Set up an FTP Server on Google Cloud Platform
Want to set up an FTP server on Google Cloud Platform then don’t worry, I am going to show you how to do it.
But before that just let me explain some stuff.
FTP (File Transfer Protocol) is a standard network protocol used to transfer files to and from a remote network. You need an FTP server and minimum an FTP client, To establish an FTP connection.
In this tutorial, we will set up an FTP server on Google Cloud using VSFTPD (Very Secure FTP Daemon). For FTP client, we’re using Filezilla client on our desktop.
Is FTP secured?
No, The secured version of FTP is FTP/S or FTP (File Transfer Protocol over Secure Sockets Layers). FTPS is FTP with SSL for security. As it uses SSL, it requires a certificate.
Let’s get started,
- Step 1: Deploy a Virtual Instance on Google Cloud
- Step 2: Open SSH terminal
- Step 3: Installing VSFTPD
- Step 4: Create a User
- Step 5: Configure vsftpd.conf file
- Step 6: Preparing an FTP Directory
- Step 7: FTP/S or FTP over SSL setup (optional)
- Step 8: Opening Ports in Google Cloud Firewall
- Step 9: Test and Connect
- Step 10: Open for all FTP server (optional)

Step 1: Deploy a Virtual Instance on Google Cloud
To create a Linux FTP server on google cloud you have to launch a Linux VM, If you already deployed one, that also work just fine. Skip this step if you already deployed your Virtual Machine.

On your Google Cloud dashboard and click the hamburger menu in the upper left-hand corner of the screen.
Now hover over Compute Engine and Click on VM Instances.

After that click the Create button to deploy a new VM.

Now, choose your New VM’s Machine type, server location etc. as per your requirement.
In the above image I am showing you my VM’s specification, there I am using f1-micro with debian/linux 9.
After that, Click the create button to deploy your VM.
Step 2: Open SSH terminal

After you have successfully deployed your VM, click the SSH button to lunch the command terminal.

This is how SSH command terminal looks. Now follow the step 3.
Step 3: Installing VSFTPD
By default, Google cloud Linux does not come with FTP server application, that is why we’re going to install vsftpd daemon. Let’s update our package list before vsftpd installation.
sudo apt-get update
sudo apt-get install vsftpd
After Installation, Create a backup file of vsftpd.conf.
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.back
With a backup of the configuration in place, we’re ready to configure vsftpd.
Step 4: Create a User
After you have opened the ssh terminal, We’ll create a new Linux User by executing the below command. You also can use your existing user.
sudo adduser tom
Step 5: Configure vsftpd.conf file
There are multiple ways which you can set up your Vsftpd FTP server. In this step, We’re planning to allow a single user with a local shell account to connect with FTP. But if you want secure connection then follow 1 to 7 steps. And If you want to create a ftp server which is open for all then follow 1 to 6 then 8.
So, lets set up vsftpd.conf file,
sudo nano /etc/vsftpd.conf
Now, verify that the settings in your configuration match those below.
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
.........
After that, Uncommment the write_enable setting. This will allow user to upload files.
....
write_enable=YES
Now, We’ll also uncomment the chroot to prevent the FTP-connected user from accessing any files or commands outside the directory tree.
chroot_local_user=YES
Next, add the two line below, the first setting will insert the username in our local_root directory path. And the second will define our ftp user default directory.
user_sub_token=$USER
local_root=/home/$USER/ftp
After that limit the range of port that can be used for passive FTP.
pasv_min_port=40000
pasv_max_port=50000
This step is Optional, If you use userlist_enable, then only the list user are allowed to use FTP, and the other Linux user who are not in that list are denied FTP access.
Add the below line to enable user list.
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
userlist_deny toggles the logic. When it is set to “YES”, users on the list are denied FTP access. When it is set to “NO”, only users on the list are allowed access.
Now add user to the userlist by executing this below command.
echo “tom” | sudo tee -a /etc/vsftpd.userlist
You can double-cheak that be the command.
cat /etc/vsftpd.userlist
Save and restart vsftpd:
NOW, save the file by pressing ctrl + x then y, enter.
Now, we need to restart the server for the changes to take effect:
sudo systemctl restart vsftpd
Step 6: Preparing an FTP Directory
You can create more secure FTP by restricted users to a specific directory. We already done that by uncommented “chroot_local_user=YES” settings line. vsftpd
Accomplishes this with chroot
jails.
Because of the way vsftpd secures the directory, user can not write or upload anything to that directory. To, solve this problem we’re will create a ftp
directory to serve as the chroot
and a writeable files
directory to hold the actual files.
Now, execute the following commands.
Execute this command to create a new directory
sudo mkdir /home/tom
sudo mkdir /home/tom/upload
Now remove write permissions with the following commands:
sudo chown nobody:nogroup /home/tom
sudo chmod a-w /home/tom
Let’s make the upload writeable.
sudo chmod tom:tom /home/tom/upload
Save and restart vsftpd:
NOW, save the file by pressing ctrl + x then y, enter.
Now, we need to restart the server for the changes to take effect:
sudo systemctl restart vsftpd
Step 7: FTP/S or FTP over SSL setup (optional)
Generally FTP does not encrypt any data in transit. It means your data and credentials can be read by someone else. To provide that encryption we will enable TTL/SSL.
Before that let’s create an SSL certificate using OpenSSL. All google cloud Linux VMs come with pre-installed OpenSSL, so you don’t have to follow extra steps for installation.
Let’s generate the self signed SSL certificate files.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem -subj '/CN=localhost'
This above command will create a 365 days valid self signed SSL cert files at /etc/ssl/private loacation.
Once you’ve created the certificates, open the vsftpd
configuration file again:
sudo nano /etc/vsftpd.conf
Now, add the two lines.
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
Next, Enable SSL by changing the setting ‘no’ to ‘yes’ the line below.
ssl_enable=YES
After that, add thefollowing lines to explicitly deny anonymous connections over SSL and to require SSL for both data transfer and logins:
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
For, more robust security let,s enable TLS, by adding the following lines:
ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO
Finally, we will add two more options. First, we will not require SSL reuse because it can break many FTP clients. We will require “high” encryption cipher suites, which currently means key lengths equal to or greater than 128 bits:
require_ssl_reuse=NO
ssl_ciphers=HIGH
NOW, save the file by pressing ctrl + x then y, enter.
Now, we need to restart the server for the changes to take effect:
sudo systemctl restart vsftpd
Step 8: Opening Ports in Google Cloud Firewall
In this step we’ll open some port in Google cloud Firewall. Without this you can not successfully connect to your FTP server.

On your Google Cloud dashboard and click the hamburger menu in the upper left-hand corner of the screen. Then scoll down to VPC network then click the Firewall rules.

After that, press the CREATE FIREWALL RULE button.

Now set the ‘Tagets’ to ‘All instances in the network’, then set the ‘Source IP ranges to 0.0.0.0/0. Lastly in the ‘Protocols and ports’ field, setect tcp and type the following ports and ports ranges -20,21,990,40000-50000 .
After that click the Create button to save the settings.
Step 9: Test and Connect
To connect to your Google cloud ftp server you need to set up an FTP client on your local computer. Though all web browser such as Google Chrome, Firefox, Opera etc support ftp but their feature are limited. That is why I recommand you to use FTP client application like Filezilla, Winscp, Cyberduck.

First, Open your Google cloud dashboard and copy your VM’s external IP address.
For the sake of this guide, I will use Filezilla Ftp client application.
Download filezilla by clicking here.
After you have installed Filezilla. Open it and navigate to File>> Site manager>> New site.
For, Connect as nomal FTP (without SSL):

Now, paste the external ip address on the Host field. Then select the Encryption as ‘Only use Ftp(insecure).
After that type your user name and password. Next, Press the Connect button.

For, Connect Ftp over SSL:
Now, paste the external ip address on the Host field. Then select the Encryption as ‘Use explicit FTP over TLS if available’.
After that type your user name and password. Next, Press the Connect button.
For, Connect as Anonymous:

To Connect as Anonymous user, paste your server external IP address on the host field, then select Anonymous from the Logon Type field. After that click the connect button.
Step 10: Open for all FTP server (optional)
Many times readers could or find exactly what they’re looking for in tutorials. In the previous steps you learn to create a Ftp server which is only accessible by Linux users or only ‘userlist_file=/etc/vsftpd.userlist’ listed users and the readable and the writeable directoty are /home/tom and /home/tom/upload.
So, lets view some vsftpd.conf example which may be more suited for your requirement.
If you don’t want to restricted user to only /home/tom directory then add a # before the settings
#chroot_local_user=YES
Change the line to make / default directory.
local_root=/
Anonymous Login:
If you want to share a particular directory to everyone then uses those below line :
# Allow anonymous login
anonymous_enable=YES
# No password is required for an anonymous login (Optional)
no_anon_password=YES
# Maximum transfer rate for an anonymous client in Bytes/second (Optional)
anon_max_rate=30000
# Directory to be used for an anonymous login (Optional)
anon_root=/example/directory/
If you want to disable anonymous upload then add those lines:
anon_upload_enable=YES
And if you want your anonymous users to create directories, you will need:
anon_mkdir_write_enable=YES
Now it is your time!
I tried my best to provide you a complete tutorial on how to set up an FTP server on Google Cloud. I hope you liked it.
If you need help just drop a comment.
If you benefited from this tutorial, and would like to support my work, please like my Facebook page.
Thanks
1 thought on “Set up an FTP Server on Google Cloud Platform”
Nice tutorial, thank you.
One question, wen I try to connect using filezilla I get the following error: GnuTLS error -15: An unexpected TLS packet was received.
Do you have any idea why may that be happening?