Generate SSL certificate and key
$ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout ~/.ssh/vsftpd.key -out ~/.ssh/vsftpd.crt
Add the generated certificate to the Keychain Access app
$ security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/.ssh/vsftpd.crt
Upload vsftpd.crt
and vsftpd.key
to the server and copy them to /etc/ssl/private/
Installing vsftpd
$ sudo apt-get update
$ sudo apt-get install vsftpd
Saving the original configuration file as a backup, in case you want to start with a blank file
$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
Open UFT firewall if needed
$ sudo ufw status
Open ports 20 and 21 for FTP, port 990 for later when we enable TLS, and ports 40000-50000 for the range of passive ports we plan to set in the configuration file
$ sudo ufw allow 20/tcp
$ sudo ufw allow 21/tcp
$ sudo ufw allow 990/tcp
$ sudo ufw allow 40000:50000/tcp
$ sudo ufw status
Prepare the user directory
$ sudo mkdir /home/myuser/ftp
$ sudo chown nobody:nogroup /home/myuser/ftp
$ sudo chmod a-w /home/myuser/ftp
$ sudo ls -la /home/myuser/ftp
Configure FTP Access
$ sudo nano /etc/vsftpd.conf
anonymous_enable=NO
...
local_enable=YES
...
write_enable=YES
...
chroot_local_user=YES
...
rsa_cert_file=/etc/ssl/private/vsftpd.crt
rsa_private_key_file=/etc/ssl/private/vsftpd.key
ssl_enable=YES
...
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
...
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
...
require_ssl_reuse=NO
ssl_ciphers=HIGH
...
user_sub_token=$USER
local_root=/home/$USER/ftp
...
pasv_min_port=40000
pasv_max_port=50000
...
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=YES
...
allow_writeable_chroot=YES
...
#implicit_ssl=YES
#listen_port=990
...
#require_cert=YES
#validate_cert=YES
#ca_certs_file=/etc/ssl/private/vsftpd.pem
Restart the daemon to load the configuration changes
$ sudo systemctl restart vsftpd
After vsftpd is running on the server, install git-ftp
$ brew install git-ftp
Add the server settings using ftpes for the protocol
$ git config git-ftp.url "ftpes://<SERVER-IP>/path/to/repository/"
$ git config git-ftp.user "<FTP-USER>"
$ git config git-ftp.password "<FTP-PASSWORD>"
$ git config git-ftp.cacert "~/.ssh/vsftpd.crt"
Initialize git-ftp, in which case the repository will be uploaded in the initialization process
$ git ftp init -v
After additional commits are added to the repository, push changes to the ftp repository
$ git ftp push -v
"ssl_enable=NO" should be removed there. There's already ssl_enable=YES.