Menu
Share on facebook
Share on twitter

Set up an FTP Server on Google Cloud Platform

Want to set up an FTP server on Google Cloud Platform then don’t worry, I am going to show you how to do it.

But before that just let me explain some stuff.

FTP (File Transfer Protocol) is a standard network protocol used to transfer files to and from a remote network. You need an FTP server and minimum an FTP client, To establish an FTP connection.

In this tutorial, we will set up an FTP server on Google Cloud using VSFTPD (Very Secure FTP Daemon). For FTP client, we’re using Filezilla client on our desktop.

Is FTP secured?

No, The secured version of FTP is FTP/S or FTP (File Transfer Protocol over Secure Sockets Layers). FTPS is FTP with SSL for security. As it uses SSL, it requires a certificate.

Let’s get started,

Join Us

Facebook

Twitter

YouTube

Step 1: Deploy a Virtual Instance on Google Cloud

To create a Linux FTP server on google cloud you have to launch a Linux VM, If you already deployed one, that also work just fine. Skip this step if you already deployed your Virtual Machine.

On your Google Cloud  dashboard and click the hamburger menu in the upper left-hand corner of the screen.

Now hover over Compute Engine and Click on VM Instances.

After that click the Create button to deploy a new VM.

Now, choose your New VM’s  Machine type, server location etc. as per your requirement.

In the above image I am showing you my VM’s specification, there I am using f1-micro with debian/linux 9.

After that, Click the create button to deploy your VM.

Step 2: Open SSH terminal

After you have successfully deployed your VM, click the SSH button to lunch the command terminal.

This is how SSH command terminal looks. Now follow the step 3.

Step 3: Installing VSFTPD

By default, Google cloud  Linux does not come with FTP server application, that is why we’re going to install vsftpd daemon. Let’s update our package list before vsftpd installation.

sudo apt-get update 

sudo apt-get install vsftpd

After Installation, Create a backup file of vsftpd.conf. 

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.back

With a backup of the configuration in place, we’re ready to configure vsftpd.

Step 4: Create a User

After you have opened the ssh terminal, We’ll create a new Linux User by executing the below command. You also can use your existing user.

sudo adduser tom

Step 5: Configure vsftpd.conf file

There are multiple ways which you can set up your Vsftpd FTP server. In this step, We’re planning to allow a single user with a local shell account to connect with FTP. But if you want secure connection then follow 1 to 7 steps. And If you want to create a ftp server which is open for all then follow 1 to 6 then 8.

So, lets set up vsftpd.conf file,

sudo nano /etc/vsftpd.conf

Now, verify that the settings in your configuration match those below.

# Allow anonymous FTP? (Disabled by default).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES .........

After that, Uncommment the write_enable setting. This will allow user to upload files.

....

write_enable=YES

Now, We’ll also uncomment the chroot to prevent the FTP-connected user from accessing any files or commands outside the directory tree.

chroot_local_user=YES

Next, add the two line below, the first setting will insert the username in our local_root directory path. And the second will define our ftp user default directory.

user_sub_token=$USER
local_root=/home/$USER/ftp

After that limit the range of port that can be used for passive FTP.

pasv_min_port=40000
pasv_max_port=50000

This step is Optional, If you use userlist_enable, then only the list user are allowed to use FTP, and the other Linux user who are not in that list are denied FTP access.

Add the below line to enable user list.

userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

userlist_deny toggles the logic. When it is set to “YES”, users on the list are denied FTP access. When it is set to “NO”, only users on the list are allowed access.

Now add user to the userlist by executing this below command.

echo “tom” | sudo tee -a /etc/vsftpd.userlist

You can double-cheak that be the command.

cat /etc/vsftpd.userlist

Save and restart vsftpd:

NOW, save the file by pressing ctrl + x then y, enter.

Now, we need to restart the server for the changes to take effect:

sudo systemctl restart vsftpd

Step 6: Preparing an FTP Directory

You can create more secure FTP by restricted users to a specific directory. We already done that by uncommented “chroot_local_user=YES” settings line. vsftpd Accomplishes this with chroot jails.

Because of the way vsftpd secures the directory, user can not write or upload anything to that directory. To, solve this problem we’re will create a ftp directory to serve as the chroot and a writeable files directory to hold the actual files.

Now, execute the following commands.

Execute this command to create a new directory

sudo mkdir /home/tom

sudo mkdir /home/tom/upload

Now remove write permissions with the following commands:

sudo chown nobody:nogroup /home/tom

sudo chmod a-w /home/tom

Let’s make the upload writeable.

sudo chmod tom:tom /home/tom/upload

Save and restart vsftpd:

NOW, save the file by pressing ctrl + x then y, enter.

Now, we need to restart the server for the changes to take effect:

sudo systemctl restart vsftpd

Step 7: FTP/S or FTP over SSL setup (optional)

Generally FTP does not encrypt any data in transit. It means your data and credentials can be read by someone else. To provide that encryption we will enable TTL/SSL.

Before that let’s create an SSL certificate using OpenSSL. All google cloud Linux VMs come with pre-installed OpenSSL, so you don’t have to follow extra steps for installation.

Let’s generate the self signed SSL certificate files.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem -subj '/CN=localhost'

This above command will create a 365 days valid self signed SSL cert files at /etc/ssl/private loacation.

Once you’ve created the certificates, open the vsftpd configuration file again:

sudo nano /etc/vsftpd.conf

Now, add the two lines.

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem

Next, Enable SSL by changing the setting ‘no’ to ‘yes’ the line below.

ssl_enable=YES

After that, add thefollowing lines to explicitly deny anonymous connections over SSL and to require SSL for both data transfer and logins:

allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

For, more robust security let,s enable TLS, by adding the following lines:

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

Finally, we will add two more options. First, we will not require SSL reuse because it can break many FTP clients. We will require “high” encryption cipher suites, which currently means key lengths equal to or greater than 128 bits:

require_ssl_reuse=NO
ssl_ciphers=HIGH

NOW, save the file by pressing ctrl + x then y, enter

Now, we need to restart the server for the changes to take effect:

sudo systemctl restart vsftpd

Step 8: Opening Ports in Google Cloud Firewall

In this step we’ll open some port in Google cloud Firewall. Without this you can not successfully connect to your FTP server. 

On your Google Cloud  dashboard and click the hamburger menu in the upper left-hand corner of the screen. Then scoll down to VPC network then click the Firewall rules.

After that, press the CREATE FIREWALL RULE button.

Now set the ‘Tagets’ to ‘All instances in the network’, then set the ‘Source IP ranges to 0.0.0.0/0. Lastly in the ‘Protocols and ports’ field, setect tcp and type the following  ports and ports ranges -20,21,990,40000-50000 .

After that click the Create button to save the settings.

Step 9: Test and Connect

To connect to your Google cloud ftp server you need to set up an FTP client on your local computer. Though all web browser such as Google Chrome, Firefox, Opera etc support ftp but their feature are limited. That is why I recommand you to use FTP client application like Filezilla, Winscp, Cyberduck.

 

First, Open your Google cloud dashboard and copy your VM’s external IP address.

For the sake of this guide, I will use Filezilla Ftp client application.

Download filezilla by clicking here.

After you have installed Filezilla. Open it and navigate to File>> Site manager>> New site.

For, Connect as nomal FTP (without SSL):

Now, paste the external ip address on the Host field. Then select the Encryption as ‘Only use Ftp(insecure).

After that type your user name and password. Next, Press the Connect button.

For, Connect Ftp over SSL:

Now, paste the external ip address on the Host field. Then select the Encryption as ‘Use explicit FTP over TLS if available’.

After that type your user name and password. Next, Press the Connect button.

For, Connect as Anonymous:

To Connect as Anonymous user, paste your server external IP address on the host field, then select  Anonymous from the Logon Type field. After that click the connect button.

Step 10: Open for all FTP server (optional)

Many times readers could or find exactly  what they’re looking for in tutorials.  In the previous steps you learn  to create  a Ftp server which is only accessible by Linux users or only  ‘userlist_file=/etc/vsftpd.userlist’ listed users and the readable and the writeable directoty are /home/tom and /home/tom/upload.

So, lets view some vsftpd.conf  example which may be more suited for your requirement.

If you don’t want to restricted user to  only /home/tom directory then  add a # before  the settings

#chroot_local_user=YES

Change the line to make /  default directory.

local_root=/

Anonymous Login:

If you want to share a particular directory to everyone then uses those below line :

# Allow anonymous login
anonymous_enable=YES
# No password is required for an anonymous login (Optional)
no_anon_password=YES
# Maximum transfer rate for an anonymous client in Bytes/second (Optional)
anon_max_rate=30000
# Directory to be used for an anonymous login (Optional)
anon_root=/example/directory/

If you want to disable anonymous upload then add those lines:

anon_upload_enable=YES

And if you want your anonymous users to create directories, you will need:

anon_mkdir_write_enable=YES

Now it is your time!

I tried my best to provide you a complete tutorial on how to set up an FTP server on Google Cloud. I hope you liked it.

If you need help just drop a comment.

If you benefited from this tutorial, and would like to support my work, please like my Facebook page.

Thanks

1 thought on “Set up an FTP Server on Google Cloud Platform”

  1. Elessar

    Nice tutorial, thank you.

    One question, wen I try to connect using filezilla I get the following error: GnuTLS error -15: An unexpected TLS packet was received.

    Do you have any idea why may that be happening?

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *