP RSA Keys | ||
+ | |||
+ | <WRAP center round info 100%> | ||
+ | If you are upgrading from a pre v2006 Access Anywhere that exposes | ||
+ | |||
+ | Starting with version 2006, CloudSFTP requires the type of certificates (keys) that are created when you follow the instructions in this section. The default certificate that was provided with earlier versions of Access Anywhere will not work with v2006 and above. We recommend that you create the new RSA key on one of your nodes and copy/apply the same key to your secondary nodes as well. | ||
+ | |||
+ | Depending on their SFTP client software, when you replace the key your SFTP users may see a notification that the key has changed. You should replace the key well in advance of upgrading Access Anywhere to simplify issue analysis should there be a problem with the new key. | ||
+ | </ | ||
+ | |||
+ | |||
It is recommended to generate new secure keys for the SFTP server. | It is recommended to generate new secure keys for the SFTP server. | ||
Line 273: | Line 324: | ||
``` | ``` | ||
- | cd / | + | cd / |
ssh-keygen -t rsa -f " | ssh-keygen -t rsa -f " | ||
chown smestorage: | chown smestorage: | ||
Line 281: | Line 332: | ||
Edit sftpserver.conf file and change the 2 lines as below: | Edit sftpserver.conf file and change the 2 lines as below: | ||
``` | ``` | ||
- | pathToKey=ssh_host_rsa_key | + | pathToKey=/ |
- | pathToCert=ssh_host_rsa_key.pub | + | pathToCert=/ |
``` | ``` | ||
Line 336: | Line 387: | ||
``` | ``` | ||
- | Before moving on, open a new ssh connection to the file fabric | + | Before moving on, open a new ssh connection to Access Anywhere |
### Change SFTP port | ### Change SFTP port | ||
Line 352: | Line 403: | ||
max_download_speed=3145728 | max_download_speed=3145728 | ||
max_upload_speed=3145728 | max_upload_speed=3145728 | ||
+ | limitConnectionsForOneUser=5 | ||
``` | ``` | ||
+ | |||
+ | See list at the top of this page above for additional configuration settings. | ||
### SFTP Scratch Space | ### SFTP Scratch Space |