Tips: configuration of FTPS/FTP with TLS and FTP Backup Repository

[trialotto]

Introduction
Plesk Panel 12 uses a proftpd FTP server, with the TLS module pre-installed and configured.

A lot of problems and/or questions concerning the FTP server have been posted on this forum.

A brief summary of tips, solutions and similar will be posted below, suggestions and feedback are welcome.

FTPS - FTP with TLS
Many questions and/or problems arise when trying to connect to the FTP server over a FTPS connection.

In (almost) all cases, the disability to connect with FTPS is due to

a) the lack of configuration of passive ports, AND
b) firewall settings, enabling connections through before mentioned passive ports.

The passive port range can be configured by

1. adding a line to /etc/proftpd.conf, stating: "PassivePorts <start> <end>", OR
2. adding a separate file with name <filename>.conf to /etc/proftpd.d/, with the contents of <filename>.conf stating: "PassivePorts <start> <end>"

and note that

- <start> is the first port of the port range, in theory any value above 1050 can suffice,
- <end> is the last port of the port range, any value below 65000 (!) can suffice,
- the extension .conf is required when using a separate config file,
- the directory location /etc/proftpd.d/ is required when using a separate config file,
- one should always limit the port range, i.e. it is not desirable to open up a lot of ports,
- it is desirable to have the <start> value above 20000, in order to prevent conflicts with other programs, using a specific port (for instance, port 8443 is also being used),
- it is not necessary to restart proftpd after configuring the passive ports.​

The firewall settings have to be changed to allow connections through the passive ports that have been opened for FTPS connections and note that

- only open up the port range (not more) in the firewall settings,
- it is only necessary to open up ports in the firewall settings of the FTP server,
- it is not required to open up ports in the firewall settings of the sending server.
​

FTP Backup Repository
Many issues have been arising when setting up the FTP Backup Repository.

In general, the passive mode checkbox has to be selected, when encountering issues.

The explicit use of the passive mode allows for proper configuration of the FTP Backup Repository and note that it does not matter whether FTPS or normal FTP will be used.

Other questions?
It can be the case that you encountered some different problem, just let me know and I will investigate.

Kind regards...

 

[abdi]

Thank you for sharing your tips...

 

[Damo]

Hello

I've gone through you everything you've suggested.

I have a NAS at home I'm trying to get Plesk to connect to though I'm having trouble connecting to it with the firewall on, if I turn it off I can connect but I can only connect to the NAS with the "use FTPS" box checked not "use passive mode" I think that would indicate that the ports are closed somewhere though I've added the option to allow the ports I've chosen everywhere on my NAS, home router and Plesk still cannot connect I receive this error in Plesk.

"Transport error: unable to list directory: Curl error: Timeout was reached"

EDIT##

Actually. I wouldn't have thought it... But it looks to be a problem with my NAS unit and FTPS connections... I've opened up a ticket with Synology, will post back with an update.

 

[merdin]

SOLVED

in these way
As in passive mode we got

Transport error: unable to list directory: Curl error: Timeout was reached
Transport error: unable to list directory: Curl error: Timeout was reached

1- setted specific ports for passive mode
/etc/proftpd.conf

than added a new RULE in PLESK FIREWALL allowing all TCP connection on those ports.
Allow incoming from all on port .........-........../tcp