Skip to content

Instantly share code, notes, and snippets.

@tylermakin

tylermakin/ec2-ftp-tutorial.md

Last active March 30, 2024 05:13
Show Gist options
  • Star 33 You must be signed in to star a gist
  • Fork 11 You must be signed in to fork a gist
  • Save tylermakin/4f633ad05a846ef62906e28aab922ecf to your computer and use it in GitHub Desktop.
Save tylermakin/4f633ad05a846ef62906e28aab922ecf to your computer and use it in GitHub Desktop.
Download ZIP
Tutorial for configuring FTP access to an EC2 server
Raw
ec2-ftp-tutorial.md

AWS EC2 FTP Server Configuration

Launch an EC2 Instance

See Amazon tutorial: Getting Started with Amazon EC2 Linux Instances

Install LAMP Stack on Instance

See Amazon tutorial: Installing a LAMP Web Server on Amazon Linux

Configure FTP on Instance

Open FTP Ports

From the console or the AWS CLI, create new security group for FTP access and attach to EC2 instance (optional) or edit an existing security group attached to EC2 instance. Next, add new inbound rules to allow access via FTP ports.

Type Protocol Port Range Source
Custom TCP Rule TCP 20 - 21 0.0.0.0/0
Custom TCP Rule TCP 1024 - 1048 0.0.0.0/0

Source 0.0.0.0/0 opens the port to any IPv4 address. To restrict access to a specific IP address, replace 0.0.0.0/0 with your address, e.g. www.xxx.yyy.zzz/32

Install vsftpd

SSH into EC2 instance (tutorial) and install vsftpd:

$ sudo yum install vsftpd

Configure FTP

Use Linux's nano tool to open and edit vsftpd.conf from the command line:

$ sudo nano /etc/vsftpd/vsftpd.conf

Change anonymous_enable from YES to NO (optional). This will disable anonymous FTP users:

anonymous_enable=NO

Set chroot_local_user to YES (optional). This will restrict users to their home directories for security. This line may already exist but is commented out with #:

chroot_local_user=YES

Add the following to the end of the file. Replace <YOUR_IP> with the public IP of your EC2 instance:

pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=<YOUR_IP>

Change the default FTP upload folder (optional). Add the following to the end of the file:

local_root=/var/www/html

Note that you may need to use chmod to change file permissions and allow FTP users to read and write to this folder:

$ sudo find /var/www/html -type d -exec chmod 777 {} \;

Start vsftpd service:

$ sudo /etc/init.d/vsftpd start

Set vsftpd service to automatically run when restarting server:

$ sudo chkconfig --level 345 vsftpd on

Create FTP User

Add FTP user with adduser. Replace <USERNAME> with the new username to be added:

$ sudo adduser <USERNAME>

Add password for user with passwd:

$ sudo passwd <USERNAME>

Restrict user's access to a specific folder (optional). Restrict access to folder then add to www group to allow access to /var/www folder:

$ sudo usermod -d /var/www/html <USERNAME>
$ sudo usermod -a -G www <USERNAME>

Restrict users to a folder of their own name (optional). With this setup, test-user can only write to /var/www/html/test-user. Define a variable for the username then change the local_root to reflect the desired path:

$ sudo nano /etc/vsftpd/vsftpd.conf

user_sub_token=$USER
local_root=/var/www/html/$USER

$ sudo /etc/init.d/vsftpd restart

Sources:

@tylermakin
Copy link
Author

To explicitly allow one or more FTP users root access beyond the FTP folder: http://data.agaric.com/how-give-user-global-ftp-privileges-vsftpd

@tylermakin
Copy link
Author

To change the root directory for a specific user: https://unix.stackexchange.com/questions/83221/how-to-create-a-ftp-user-with-specific-dir-access-only-on-a-centos-linux-ins

@tylermakin
Copy link
Author

tylermakin commented May 23, 2018
edited

Connect to a Linux EC2 instance: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

ssh -i /path/my-key-pair.pem ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com

@charlesmdq
Copy link

How do I add the domain in the ftp user, so the entry is of type user@domain.com? tks

@pctechtv
Copy link

This has worked flawless for me on Amazon Linux AMI... now on Amazon Linux 2 AMI many problems - should that matter? I am getting erros like:
425 Failed to establish connection.
227 Entering Passive Mode (0,0,0,0,4,9).
FD_CONNECT - WSAEADDRNOTAVAIL: Can't assign requested address
It seems like it cannot determine what my ip address is???

@tylermakin
Copy link
Author

How do I add the domain in the ftp user, so the entry is of type user@domain.com? tks

You should be able to include it in the user name, but you may need to use quotes.

@tylermakin
Copy link
Author

This has worked flawless for me on Amazon Linux AMI... now on Amazon Linux 2 AMI many problems - should that matter? I am getting erros like:
425 Failed to establish connection.
227 Entering Passive Mode (0,0,0,0,4,9).
FD_CONNECT - WSAEADDRNOTAVAIL: Can't assign requested address
It seems like it cannot determine what my ip address is???

It sounds like you may not be using a static IP. Try that and see if it resolves your issues.

@rorkyendo
Copy link

hello i had following your tutorial, and i had creating user..
the password of user is correct but it's response always return my auth user and pass was incorrect
i had 3 times change my password but it always said it was incorrect..

Command: AUTH SSL
Reply: 530 Please login with USER and PASS.
Error: Server refused FTP over TLS

thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment