Huawei Cloud quickly deploys FTP sites
1. Introduction to this practice
1.1 Introduction to practice environment
1. This practice environment uses Huawei KooLabs cloud experiment platform.
2. This practice is based on Huawei Cloud ECS elastic cloud server.
3. The operating system used this time is CentOS system.
1.2 Purpose of this practice
1. Proficient in using Huawei Cloud ECS elastic cloud server;
2. Proficient in using basic commands of Linux;
3. Learn to operate under centos system Deploy Quickly deploy FTP site
2. Introduction to vsftpd
2.1 Introduction to vsftpd
vsftpd (Very Secure FTP Daemon) is an open source, fast, lightweight FTP server software. It is released under the GPL, has extremely high security and stability, and is one of the most widely used FTP server software in Linux systems.
2.2 vsftpd features
vsftpd is a very excellent FTP server software with excellent performance and security.
-
High security: vsftpd supports SSL/TLS encrypted transmission, which can ensure data security during FTP transmission.
-
Simple configuration: vsftpd is simple to configure and does not require a large number of configuration files or parameters. Almost all settings can be completed through simple command line options or configuration file settings.
-
Efficient and stable: vsftpd can handle a large number of concurrent connections, and can also control access rights of users and IP addresses to ensure the efficient and stable operation of the FTP server.
-
Support virtual users: vsftpd supports virtual users, which can limit the access rights of FTP users through virtual users.
3. Environmental preparation work
3.1 Preset experimental environment
1. Before starting the experiment, please click the "Preset Experiment Environment" button at the top of the manual.
2. The experimental environment will be preset successfully after waiting for about [2 minutes]. Successful environment provisioning will automatically create an elastic cloud server ECS named ecs-name.
3.2 View preset environment information
The preset ECS resource user and password information can be viewed by clicking on the preset environment information.
3.3 Log in to Huawei Cloud
Enter the [Experimental Operation Desktop], open the Chrome browser, and automatically log in and enter the Huawei Cloud console page for the first time.
If you cannot automatically log in to Huawei Cloud, select the [IAM User Login] mode and enter the Huawei Cloud experimental account and password assigned by the system in the login dialog box to log in to Huawei Cloud.
3.4 Check the elastic cloud server status
View the elastic cloud server status automatically generated by the experimental environment
3.5 Check the elastic public IP address
In the ECS console, copy the elastic public IP address.
3.6 Log in to the elastic cloud server via ssh
Open the Xfce terminal on the desktop and enter the command to connect to the remote service
ssh root@EIP
3.6 Check operating system version
Check operating system version
[root@ecs-name ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
3.7 Check the kernel version
Check system kernel version
[root@ecs-name ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
4. Install vsftpd
4.1 Install vsftpd software
Install vsftpd directly using yum
yum install -y vsftpd
4.2 Start FTP service
Start the FTP service and set it to start automatically at boot
systemctl enable vsftpd.service && systemctl start vsftpd.service
4.3 Check the FTP service port
View FTP service port
netstat -antup | grep ftp
5. Configure vsftpd
5.1 Create ftp user
1. After vsftpd is installed, the anonymous FTP function is enabled by default. Using anonymous FTP, users can log in to the FTP server without entering a username and password, but they do not have permission to modify or upload files.
2. If the user attempts to log in to the server using an account in the Linux operating system, it will be rejected by vsftpd, but the user account and password can be configured in vsftpd to log in.
useradd ftpadmin
passwd ftpadmin
5.2 Create file directory
Create a new file directory used by FTP. Here, "/var/ftp/work01" is used as an example.
Change the owner of the created file directory to the local user used to log in to FTP.
mkdir /var/ftp/work01
chown -R ftpadmin:ftpadmin /var/ftp/work01
5.3 Modify the vsftpd.conf configuration file
Modify the /etc/vsftpd/vsftpd.conf configuration file and replace the value of pasv_address with the server’s public IP.
[root@ecs-name vsftpd]# cat /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
local_root=/var/ftp/work01
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
allow_writeable_chroot=YES
listen=YES
listen_ipv6=NO
pasv_address=121.36.16.15
pasv_min_port=3000
pasv_max_port=3100
5.4 Create chroot_list file
The "chroot_list" file is a list of exception users restricted to the home directory. If you need to set a user to not be restricted from accessing only his or her home directory, write the corresponding user name to this file. If there are no exceptions, there must be a "chroot_list" file, and the content can be empty.
cd /etc/vsftpd/ && touch chroot_list
5.5 Restart vsftpd service
Restart the vsftpd service
systemctl restart vsftpd.service
5.6 Security group settings
The security group of the ECS server allows port 21, or all ports during testing.
6. Client testing work
6.1 Browser settings
Enter the following address in the browser, change the configuration status to: Enabled, and click to log in again:
Chrome://flags/#enable-ftp
6.2 Browser access
Enter the following link in the browser tab, and a dialog box for entering the user name and password will pop up, indicating that the configuration is successful.
ftp://服务器IP地址
