Setting up FTP server on Microsoft Azure

...
  • By Ivan Gavryliuk
  • In Kubernetes
  • Posted 18/02/2019

Microsoft Azure doesn't have a managed FTP service, which I needed today to simulate integration with legacy systems. However, it's really easy to set up by yourself. All you need to do is create a Ubuntu VM, even A0 instance is enough, and it costs something like £8 a month. If you are cheap like me, you can even run more stuff on that VM to justify the costs.

The first thing you can do is create that VM, apprently.

Create a virtual machine  Basics Disks Networking  INSTANCE DETAILS   Virtual machine name O   Region O  Availability options O   Image O   Size O  Management  Guest config  Tags  Review  create  West Europe  NO infrastructure redundancy required  ubuntu server 1804 ITS  Browse all images and disks  Basic AO  I VCpu 075 GB memory  Change size

You will get an IP address, but I like giving DNS labels to my machines, so if IP changes, I can not care about it. This can be changed in Configuration tab of a VM:

Dashboard  Resource groups    Configuration  Public IP  p Search  Overview  Activity log  Access control IAM  Tags  Settings  Configuration  Propert  Locks  Automation script  Support  troubleshooting  New support request   Configuration  X Discard  Assignment   Dynamic C Static  IP address O  51144163203  Idle timeout minutes O  DNS name label optiona  Alias record sets  Want to closely track this Public IP address Create an alias record in Azure ONS Learn more   Create alias record  SUBSCRIPTION  No results  x  westeuropecloudappazurecom

In addition to that, you need to open firewall ports in Network Security Group configuration for your FTP service, the ports are the following:

  • 21 - command port
  • 20 - data port
  • 10000-10010 - for FTP passive mode. I chose these numbers randomly and you can customise them to different numbers.

Once done, SSH to your VM and it would be a good idea to run

sudo apt update
sudo apt upgrade

before isnstalling anything. Then just install vsftpd (stands for Very Secure FTP Daemon):

$ sudo apt install vsftpd

After it's installed, you need to change it's configuration, because by default nothing works in Linux - sudo nano /etc/vsftpd.conf

Uncommend the following:

  • Allow local users to log in: local_enable=YES
  • Allow writing to FTP: write_enable=YES

Now we want to allow access for this machine's users to their home directory, therefore search for chroot_local_user and make sure it looks like this:

chroot_local_user=YES
user_sub_token=$USER
local_root=/home/$USER/ftp

It essentially says that local users are allowed to log in, and their home folder will be called ftp. Therefore you need to create one - mkdir ftp from your home folder.

Next, enable passive mode by inserting these lines anywhere in the config file:

pasv_enable=YES
pasv_min_port=10000
pasv_max_port=10010

Also add seccomp_sandbox=NO because of a rare "feature" workaround in some linux distros. And allow user's home folder to be writeable - allow_writeable_chroot=YES

The whole custom section should look like this:

pasv_enable=YES
pasv_min_port=10000
pasv_max_port=10010
seccomp_sandbox=NO
allow_writeable_chroot=YES

The pasv settings are enabling FTP passive mode and specify allowed port ranges, which should be the ports you open in NSG:

FTP  txcommonnsg  Save X Discard   Source O  Any   Source port ranges O   Destination O  Any   Destination ort ran es O  2021 000010014  x  Basic  Delete  GNU nano 293  Example config file etcvsftpd  conf  etcvsft  The default compiled in settings are fairly paranoid This sample file  loosens things up a bit to make the ftp daemon more usable  Please see vsftpdconfS for all compiled in defaults  READ THIS This example file is NOT an exhaustive list of vsftpd options  Please read the vsftpdconf5 manual page to get a full idea of vsftpds  capabilities   Run standalone vsftpd can run either from an inetd or as a standalone  daemon started from an initscript  listenNO  pasv enableVFS   Protocol  Any   Action  Allow   priority O   Name  Description  UDP  Deny

Once it's all done, just restart vsftpd - sudo systemctl restart vsftpd.

You can now connect to your ftp server with a favourite FTP client, like WinSCP.

Tip

If during configuration you've screwed up the configuration file somehow and want to restore the original configuration, you can uninstall vsftpd by issuing command sudo apt remove vsftpd --purge. Note that purge flag is important - by default Ubuntu package manager doesn't remove configuration.


Thanks for reading. If you would like to follow up with future posts please subscribe to my rss feed and/or follow me on twitter.